Cybersafety Sentinel October 2022 Week 1

Claudiu’s Top Post

As he felt the feds close in on him, an extortionist had a sudden change of heart and deleted all stolen #data. When he saw that he was still being arrested, he made it clear that if he’d only been given an opportunity to report the #breach, he wouldn’t have had to resort to a life of #cybercrime. Oddly, this also failed to secure his freedom. Read More

Popular YouTube Channel Caught Distributing Malicious Tor Browser Installer

A popular Chinese-language YouTube channel has emerged as a means to distribute a trojanized version of a Windows installer for the Tor Browser. This way when people update this modified Tor Browser, they are redirected to the official update URL.” Read More

CISA directive orders federal civilian agencies to regularly report software vulnerabilities

Federal civilian agencies now will be expected to report detailed data about vulnerabilities to CISA at timed intervals using automated tools, she said. “We have said consistently that we are on an urgent path to gain visibility into risks facing federal civilian networks,” Easterly told reporters. Read More

US-UK Data Access Agreement now in effect for tackling crime

The Data Access Agreement (DAA), by which the US and UK have agreed how one country can respond to lawful data demands from police and investigators in the other, took effect on Monday. “Under the Data Access Agreement, service providers in one country may respond to qualifying, lawful orders for electronic data issued by the other country, without fear of running afoul of restrictions on cross-border disclosures,” the US Justice Department said in a statement. Read More

ZINC weaponizing open-source software

In recent months, Microsoft has detected a wide range of social engineering campaigns using weaponized legitimate open-source software by an actor we track as ZINC. MSTIC observed ZINC weaponizing a wide range of open-source software including PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording software installer for these attacks. Read More

Former Uber Security Chief Found Guilty of Data Breach Coverup

A U.S. federal court jury has found former Uber Chief Security Officer Joseph Sullivan guilty of not disclosing a 2016 breach of customer and driver records to regulators and attempting to cover up the incident. Sullivan affirmatively worked to hide the data breach from the Federal Trade Commission and took steps to prevent the hackers from being caught.” Read More