Source: The Register
An Interpol-led operation arrested 14 suspects and identified 20,674 “suspicious” networks spanning 25 African countries that international cops have linked to more than $40 million in cybercrime losses. Africa Cyber Surge II, a combined police operation which began in April and lasted four months, was a coordinated effort between Interpol, African law enforcement, and private-sector security firms to disrupt online extortion, phishing, business email compromise (BEC) and other cyber scams. But given that BEC scams cost billions of dollars a year it’s small change.
Group-IB, which has previously worked with Interpol on previous operations, collected and shared more than 1,000 indicators from its threat intelligence, according to the security shop.
“Collaboration and intelligence sharing should be at the heart of cybersecurity operations, and Group-IB stands ready to make a further contribution to this end, in line with our core strategic mission of fighting against cybercrime in all its forms,” Group-IB CEO Dmitry Volkov said in a statement Friday.
In total, information shared by Group-IB and other private partners Trend Micro, Kaspersky, and Coinbase led to some 150 Interpol analytical reports containing intel on cyber threats targeting specific countries, we’re told.
Subject: Report: Potential New York Times lawsuit could force OpenAI to wipe ChatGPT and start over
Source: Ars Technica
NPR spoke to two people “with direct knowledge” who confirmed that the Times’ lawyers were mulling whether a lawsuit might be necessary “to protect the intellectual property rights” of the Times’ reporting.
Neither OpenAI nor the Times immediately responded to Ars’ request to comment.
Of course, ChatGPT isn’t the only generative AI tool drawing legal challenges over copyright claims. In April, experts told Ars that image-generator Stable Diffusion could be a “legal earthquake” due to copyright concerns.
Unlike authors who appear most concerned about retaining the option to remove their books from OpenAI’s training models, the Times has other concerns about AI tools like ChatGPT. NPR reported that a “top concern” is that ChatGPT could use The Times’ content to become a “competitor” by “creating text that answers questions based on the original reporting and writing of the paper’s staff.”
“How do we ensure that companies that use generative AI respect our intellectual property, brands, reader relationships, and investments?” the memo asked, echoing a question being raised in newsrooms that are beginning to weigh the benefits and risks of generative AI.
The scam is known as an imposter scam and is the top fraud in the U.S. right now. It involves the perpetrator impersonating an authority figure and using scare tactics to reel in victims. While these scams have been around forever, they’ve become more believable because con artists use real names of law enforcement officers that show up with caller ID from an actual office and even local accents.
The Federal Trade Commission says nearly 200,000 people have been targeted this year alone. And last year, people lost a total of $2.6 billion to imposter scams.
“What is particularly pernicious about the imposter scams is that there’s unfortunately a relatively high rate of people who are duped by them,” said Lois Greisman, associate director for the FTC’s division of marketing practices. “When people think the government is calling you, there’s a very understandable reaction to be concerned.”
Source: Washington Post
[h/t Sabrina] The British auction house inadvertently published location data on its website for hundreds of images of items owners were seeking to sell.
The findings show how cybersecurity vulnerabilities aren’t just an issue for Big Tech companies, but for almost everyone as more and more business is transacted over the internet. As was the case with the professor, photos uploaded to Christie’s oftentimes include GPS coordinates for where they were taken; those coordinates are so precise that they reveal not just a street address but can even indicate within a few feet exactly where inside a building a photo was taken. “Around 10 percent of the uploaded images contain exact GPS coordinates,” the researchers said.
The German researchers took a look at Christie’s after an acquaintance asked them about how secure its service was. “Unfortunately, it only took us a few minutes to come across this serious vulnerability,” Tschirsich told The Post. “The vulnerability is so simple that it can be exploited by anyone with a browser within a few minutes.”
Subject: FCC Has Named a Special Group To Hunt Down Illegal Robocalls
Source: Cord Cutters News
“The Industry Traceback Group (ITG) continues to fight to protect consumers against illegal robocalls, scammers and spoofers, and we’re honored that the FCC has once again recognized our important role in this work,” Jonathan Spalter, CEO of USTelecom said in the report.
Source: Android Headlines
Tech support scams have always targeted unsuspecting and elderly users who lack the technical knowledge to distinguish between legitimate and fake websites. Now, according to a new report from the BleepingComputer, threat actors have started using seemingly legitimate Amazon ads that appear on Google Search results and lead to a scam Microsoft Defender website.
As per the report, what makes this scam convincing is the fact the threat actors are using a convincingly genuine Amazon ad with a legitimate URL. However, when users click on this Amazon ad, anticipating a visit to the retailer’s site, they are redirected to a scam Microsoft website, which falsely asserts that their computer has fallen prey to the ‘ads(exe).financetrack(2).dll’ malware. Additionally, to make matters worse, the scam traps users’ browsers in full-screen mode, making it extremely difficult to exit the fraudulent page without closing all open browser windows.
