AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/08/2023

Cybercriminals exploit human misery in earthquake-hit Turkey and Syria with new online disaster scam 

Less than 24 hours after two massive earthquakes claimed the lives of thousands of people in Turkey and Syria, cybercrooks are already piggybacking on the humanitarian crisis. Cybercriminals never take a break from defrauding internet users, and the latest attempts spotted by Bitdefender Antispam Lab show, once again, just how unscrupulous they can be. While thousands of people were killed and tens of thousands more are left scouring crumbled buildings in search of those caught under the rubble, fraudsters are targeting the generosity of people around the world who wish to make a small contribution to victims of this disaster. 

 

Shares in British engineering company dive as it announces cost of cyberattack 

Morgan Advanced Materials, which produces ceramic and carbon parts used in semiconductor manufacturing, told investors on Tuesday that last month’s cyberattack could cost it up to £12 million — prompting its shares to dive. The British company — one of the 350 most valuable businesses listed on the London Stock Exchange — announced in January that it was “managing a cyber security incident after detecting unauthorized activity on its network.” The nature of the incident has still not been confirmed, however the description of the impact of the incident in an update for investors published through the Regulatory News Service is consistent with ransomware. Morgan Advanced Materials said that all of its manufacturing sites are operational “although some continue to use manual transaction processes as work continues to restore their systems.” 

 

Americans Flunked This Test on Online Privacy 

Many people in the United States would like to control the information that companies can learn about them online. Yet when presented with a series of true-or-false questions about how digital devices and services track users, most Americans struggled to answer them, according to a report published on Tuesday by the Annenberg School for Communication at the University of Pennsylvania. The report analyzed the results of a data privacy survey that included more than 2,000 adults in the United States. Very few of the respondents said they trusted the way online services handled their personal data. 

 

Regulator Halts AI Chatbot Over GDPR Concerns 

The Italian privacy regulator has ordered a popular AI chatbot to cease processing data on domestic citizens after breaking GDPR rules. Replika is marketed by San Francisco-based developer Luka as “the AI companion who cares” – a virtual “friend” for its users. However, Italian GDPR regulator, the GPDP, said late last week that the app doesn’t comply with the law’s transparency requirements, and it processes the personal data of children unlawfully. Specifically, there is no age verification mechanism to prevent children signing up, and the AI bot’s “replies” to users have been flagged as unsuitable for younger users. The GPDP said some app store reviews had noted sexually inappropriate content generated by the bot. 

 

What is the spell-jacking vulnerability and how can your business avoid exposing data? 

It isn’t only professional writers who rely on spell-checkers to guide them through the day. Your web browser, smartphone, email client and other platforms often make suggestions and automatic corrections with high regularity. Putting the debate around over-reliance on such tools to one side, there’s a growing cyber security threat involving spell-checking – which is where spell-jacking comes in. Josh Summitt, CTO at a security company specialising in JavaScript monitoring and analysis, Otto, was testing out script behaviour detection when they realised something was amiss when it came to enhanced spell-checking in Google Chrome and Microsoft Edge. The behaviour in question is transmitting personally identifiable information to those companies. This is a privacy issue – and one that becomes relevant when you enter the realm of enhanced browser spell-checking, as opposed to the basic spell-check functionality enabled by default in both Chrome and Edge.  

 

Singapore hit by growing cybercrimes, clocks $501M in losses from scams 

Singapore still is seeing more cases of online crimes, with phishing and e-commerce scams amongst the top five most common tactics used. The country saw a 25.2% climb in scams and cybercrimes last year, hitting 33,669 in reported cases, up from 26,886 in 2021. Scams accounted for the bulk, cheating victims of SG$660.7 million ($501.9 million), a 4.5% increase from SG$632 million in 2021, according to the latest figures from the Singapore Police Force (SPF).  Phishing, e-commerce, and investment scams were amongst the top five most common tactics used against victims, making up 82.5% of the top 10 types of scams last year. Phishing cases topped the list, with 7,097 reported cases in 2022, up 41.3% from 2021.  

Related Posts