Welcome reader to your CybersecurityHQ report.

Headlines

A surge in credential stealer StrelaStealer attacks in Poland, Germany, Spain, and Italy have security researchers on alarm, especially as the malware involved appears to have checks in place to prevent affecting Russian systems. In a recent report by SonicWall Capture Labs, the operation was outlined, which uses archived and obfuscated JavaScript files sent via email. The script won’t proceed if the system language is Russian.

Targeting Outlook and Thunderbird, the spike in attacks is yet another of its kind since StrelaStealer was first discovered in November 2022.

The Los Angeles County Department of Health Services announces (PDF) that 47,000 individuals were affected by a data breach resulting from an employee falling prey to a push notification spamming attack. The hacker used “push notification fatigue” as a method of overcoming multi-factor authentication. Essentially, a flood of push notifications on the user’s device overwhelms them, prompting them to approve a login attempt.

The leaked data included names, dates of birth, addresses, phone numbers, email addresses, government IDs, Social Security numbers, health insurance, and medical information.

The impact of the CDK hack continues to be felt across the auto industry, and a new report shows that June sales are likely to slip compared to a year ago thanks to the attack.  Consultants at J.D. Power and GlobalData say that the slip will likely be in the range of 2.6% to 7.2%, reaching somewhere between 1,336,800 and 1,273,600 total units sold.

Thomas King, president of the data and analytics division at J.D. Power, said in a statement on the findings that “[s]ales will be delayed, but the majority will likely occur in July shortly after the situation is rectified and sales are being made despite system outages."

Interesting Read

The Bank for International Settlements (BIS) is now calling on banks to embrace AI, but it insists that humans should always be at the helm when setting interest rates. The umbrella group told policymakers in its first-ever major report on AI that the new technology will enhance inflation-detecting abilities.

The inflationary period in the wake of COVID-19 and Russia’s invasion of Ukraine was mentioned as a time when central banks could not predict what was coming. At the same time, AI has a tendency to hallucinate, so caution is advised. It’s an odd piece of research, but it is worth reading as a document indicative of our times. Read more about it here.

Employment Tip: Consider Remote vs. Relocation

Many cybersecurity roles are now done remotely, opening up your options considerably. Consider these, especially if relocation is undesirable but looks like the only option for landing a position.

For the latest openings in cybersecurity careers, check CybersecurityHQ.

Stay Safe, Stay Secure.

The CybersecurityHQ Team