A new study says social media makes children rude and anti-social, how TikTok is changing the way we speak, watch out for this huge hotel hack, Queen Elizabeth II’s golden Wii console, how to record your computer screen for free and iPhone 14 issues. Plus, how to see live bird migration maps in your area and what to do when you get a text with a verification code you didn’t request.
Previous episode
October 3, 2022
Police can access your home security cameras, Tesla’s cybertruck delays, Starlink bypasses government controls, signs a keylogger is on your phone and find out how long it will take to beat a video game. Plus, search through your old Facebook posts for something specific, 3 Google Maps tricks and how to hear your TV at whatever volume you want.
Australian Prime Minister Anthony Albanese speaks at the Sydney Energy Forum in Sydney, Australia July 12, 2022. Brook Mitchell/Pool via REUTERS/File Photo
Register now for FREE unlimited access to Reuters.com
SYDNEY, Sept 26 (Reuters) – Australia plans to toughen privacy rules to force companies to notify banks faster when they experience cyber attacks, Prime Minister Anthony Albanese said on Monday, after hackers targeted the country’s second-largest telecoms firm.
Optus, owned by Singapore Telecoms Ltd (STEL.SI), said last week that home addresses, drivers’ licences and passport numbers of up to 10 million customers, or about 40% of the population, were compromised in one of Australia’s biggest data breaches.
The attacker’s IP address, or unique identifier of a computer, appeared to move between countries in Europe, the company said, but declined to detail how security was breached. Australian media reported an unidentified party had demanded $1 million in cryptocurrency for the data in an online forum but Optus has not commented on its authenticity.
Register now for FREE unlimited access to Reuters.com
Albanese called the incident “a huge wake-up call” for the corporate sector, saying there were some state actors and criminal groups who wanted to access people’s data.
“We want to make sure … that we change some of the privacy provisions there so that if people are caught up like this, the banks can be let know, so that they can protect their customers as well,” he told radio station 4BC.
Cybersecurity Minister Clare O’Neil said Optus was responsible for the breach and noted such lapses in other jurisdictions would be met with fines in the hundreds of millions of dollars, an apparent reference to European laws that penalise companies 4% of global revenue for privacy breaches.
“One significant question is whether the cyber security requirements that we place on large telecommunications providers in this country are fit for purpose,” O’Neil told parliament.
Optus said it would offer the most affected customers free credit monitoring and identity protection with credit agency Equifax Inc (EFX.N) for a year. It did not say how many customers the offer applied to.
“I think IT would appreciate less memes while they handle the breach.”
Not A Joke
When a hacker announced that they had breached Uber’s security, some of the ride-sharing company’s employees reportedly thought they were being pranked.
As screenshots provided to The Washington Post show that when the still-unknown hacker announced themselves via a company Slack channel, many employees responded with emoji reactions that suggest they thought someone was playing a joke.
As the WaPo noted, there were others who took the hack announcement a bit more seriously.
“Sorry to be a stick in the mud,” the person whose messages were reviewed by WaPo wrote, “but I think IT would appreciate less memes while they handle the breach.”
Trolling, Trolling, Trolling
Further details that have since been revealed about the Uber hack, which was initially confirmed by the New York Times, reveal that the person who took credit for the hack claimed they are 18 years old, and that they had an, er, interesting way of trolling the company.
An Uber employee who spoke to Fortune told the magazine that when they opened their work computer, the company’s internal website displayed an “erect penis” along with text that read “FUCK YOU WANKERS.”
This reporting seems to corroborate details provided to Yuga Labs security engineer Sam Curry, who tweeted yesterday that Uber employees said they found themselves redirected to web pages that featured “a pornographic image” and the same “wanker” epithet.
As Ars Technica and other outlets have reported, the hacker appears to have accessed Uber’s internals via a successful phishing attack they took out on an employee via WhatsApp.
The company told Reuters that it’s investigating the breach and claims no sensitive user data had been accessed. Until the company — or the hacker — provide more updates, we won’t really know what happened or why the hacker went after the ride-sharing giant. But it’s clear, at least, that it was not a joke.
https://spinsafe.com/wp-content/uploads/2022/09/uber-hack-security-breach-prank.jpg8011200SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2022-09-17 14:00:122022-09-17 14:00:12Uber Hack Was So Huge Employees Thought It Was a Prank
North Korean hackers are attempting to lure in cryptocurrency experts via bogus job offers for crypto exchange platform Coinbase.
As reported by Bleeping Computer, a campaign orchestrated by the well known North Korean Lazarus hacking group has been uncovered, and its target is those involved in the increasingly popular fintech (financial technology) industry.
In what is clearly part of a social engineering attack, the hacking group engages in conversation with targets through LinkedIn, which ultimately culminates in a job offer being presented to the potential victim.
Coinbase is a leading cryptocurrency exchange company, so, at face value, many who are not privy to the attack will naturally be interested in adding them to their resumes. However, if the attack were to succeed, then the consequences could lead to untold amounts of crypto wallets being seized and stolen.
Hossein Jazi, who works as a security researcher at internet security firm Malwarebytes and has been analyzing Lazarus since February 2022, said individuals from the cybergang are masquerading as employees from Coinbase. The scam attracts potential victims by approaching them to fill the role of “Engineering Manager, Product Security.”
If that individual falls for the fake job offer, then they’ll eventually be given instructions to download a PDF explaining the job in full. However, the file itself is actually a malicious executable utilizing a PDF icon to trick people.
The file itself is called “Coinbase_online_careers_2022_07.exe,” which seems innocent enough if you didn’t know any better. But while it opens a fake PDF document created by the threat actors, it also loads malicious DLL codes onto the target’s system.
After it’s successfully deployed onto the system, the malware will then make use of GitHub as a central command center in order to receive commands, after which it has free rein to carry out attacks on devices that have been breached.
U.S. intelligence services have previously issued warnings regarding Lazarus’ activity in issuing cryptocurrency wallets and investment apps infected with trojans, effectively allowing them to steal private…
https://spinsafe.com/wp-content/uploads/2022/07/hacker-breaking-into-a-system-using-computer.jpg14142121SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2022-08-09 03:30:172022-08-09 03:30:17North Korean hackers are targeting this huge crypto exchange
