By now, it probably seems like you know all about how to protect yourself online. You’ve downloaded the antiviruses, implemented the firewalls, your password is uncrackable, and you reckon you could spot a phisher a mile off. But do you know how to protect yourself from social engineering?
Google has released a report outlining how their Threat Analysis Group disrupted an extensive phishing campaign targeting YouTubers with Cookie Theft malware since 2019. Stopping the hackers in their tracks was no mean feat, considering the campaign involved 15,000 fake accounts and sending over 1 million messages to targets.
A 20-year-old man in Pennsylvania has pleaded guilty to his involvement in a “SIM swap” and cryptocurrency theft scheme. Kyell Bryan carried out the plan in 2019 with several others. After he too pleaded guilty, Jordan Milleson, a co-conspirator in the scheme, was sentenced to two years in federal prison earlier this year.
Microsoft has revealed that in August 2021, it mitigated one of the largest distributed denial of service (DDoS) attacks ever recorded. The 2.4Tbps attack targeted an Azure cloud computing service client based in Europe and surprisingly resulted in minimal downtime for users. The size of the attack is second only to a 2.54Tbps DDoS attack directed at Google in 2017, though higher than any attack ever recorded on Azure previously.
There will be a change in the requirements for SSL certificates seeking validation using the HTTP domain control validation (DCV) method in the coming weeks. This change is in keeping with new rules set out by the CA/Browser Forum, which has determined that in some instances, HTTP validation may allow threat actors to obtain SSL certificates for domains they don’t actually own.