Krispy Kreme has experienced a cyber security attack that disrupted its online operations in parts of the US, potentially impacting its business materially. The company has taken steps to contain the unauthorized activity and is working with federal law enforcement and cyber security experts. Despite the disruptions, its physical stores remain open. The attack highlights the increasing threat of ransomware, especially during the holiday season, and follows a trend of rising cyber incidents in the retail and hospitality sectors. Krispy Kreme holds cyber security insurance to mitigate some costs, but recovery could take months.
Researchers at MIT's CSAIL have discovered that smartphones' ambient light sensors can potentially be repurposed to capture images and intercept user gestures, posing significant privacy risks. They urge operating system developers to tighten permissions for these sensors and propose granting users control over ambient light sensor permissions. Additionally, the article provides tips to protect smartphones from spyware and unauthorized data collection, emphasizing the need for a necessary conversation on security, awareness, and the evolving landscape of digital privacy.
A new scam targeting iPhone users involves a "push bombing" technique that prompts users with fake "Reset Password" notifications, leading to potential permanent lockout if the "Allow" option is clicked. The scam has also been reported on other Apple devices. Apple is aware of the issue and advises users not to click "Allow" on these notifications and to reach out for support if targeted. Mitigation strategies include changing the associated phone number to a VOIP number and using email aliases for better organization and tracking of incoming emails. Vigilance and patience are key in outsmarting this scam, and users are urged to stay updated on Apple's progress for a permanent solution.
As Valentine's Day approaches, the risk of falling victim to online dating scams increases, with scammers using bots and AI to create fake profiles and manipulate victims into sending money. Research shows a significant rise in bot attacks on dating apps, and in 2022, nearly 70,000 people reported falling victim to romance scams, resulting in $1.3 billion in losses. Warning signs of a potential scam include overly formal messages, inconsistent information, odd communication patterns, unrealistic photos, and requests for money. Experts advise using online tools to detect AI-generated messages and conducting image searches to verify profile pictures.
Google is testing enhanced financial fraud protection for Play Protect, which will automatically block the installation of apps that request sensitive permissions frequently abused for financial fraud when sideloaded from the internet. The pilot program is starting in Singapore and aims to protect users from fraud apps that exploit permissions like RECEIVE_SMS and READ_SMS. Google has partnered with the Cyber Security Agency of Singapore for testing and will provide guidance for developers to review app permissions and follow best practices. Play Protect's real-time scanning has already made a significant impact on user safety in several countries.
The U.S. Treasury Department has imposed sanctions on six Iranian officials linked to the Iranian intelligence agency for targeting critical infrastructure entities in the U.S. and other countries. The officials, part of the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command, are held responsible for cyber operations, including hacking programmable logic controllers manufactured by an Israeli company. The U.S. Cybersecurity and Infrastructure Security Agency revealed that the Municipal Water Authority of Aliquippa in Pennsylvania was targeted by Iranian threat actors. The Treasury Department emphasized the sensitivity of industrial control devices in critical infrastructure systems and the potential for devastating consequences from unauthorized access. Additionally, a pro-Iranian group known as Homeland Justice claimed to have stolen terabytes of data from Albania's Institute of Statistics.
India's Computer Emergency Response Team (CERT) has warned Apple product users in the country about potential cyber attacks due to vulnerabilities in certain devices, including iPhones, MacBooks, Apple TV, Apple Watch, and various iPad and macOS versions. Users are advised to update to the latest security patches, use strong passwords, avoid clicking on suspicious links, and regularly back up important data to protect against potential breaches.
A teenager's Snapchat joke about blowing up a plane led to his arrest in Spain, raising concerns about the security of public WiFi networks at airports. Cyber security experts warn that unsecure public WiFi networks could be monitored by intelligence agencies, potentially compromising users' privacy. While some experts believe it is plausible for public WiFi sites to be monitored, others argue that incidents like this would be more common if WiFi was the issue. The teenager admitted to sending the joke in a private group and expressed regret, while his defense argues that his right to privacy was breached.
The US Securities and Exchange Commission (SEC) admitted that a key security procedure, multi-factor authentication (MFA), had been suspended for six months on its social media account when hackers made a fake post about Bitcoin in January. This allowed hackers to gain access to the account and make the misleading post, causing the cryptocurrency to surge in value before the post was deleted. The SEC has since confirmed the regulatory change, but the incident highlights the importance of maintaining strong cybersecurity measures, especially in government agencies, to prevent similar attacks.
Some Texas DMV offices have reopened with limited services after a system outage affected all online and in-person services, including county tax offices and registration renewal locations. The 16 department offices across the state will reopen at noon on Friday. The Texas DMV takes cyber security seriously and advises consumers to remain vigilant in managing their accounts. Motor vehicle transactions could not be processed on Friday due to the statewide system outage, but updates will be provided on the department's social media sites and website when additional information is available.
Two sisters fell victim to a Taylor Swift ticket scam after joining a private Facebook group to purchase inexpensive tickets to the summer tour. They paid $350 apiece for fourth-row seats to Swift's Cincinnati show, but the woman who sold them the tickets gave them the runaround and later blocked them. The sisters later found out that tickets in the fourth row were selling for nearly $2,000. Cyber security experts advise people to be cautious when buying tickets from second-hand sources and to report any scams to the FBI through IC3.org.
President Joe Biden will announce new nuclear deterrence efforts and a cyber security initiative during South Korean President Yoon Suk Yeol's state visit to the U.S. The move is aimed at deterring a North Korean attack on South Korea, as Pyongyang has stepped up ballistic missile tests. Biden hopes to emphasize the U.S.'s commitment to deterring nuclear action by North Korea and highlight the importance of South Korea and Japan building on their security ties. The U.S., South Korea, and Japan conducted a joint missile defense exercise last week aimed at countering North Korea's growing nuclear arsenal.
Marjorie Taylor Greene, a far-right Republican lawmaker, defended Jack Teixeira, an Air National Guardsman arrested by the FBI for allegedly leaking national security documents. Greene praised Teixeira for being "white, male, Christian, and antiwar," and claimed that he told the truth about troops being on the ground in Ukraine. Teixeira is being investigated for the alleged unauthorized removal, retention, and transmission of classified national defense information. The leaked documents, known as the "Pentagon Papers," contain details on deeply sensitive matters pertaining to national security and foreign affairs.
Marjorie Taylor Greene, a far-right Republican lawmaker, defended Jack Teixeira, an Air National Guardsman arrested by the FBI for allegedly leaking national security documents. Greene praised Teixeira for being "white, male, Christian, and antiwar," and claimed that he told the truth about troops being on the ground in Ukraine. Teixeira is being investigated for the alleged unauthorized removal, retention, and transmission of classified national defense information. The leaked documents, known as the "Pentagon Papers," contain details on deeply sensitive matters pertaining to national security and foreign affairs.
A warning has been issued to billions of Gmail and Microsoft Outlook users as email phishing scams have risen by 240%. Cyber defence company BlueVoyant has outlined typical warning signs of scam emails, including dynamic phishing and SMS phishing. The company has noted that 67% of all phishing attacks were hosted on dynamic DNS infrastructure in 2021. SMS gateway scripts are sold on the deep and dark web as all-inclusive solutions, which are rather easy to operate, and require very little technical knowledge.
