Identity Fraud: A Major Growth Area for Criminals
The lockdowns of 2020 led to an increase in online activity. This in turn led to an increase in online identity theft and fraud. The question asked for 2021 is whether 2020 was a temporary spike, or an ongoing change in fraudulent activity. This is the question discussed by Onfido in its Identity Fraud Report…
Microsoft Seizes Domains Used by China-Linked APT ‘Nickel’
The tech giant took over the websites after filing pleadings with the U.S. District Court for the Eastern District of Virginia, which quickly granted an order in this regard. While the move will prevent the group’s access to some of its victims, it is unlikely to put an end to Nickel’s activities. However, Microsoft does…
Firefox 95 Rolls Out With New ‘RLBox’ Isolation Feature
Dubbed RLBox, the new sandboxing technology has been developed in collaboration with academics at the University of California San Diego and the University of Texas and is meant to complement existing protections by isolating subcomponents. To keep users protected from web attacks, browsers run sites in sandboxed processes, but adversaries attempt to chain flaws to…
Cyberattack Causes Significant Disruption at Colorado Electric Utility
The Delta-Montrose Electric Association (DMEA) is a member-owned and locally controlled rural electric cooperative that serves more than 34,000 customers in Colorado’s Montrose, Delta, and Gunnison counties. It is part of Touchstone Energy Cooperatives, a cooperative federation that has over 750 members across the United States. DMEA last week revealed that it had discovered a…
Hackers Steal $150 Million Worth of Cryptocurrency From BitMart
The platform claims that only the Ethereum (ETH) and Binance Smart Chain (BSC) hot wallets were impacted, and notes that the two wallets were compromised using stolen private keys. “In response to this incident, BitMart has completed initial security checks and identified affected assets. This security breach was mainly caused by a stolen private key…
Web Browsers Vulnerable to 14 New Types of XS-Leak Attacks
Cross-site leaks, also known as XS-Leaks, are a type of browser side-channel attack that can allow a malicious website to infer and collect potentially sensitive user information from other sites by bypassing security mechanisms such as same-origin policy. Same-origin policy is designed to restrict how a document, script or media file loaded by one origin…
TSA Requires Rail and Airports to Strengthen Cybersecurity
The Biden administration said the requirements made public Thursday are part of a broader effort at protecting the nation’s critical infrastructure from ongoing cyberespionage and a surge in disruptive ransomware attacks. “These new cybersecurity requirements and recommendations will help keep the traveling public safe,” Homeland Security Secretary Alejandro Mayorkas said in a statement. He had…
17 Malware Frameworks Target Air-Gapped Systems for Espionage
The list was created over the course of 15 years, but the last four of the frameworks emerged last year, proof of an increased interest by threat actors to target isolated systems. Only malware components working together to create an offline, covert communication channel between air-gapped networks and a threat actor were taken into consideration…
Facebook, Twitter Take Down More State-Linked Accounts
Facebook removed over 800 accounts, pages and groups from the social media platform for engaging in what the company calls coordinated inauthentic behavior. Other accounts were taken down for brigading and mass reporting. The largest number of removed Facebook accounts, pages, and groups (548 in total, alongside 86 Instagram accounts) were associated with a network…
Planned Parenthood LA Breach Compromises 400,000 Patients’ Data
A security incident at Planned Parenthood’s Los Angeles (PPLA) branch compromised personal data of about 400,000 patients, officials confirmed this week. News of the breach was confirmed in letters sent to affected patients. These state suspicious activity was detected on the PPLA network on Oct. 17, 2021. Following its discovery, PPLA took its systems offline,…
