Security News > 2023 > June

Sextortion is a form of online blackmail where malicious actors threaten their targets with publicly leaking explicit images and videos they stole or acquired, typically demanding money payments for withholding the material. FBI warns that sextortionists are now scraping publicly available images of their targets, like innocuous pictures and videos posted on social media platforms.

Sextortion is a form of online blackmail where malicious actors threaten their targets with publicly leaking explicit images and videos they stole or acquired, typically demanding money payments for withholding the material. "As of April 2023, the FBI has observed an uptick in sextortion victims reporting the use of fake images or videos created from content posted on their social media sites or web postings, provided to the malicious actor upon request, or captured during video chats," reads the alert published on the FBI's IC3 portal.

The US Ninth Circuit Court of Appeals last week ruled that Enigma Software Group can pursue its long standing complaint against rival security firm Malwarebytes for classifying its software as "Potentially unwanted programs" or PUPs. Florida-based Enigma has been trying to hold Malwarebytes accountable for blocking its programs since 2017 when the firm initially sued Malwarebytes for tortious interference, violation of New York business law, and false advertising under the Lanham Act.

Google said its data from last spring shows passkeys are two times faster and four times less error-prone than passwords. Google - along with Microsoft, Apple and others - announced last year that it would start to support passkeys and participate in their development with the Fast Identity Online Alliance, better known as the FIDO Alliance, and the World Wide Web Consortium standards.

The US federal government's ban on TikTok has been extended to include devices used by its many contractors - even those that are privately owned. The rule went into effect the day it was published in the Federal Register - June 2 - meaning any government contracts issued will now have to include language regarding the ban.

Over 60,000 Android apps disguised as legitimate applications have been quietly installing adware on mobile devices while remaining undetected for the past six months. The malicious apps are not hosted on Google Play but on third-party websites in Google Search that push APKs, Android packages that allow you to manually install mobile apps.

The second reserves 64 bits for storing a memory address where the text string of a customer's name can be found. As you can imagine, you'd better not mix up these two values, because a number that makes sense, and is safe, to use as a day number, such as 23157, would almost certainly be unsafe to use as a memory address.

Along with paying the rather small fine, the FTC is also requiring the company to update its account creation process for children to prevent collection and storage of data, and extend those responsibilities to third-party publishers that Microsoft shares such data with. Xbox users trying to create an account weren't asked to involve a parent until after Microsoft collected all of that personally identifiable information.

A recent malware campaign has been found to leverage Satacom downloader as a conduit to deploy stealthy malware capable of siphoning cryptocurrency using a rogue extension for Chromium-based browsers. "The main purpose of the malware that is dropped by the Satacom downloader is to steal BTC from the victim's account by performing web injections into targeted cryptocurrency websites," Kaspersky researchers Haim Zigel and Oleg Kupreev said.

Because the data includes the identity fraud goldmine of the victims' names and social security numbers, one of the lawsuits claims the danger to those affected could continue throughout "Their lives." According to the data breach notice by Mercer University in Macon, Georgia, 93,512 people were affected.