Stolen PII and deepfakes used to apply for tech jobs
The Federal Bureau of Investigation (FBI) issued a warning that cybercriminals are using Americans’ stolen Personally Identifiable Information (PII) and deepfakes to apply for remote work positions. Fraudsters are targeting work-from-home IT jobs and using deepfake videos during the interview process. However, the FBI noted, “In these interviews, the actions and lip movement of the person seen interviewed on-camera do not completely coordinate with the audio of the person speaking. At times, actions such as coughing, sneezing, or other auditory actions are not aligned with what is presented visually.”
Russia fines foreign firms for data violations
On Tuesday, a Moscow court levied fines against Twitch, Pinterest, Airbnb and United Parcel Service (UPS) for refusing to store Russian citizens’ personal data in Russia. The Tagansky District Court accused the firms of breaching Russian data laws and issued fines of 2 million roubles ($37,700), except for UPS, which was only fined half that amount. Earlier this month, Google received a heftier fine for repeated data law violations and its Russian subsidiary filed for bankruptcy after authorities seized its bank account, making it impossible to pay staff and vendors.
(Reuters)
Premier League crypto sponsorships expose fans to big losses
A Twitter thread from Joey D’Urso highlights that nearly every football club in the UK’s Premier League promoted unregulated cryptocurrencies which have completely tanked in value, exposing fans to significant losses. The Advertising Standards Authority accused Arsenal football club of taking advantage of consumer “inexperience or credulity” by trivializing investment in its fan tokens which plummeted in value. Similarly, Villa fan tokens, which a fan club called “wholly inappropriate” before it launched, also came crashing down. Additionally, Chelsea coach John Terry promoted an NFT scheme which has now lost 99% of its initial price.
Messenger chatbots used to steal Facebook accounts
Threat actors are now using Facebook Messenger chatbots to steal Facebook account credentials. The attack starts with a phishing email informing the recipient that their Facebook page has violated Community Standards and giving them 48 hours to appeal the decision, or their page will be deleted. The link provided directs victims to a Messenger conversation with a chatbot which sends the victim an “Appeal Now” button through Messenger. Once clicked, the button directs victims to a malicious website disguised as a “Facebook Support Inbox” which prompts users for their account password which, of course, is sent to the threat actor’s database.
Thanks to today’s episode sponsor, Optiv
Hackers claim they hacked AMD using their weak passwords
The RansomHouse cyber gang claims it leaked part of 450 gigabytes of data from global chipmaker AMD by merely guessing employee passwords. The leaked data confirms that the gang indeed accessed well-known terrible passwords such as “123456″ and “Welcome1.” RansomHouse wrote on its website, “It is a shame those are real passwords used by AMD employees, but a bigger shame to AMD Security Department which gets significant financing according to the documents we got our hands on — all thanks to these passwords.”
(Gizmodo)
Nearly one million misconfigured Kubernetes exposed online
Cybersecurity firm Cyble has uncovered over 900,000 Kubernetes (K8s) clusters exposed across the internet. The researchers note that mis-configured Kubernetes may be vulnerable to data exfiltration and other attacks. Cyble observed that the US has the highest Kubernetes exposure count, followed by China and Germany. The firm recommends companies keep Kubernetes versions up to date, remove debugging tools from production containers, review API permissions regularly, and limit exposure of critical assets and ports.
Android spyware has been upgraded to banking trojan
Earlier this month, researchers spotted a new variant of Android malware originally designed to perform keylogging activities and intercept SMS messages. Researchers dubbed the malware “Revive” because of its ability to automatically restart in the event that it stops working. However, the malware now includes the ability to perform account takeover attacks (ATO), prompting researchers to upgrade its classification from spyware to a trojan. Threat actors designed the trojan to launch persistent campaigns against Spanish banks.
Nearly all UK businesses expect quantum computing to cause disruption
A new report from EY revealed 97% of UK business leaders expect quantum computing to disrupt their sectors to a high or moderate extent. Nearly half (48%) believe that quantum computing will reach sufficient maturity and cause disruption by 2025. Despite this, only one-third (33%) of organizations have begun planning for quantum computing’s arrival. The report concludes that organizations should begin evaluating their readiness, identifying use cases, and providing education.