Security News > 2023 > August

Japan's digital minister has doubled down on a June promise to penalize himself for the poor rollout of the country's digital ID, My Number Card, by offering up three months salary on Tuesday. The interim report reportedly revealed a lack of knowledge among the public on how to link their My Number Card to disability records, cases of health insurance being connected to the wrong card, and errors in pension records of public servants.

Ecommerce platforms are incorporating sophisticated fraud detection measures, but fraudsters, too, are refining their strategies. In this Help Net Security interview, Eduardo Mônaco, CEO at ClearSale, explains the complexities of ecommerce fraud, discussing the evolution of fraudster tactics, the effectiveness of social footprint analysis in confirming identity, the balance between fraud prevention and customer experience, and techniques to address more advanced fraud types.

In this Help Net Security video, Assaf Morag, Lead Threat Intelligence Analyst at Aqua Security, discusses research that discovered openly accessible and unprotected Kubernetes clusters belonging to more than 350 organizations, open-source projects, and individuals. At least 60% of these clusters were breached and had an active campaign with deployed malware and backdoors.

These statistics highlight the pressing need for organizations to relieve the burden experienced by IT professionals due to the shift to hybrid and remote work. IT professionals are 1.4 times more likely to disengage and "Quiet quit" their jobs compared to other knowledge workers.

Findlargedir is a tool written to help quickly identify "Black hole" directories on any filesystem having more than 100k entries in a single flat structure. Such directories cannot shrink back even if the content gets cleaned up since most Linux and Un*x filesystems do not support directory inode shrinking.

Vietnam's Ministry of Information and Communications has admitted the nation has a vast shortfall of infosec pros. Hải Anh, deputy head of Vietnam's Information Security Authority, an agency of the ministry, said data trading activities were typically conducted within closed social media groups.

Anonfiles, a popular service for sharing files anonymously, has shut down after saying it can no longer deal with the overwhelming abuse by its users. Anonfiles is an anonymous file-sharing site that allows people to share files anonymously without their activity being logged.

Discord.io has shut down "For the foreseeable future," after crooks stole, and then put up for sale, data belonging to all 760,000 of the service's users. To be clear: the intrusion happened to Discord.io, a third-party service for creating custom invites for individual Discord servers.

CISA is warning that a critical Citrix ShareFile secure file transfer vulnerability tracked as CVE-2023-24489 is being targeted by unknown actors and has added the flaw to its catalog of known security flaws exploited in the wild. "A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller," Citrix explains.

The Feds didn't go as far as naming any specific vendors or services here, but one of the main reasons that crooks go down the "Beta-testing" route is to lure users of Apple iPhones into installing software that didn't come from the App Store. In contrast, even iPhone apps that are 100% free must be submitted by the vendor to the App Store to become available for download, and downloaded by the user from the App Store for installation.