CyberSecurity Updates

08 Dec

TikTok Hit by US Lawsuits Over Child Safety, Security Fears

Information, News

TikTok was hit Wednesday with a pair of lawsuits from the US state of Indiana, which accused it of making false claims about the Chinese-owned app’s safety for children. The legal salvo came as problems are mounting for TikTok in the United States, with multiple accusations that the extremely popular app is a national security threat and a conduit for spying by China. “The TikTok app is a malicious and menacing threat unleashed on unsuspecting…

Read More
08 Dec

Microsoft’s rough 2022 security year in review

Data Breaches, Malware, Social Engineering

We soon close out the security year of 2022. Only time will tell what 2023 will bring, but for IT and security admins of Microsoft networks, 2022 has been the year of blended attacks, on-premises Exchange Server flaws, and vulnerabilities needing more than patching to mitigate. Here’s a month-by-month look at the past year. January: A bad start for on-premises Microsoft Exchange Server vulnerabilities It seems fitting that 2022 began with the release of the…

Read More
07 Dec

Apple finally adds encryption to iCloud backups

Data Breaches, Malware, Social Engineering

Apple today introduced several new security features focused on fending off threats to user data in the cloud, including end-to-end encryption for backups for iCloud users. Along with end-to-end encryption for iCloud, Apple’s cloud storage and computing platform, the company announced iMessage Contact Key Verification, allowing users to verify they are communicating only with whom they intend. Apple Apple also announced hardware Security Keys for Apple ID, giving users the choice to require two-factor authentication to sign…

Read More
07 Dec

Antwerp City Services Down After Digital Partner is Breached

Attacks, Malware

While there is currently not a lot of information available into how the breach of Digipolis occurred, the effects of the breach on the City of Antwerp are apparent. This attack is a recent example of a supply-chain attack, where a threat actor infiltrates one organization through a breach of another. Overall, the recommended strategy to protect against attacks such as these is to have a defense in depth strategy when it comes to security.…

Read More
07 Dec

Elon Musk’s Twitter Followers Targeted in Fake Crypto Giveaway Scam

Attacks, Malware

As with any crypto giveaway scam, the victim ends up sending the funds to the attacker’s wallet but never receives any amount back. Twitter accounts following famous personalities should be wary of suspicious messages and notifications heading their way. https://www.bleepingcomputer.com/news/security/elon-musks-twitter-followers-targeted-in-fake-crypto-giveaway-scam/

Read More
07 Dec

US Congress rolls back proposal to restrict use of Chinese chips

Data Breaches, Malware, Social Engineering

The US Congress is rolling back proposed legislation that would place restrictions on the use of Chinese-made chips by the government and its contractors, after  companies argued that the measures would raise costs. While the draft legislation still provides for restrictions to be enacted, contractors now have five years to comply with them, rather than the two years stipulated in an earlier version of the proposal, and the language of the new draft leaves room…

Read More
07 Dec

SIM swapper sent to prison for 2FA cryptocurrency heist of over $20m

Information

by Naked Security writer A Florida man who was part of a cybercrime gang who went after cryptocoin wallets has been sentenced for his part in a cyberheist that allegedly netted the participants more than $20,000,000. The scammers, including one Nicholas Truglia, 25, got control of various online accounts belonging to the victim by using a trick known in the trade as SIM swapping, also known as number porting. Migrating your phone number As you’ll…

Read More
07 Dec

New Zealand government compromised in third-party cyber attack

Attacks, Data Breaches

An IT managed service provider that supports a range of organizations across New Zealand including several within its government has suffered a cyber attack, compromising access to its data and systems. Those affected by the cyber security incident includes some providers contracted to Te Whatu Ora – Health New Zealand, although health service delivery has not been affected.  The Ministry of Justice was also affected by the third-party data breach and confirmed the cyber attack…

Read More
07 Dec

Athletic shoe maker Brooks runs down cyberattacks with zero-trust segmentation

Data Breaches, Malware, Social Engineering

Ransomware was again the top attack type in 2021, with manufacturing replacing financial services as the top industry in a Brooks Jon Hocut, director of information security for Brooks ssailants’ crosshairs—representing 23.2% of the global attacks remediated last year by IBM Security’s X-Force, according to the company’s Threat Intelligence Index 2022 report. With news like this, it is not surprising that “ransomware is the threat that keeps me up the most at night,” says Jon…

Read More
06 Dec

Ransomware attack knocks Rackspace’s Exchange servers offline

Data Breaches, Malware, Social Engineering

Cloud services and hosting provider Rackspace Technology acknowledged Tuesday that a recent incident that took most of its Hosted Exchange email server business offline was the product of a ransomware attack. The company shut the service down last Friday. It was not, initially, clear what had caused the outage, but Rackspace quickly moved to shift Exchange customers over to Microsoft 365, as this part of the company’s infrastructure was apparently unaffected. Rackpsace offers migration to…

Read More