ABC News (Australia): Online activity during COVID lockdowns sees surge in cyber attacks and espionage

ABC News (Australia): Online activity during COVID lockdowns sees surge in cyber attacks and espionage. “In its second annual threat report, the Australian Cyber Security Centre (ACSC) has revealed over 67,500 cybercrime reports were made in the last financial year, a jump of 13 per cent on the previous 12 months. About one-quarter of cyber incidents reported to the ACSC last year were associated with Australia’s critical infrastructure or essential services, including education, communications, electricity, water and transport.”

Gizmodo: Anonymous Claims to Have Stolen Huge Trove of Data From Epik, the Right-Wing’s Favorite Web Host

Gizmodo: Anonymous Claims to Have Stolen Huge Trove of Data From Epik, the Right-Wing’s Favorite Web Host. “Members of the hacktivist collective Anonymous claim to have hacked web registration company Epik, allegedly stealing ‘a decade’s worth of data,’ including reams of information about its clients and their domains. Epik is controversial, having been known to host a variety of rightwing clients, including ones that other web hosting providers, like GoDaddy, have dropped for various reasons.”

Hong Kong Free Press: Google handed user data to Hong Kong authorities despite pledge after security law was enacted

Hong Kong Free Press: Google handed user data to Hong Kong authorities despite pledge after security law was enacted. “Google has provided user data to the Hong Kong government in response to three requests made between July and December last year, making it the first US tech giant to disclose its compliance with requests from the local authorities for user data after the national security law was enacted last June.”

BetaNews: Microsoft releases KB5005565 and KB5005566 Windows 10 updates to fix PowerShell bug and more

BetaNews: Microsoft releases KB5005565 and KB5005566 Windows 10 updates to fix PowerShell bug and more . “With another Patch Tuesday rolling around, Microsoft has released a pair of new updates for Windows 10 — KB5005565 and KB5005566. Serving the same purpose, KB5005566 is available for Windows 10 version 1909, and KB5005565 is available for Windows 10 versions 2004, 20H2 and 21H1. These cumulative updates include security fixes, so they are important to install, but they also address non-security bugs including one affecting PowerShell.”

VentureBeat: IBM finds cloud credentials sell for mere dollars in ‘booming’ dark web market

VentureBeat: IBM finds cloud credentials sell for mere dollars in ‘booming’ dark web market. “Cyberattacks have been increasing in both frequency and severity, but it’s not just because malicious actors are upping their game (though they very much are). Many cybersecurity veterans feel that the effective solutions the industry has put out over the years aren’t fully being taken advantage of, and now a new report from IBM sheds light on the ways enterprises are leaving the door wide open. It also details a ‘booming’ dark web marketplace for compromised cloud accounts, where some credentials are selling for just a few dollars.”

NBC News: Hackers are leaking children’s data — and there’s little parents can do

NBC News: Hackers are leaking children’s data — and there’s little parents can do. “Some schools contacted about the leaks appeared unaware of the problem. And even after schools are able to resume operations following an attack, parents have little recourse when their children’s information is leaked. Some of the data is personal, like medical conditions or family financial statuses. Other pieces of data, such as Social Security numbers or birthdays, are permanent indicators of who they are, and their theft can set up a child for a lifetime of potential identity theft.”

ZDNet: Google patches two Chrome zero-days

ZDNet: Google patches two Chrome zero-days. “Google announced fixes for 11 different bugs in Chrome on Monday, including two zero-days currently being exploited in the wild. Google listed all 11 of the fixes as well as the researchers who discovered them and the bounties handed out. But the two that caused the most stir were CVE-2021-30632 and CVE-2021-30633.”

Motherboard: Apple Patches Zero-Click iMessage Hack Used by NSO

Motherboard: Apple Patches Zero-Click iMessage Hack Used by NSO. “The hack relied on an unknown vulnerability—also known as a zero-day—in iMessage, which allowed the hackers to take over a target’s phone by sending them a message that was effectively invisible. These kinds of attacks are called zero-click exploits, as they don’t require the victim to click on anything. Citizen Lab wrote in a blog post that it believes this zero-day was being used since at least February of this year.”

Inside Genesis: The market created by cybercriminals to make millions selling your digital identity (CBS News)

CBS News: Inside Genesis: The market created by cybercriminals to make millions selling your digital identity. “The Genesis Market is an easy-to-use online shop that sells login credentials, cookies and device fingerprints, website vulnerabilities and other sensitive data that help hackers thwart security protocols. Security researchers warn that the market, along with other criminal sites, have become an important tool for hacking organizations to carry out these attacks.”

USC Viterbi School of Engineering: Stopping Deepfake Voices

USC Viterbi School of Engineering: Stopping Deepfake Voices . “Not too long ago, the thought of an imposter running around with your voice sounded like something that could only happen to The Little Mermaid. But when a computer cloned the voice of late celebrity chef Anthony Bourdain in a 2021 released documentary film, and no one noticed, the world suddenly woke up to the reality of voice fakery. When it comes to voice-controlled devices, an attack can make ‘turn on the lights’ translate into ‘turn on the fire alarm.’ The same tactics, however, could be used to fake news stories and deceive voice recognition systems at banks.”

Wired: 20 Years After 9/11, Surveillance Has Become a Way of Life

Wired: 20 Years After 9/11, Surveillance Has Become a Way of Life. “It’s harder to get lost amid constant tracking. It’s also harder to freely gather when the public spaces between home and work are stripped away. Known as third places, they are the connective tissue that stitches together the fabric of modern communities: the public park where teens can skateboard next to grandparents playing chess, the library where children can learn to read and unhoused individuals can find a digital lifeline. When third places vanish, as they have since the attacks, communities can falter.”

The Daily Swig: Machine learning technique detects phishing sites based on markup visualization

The Daily Swig: Machine learning technique detects phishing sites based on markup visualization. “Machine learning models trained on the visual representation of website code can help improve the accuracy and speed of detecting phishing websites. This is according to a paper (PDF) by security researchers at the University of Plymouth and the University of Portsmouth, UK. The researchers aim to address the shortcomings of existing detection methods, which are either too slow or not accurate enough.”