Scammers advertise fake AppleCare+ service via GitHub repos
We’ve uncovered a malicious campaign going after Mac users looking for support or extended warranty from Apple via the AppleCare+ support plans. The perpetrators are buying Google ads to lure in their victims and redirect them to bogus pages hosted on GitHub, the developer and code repository platform owned by Microsoft. The goal of this scam is to get unsuspecting people on the phone with someone pretending to be working for Apple. From there, fraudulent call center agents will social engineer their victims in order to extract money from them.
Police Arrest Teen Over London Transport Cyberattack That Exposed Traveler Data
London, England’s National Crime Agency says it arrested a 17-year-old male in connection to the Sept. 1 cyberattack on Transport for London, which oversees the city’s transportation systems for over 8.9 million people including its subway system or tube, trains, trams, and buses. The arrest occurred on Sept. 5. The suspect was questioned over possible violations of the UK’s Computer Misuse Act and has since been released on bail, according to the NCA. “We have been working at pace to support Transport for London following a cyber attack on their network, and to identify the criminal actors responsible,” said NCA National Cyber Crime Unit head Paul Foster in a statement Thursday.
Irish Big Tech watchdog digs into platforms’ content reporting mechanisms after DSA complaints
Ireland’s media regulator, which oversees the compliance of a raft of tech giants with the EU’s Digital Services Act’s (DSA) general rules, said it is reviewing how major platforms let users report illegal content, following a high number of complaints. On Thursday, the Coimisiún na Meán (CNM) said one in three DSA complaints it has received since the general rules started to apply in February related to difficulties in reporting illegal content online. The review is looking at the tools and processes offered by Dropbox, Etsy, LinkedIn, Meta (Facebook and Instagram), Pinterest, Shein, Temu, TikTok, Tumblr, YouTube, and X. Another less familiar service, called Hostelworld, is included in the sweep.
23andMe will pay $30 million to settle 2023 data breach lawsuit
23andMe is close to settling a proposed class action lawsuit filed against the company over a data breach that compromised 6.9 million users’ information. According to the preliminary settlement filing, the DNA testing company has agreed to pay $30 million to affected customers, as well as to conduct annual computer scans and cybersecurity audits for three years. A website will be built to notify people eligible to a portion of the settlement fund and to facilitate payments. Affected users will also be sent a link where they can delete all their information from the service, and they’ll be able to enroll to a three-year Privacy & Medical Shield + Genetic Monitoring program for free. A judge still has to approve those terms.
The Dark Nexus Between Harm Groups and ‘The Com’
A cyberattack that shut down two of the top casinos in Las Vegas last year quickly became one of the most riveting security stories of 2023. It was the first known case of native English-speaking hackers in the United States and Britain teaming up with ransomware gangs based in Russia. But that made-for-Hollywood narrative has eclipsed a far more hideous trend: Many of these young, Western cybercriminals are also members of fast-growing online groups that exist solely to bully, stalk, harass and extort vulnerable teens into physically harming themselves and others.