Experian consumers just wanted a free credit report, but instead received numerous emails without the option to unsubscribe. Experian Consumer Services was ordered to pay a $650,000 civil penalty on Monday for allegedly sending consumers commercial emails without providing the option to unsubscribe from future emails. The Federal Trade Commission (FTC) found that Experian had violated the CAN-SPAM Act (Controlling the Assault of Non-Solicited Pornography and Marketing Act) which requires all companies or individuals that send out commercial emails to provide consumers with the option to opt out.
The emails allegedly implied that it contained important information, but instead asked the consumer to confirm if a car Experian had identified was theirs, suggested consumers use their service to increase their credit score, or offered a “Dark Web Scan.” The complaint said the emails weren’t focused on the consumer’s account as they claimed but were instead “commercial in nature,” the FTC reported in a press release.
[33 page complaint PDF is embedded within the article.
PS – I wonder what else Experian gets wrong with their services? I wonder if the marketing geniuses at Experian will “pay” for their transgression(s)?
Subject: Health Data Breach Lawsuits Surge as Cyberattacks Keep Climbing
Source: Bloomberg Law
- Class actions over health privacy at highest rate in years
- Trend shows no sign of slowing, attorneys say
Companies handling health data are fending off more cyberattacks each year, and those that do get hacked are facing costly litigation at rapidly rising rates, a Bloomberg Law analysis found.
The monthly average of new class actions filed over health data breaches so far this year is nearly double the rate from 2022, according to a Bloomberg Law analysis of 557 complaints filed against companies in federal courts over the last five years.
Many of the lawsuits seek civil damages in the millions of dollars, bolstered by claimed classes with large member numbers. Underpinning this swell in litigation is the comparably gradual uptick in health cyber incidents, according to data maintained by the US Department of Health and Human Services’ Office for Civil Rights. The health industry is one of the most commonly targeted by cyberattackers, who seek profitable identifying data they can sell on the dark web or use for fraud.
Subject: Amazon & Meta targeted for allowing listings of recalled products
Source: Android Headlines
The House and Commerce Committee addressed letters to Amazon, eBay, Meta, Walmart, and other online shopping portals, raising queries about their approaches to recalled products and seeking information regarding their efforts to prevent these platforms from selling banned and recalled goods.
The committee specifically expressed concern about Meta, alleging that it had not stopped sales of two recalled child products—the Fisher-Price Rock ‘n Play sleeper and Boppy Newborn Lounger—on Facebook Marketplace.
The Consumer Product Safety Commission (CPSC) had recalled the Rock ‘n Play in 2019 and the Newborn Lounger in 2021. However, the CPSC reports that the rate of takedown requests (averaging 1,000 per month) has not decreased, and the companies have not taken “proactive measures” to prohibit sales.
Notably, the Rock ‘n Play has links to nearly 100 infant deaths. Committee members, including Chair Cathy McMorris Rodgers, expressed concern that inadequate prevention of such sales on online marketplaces might endanger the safety of children and users.
Subject: 9 Reasons to Worry About the Rise of “Buy Now Pay Later” Tech
Loan overextensions and data farming are just the start: Here’s what should concern you about the booming BNPL industry.
“Buy now, pay later” services are huge right now: Apps will offer you installment plans on anything from a TV to a T-shirt.
Klarna, Afterpay, and Affirm are a few big names making millions off of extending a little credit to customers with a plan to pay it back in even-smaller installments over the next few weeks or months.
But whenever a market grows that fast, regulatory concerns will rear their heads. And it turns out that plenty of researchers and regulators are keeping an eye on the booming BNPL business.
BNPL Isn’t Bad, Just a Little Questionable – BNPL tools have some big benefits: They’re more managable than credit card repayments, getting approved is simple, and you won’t pay any interest if you successfully meet all payment deadlines (and the majority do succeed).
What Could We Improve? Nine Problem Areas. Here’s the list of nine problematic BNPL provider practices to address, according to Chien:
- Wide variance and poor transparency in pricing structures
- Multiple and excessive fees
- Automatic repayments and use of credit cards for repayment
- Limited assessment of repayment capacity
- Inconsistent credit reporting
- Exploitation of behavioral biases
- Data harvesting and data privacy
- Challenges with returns
Source: Krebs on Security
Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device.
The conclusions above are based on an extensive analysis of Telegram chat logs from three distinct cybercrime groups or actors that have been identified by security researchers as particularly active in and effective at “SIM-swapping,” which involves temporarily seizing control over a target’s mobile phone number.
Countless websites and online services use SMS text messages for both password resets and multi-factor authentication. This means that stealing someone’s phone number often can let cybercriminals hijack the target’s entire digital life in short order — including access to any financial, email and social media accounts tied to that phone number.
Each advertises their claimed access to T-Mobile systems in a similar way. At a minimum, every SIM-swapping opportunity is announced with a brief “Tmobile up!” or “Tmo up!” message to channel participants. Other information in the announcements includes the price for a single SIM-swap request, and the handle of the person who takes the payment and information about the targeted subscriber.
… This entry was posted on Tuesday 28th of February 2023 11:14 AM