Over 800,000 victims in a hack, Dutch hacker allegedly pedaled data of everyone in Austria and more.
Welcome to Cyber Security Today. It’s Friday, January 27th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
A Chicago company called Zacks Investment Research is notifying 820,000 customers that their information may be at risk. According to a copy of a letter sent to customers and filed with the state of Maine, in late December the company learned it had been hacked. Access was gained sometime several months before that. A database of customers who signed up for a product between the end of 1999 and February 2005 was stolen. The data included customers’ names, addresses, phone numbers, email addresses, and passwords used for Zacks.com. Affected customers have to reset their passwords.
The Russian cyberwar over Ukraine continues. A number of denial-of-service attacks on Thursday hit German government, banking and airport websites. Some websites were knocked offline. It is believed to be retaliation against Germany for allowing tanks it builds to be sent to Ukraine,
A Dutch hacker arrested in November obtained and offered for sale the full name, addresses and dates of birth of virtually everyone in Austria. That’s about nine million people. Reuters says news is only now being released because other police forces are investigating the person. That’s because they were also selling similar data sets from Italy, the Netherlands and Columbia.
Researchers at Trellix say they recently patched over 61,000 open source Python projects on GitHub through an automated system. The effort was to fix a 15-year-old vulnerability some developers had unintentionally added to their projects. It took several months to find the impacted projects and install the patches. Trellix warned developers to have proper checks and evaluation methods when deciding to import code libraries and frameworks into their applications.
Is your company thinking about creating non-fungible tokens to boost customer loyalty? The recent experience of Porsche should make you think twice. Non-fungible tokens, or NFTs are digital assets on a blockchain that may or may not have value. Porsche has created NFTs for enthusiasts to acquire digital replicas of its cars. However, according to The Cyber Express crooks latched onto the Porsche name and have created fraudulent domains to dupe many into buying fake tokens with cryptocurrency. Any organization wanting to get into the non-fungible token game better have cybersecurity and blockchain expertise or their brand may be damaged.
Someone is leveraging the Google Ads invitation capability to send email messages promoting spam and sex websites. According to a news report, the invites are being sent from Google Ads accounts so they seem to be legitimate. They also avoid spam filters. Google Ads is a service for advertisers to create marketing campaigns.
Finally, New York State is asking the operators of Madison Square Garden and Radio City Music Hall about the alleged use of facial recognition software to keep certain dangerous people out of its venues: Lawyers. According to Engadget, the technology is being used to keep out lawyers representing people suing the company. It quotes the Garden CEO saying to goal is to prevent evidence from being collected outside proper lawsuit procedures. New York State’s attorney general says what’s allegedly going on may violate civil and human rights laws.
That’s it for this morning’s podcast. But later today the Week in Review will be available. Guest commentator Terry Cutler of Montreal’s Cyology Labs will give advice for Data Privacy Week and comment on other news items.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. U.S. listeners can also find my stories on TechNewsDay.com.