Cybersafety Sentinel October 2022 Week 1 | Informatica
Weekly Insights from Cybersafety Sentinel
Stay updated with Informatica’s Cybersafety Sentinel’s October 2022 Week 1 edition. This week, we cover critical topics such as a popular YouTube channel distributing malicious Tor Browser installers, CISA’s new software vulnerability reporting directive, the US-UK Data Access Agreement, weaponized open-source software, and the former Uber security chief’s data breach coverup. Gain expert strategies to enhance your cybersecurity measures and protect your digital assets.
Featured Cybersafety Sentinel Posts
Check out our featured posts below for the latest insights from Cybersafety Sentinel.
Claudiu’s Top Post
As he felt the feds close in on him, an extortionist had a sudden change of heart and deleted all stolen #data. When he saw that he was still being arrested, he made it clear that if he’d only been given an opportunity to report the #breach, he wouldn’t have had to resort to a life of #cybercrime. Oddly, this also failed to secure his freedom. Read More
Popular YouTube Channel Caught Distributing Malicious Tor Browser Installer
A popular Chinese-language YouTube channel has emerged as a means to distribute a trojanized version of a Windows installer for the Tor Browser. This way when people update this modified Tor Browser, they are redirected to the official update URL.” Read More
CISA directive orders federal civilian agencies to regularly report software vulnerabilities
Federal civilian agencies now will be expected to report detailed data about vulnerabilities to CISA at timed intervals using automated tools, she said. “We have said consistently that we are on an urgent path to gain visibility into risks facing federal civilian networks,” Easterly told reporters. Read More
US-UK Data Access Agreement now in effect for tackling crime
The Data Access Agreement (DAA), by which the US and UK have agreed how one country can respond to lawful data demands from police and investigators in the other, took effect on Monday. “Under the Data Access Agreement, service providers in one country may respond to qualifying, lawful orders for electronic data issued by the other country, without fear of running afoul of restrictions on cross-border disclosures,” the US Justice Department said in a statement. Read More
ZINC weaponizing open-source software
In recent months, Microsoft has detected a wide range of social engineering campaigns using weaponized legitimate open-source software by an actor we track as ZINC. MSTIC observed ZINC weaponizing a wide range of open-source software including PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording software installer for these attacks. Read More
Former Uber Security Chief Found Guilty of Data Breach Coverup
A U.S. federal court jury has found former Uber Chief Security Officer Joseph Sullivan guilty of not disclosing a 2016 breach of customer and driver records to regulators and attempting to cover up the incident. Sullivan affirmatively worked to hide the data breach from the Federal Trade Commission and took steps to prevent the hackers from being caught.” Read More