Round Up of Major Breaches and Scams
Hundreds of domains managed by the U.K. government are on DNS-based blacklists creating email communication problems. Multiple government agencies, councils, and public welfare agencies rely on GOV.UK domain infrastructure to provide online services to Britain’s residents. Being on an automated IP blacklist usually signifies a problem with your mail infrastructure: most likely either your server has been sending spam, or was compromised at some point.
A Chinese researcher employed at the University of California, Los Angeles (UCLA) has been detained by the Federal Bureau of Investigation (FBI) for allegedly destroying and obstructing critical evidence. This couldn’t have come at a worse time when Trump’s administration and Beijing based Byte Dance is already at par over short video creating platform TikTok. The application is under fire for collecting data and giving it to the Chinese government that can target individuals or the state for blackmail and espionage.
South Korea has indicted Samsung Group vice chairman Lee Jae-yong over his role in a 2015 merger that made him heir apparent to the multinational’s empire. Samsung and Lee have denied the charges, which include alleged breaches of the country’s Capital Markets Act and External Audit Act. The transaction in question saw Samsung’s parent company, Samsung C&T, merged with an entity named Cheil Industries for $8bn. Lee owned 23 per cent of Cheil, which owned 46 per cent of Samsung Biologics. But Lee owned none of Samsung C&T.
A report revealed that scammers requested funds in the form of gift cards in two-thirds of business email compromise (BEC) attacks. For a phishing trends report from the Anti-Phishing Working Group (APWG), APWG member Agari examined thousands of BEC attacks that occurred in the second half of 2020. It found that 66% of them involved gift cards. By contrast, direct bank transfers factored in just 18% of attacks, followed close behind by payroll diversions at 16%.
Slack, the communication and collaboration platform, has been gaining attention lately as a potential phishing platform and it has been targeted by malicious actors. Mainly bad actors have been developing various methods to phish users within the platform itself – with concerns ranging from DMs to Slackbot reminders and public Slack channels or workspaces.
Round Up of Major Malware and Ransomware Incidents
A new trojan malware family has been identified by researchers that targets cryptocurrency. Researchers at ESET said the: “previously undocumented trojan malware family spreads through malicious torrents and that uses multiple tricks to squeeze as many cryptocoins as possible from its victims while staying under the radar.” ESET named the threat KryptoCibule, and it primarily targets users in the Czech Republic and Slovakia.
Round Up of Major Vulnerabilities and Patches
Leaked documents have revealed the concerns of law enforcement in how Internet of Things (IoT) technology can pose a risk to the safety of police officers. Smart doorbell vendors including Ring have created product lines that have transformed traditional bells and door chimes into intelligent technological solutions that provide location monitoring, real-time camera feeds, audio and visual recordings, and the ability to communicate with visitors remotely.