Security News > 2021 > October

The accounts of at least 6,000 Coinbase customers were robbed of funds after attackers bypassed the cryptocurrency exchange's multi-factor authentication. The attacker(s) used a flaw in Coinbase's account recovery process to seize the SMS two-factor authentication tokens needed to break into customers' accounts and transfer funds to crypto wallets unassociated with Coinbase.

The Internet Archive has launched a campaign against tech regulation by setting up a Wayforward Machine, semi-parodying its famous Wayback Machine archiving site. The Wayforward Machine paints a picture of the internet in 2046 - smeared with censorship, regulation, governmental interference, and more.

Today, U.S. President Joe Biden said that the U.S. will bring together 30 countries to jointly crack down on ransomware gangs behind a barrage of attacks impacting organizations worldwide. "I am committed to strengthening our cybersecurity by hardening our critical infrastructure against cyberattacks, disrupting ransomware networks, working to establish and promote clear rules of the road for all nations in cyberspace, and making clear we will hold accountable those that threaten our security."

Gift card fraud still fills a distressing niche in the cybercrime ecosystem, where a gang of crooks redeem gift cards that you paid for, either because you were convinced that those cards were earmarked for something else, or because the crooks got temporary access to one of your online accounts that allowed them to buy gift cards on your dime. The US Department of Justice announced this week the indictment of four suspected gift card scammers, and alleges that that these four had ended up with more than 5000 fradulently obtained cards to spend on themselves.

In July 2019, an Alabama hospital was dealing with a ransomware attack that had shut down computer systems throughout the hospital. She has filed a lawsuit against the hospital that claims the loss of monitoring technology ultimately caused the death of her infant.

The Federal Communications Commission announced earlier this week that phone companies are now required to filter calls from providers who haven't complied with a deadline to block illegal robocalls expired on September 28th. They can only accept calls from voice service providers registered in the Robocall Mitigation Database who have implemented caller ID authentication technology for calls carried made over Internet Protocol networks or filed a robocall mitigation plan with the FCC. "This technology is critical to protecting Americans from scams using spoofed robocalls because it erodes the ability of callers to illegally spoof a caller ID, which scammers use to trick Americans into answering their phones when they shouldn't," the FCC explains. To make it easy to comply with this robocall blocking deadline, the FCC provides an email subscription service that telecom companies can use to keep track of changes to the Robocall Mitigation Database.

If that makes it sound like the findings of the study point to a low level of consumer confidence in the protection of their online privacy, that would be accurate. The report itself highlights four key takeaways from the data, each of which it said "Demonstrates the growing importance of privacy to the individual and its implications on the businesses and governments that serve them."

Doing cloud native at enterprise scale is no mean feat, but doing it securely is the real challenge. Who do you turn to for practical guidance? To help you better understand and navigate the challenges enterprise scale brings, KubeSec Enterprise vSummit will focus on real-world enterprise experience in securing production environments.

Just this week, Neiman Marcus acknowledged the compromise, which included personal customer information like names, contact information, payment card information, gift card numbers, usernames, passwords and even security questions associated with online Neiman Marcus accounts. In total, Neiman Marcus, which also controls the brands Bergdorf Goodman, Neiman Marcus Last Call and Horchow, said 3.1 million cards were affected.

In a major blunder, cryptocurrency platform Compound accidentally paid out $90 million among its users. Compound is an Ethereum-based money market protocol that enables users to earn interest or borrow assets against collateral.