Security News for the Week Ending December 30, 2022
Comcast Xfinity Accounts Hacked in Widespread 2FA Bypass
While Comcast is not saying much, a number of users who use Comcast email WITH 2FA are reporting their accounts being hacked. It appears this is due, possibly, to password reuse combined with a bug in Comcast’s system which allows the hackers to bypass 2FA. Once the hackers have locked the users out of their email, they issue password resets for users’ banking and other accounts to the compromised email and take over those accounts as well. Comcast isn’t saying anything, but reports say they are trying to figure out what is going on. Credit: Bleeping Computer
TSA May Roll Out Facial Recognition Security Screening Nationwide Next Year
What could possibly go wrong? Scan a copy of your driver’s license on your phone and stand in front of a camera to get screened. It is currently in pilot in 16 airports including mine (Denver). I am sure there is no risk there. Convenience over security – nothing new. TSA says they will delete the tens of millions of images they capture after saving them for a couple of years. TSA says that after they get all the bugs worked out, they will stop saving the data. Currently, it is voluntary, but my guess is that hijackers and terrorists will be the first to sign up. Credit: The Register
Scammers are Scamming the Scammers – Karma Works
Cyber criminals are equal-opportunity folks so if the have the opportunity to scam other crooks they do and are doing it. The crooks who are getting scammed are complaining that being the scammee is not as much fun as being the scammer and they are losing millions of dollars. Hard to feel sad for these folks. Credit: ZDNet
Bahamian Regulators Seize $3.5 Billion in FTX Assets
Regulators in the Bahamas took control of “digital assets” which they say are worth $3.5 billion. This comes after hackers, supposedly, stole $400 million hours after FTX filed for bankruptcy. Is this going to turn into fight between regulators? Between countries? In fairness, it is claimed that FTX didn’t have a complete inventory of their wallets, the wallets’ locations, wallet keys were not under control and sometimes stored in clear text. What a mess. Credit: Data Breach Today
Girls Do Porn Founder and FBI Fugitive Arrested in Spain
This is not directly a cybersecurity issue, but it definitely is a privacy and safety issue. Hundreds of women were conned, compromised and even raped and then the SOB who ran this scheme fled the country with millions of dollars. It is assumed that he will be extradited to the U.S. for trial, hopefully without any bail. Credit: Motherboard by Vice
Will the Crypto Crash Impact Cybersecurity in 2023?
Bitcoin used to be worth $50,000+ a coin. Now it is worth $15,000+ a coin. What does this mean to crypto criminals? Threat actors are having to get more creative. Maybe they demand payment in stable coins pegged to fiat currency or gold, a complete turnaround from the initial claims of crypto currencies. On the other side, as crypto values head toward zero, people are not watching the security of their wallets, giving hackers a new opportunity. One thing we know is that cybercrime is not going away. Credit: Dark Reading