Hacker Tracker | November

Where are we in the world of cybersecurity? It’s easy to miss the cybersecurity threats and attacks happening right in our “backyard”. Our goal at PK Tech is to educate and offer proactive steps for cybersecurity safety. It’s important to be aware–without being afraid–of the cybersecurity threats that are real threats for your business. PK Tech aims to be a leading educator and support tool in the world of cybersecurity.

Check out our monthly “Hacker Tracker” for the latest in cybersecurity hacks, breaches and updates.

Police are sending messages to 70,000 people who may have fallen victim to phone scammers | 11.24.22 

• A major anti-fraud operation is underway, following an international crackdown on spoofing.
• Police are sending text messages to over 70,000 people to warn them that they’ve fallen victim to online-banking scams, and telling them how to take action.
• Those arrested are suspected of being involved in conducting scams where they posed as representatives from banks – including Barclays, Santander, HSBC, Lloyds, Halifax, First Direct, Natwest, Nationwide and TSB – and tricked victims into handing over money, or one-time passcodes to access bank accounts.
• View the Source

5.4 million Twitter users’ stolen data leaked online — more shared privately | 11.27.22

• Over 5.4 million Twitter user records containing non-public information stolen using an API vulnerability fixed in January have been shared for free on a hacker forum.
• The data consists of scraped public information as well as private phone numbers and email addresses that are not meant to be public.
• Last July, a threat actor began selling the private information of over 5.4 million Twitter users on a hacking forum for $30,000.
• View the Source

Lastpass says hackers accessed customer data in new breach | 11.30.22

• LastPass says unknown attackers breached its cloud storage using information stolen during a previous security incident from August 2022.
• The threat actors also managed to access customer data stored in the compromised storage service.
• The company also noted that customers’ passwords were not compromised and “remain safely encrypted due to LastPass’s Zero Knowledge architecture.”
• View the Source

Lessons Learned

#1- Police efforts to stop bank scammers teaches us the very real and present risk of cybercriminals in today’s cybersecurity landscape. Beyond the world of managed IT and cybersecurity, the police force is taking cybersecurity into their own hands as well. Stay vigilant to any requests from financial institutions, especially banks, and always verify the sender by phone or in person.

#2- In the event you haven’t stopped using Twitter (we recommend deleting your account, by the way), be aware of ongoing cybersecurity challenges for the platform. This article talks about the danger of using Twitter to login to other websites. We also learn from the Twitter attack we noted above: the platform is flawed and not a place for businesses that value cybersecurity. Delete the app, reframe your social media marketing plan, and leave Twitter behind–for the sake of your cybersecurity, if nothing else.

#3- From the LastPass breach, we are reminded of the importance of high-quality password managers, and in general, the importance of always using a password manager to store your passwords. Despite the breach, customers’ password information remained secure. We talk more about the value of using a password manager in our blog here.