A new sextortion campaign tricks users with some convincing personal data name-dropping.
Last week, US firm ICANN’s data collection policy was criticised in German court under new GDPR compliance rules. The furore centred around ICANN’s Whois database and the retention of personal information. The GDPR can of worms is officially open.
In other EU-based news, bloc-wide cybersecurity group ENISA will receive more power and a higher budget following a vote by lawmakers. Connected devices will soon see a regulatory scheme set up to assure customers of the safety of products they buy.
The buying and selling of illicit goods and services on the dark web is well known, but a recent story about a hacker attempting to sell classified US military documents garnered attention for the bargain basement price they were offering – just $200.
Email scam aims to frighten users into paying a digital ransom
A new twist on an old email scam is doing the rounds, according to Infosecurity Magazine. The basic skeleton of this email sextortion campaign has been around for years: the sender of the email claims to have webcam footage of the recipient watching pornography and demands a bitcoin ransom (of course, the footage claim is a social engineering tactic – one that works).
The twist here, though, is the email includes a password the recipient may have used for an online account. Luckily, the passwords sent so far are all close to 10 years old, according to people who received the email threat, which points to the information coming from a past data breach dating back a long while.
This scam could end up becoming more refined and convincing as time goes on, so it is still worth keeping an eye on your inbox.
Global financial regulators cast an eagle eye on cryptocurrency assets
The digital currency market is nothing if not volatile, with everything from bitcoin to ether hitting headlines over the last year in particular. Rumblings around regulation have been happening for some time and now Reuters reports that the Financial Stability Board (FSB) is putting some measures in place.
The FSB coordinates financial regulation for G20 countries and has released a framework focusing on how the risks from cryptocurrency markets could spread to other areas of the financial ecosystem. Although this could help spot problems early, the data can still be patchy at times due to the fragmented nature of the digital currency market.
US indicts more Russian operatives on election meddling charges
In the US, special counsel Robert Mueller’s investigation into alleged Russian interference in the 2016 presidential election has seen 12 military officers from the country indicted on hacking charges. Twitter also suspended the accounts of Guccifer 2.0 and DCLeaks following the indictment on 13 July.
Sean Sullivan, security adviser at F-Secure, said: “While the indictments are not likely to result in extraditions, they do serve a practical purpose. The details given suggest that US intelligence agencies have deeper insights in matters outside of this particular case. And that should create motivation for pause on the Russian side.
“Also, the morale of Russia’s hackers will very probably take a significant hit as they now realise they’ll never be able to take a European holiday (without fear of arrest and extradition). That won’t help future recruiting efforts.”
Australian airport security threatened by ID hack
ASICS or Aviation Security Identity Cards are used to stop terrorists and criminals from accessing restricted areas in airports, but an Australian issuer of said cards was hacked in recent days.
The firm in question, Aviation ID, services regional and rural airports throughout Australia and notified hundreds of people who had applied for or renewed their cards that their data was likely made vulnerable.
“Personal information that may have been breached includes name, street address, birth certificate number, drivers licence number, Medicare card number and ASIC number,” said managing director Ian Barker.