AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/23/2023

Casio discloses data breach impacting customers in 149 countries

Japanese electronics manufacturer Casio disclosed a data breach impacting customers from 149 countries after hackers gained to the servers of its ClassPad education platform. Casio detected the incident on Wednesday, October 11, following the failure of a ClassPad database within the company’s development environment. Evidence suggests that the attacker accessed customers’ personal information a day later, on October 12. The exposed data includes customer names, email addresses, countries of residence, service usage details, and purchase information such as payment methods, license codes, and order specifics.


Okta says its support system was breached using stolen credentials

Okta says attackers accessed files containing cookies and session tokens uploaded by customers to its support management system after breaching it using stolen credentials. “The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases,” said Okta’s Chief Security Officer David Bradbury. “It should be noted that the Okta support case management system is separate from the production Okta service, which is fully operational and has not been impacted.”


Scammers weaponize iPhone 15 overheating issue to steal users’ phones

Is your new iPhone part of Apple’s iPhone 15 recall? It shouldn’t be. Because there is no iPhone 15 recall. However, scammers posing as major carriers like Verizon are using the iPhone 15’s real overheating issues to try and convince iPhone owners to send them their phones as part of a fake recall. We know this because one of Mashable’s own reporters was recently the target of this scam.


Google Chrome’s new “IP Protection” will hide users’ IP addresses

Google is getting ready to test a new “IP Protection” feature for the Chrome browser that enhances users’ privacy by masking their IP addresses using proxy servers. Recognizing the potential misuse of IP addresses for covert tracking, Google seeks to strike a balance between ensuring users’ privacy and the essential functionalities of the web. IP addresses allow websites and online services to track activities across websites, thereby facilitating the creation of persistent user profiles. This poses significant privacy concerns as, unlike third-party cookies, users currently lack a direct way to evade such covert tracking.


Police Dismantle Ragnar Locker Ransomware Group

Global law enforcers have claimed another victory in the ongoing fight against ransomware, after seizing infrastructure and arresting a suspected key member of the Ragnar Locker group. Between October 16 and 20, police conducted searches in Czechia, Spain and Latvia, including the home of their “key target” – a suspected developer for the group. That individual was arrested in the French capital last Monday and has already been brought before the examining magistrates of the Paris Judicial Court. Five other suspects were interviewed by officers in Spain and Latvia.


Booking.com customers targeted by scam ‘confirmation’ emails

Travellers using the popular hotel website Booking.com are being warned not to fall for scam emails asking them to confirm their hotel payment, after a hack of Booking.com’s email system. In recent weeks the Observer has been contacted by a number of customers claiming that they had received scam emails from within the Booking.com system. In each case the customer has either checked in, or was due to check in, to a hotel they had reserved using Booking.com. The email – sent from noreply@booking.com – claims their stay may have to be cancelled unless they hand over their bank card details via an embedded link.

Related Posts