wordpress-seo domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/wp-includes/functions.php on line 6114
Hackers who seized control of the official Instagram account of McDonald’s claim that they managed to steal US $700,000 from unsuspecting investors by promoting a fake cryptocurrency.
Read more in my article on the Hot for Security blog.
A virtual machine specialist was arrested after a foiled data extortion plot targeting his former employer
Multiple media reports this week warned Americans to be on guard against a new phishing scam that arrives in a text message informing recipients they are not yet registered to vote. A bit of digging reveals the missives were sent by a California political consulting firm as part of a well-meaning but potentially counterproductive get-out-the-vote effort that had all the hallmarks of a phishing campaign.
Image: WDIV Detroit on Youtube.
On Aug. 27, the local Channel 4 affiliate WDIV in Detroit warned about a new SMS message wave that they said could prevent registered voters from casting their ballot. The story didn’t explain how or why the scam could block eligible voters from casting ballots, but it did show one of the related text messages, which linked to the site all-vote.com.
“We have you in our records as not registered to vote,” the unbidden SMS advised. “Check your registration status & register in 2 minutes.”
Similar warnings came from an ABC station in Arizona, and from an NBC affiliate in Pennsylvania, where election officials just issued an alert to be on the lookout for scam messages coming from all-vote.com. Some people interviewed who received the messages said they figured it was a scam because they knew for a fact they were registered to vote in their state. WDIV even interviewed a seventh-grader from Canada who said he also got the SMS saying he wasn’t registered to vote.
Someone trying to determine whether all-vote.com was legitimate might visit the main URL first (as opposed to just clicking the link in the SMS) to find out more about the organization. But visiting all-vote.com directly presents one with a login page to an online service called bl.ink. DomainTools.com finds all-vote.com was registered on July 10, 2024. Red flag #1.
The information requested from people who visited votewin.org via the SMS campaign.
Another version of this SMS campaign told recipients to check their voter status at a site called votewin.org, which DomainTools says was registered July 9, 2024. There is little information about who runs votewin.org on its website, and the contact page leads to generic contact form. Red Flag #2.
What’s more, Votewin.org asks visitors to supply their name, address, email address, date of birth, mobile phone number, while pre-checking options to sign the visitor up for more notifications. Big Red Flag #3.
Votewin.org’s Terms of Service referenced a California-based voter engagement platform called VoteAmerica LLC. The same voter registration query form advertised in the SMS messages is available if one clicks the “check your registration status” link on voteamerica.org.
VoteAmerica founder Debra Cleaver told KrebsOnSecurity the entity responsible for the SMS campaigns telling people they weren’t registered is Movement Labs, a political consulting firm in San Francisco.
Cleaver said her office had received several inquiries about the messages, which violate a key tenet of election outreach: Never tell the recipient what their voter status may be.
“That’s one of the worst practices,” Cleaver said. “You never tell someone what the voter file says because voter files are not reliable, and are often out of date.”
Reached via email, Movement Labs founder Yoni Landau said the SMS campaigns targeted “underrepresented groups in the electorate, young people, folks who are moving, low income households and the like, who are unregistered in our databases, with the intent to help them register to vote.”
Landau said filling out the form on Votewin.org merely checks to see if the visitor is registered to vote in their state, and then attempts to help them register if not.
“We understand that many people are jarred by the messages – we tested hundreds of variations of messages and found that these had the largest impact on someone’s likelihood to register,” he said. “I’m deeply sorry for anyone that may have gotten the message in error, who is registered to vote, and we’re looking into our content now to see if there are any variations that might be less certain but still as effective in generating new legal registrations.”
Cleaver said Movement Labs’ SMS campaign may have been incompetent, but it wasn’t malicious.
“When you work in voter mobilization, it’s not enough to want to do good, you actually need to be good,” she said. “At the end of the day the end result of incompetence and maliciousness is the same: increased chaos, reduced voter turnout, and long-term harm to our democracy.”
To register to vote or to update your voter registration, visit vote.gov and select your state or region.
