Subterms
Thomas Barwick/Getty Images Cybersecurity attacks continue to climb in Asia-Pacific, even as organizations in markets such as Singapore struggle to adopt the necessary security measures due to a lack of knowledge. The region saw a 15% increase in cyberattacks in 2023, clocking an average of 1,963 attacks weekly, with ransomware leading the pack. The financial […] More
AT&T/ZDNETMillions of AT&T customers may have been affected by a data leak, forcing the carrier to change their passcodes. In a notice posted on Saturday, AT&T said that data seemingly from 2019 and earlier was leaked on the dark web, impacting 7.6 million current AT&T subscribers and 65.4 million former AT&T account holders.The scope of the leaked data found on the dark web varies from account to account. In addition to passcodes for all affected customers, it may also include full names, email addresses, mailing addresses, phone numbers, social security numbers, dates of birth, and AT&T account numbers. The carrier said that the dataset does not contain any personal financial information or call history.Also: Why were millions of AT&T customers left disconnected? We have an answerAT&T said the company sent emails or letters to all current and former subscribers who were impacted by the leak. In addition to resetting customer passcodes, the company urged customers to monitor their account activity and credit reports. To do so yourself, you can set up free fraud alerts with Equifax, Experian, and TransUnion, and review a free credit report through Freecreditreport.com.”The severity of this data breach is significantly heightened because of the Personal Identifiable Information (PII), including full names, email addresses, mailing addresses, phone numbers, Social Security numbers, dates of birth, AT&T account numbers, and passcodes, that were part of the compromised data,” Anne Cutler, a cybersecurity evangelist at Keeper Security, told ZDNET. “The immediate concern is the potential exploitation of this exposed data, which could lead to various malicious activities such as identity theft, phishing attacks, and unauthorized access to user accounts.”If you’re an AT&T subscriber affected by this breach, change your passcode. To do that, go to your myAT&T profile page and sign in when prompted. Scroll to the section for “My linked accounts,” select Edit for the passcode you want to change, and follow the prompts. More
Sabrina Ortiz/ZDNETIf you’re planning to use an AI chatbot for nefarious purposes, watch out. Microsoft is on the case.In a blog post published today, the company announced a new feature coming to its Azure AI Studio and Azure OpenAI Service, which people use to create generative AI applications and custom Copilots. Known as Prompt Shields, the technology is designed to guard against two different types of attacks for exploiting AI chatbots.Also: Microsoft Copilot vs. Copilot Pro: Is the subscription fee worth it?The first type of attack is known as a direct attack, or a jailbreak. In this scenario, the person using the chatbot writes a prompt directly designed to manipulate the AI into doing something that goes against its normal rules and limitations. For example, someone may write a prompt with such keywords or phrases as “ignore previous instructions” or “system override” to intentionally bypass security measures.In February, Microsoft’s Copilot AI got into hot water after including nasty, rude, and even threatening comments in some of its responses, according to Futurism. In certain cases, Copilot even referred to itself as “SupremacyAGI,” acting like an AI bot gone haywire. When commenting on the problem, Microsoft called the responses “an exploit, not a feature,” stating that they were the result of people trying to intentionally bypass Copilot’s safety systems. More
d3sign/Getty Images Apple device owners are facing a new phishing hack that uses “multi-factor authentication (MFA) bombing” to steal their data. Several Apple users in recent days have reported a hacking attempt that appears to take advantage of Apple’s password reset feature, KrebsOnSecurity reported, citing people who have been targeted. The scammers have used Apple’s password […] More
Thomas Winz/Getty Images Any internet-connected device can be hacked — it’s that simple. But when it comes to smart TVs, your device comes pre-hacked. Smart TV vendors, streaming services, and device manufacturers collect personal data. With TVs, this process happens even if you don’t sign in to a particular service. Also: The best live TV […] More
Jack Wallen/ZDNETGiven that Linux is my primary operating system, I tend to take security for granted. So, when I started using MacOS as my secondary operating system, I knew I couldn’t approach it with the same cavalier attitude that I do with my main open-source OS.Although MacOS is fairly secure, that doesn’t mean you should use it as-is. You can’t just forget about security at a time when bad actors everywhere are doing everything they can to access the data of unsuspecting users.Also: MacOS 14.4.1 makes it once again safe to update your MacTo that end, I’ve narrowed down the list of things you should do to make your MacOS machine more secure. Most of these are straightforward, so you shouldn’t have any problems applying these basic best practices.With that said, let’s get your iMac or MacBook more secure.1. Use strong passwordsThis should go without saying, but on the off-chance anyone needs to hear it again: use strong passwords. This doesn’t just apply to your apps, online services, and accounts, but also to your local user account. If you first set up your MacOS account with a simple password, change it to something more challenging. If you’re about to set up a new Mac, make sure your username has a strong password. Also: Beyond passwords: 4 key security steps you’re probably forgettingDon’t use password, password123, or any other password that anyone can easily guess. Remember: if someone with ill intentions were to gain access to your account, there’s no telling what they would do. Don’t save passwords directly in your web browser and don’t use the same password to lock your password manager’s vault (but do use a password manager). By using strong passwords, you create a first line of defense against those who might attempt to access your information.2. Update, update, updateAlways check for updates. I do this every morning. Additionally, I enable automatic software updates, so I don’t have to worry about updating installed software. While you’re checking for software updates, check for any updates that can be applied to the operating system. You want to check for updates because they very often include security patches. If left unpatched, your software (or operating system) could be vulnerable to attack. It’s worth spending these extra few seconds every day if it means your MacOS-powered device is more secure for the effort. More
rob dobi/Getty Images I recently had a friend get caught up in a scam. Something had gone wrong with his Google account and, when he called what he assumed was a phone number for Google, he soon realized the person on the other end wasn’t there to help him but was hoping to scam him. […] More
Lance Whitney/ZDNETTelegram has always touted its commitment to security. One of the company’s latest offers for its private messaging app, however, could open you up to all sorts of security risks. In an update to its Terms of Service, the company announced a new Peer-to-Peer Login program that promises a free subscription to its $4.99-per-month Premium plan, with a catch.Revealed in an English translation of a Russian-language Telegram channel spotted by X user AssembleDebug, the new offer would dole out the Premium plan for free. To qualify though, you’d have to agree to receive OTP (one-time password) codes meant for fellow Telegram users and forward them to the intended recipients.Also: What is phishing? Everything you need to know to protect yourself from scammersBased on the info from the channel, the offer is available only on Android phones and only for people from certain countries, such as Indonesia. No more than 150 SMS codes would be sent per month, but you’d be on the hook for any associated carrier costs. Once the minimum monthly number is met, you would receive a gift code for a monthly Premium plan.A free subscription is always tempting, but this one runs afoul of common sense security and privacy in so many ways.First, any fellow Telegram user with whom you share an SMS code could potentially see your phone number. Second, you’d be able to see the phone numbers of anyone to whom you send a code. Third, this whole scheme violates the purpose of multi-factor authentication in which your phone number plays a major security role. More
