When you are educating your employees about the importance of maintaining a complex password or passphrase, share this story to show why it is so important and to emphasize not to use same or similar passphrases across multiple platforms. It is not just a matter of getting into the company’s systems, but also one of
hacker
Privacy Tip #303 – Russian Hacking Group Targets Gmail Users
If you think the Russians are only targeting U.S. companies and the defense industry, think again. The cyber war between Russia and the U.S. has escalated since the President threw down the gauntlet on Putin, and the retaliation is to attack Gmail users in the U.S. Yes, Gmail users are part of the war.
According…
Privacy Tip #299 – Creepy SpyFone Banned by FTC
In a second case against stalkerware apps and the first where the FTC has banned a company from doing business, the FTC announced on September 1, 2021, that it has “banned SpyFone and its CEO…from the surveillance business over allegations that the stalkerware app company secretly harvested and shared data on people’s physical movements, phone…
Privacy Tip #297 – Vulnerability in Smart Home Devices Including Baby Monitors
Mandiant, a division of FireEye, has reported that it has discovered a vulnerability in a software protocol that enables hackers to gain access to audio and visual data on smart devices including baby monitors and web cameras. The protocol was created by Taiwanese Internet of Things vendor ThroughTek, and is incorporated in as many as…
Cryptoheister(s) Return Stolen Booty
Cryptocurrency platform Poly Network, which allows users to swap different types of digital tokens, was the victim of a cryptoheist that resulted in the thief (allegedly just one hacker) to swipe over $600 million of currency. The incident has been dubbed the largest theft of cryptocurrency to date.
The story reads like the beginning of…
Extortion Doesn’t Work for EA Sports Hackers
According to The Record, Electronic Arts Sports (EA) was the victim of a cyber hacking in June, when hackers posted on an underground hacking forum that they were in possession of EA data seeking a sale price of $28 million. The hackers were reportedly able to access EA’s system after purchasing tools that allowed authentication…
OCR Cybersecurity Newsletter Focuses on Controlling Access to ePHI
The Office of Civil Rights (OCR) of the U.S. Department of Health & Human Services recently issued its Summer 2021 Cybersecurity Newsletter, which focuses on controlling access to electronic personal health information (ePHI) and the HIPAA Security Rule standards. Citing to a recent report of security incidents and data breaches in the health care…
Law Enforcement Takes Down DoubleVPN
I love seeing another win for law enforcement in the cyber context.
Servers and web domains owned by DoubleVPN, a virtual private network, were seized recently following a collaborative law enforcement effort involving the Dutch National Police, the FBI, Europol, and the U.K.’s National Crime Agency.
DoubleVPN is a security tool that has been used…
Microsoft Customers Warned of Targeted Scams by NOBELLIUM
Another fall-out from the SolarWinds incident has surfaced prompting Microsoft to issue a notice to affected customers that an attacker gained access to one of its customer service agents to launch hacking attacks against some of its customers.
During its continued analysis of the SolarWinds incident, Microsoft recently identified that the Nation-State associated NOBELLIUM group…
Volkswagen and Audi Hit with Data Breach Class Action
This week, Volkswagen AG’s U.S. entity and its Audi brand were hit with a class action for a data breach that allegedly compromised 3.3 million consumers’ personal information. In the U.S. District Court for the District of New Jersey, a California consumer filed a suit against the automakers on behalf of other current and prospective…