Cyber Bites

The U.S Federal Trade Commission (FTC), the U.S agency primarily responsible for consumer protection, warned that they would be cracking down on companies which illegally share or sell sensitive consumer data. This warning is in response to a growing consumer awareness surrounding the private market of personal data and the inability of a consumer to reasonably prevent such usage. "While many consumers may happily offer their location data in exchange for real-time crowd-sourced advice on...

Hackers are impersonating well-known cybersecurity companies in callback phishing emails to gain initial access to corporate networks. CrowdStrike have been recently targeted. Most phishing campaigns embed malicious links that lead to landing pages that steal login credentials or emails that include harmful attachments to install malware. Over the past year, threat actors have increasingly used "callback" phishing campaigns that impersonate well-known cybersecurity companies requesting victims to call a number to resolve a problem, cancel a...

On Tuesday, TikTok, the popular video-sharing platform, agreed to halt a controversial privacy policy update that could have allowed it to serve targeted ads based on users' activity on the platform without their permission. TechCrunch reported the reversal, which comes a day after the Italian data protection company (the Garante per la Protezione dei Dati Personali) warned the company against the change, citing violations of data protection laws. The Garante said, "The personal data stored in...

A report released by Panaseer, a cybersecurity company, last week suggests that cyber insurance companies are looking for new ways to assess risk as they grow increasingly wary of rising claims. The 2022 Cyber Insurance Market Trends Report found that there is a lack of confidence in underwriting processes. Nearly one in 10 respondents admitted that they were 'not that confident' in their underwriting capabilities for cyber insurance. Only 44% of insurers said that they...

French telecoms operator La Poste Mobile has alerted customers that their data may have been compromised in a ransomware attack that targeted the company's management and administrative systems on 4th July. The attack is believed to have been carried out by the LockBit ransomware group. The hackers took the company's systems offline as it attempted to minimise damage. A week later, its website is still offline and visitors are greeted by a statement in French...

Security researchers have found that several modern Honda car models have a vulnerable rolling code mechanism that allows the cars to be unlocked and, sometimes, the engine to be started remotely. Named Rolling-PWN, the weakness enables replay attacks in which a threat actor intercepts the codes from the keyfob to the car and uses them to unlock or start the vehicle. The researchers claim to have tested the attack on several Honda models between 2021...

Last Friday, the US Department of Justice (DOJ) announced that a Florida resident named Ron Aksoy has been arrested and charged for allegedly selling thousands of fraudulent and counterfeir Cisco products over a span of 12 years. Aksoy, 38, also known as Dave Durden, is reported to have run at least 19 companies founded in New Jersey and Florida, approximately 10 eBay storefronts, at least 15 Amazon storefronts, and multiple other entities with an estimated...

Solicitors have been urged to stop advising clients to pay ransomware demands in a joint letter issued last week by the UK's National Cyber Security Centre (NCSC) and Information Commissioner's Office (ICO). The open letter urged the Law Society to remind all its members that they should not advise clients to pay ransomware demands when they fall victim to a cyber attack. The letter emphasised that paying ransom does not reduce the risk of further...

It has emerged that the $540 million hack of Axie Infinity's Ronin Bridge in March 2022 was the consequence of one of its former employees getting tricked by a fraudulent job offer on LinkedIn. According to a report written by The Block, which was published last week, two people familiar with the matter were cited. Allegedly, a senior engineer at the company was tricked into applying for a job at a non-existent company, causing the...

Last Thursday, Disneyland had their Facebook and Instagram accounts taken over by a self-proclaimed "super hacker" who posted racist and homophobic posts. The threat actor, operating under the name "David Do", claimed that he was seeking "revenge" on Disneyland employees after some of them had allegedly insulted him. One of the posts read: “I am a super hacker that is here to bring revenge upon Disneyland Who’s the tough guy now Jerome?” The hacker also...