Daily Read

• ICYMI: A Microsoft Warning, Follina, Atlassian, and More
  July 1, 2022
  Dark Reading's digest of the other don't-miss stories of the week, including YouTube account takeovers and a sad commentary on cyber-pro hopelessness.
• OpenSea NFT Marketplace Faces Insider Hack
  July 1, 2022
  OpenSea warns users that they are likely to be targeted in phishing attacks after a vendor employee accessed and downloaded its email list.
• Time Constraints Hamper Security Awareness Programs
  July 1, 2022
  Even as more attacks target humans, lack of dedicated staff, relevant skills, and time are making it harder to develop a security-aware and engaged workforce, SANS says.
• Criminals Use Deepfake Videos to Interview for Remote Work
  July 1, 2022
  The latest evolution in social engineering could put fraudsters in a position to commit insider threats.
• DragonForce Malaysia Releases LPE Exploit, Threatens Ransomware
  July 1, 2022
  The hacktivist group is ramping up its activities and ready to assault governments and businesses with escalating capabilities.
• When It Comes to SBOMs, Do You Know the Ingredients in Your Ingredients?
  July 1, 2022
  Transitive dependencies can complicate the process of developing software bills of materials.
• Microsoft Going Big on Identity with the Launch of Entra
  July 1, 2022
  With more staff working remotely, identity, authentication, and access (IAA) has never been more important. Microsoft has a new response.
• Google: Hack-for-Hire Groups Present a Potent Threat
  June 30, 2022
  Cyber mercenaries in countries like India, Russia, and the UAE are carrying out data theft and hacking missions for a wide range of clients across regions, a couple of new reports said.
• 18 Zero-Days Exploited So Far in 2022
  June 30, 2022
  It didn't have to be this way: So far 2022's tranche of zero-days shows too many variants of previously patched security bugs, according Google Project Zero.
• API Security Losses Total Billions, But It's Complicated
  June 30, 2022
  A recent analysis of breaches involving application programming interfaces (APIs) arrives at some eye-popping damage figures, but which companies are most affected, and in what ways?

• Facebook 2FA phish arrives just 28 minutes after scam domain created
  July 1, 2022
  The crooks hit us up with this phishing email less than half an hour after they activated their new scam domain.
• “Missing Cryptoqueen” hits the FBI’s Ten Most Wanted list
  July 1, 2022
  The "Missing Cryptoqueen" makes the American Top Ten… but not in a good way.
• S3 Ep89: Sextortion, blockchain blunder, and an OpenSSL bugfix [Podcast + Transcript]
  June 30, 2022
  Latest episode – listen and read now! Use our advice to advise your own friends and family… let's all do our bit to stand up to scammers!
• Firefox 102 fixes address bar spoofing security hole (and helps with Follina!)
  June 29, 2022
  Firefox squashes a bug that helped phishers, and brings its own helping hand to Microsoft's "Follina" saga.
• Harmony blockchain loses nearly $100M due to hacked private keys
  June 27, 2022
  The crooks needed at least two private keys, each stored in two parts… but they got them anyway.
• FTC warns of LGBTQ+ extortion scams – be aware before you share!
  June 27, 2022
  It's a simple jingle and it's solid advice: "If in doubt, don't give it out!"
• OpenSSL issues a bugfix for the previous bugfix
  June 24, 2022
  Fortunately, it's not a major bugfix, which means it's easy to patch and can teach us all some useful lessons.
• S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast + Transcript]
  June 23, 2022
  Latest epsiode – listen (or read) now!
• Capital One identity theft hacker finally gets convicted
  June 21, 2022
  It took three years, but the Capital One cracker was convicted in the end. Don't get caught out in a data breach of your own!
• Interpol busts 2000 suspects in phone scamming takedown
  June 20, 2022
  Friends don't let friends get scammed. Not everyone knows how typical scams unfold, so here are some real-world examples…