Security News Bites for the Week Ending July 28, 2023

Criminal or Whistleblower?

The hacker behind the Football Leaks scandal, Rui Pinto, a 34 year old Portuguese national, currently faces 377 charges for blowing the lid off the tax fraud, corruption and other wrongdoing in the $3 billion European soccer business. One club alone, Manchester City, faced over 100 counts of financial misconduct as a result of his leaking of 70 million documents and 3.4 terabytes of data. Like Edward Snowden, he has made a lot of enemies and remains under police protection at a secret location. Credit: The Record

Senate Takes Another Whack at Banning Dark Patterns Nationally

Dark patterns are software designs that cause people to be more likely to choose options that are more favorable to the company than to the consumer. Some states already ban dark patterns, but a federal law would be more effective. This could be a place where dems and repubs join because republicans hate big tech and democrats want more privacy. Credit: The Record.

TSA Issues Updated Cybersecurity Guidelines to Pipeline and Natural Gas Operators

Back in 2021 after the Colonial Pipeline attack, TSA issues security rules for pipeline and natural gas facility operators which had some problems. Last year they updated the guidelines to address some valid concerns operators had. Now they are releasing version 3 of the rules which close some loopholes, create a bit more flexibility and give the feds permission to “inspect, maintain, and test security facilities, equipment, and systems” and “oversee the implementation, and ensure the adequacy of security measures at … transportation facilities.” I am sure that will cause some operators to have some heartburn. Unlike the first set of rules, this one is not classified SECRET. Credit: The Record

NDAA Wants Pentagon to Evaluate Creating a Dedicated U.S. Cyber Force

In response to the underwhelming readiness of the existing branches’ cyber operations, Congress wants the Pentagon to commission an external review to see if a Cyber Force makes sense. Not sure if it does, but it is clear that all branches are not doing a great job at protecting things so far. Credit: The Record

Yet Another Malicious GPT Emerges

Following the recent announcement of WormGPT – designed to create much better phishing emails, comes FraudGPT. After all, why not. This one not only can create wonderfully believable phishing emails, but makes credit card fraud easy and offers other services. For only $200 a month (with one month free if you buy 6 and three months free if you buy a year’s worth), you too can get into the fraud biz. Apparently there are already over 3,000 sales, giving them a very nice half million in monthly recurring revenue. Credit: The Hacker News

by