Security News
International Talk Like a Pirate Day is still months away - circle September 19th on your calendar, me hearties! - but The Register has found news of technology smuggling in China that suggests a buccaneering approach to imports. One incident, reported by Chinese media outlet MyDrivers, saw Chinese customs authorities notice a man wearing ill-fitting black clothing attempt to pass through Gongbei Port, the entry point from Macau to China.
The victim will need to pay in that 20% themselves - indeed, they'd jolly well better pay in quickly, the scammers claim, given that the "Authorities" are now involved and looking for their share. Once you realise you've been scammed, whether the scammers pull the plug on you, or you pull the plug on them, you may "Co-incidentally" be contacted by someone who sympathises with your plight, and who knows just the thing for you to try next.
As we mentioned back in March lapsus is as good a modern Latin word as any for "Data breach", and the trailing dollar sign signifies both financial value and programming, being the traditional way of denoting that BASIC variable is a text string, not a number. Okta, a 2FA service provider, was another high-profile victim, where the hackers acquired RDP access to an support techie's computer, and were therefore able to access a wide range of Okta's internal systems as if they were logged in directly to Okta's own network.
A US man has admitted he broke the law when he used 3D printers to make components converting semi-automatic guns to full auto. Kent Edward Newhouse, 41, a convicted felon of Jacksonville, Mississippi, pleaded guilty [PDF] to two counts of being a felon in possession of a firearm and one count of engaging in business as a manufacturer of firearms.
A coordinated law enforcement operation has resulted in the arrest of 11 members allegedly belonging to a Nigerian cybercrime gang notorious for perpetrating business email compromise attacks targeting more than 50,000 victims in recent years. The disruption of the BEC network is the result of a ten-day investigation dubbed Operation Falcon II undertaken by the Interpol along with participation from the Nigeria Police Force's Cybercrime Police Unit in December 2021.
The Russian FSB has identified the entire criminal enterprise known as "REvil". Police raids on 25 addresses in at least Moscow, St. Petersburg, Moscow, Leningrad and Lipetsk.
Cybersecurity Myths vs. Truths Myth #1 - Too much security diminishes productivity. There is a common idea that increased security makes it difficult for even employees to access what they need, not just hackers.
A 30-year-old alleged sports content pirate in Minneapolis, Minn., has found himself on the receiving end of a criminal complaint alleging that he not only stole user account credentials and sold access to pirated sports content. According to prosecutors, the MLB lost at least $2,995,272 due to Streit's alleged theft of games.
Authorities in Ukraine have made another cybersecurity bust - this time shutting down what they said is one of the largest underground cryptomining operations ever found. Stealing the vast amounts of electricity needed to power the computer farms required to mine cryptocurrency is most definitely prohibited.
A Moroccan man suspected of being "Dr HeX" - the prolific threat actor behind a nine-year cyber-blitz on thousands of victims through phishing, website defacing, malware development, fraud and carding - has been arrested. Interpol announced the bust - which took place in Morocco in May - on Tuesday, describing it as the result of a joint two-year probe dubbed Operation Lyrebird that saw Interpol working closely with the Moroccan police and security firm Group-IB. The unnamed suspect allegedly helped to develop carding and phishing kits to sell on criminal online forums.