Information

20 Dec

DraftKings Data Breach Impacts Personal Information of 68,000 Customers

Information, News

Sports betting firm DraftKings says the personal data of 68,000 individuals has been compromised in a recent data breach. The incident, initially disclosed in November, was the result of a credential stuffing attack and not a breach of DraftKings’ systems, the company says. Credential stuffing involves the use of leaked credentials (usernames, email addresses, and passwords) obtained from a third-party source to access an account on a different service. Such attacks are successful only because…

Read More
19 Dec

Hacked Ring Cams Used to Record Swatting Victims

Information, Insights

Photo: BrandonKleinPhoto / Shutterstock.com Two U.S. men have been charged with hacking into the Ring home security cameras of a dozen random people and then “swatting” them — falsely reporting a violent incident at the target’s address to trick local police into responding with force. Prosecutors say the duo used the compromised Ring devices to stream live video footage on social media of police raiding their targets’ homes, and to taunt authorities when they arrived.…

Read More
19 Dec

Google Workspace Gets Client-Side Encryption in Gmail

Information, News

Google on Friday announced the beta availability of client-side encryption in Gmail for some of its Google Workspace customers. The feature is meant to improve the confidentiality of emails when they rest on Google’s servers, by applying encryption to the email body and attachments while providing Workspace customers with control over the encryption keys and the identity service used to access the keys. “Google Workspace already uses the latest cryptographic standards to encrypt all data…

Read More
17 Dec

MirrorFace aims for high‑value targets in Japan – Week in security with Tony Anscombe

Information

The group’s proprietary backdoor LODEINFO delivers additional malware, exfiltrates credentials, and steals documents and emails This week, the ESET research team published their findings about a spearphishing campaign that the Chinese-speaking threat actor MirrorFace launched in Japan and that mainly focused on members of a specific Japanese political party. The campaign – which ESET Research has named Operation LiberalFace and which occurred in the lead-up to the House of Councillors elections in July 2022 –…

Read More
16 Dec

US Food Companies Warned of BEC Attacks Stealing Food Product Shipments

Information, Malware, News

The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of Agriculture (USDA) are raising alarm on business email compromise (BEC) attacks leading to the theft of shipments of food products and ingredients. Typically used to steal money, BEC involves threat actors compromising email accounts at target companies and then targeting employees in charge of making payments with fraudulent emails that instruct them to…

Read More
16 Dec

Help! My kid has asked Santa for a smartphone

Information

The time has come for your child to receive their first smartphone. Before handing it over, however, make sure to help them use their new gadget safely and responsibly. Choosing the right holiday gift(s) for your children can be nerve-racking, perhaps doubly so if you’re choosing it for your pre-teen. It’s at that age when many kids feel they’re too old for toys and start insisting they need their first smartphone. Indeed, at that age,…

Read More
16 Dec

Traveling for the holidays? Stay cyber‑safe with these tips

Information

Holiday travel is back with a vengeance this year. Set yourself up for a cyber-safe and hassle-free trip with our checklist. You’ve successfully avoided all sorts of shopping scams while hunting for bargains this holiday season, and now the time has come to drive, fly or take a train home for Christmas. You’re taking time off to relax, but it is certainly not the time to put cybersecurity on the back burner – cybercrime knows…

Read More
16 Dec

S3 Ep113: Pwning the Windows kernel – the crooks who hoodwinked Microsoft [Audio + Text]

Information, Malware

by Paul Ducklin PWNING THE WINDOWS KERNEL Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher. READ THE TRANSCRIPT DOUG.  Wireless spyware,…

Read More
16 Dec

NIST to Retire 27-Year-Old SHA-1 Cryptographic Algorithm

Information, News

The US National Institute of Standards and Technology (NIST) this week recommended that IT professionals replace the SHA-1 cryptographic algorithm with newer, more secure ones. The first widely used method of securing electronic information and in use since 1995, SHA-1 is a slightly modified version of SHA, or ‘secure hash algorithm’, the very first standardized hash function. According to NIST, SHA-1 ‘has reached the end of its useful life’, given that the high computing capabilities…

Read More
16 Dec

GitHub Announces Free Secret Scanning, Mandatory 2FA

Information, News

Microsoft-owned code hosting platform GitHub this week announced multiple security improvements, including free secret scanning for public repositories and mandatory two-factor authentication (2FA) for developers and contributors. The secret scanning program is meant to help developers and organizations identify exposed secrets and credentials in their code. In 2022, it helped identify 1.7 million potential secrets exposed in public repositories. “Secret scanning alerts notify you directly about leaked secrets in your code. We’ll still notify our…

Read More