Ransomware attacks on US schools and colleges have surged, with 491 incidents since 2018, affecting over 8000 institutions
LummaC2, a C-based MaaS tool first identified in 2022, has resurfaced to exfiltrate credentials and personal data
The hacking subsidiary of the Iranian Islamic Revolutionary Guard Corps (RGC) has targeted satellite, communications, oil and gas and government sectors in the US and UAE
Matthew Green wrote a really good blog post on what Telegram’s encryption is and is not.
New data illuminates how retail leaders can prioritize resilience.
In today’s retail environment, businesses embrace dynamic computing and other technological innovations to enhance operations and customer experiences. However, as these advancements accelerate, so does the risk of cyber threats.
The 2024 LevelBlue Retail Report reveals a significant challenge for retail leaders: aligning cybersecurity strategies with broader business objectives to ensure a resilient future, especially in securing the increasingly complex supply chain.
Dynamic computing offers retail businesses unparalleled opportunities to innovate and gain a competitive edge. By processing data closer to the source, retailers can develop groundbreaking services, optimize their supply chains, and deliver more personalized customer experiences. According to the report, 86% of retail executives anticipate that dynamic computing will improve operational performance within the next three years.
However, this optimism comes with a cautionary note—82% of retail respondents also acknowledge that these innovations increase their exposure to cyber risks, particularly within the supply chain. As retail operations become more interconnected and reliant on advanced technologies, the potential for cyber attacks grows, making robust cybersecurity strategies more critical than ever. The complexity of modern supply chains, with their numerous vendors and touchpoints, only amplifies the risk, as each link in the chain could be a potential vulnerability.
Get your complimentary copy of the report.
Despite the clear risks associated with technological innovation, there remains a troubling disconnect between business objectives and IT priorities in the retail sector. The report highlights that while business leaders are eager to drive innovation, they often overlook the need to integrate cybersecurity into their strategic planning. This misalignment leaves organizations vulnerable, particularly in their supply chains, as cybersecurity measures are frequently treated as afterthoughts rather than integral components of business success.
One of the most striking findings in the report is that 83% of retail executives do not view cyber resilience as a whole-organization priority. Instead, it is often siloed within IT departments, with limited engagement from other parts of the business. This fragmented approach undermines the effectiveness of cybersecurity efforts and exposes the organization, especially its supply chain, to greater risks.
To bridge the gap between business objectives and IT priorities, retail leaders must adopt a more integrated approach to cybersecurity, with a particular focus on the supply chain. Here are some key strategies to consider:
1. Proactive Risk Management: Retail executives must involve IT and cybersecurity teams in the early stages of strategic planning. By doing so, they can anticipate potential risks in the supply chain and develop proactive measures to mitigate them rather than reacting to threats after they occur.
2. Cross-Departmental Collaboration: Breaking down silos between IT, supply chain management, and other business units is essential for aligning cybersecurity with business goals. Regular communication and collaboration across departments can ensure that cybersecurity is considered in all business decisions, particularly those affecting the supply chain.
3. Prioritizing Cyber Resilience: Cyber resilience should be recognized as a critical business imperative, not just an IT concern. By elevating its importance within the organization, retail leaders can secure the necessary resources and support to build a more resilient operation, including a secure supply chain.
4. Leveraging External Expertise: Given the complexity of today’s cyber threats, retail organizations should not hesitate to seek external guidance. Engaging with cybersecurity experts can provide valuable insights and help strengthen internal capabilities, particularly in securing vulnerable supply chain links.
As retail businesses continue to innovate, the need for robust cybersecurity strategies becomes increasingly urgent, especially in securing the supply chain. The 2024 LevelBlue Retail Report underscores the importance of aligning cybersecurity efforts with broader business objectives to ensure a resilient and secure future. By adopting a more integrated approach, retail leaders can protect their organizations and supply chains from emerging threats while continuing to drive forward with innovative solutions.
The stakes have never been higher in a world where dynamic computing and technological innovation are transforming retail. Retail leaders must prioritize cyber resilience as a foundational element of their business strategy, with a strong emphasis on securing the supply chain.
Download the 2024 LevelBlue Futures Report for Retail to explore these insights and more.
KPMG research finds money laundering accounted for the majority of fraud cases heard in the first half of 2024
A phishing exercise conducted by the IT department of the University of California Santa Cruz (UCSC) has backfired, after causing unnecessary panic amongst students and staff.
Read more in my article on the Hot for Security blog.
