Cyber Security Headlines – Stolen PII job applications, Russia data fines, Premier League crypto

Stolen PII and deepfakes used to apply for tech jobs

The Federal Bureau of Investigation (FBI) issued a warning that cybercriminals are using Americans’ stolen Personally Identifiable Information (PII) and deepfakes to apply for remote work positions. Fraudsters are targeting work-from-home IT jobs and using deepfake videos during the interview process. However, the FBI noted, “In these interviews, the actions and lip movement of the person seen interviewed on-camera do not completely coordinate with the audio of the person speaking. At times, actions such as coughing, sneezing, or other auditory actions are not aligned with what is presented visually.”

(Bleeping Computer)

Russia fines foreign firms for data violations

On Tuesday, a Moscow court levied fines against Twitch, Pinterest, Airbnb and United Parcel Service (UPS) for refusing to store Russian citizens’ personal data in Russia. The Tagansky District Court accused the firms of breaching Russian data laws and issued fines of 2 million roubles ($37,700), except for UPS, which was only fined half that amount. Earlier this month, Google received a heftier fine for repeated data law violations and its Russian subsidiary filed for bankruptcy after authorities seized its bank account, making it impossible to pay staff and vendors.

(Reuters)

Premier League crypto sponsorships expose fans to big losses

A Twitter thread from Joey D’Urso highlights that nearly every football club in the UK’s Premier League promoted unregulated cryptocurrencies which have completely tanked in value, exposing fans to significant losses. The Advertising Standards Authority accused Arsenal football club of taking advantage of consumer “inexperience or credulity” by trivializing investment in its fan tokens which plummeted in value. Similarly, Villa fan tokens, which a fan club called “wholly inappropriate” before it launched, also came crashing down. Additionally, Chelsea coach John Terry promoted an NFT scheme which has now lost 99% of its initial price.

(Techmeme and Twitter)

Messenger chatbots used to steal Facebook accounts

Threat actors are now using Facebook Messenger chatbots to steal Facebook account credentials. The attack starts with a phishing email informing the recipient that their Facebook page has violated Community Standards and giving them 48 hours to appeal the decision, or their page will be deleted. The link provided directs victims to a Messenger conversation with a chatbot which sends the victim an “Appeal Now” button through Messenger. Once clicked, the button directs victims to a malicious website disguised as a “Facebook Support Inbox” which prompts users for their account password which, of course, is sent to the threat actor’s database.

(Bleeping Computer)

Thanks to today’s episode sponsor, Optiv

The modern enterprise needs a solution as unique as its business.

Optiv’s Advanced Detection and Response (ADR) works with your organization to comb through the D&R clutter and find the ideal security solutions for your business. ADR delivers tailored detection and response backed by technology, real-time intel and deep expertise applied at touch. Bottom line: ADR finds and neutralizes threats fast, so you can focus on what matters.

If you’d like to learn more about Optiv ADR, please visit Optiv.com/adr.

Hackers claim they hacked AMD using their weak passwords

The RansomHouse cyber gang claims it leaked part of 450 gigabytes of data from global chipmaker AMD by merely guessing employee passwords. The leaked data confirms that the gang indeed accessed well-known terrible passwords such as “123456″ and “Welcome1.” RansomHouse wrote on its website, “It is a shame those are real passwords used by AMD employees, but a bigger shame to AMD Security Department which gets significant financing according to the documents we got our hands on — all thanks to these passwords.”

(Gizmodo)

Nearly one million misconfigured Kubernetes exposed online

Cybersecurity firm Cyble has uncovered over 900,000 Kubernetes (K8s) clusters exposed across the internet. The researchers note that mis-configured Kubernetes may be vulnerable to data exfiltration and other attacks. Cyble observed that the US has the highest Kubernetes exposure count, followed by China and Germany. The firm recommends companies keep Kubernetes versions up to date, remove debugging tools from production containers, review API permissions regularly, and limit exposure of critical assets and ports. 

(Infosecurity Magazine)

Android spyware has been upgraded to banking trojan

Earlier this month, researchers spotted a new variant of Android malware originally designed to perform keylogging activities and intercept SMS messages. Researchers dubbed the malware “Revive” because of its ability to automatically restart in the event that it stops working. However, the malware now includes the ability to perform account takeover attacks (ATO), prompting researchers to upgrade its classification from spyware to a trojan. Threat actors designed the trojan to launch persistent campaigns against Spanish banks. 

(Infosecurity Magazine)

Nearly all UK businesses expect quantum computing to cause disruption

A new report from EY revealed 97% of UK business leaders expect quantum computing to disrupt their sectors to a high or moderate extent. Nearly half (48%) believe that quantum computing will reach sufficient maturity and cause disruption by 2025. Despite this, only one-third (33%) of organizations have begun planning for quantum computing’s arrival. The report concludes that organizations should begin evaluating their readiness, identifying use cases, and providing education. 

(Infosecurity Magazine)

Sean Kelly
Sean Kelly is a cyber risk professional and leader who thrives on learning, collaborating and helping the business securely advance its mission. Sean is also a musician and outdoor enthusiast who loves spending time with his family and two cats.