Summary of email security news [October 2022]
All businesses need cyber security awareness that safeguards data and all systems connected to the organizational network.
A secure domain minimizes human risk in the event of cyber attacks and ensures better overall protection.
Cyber attacks are everywhere, targeting all kinds of organizations and individuals on a global scale, and these incidents make headlines every day.
In October’s news roundup, we’ve included the latest cyber security news from around the world.
The first cyber security news we have concerns Australian telecoms giant Telstra which suffered a data breach affecting 30,000 employees.
Telstra published a statement announces that its systems were not affected by the breach and no customer data was exposed.
The incident arose from a data breach at an outdated third-party provider, Work Life NAB. The data was posted on the same dark web forum used by the cybercriminals responsible for the Optus breach.
The stolen Telstra data included first and last names and 30,000 employees’ email addresses.
The company announced that it would reset the passwords of all users out of an abundance of caution.
Moving on to the next cybersecurity news, Facebook users were targeted by a widespread group of malware-infected applications.
Meta announced that its security researchers discovered 400+ malicious mobile apps on Google’s Play Store and Apple’s App Store.
The malicious apps aim to steal Facebook login information, which will prompt cybercriminals to hijack accounts.
These apps include photo editors, VPNs, games, business utility apps, phone utility apps, and more.
The malicious apps were available in third-party app stores, users were warned to be careful when downloading a new app that requires social media credentials.
In its report, Meta listed the apps, which included:
- Apex Racing Game
- Dress charmingly
- Bamboo VPN
- Candles VPN
- Cartoon Face Photo Editor
- Teana music player
The credential harvesting scheme began when the user installed the malicious app.
Meta advised its users to take safety measures such as deleting the malicious app, resetting Facebook login information and enabling two-factor authentication on Facebook.
Next, we have 2022’s second major cryptocurrency cyber attack, which took place in October.
A threat actor exploited a vulnerability in the world’s largest cryptocurrency exchange platform, Binance, via its native cross-chain bridge. Two million Binance coins (BNB) (approximately $566 million) were stolen as a result.
The hacker made BSC Token Hub send one million Binance coins twice before swapping it for other cryptoassets.
The malicious actor used ChangeNOW, an account-free crypto exchange company, to fund the cyber attack
According to a statementthe hacker also moved funds through other crypto exchange platforms, including PancakeSwap, SushiSwap and Curve Finance.
Binance CEO Changpeng Zhao announced that user funds are safe and the investigation is ongoing.
On October 14, the MyDeal marketplace suffered greatly data breach after a hacker gained access to the company’s customer relationship management (CRM) system using compromised user credentials.
Cybercriminals compromised 2.2 million customers’ data and tried to sell it on a hacker forum.
The data breach revealed names, phone numbers, email addresses, delivery addresses, dates of birth and more.
After the incident, MyDeal sent notifications about data breaches to affected customers.
In other cybersecurity news, the Australian private health insurer revealed on October 26 that it had suffered a ransomware attack. The personal details of all 3.9 million customers have been exposed.
The company tired that cybercriminals had access to significant amounts of health claims data and personal information belonging to its AHM health insurance subsidiary and international students.
The company also said it is continuing its investigation to determine what specific data was stolen in the attack and will directly notify affected customers about the matter.
The incident became the subject of an investigation by the Australian Federal Police when Medibank admitted that it had been contacted by a cybercriminal who claimed to have stolen 200GB of data.
The information contained:
- First name and last name
- Dates of birth
- Telephone number
- Medicare figures
- Politics numbers
- The company estimates cybercrime to cost approximately AU$25 million to AU$35 million.
Medibank promised to offer free identity monitoring services and financial support to those affected, and advised customers to be on the lookout for possible phishing attacks.
On Thursday, a spokesperson confirmed that an employee hacked the New York Post’s Twitter account.
The employee posted offensive messages designed to look like actual headlines.
The NY Post is one of New York City’s prestigious publications, known for its headlines and conservative-leaning editorials.
The malicious content was immediately removed, but NBC News journalists took screenshots of the tweets before they were removed.
The posts included false headlines about New York Governor Kathy Hochul, Democratic Representative Alexandria Ocasio-Cortez, New York Mayor Eric Adams and President Joe Biden’s son, Hunter Biden.
The employee’s identity remains unknown, but The New York Post confirmed that the person had been fired.
Considering how damaging and costly data breaches can be, domain privacy should be a priority.
Don’t let your business and customers fall victim to a cyber attack. Secure your domain with EasyDMARC today.
The post Summary of email security news [October 2022] appeared first on EasyDMARC.
*** This is a Security Bloggers Network syndicated blog from EasyDMARC written by Knarik Petrosyan. Read the original post at: