Articles of interest from the week of November 11, 2024

Oh, the Humanity! How to Make Humans Part of Cybersecurity Design

What if the missing piece in cybersecurity isn’t a new tool, but people? A new article explores why human-centered design in cybersecurity could be the key to a stronger, more resilient defense. By integrating user needs into security measures, companies can reduce risky behavior and improve overall security culture. This approach shifts focus from simply enforcing rules to empowering employees to make safer choices. Discover how a people-first perspective could transform cybersecurity, making it more intuitive and effective for everyone involved. (Dark Reading)

“While us security professionals understand the benefits and may feel like they outweigh convenience, users are burnt out and frustrated with the additional layers of security we've piled on top of their day to day responsibilities. Security awareness training is boring and repetitive, frequent password change requirements are interruptive, and multi-factor authentication solutions are tedious. I agree that the cybersecurity industry needs to move in a direction of more passive security combined with security monitoring, user behavior analytics, and even AI advancements. Users do need training, but make it more interesting. Users do need strong passwords, so offer them a secure password management solution to do the heavy lifting for them. MFA is great, but offer SSO where possible to reduce the number of times they must wait for a text or email code to arrive. While security is everyone's responsibility, security professionals must keep in mind that our end users have their own job and responsibilities that, for the most part, have nothing to do with cybersecurity. The more controls and tools we can implement in the background so they can focus on their jobs and not ours, the happier we'll all be.” – Scotlyn Clark, Sr. Cybersecurity Consultant at Ingalls Information Security

FBI: Spike in Hacked Police Emails, Fake Subpoenas

A recent warning from the FBI reveals a troubling trend: hackers are taking over police email accounts to send fake subpoenas, fooling businesses into sharing sensitive customer data. This cunning scheme allows cybercriminals to obtain personal information like payment details and IP addresses under the guise of legal demands. With attacks becoming increasingly frequent, both organizations and individuals need to stay vigilant against these deceptive tactics. Dive into the full article to learn how these fake subpoenas work, who's at risk, and the FBI’s advice on avoiding such scams. (Krebs on Security)

LottieFiles Hacked in Supply Chain Attack To Steal Users’ Crypto

LottieFiles, a popular platform for animated graphics, recently fell victim to a sophisticated supply-chain attack aimed at stealing users' cryptocurrency. Hackers injected malicious code into LottieFiles’ software, exposing crypto wallets of unsuspecting users and sparking concerns over the safety of widely used animation tools. This attack highlights the growing threat of supply-chain breaches that target software to compromise a broad user base, underscoring the need for heightened security even in creative tools. Read on to find out how this happened, who may be affected, and what this could mean for future supply-chain security. (Bleeping Computer)

North Korean Hackers Target macOS Users

North Korean hackers are stepping up their game, targeting macOS users with fake cryptocurrency-related PDF files to spread malware. This new tactic exploits users’ curiosity about crypto investments, delivering malicious software disguised as legitimate documents. Apple users, often seen as safer from cyber threats, are now in the crosshairs, highlighting a significant shift in hacking strategies. Dive into the full article to uncover how these hackers execute their attacks, why macOS is now a target, and what it means for the future of cybersecurity on Apple devices. (SecurityWeek)

Unpatched Vulnerabilities Allow Hacking of Mazda Cars: ZDI

Mazda vehicles may be at risk due to unpatched vulnerabilities that hackers could exploit to take control. Researchers recently discovered security flaws that could allow attackers to access certain systems within Mazda cars, raising alarms about automotive cybersecurity. With an increasing number of vehicles relying on software, this vulnerability highlights a critical need for manufacturers to prioritize timely security updates. Find out how these flaws were discovered, what they could mean for drivers, and why keeping software up-to-date is now a crucial aspect of vehicle safety in this revealing article. (SecurityWeek)