A quick Saturday digest of cybersecurity news articles from other sources.
Mega-crackers back with nearly 100 million new stolen data records
Sounds like the crooks who tried to sell more than 600 million records last week are back with nearly 100 million more…
Employee Sued By Employer Over $250 BEC Scam
A woman is being sued for sending approx. 250K of her employer’s cash to an online fraudster. Employer claims she was “careless and in breach of the duties – including the duty to exercise reasonable care in the course of the performance of her duties as an employee which she owed to her employer, the pursuer.” Think that cybersecurity training doesn’t matter? Well this employee never had any, and it may get her off the hook.
Google’s working on stopping sites from blocking Incognito mode
Google Chrome’s Incognito mode hasn’t been an impenetrable privacy shield: For years, it’s been a snap for web developers to detect when Chrome users are browsing in private mode and to block site visitors who use it. Now it looks like Google plans to close that loophole.
Military Carrier Pigeons in the Era of Electronic Warfare
Carrier pigeons are still being used by military around the world as a way to communicate in the event electronic communications are unusable or compromised.
The Evolution of Darknets
An interesting article about the problems of selling on the Dark Web, and what solutions are being pursed by Dark Web merchants.
Using Gmail “Dot Addresses” to Commit Fraud
In Gmail addresses, the dots don’t matter. The account “bruceschneier@gmail.com” maps to the exact same address as “bruce.schneier@gmail.com” and “b.r.u.c.e.schneier@gmail.com” — and so on. (Note: I own none of those addresses, if they are actually valid.) This fact can be used to commit fraud. Recently, we observed a group of BEC actors make extensive use of Gmail dot accounts to commit a large and diverse amount of fraud.
Share
MAR
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com