IRS Text Spam
No, that text message that you just got did not come from the IRS. In fact, text spam, also known as smishing, leveraging the IRS’s name is exploding. I am guessing that because people are scared of the IRS and hence, they will respond to the scam spam. IRS commissioner Chuck Rettig called this phishing “on an industrial scale”. These scams are delivering up to hundreds of thousands of spam texts in a matter of hours. Credit: The Record
Former Uber CISO Convicted of Cover Up of Breach
As is often the case, the cover-up is worse than the crime. Joe Sullivan, Uber’s former CISO, who was set adrift by the company to protect its hide, was convicted of doing, likely, what he was told to do by the company – hide the breach. He has not been sentenced yet, so now is the time for him to play let’s make a deal. Stay tuned. Credit: The Register
The Russians are Coming, The Russians are Coming
The title is a slight paraphrase of what Paul Revere is claimed to have been yelling during his midnight ride. In this case, Russian hackers who are not happy with the Kremlin, are attacking Russian businesses. Their first target was Unisoftware, a software developer that works with the government a lot. They claim to have stolen all data held by the firm, including: banking and personal account credentials, employee information, phone numbers, addresses, contracts and proprietary code for Unisoftware clients and software. Credit: Info Security Magazine
Department of Embarrassment Department
Lloyd’s of London, who underwrites a large chunk of the cybersecurity insurance market has temporarily shut down its network and systems as it’s investigating a cyberattack. They are not saying much beyond that. In their defense, they probably have not figured out how bad the damage is and, from a PR standpoint, they probably want to do as much spin doctoring as they can. Credit: Cybernews
Facebook Discovered Hundreds of iOS and Android Apps Stealing Login Creds
Meta (Facebook) announced on Friday that it had discovered over 400 iOS and Android apps that stole a user’s credentials. Typically, this works by prompting the user to log in and capturing the credentials as they enter them. After which they send them to Mother Russia or China or wherever. These apps are designed as games or photo apps or whatever, that claim to need you to log in to maybe save your data, so this is not limited to people who are uploading kitten pictures to Facebook. Credit: The Hacker News