I feel betrayed just reading about this first story—a young bloke by the name of Cameron John Wagenius found himself caught up with the law after he was accused of some naughty data-handling shenanigans. To be more specific, he was playing it fast and loosy-goosy with confidential phone records. The worst part, and the betrayal of it all—his mum was the one who dobbed him in!
Happy birthday to KrebsOnSecurity! A few days ago they celebrated 15 years of being a bastion of cybersecurity news—a shining beacon in the BS that is the fog of most of the internet. Albeit they mostly cover the downright dastardly in society but still, congrats KrebsOnSecurity!
In the dark recesses of the web, RIBridges, a system for helping deliver social assistance programs was hit by a cyber attack. Basically like someone sneaking into a soup kitchen for feeding the homeless and chucking a live grenade into the soup pot. Its current status—a mess, let’s hope it gets sorted soon.
In other messes online, we’ve got ourselves a seemingly new type of clickjacking out in force. It’s being called, “DoubleClickjacking” and it’s the equivalent of a magician tricking you into pulling a rabbit out of a hat. Except it’s not a rabbit you’re pulling out, it’s your sensitive data, and instead of a hat it’s a malicious web page—careful what you click!
Meanwhile, OFAC, a US agency that’s been around since your grandad walked around in short shorts, tasted a bit of their own medicine with the help of a cyber attack. The impact isn’t fully known yet but I’m sure it’s at least as chaotic as a monkey with a machine gun in a China shop.
Mailboxes—real ones can easily be sniffed by passing dogs, but when we’re talking about the online equivalent, there shouldn’t be any sniffing going on! Well, more than three million mail servers are wandering around with their pants at their ankles, vulnerable to sniffing. They’re using IMAP and POP3 without encryption. A library with all their books open and many nosy librarians is what it is. I hope they smell nice at least!
Speaking of libraries, the Internet Archive got smacked with a DDoS attack and data breach (probably not in that order, for obvious reasons). The culprits were allegedly a group by the name of ‘SN_BlackMeta’. This one’s getting a mention even though it’s a couple months old because it was considered one of the largest breaches of 2024.
Last up, there’s a lovely phishing campaign that’s been targeting Chrome extension developers. It’s been going on since December last year (2024 for future readers). So far the phishing campaign has hooked at least 35 extensions. Apparently Chrome developers are like famished piranhas—would somebody think of the developers! For just $5 on Ko-fi I’ll happily keep reporting on all the latest developments, uh, I mean feed your local developer.
That’s all we got for you this week. I hope you had a great Christmas and new year.
Remember, even though the internet is seemingly pretty tame and sanitised compared to yesteryear, it still pays to be vigilant!
That’s it for now.
As always,
Good luck,
Stay safe and,
Be well.
See ya!