Subject: The Spine Collector: Man arrested for using fake email addresses to steal hundreds of unpublished manuscripts
Source: Bitdefender blog
For years, “The Spine Collector” has been haunting publishers around the world, attempting to steal manuscripts by famous authors.As Vulture describes, for years somebody has been attempting to get their hands on upcoming books by the likes of Margaret Atwood, Stieg Larsson, Sally Rooney, and Ethan Hawke by creating fake domain names that appeared – to the unwary – to be those of companies in the publishing industry.
More than 160 fraudulent domains are said to have been registered in an attempt to impersonate real entities and individuals from the world of publishing. The domain names were confusingly similar to genuine domains, often using simple tricks such as replacing a lowercase “m” with the lowercase letters “rn”.
For instance, a domain like “penguinrandornhouse.com” could be easily mistaken for “penguinrandomhouse.com”.
By sending convincing emails that posed as industry colleagues, the fraudster known as “The Spine Collector” was able to trick publishers and others into handing over manuscripts of books.
Subject: Fake QR Codes on Parking Meters
Source: Schneier on Security via Bitdefender blog
Fake QR Codes on Parking MetersThe City of Austin is warning about QR codes stuck to parking meters that take people to fraudulent payment sites.
Subject: Privacy myths busted: Protecting your mobile privacy is even harder than you think
Source: CNet via beSpacific
Subject: CISA, FBI, and NSA Release Cybersecurity Advisory on Russian Cyber Threats to U.S. Critical Infrastructure
CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) that provides an overview of Russian state-sponsored cyber operations, including commonly observed tactics, techniques, and procedures. The CSA also provides detection actions, incident response guidance, and mitigations. CISA, the FBI, and NSA are releasing the joint CSA to help the cybersecurity community reduce the risk presented by Russian state-sponsored cyber threats.CISA, the FBI, and NSA encourage the cybersecurity community—especially critical infrastructure network defenders—to adopt a heightened state of awareness, conduct proactive threat hunting, and implement the mitigations identified in the joint CSA. CISA recommends network defenders review CISA’s Russia Cyber Threat Overview and Advisories page for more information on Russian state-sponsored malicious cyber activity. CISA recommends critical infrastructure leaders review CISA Insights: Preparing For and Mitigating Potential Cyber Threats for steps to proactively strengthen their organization’s operational resiliency against sophisticated threat actors, including nation-states and their proxies.
Subject: Google Drive accounted for the most malware downloads from cloud storage sites in 2021
Google took over the top spot for malicious downloads from Microsoft OneDrive as attackers created free accounts, uploaded malware and shared documents with unsuspecting users, says Netskope.The more that cybercriminals can take advantage of a legitimate service, the better their chances of tricking people into falling for their scams. That’s why popular services from the likes of Google and Microsoft are exploited in malicious attacks. In fact, Google Drive ended 2021 as the most abused cloud storage service for malware downloads, according to security provider Netskope.
This increased use of cloud applications has naturally excited cybercriminals, who have eagerly abused these apps to deploy malware. For 2021, cloud storage apps accounted for 69% of cloud-based malware downloads, down only slightly from 72% in 2020. These services are ready-made targets for exploitation as attackers can easily create free accounts, upload their infectious payloads and then share malicious documents with potential victims.
With cloud-based storage apps such a tempting target for exploitation, how can individuals and organizations protect themselves against malicious documents? Netskope offers the following tips:
- Hackers exploit Google Docs in new phishing campaign (TechRepublic)
- Malicious office documents: The latest trend in cybercriminal exploitation (TechRepublic)
- Phishing attack exploits Craigslist and Microsoft OneDrive (TechRepublic)
- 10 tips for protecting your cloud data and accounts (TechRepublic)
- WFH is a cybersecurity “ticking time bomb,” according to a new report (TechRepublic)
- Shadow IT policy (TechRepublic Premium)
- Phishing attacks: A guide for IT pros (TechRepublic download)
Subject: Europol Ordered to Delete Data of Individuals With No Proven Links to Crimes
Source: The Hacker News
The European Union’s data protection watchdog on Monday ordered Europol to delete a vast trove of personal data it obtained pertaining to individuals with no proven links to criminal activity.”Datasets older than six months that have not undergone this Data Subject Categorisation must be erased,” the European Data Protection Supervisor (EDPS) said in a press statement. “This means that Europol will no longer be permitted to retain data about people who have not been linked to a crime or a criminal activity for long periods with no set deadline.”
Subject: The Dirty Work of Cleaning Online Reputations
Source: The Walrus via beSpacific
Subject: Law Enforcement and Technology: Using Social Media
Source: CRS Report via beSpacific
Subject: You can actually make that old laptop last longer – There are ways to maximize the lifespan of your existing laptop so you don’t have to buy a new one just yet. We’ll explain.
The longevity horizon of a laptop is analogous to the longevity of a human: It partly comes down to responsible behavior, partly genetics and partly just dumb luck. There’s no guarantee that anything you do can save it from dying young or failing to keep up with increasingly demanding tasks. And there’s no guarantee that if you treat it like crap it won’t last far longer than expected — in 10 years you might find yourself cursing it. “Fail already you slow POS so I can justify buying a replacement!” That’s the argument I have daily with my.