New South Wales Police Remain Silent Amid Leaked Email Probe; Canva Hijacked in Phishing Attack; Facebook to Force User Accounts Onto Oculus Platform; Canva Hijacked in Phishing Attack. Click “Continue reading” below.
New South Wales Police Remain Silent Amid Leaked Email Probe
An internal investigation has been launched by the New South Wales police after 150 Black Lives Matter protesters complained that their email addresses were leaked.
The protesters say the emails contained complaints about the use of pepper spray at a June 6 rally in Sydney, The Guardian reports.
Victims of the breach told the Guardian that they had yet to be contacted by authorities and might take the matter to the NSW information and privacy commissioner.
In an email from NSW police last week, Australian writer Samuel Leighton-Dore was told that his complaint about the use of force against protesters had been dismissed, according to the Guardian.
In reviewing the body-camera footage, authorities told Leighton-Dore there was “no reason to conduct a further internal investigation,” the Guardian reports.
The breach, first reported by the Gizmodo blog, was stated to be an “administrative error” — and NSW police would address the breached victims directly.
Sources (all external links):
- The Guardian: NSW police to investigate after leaking emails of people who complained about pepper spray at Black Lives Matter rally
- Gizmodo: NSW Police Leaked the Emails of Everyone Who Complained About BLM Protesters Being Pepper Sprayed
Canva Hijacked in Phishing Attack
Canva, the graphic-design platform, unknowingly provided phishing campaigns for hackers so their attacks would appear more legitimate.
A blog post by KnowBe4 said hackers stole user credentials with more than 4,200 emails generated through Canvas’ system, SC Media reports.
“Businesses and their employees should be on the alert for phishing campaigns that exploit or spoof legitimate online services and brands,” Eric Howes, author of KnowBe4, told SC Media.
“All it takes is one user to fall for a credentials phish and open the door,” he added.
Sources:
- KnowBe4: Phishing with Canva: Bad Guys Exploit Graphic Design Platform
- SC Media: Hackers hijack design platform to go phishing
Facebook to Force User Accounts Onto Oculus Platform
Facebook now requires Oculus device users to have a Facebook account in order to log onto their virtual-reality profiles.
Starting in October, Facebook also will merge existing Oculus accounts with the company’s accounts. Un-merged accounts will be terminated, ZD Net reports.
“If you choose not to merge your account after two years, you can continue using your Oculus device, but without full functionality” Oculus wrote in a blog post cited by ZD Net.
“All future unreleased Oculus devices will require a Facebook account.”
With user privacy being a high priority, users can choose what virtual-reality activity is posted to their Facebook account, according to ZD Net.
Sources:
- Oculus Blog: A Single Way to Log Into Oculus and Unlock Social Features
- ZD Net: Facebook forcing Oculus users to have an account on its platform
Copycat Hackers Launch ‘Denial of Service’ Attacks
The Akamai’s Security Intelligence Research Team has reported that copycat hackers are using well-known hacker names to launch campaigns through distributed denial-of-service (DDoS) attacks against financial institutions.
“We believe these are copycat hackers leveraging the names in order to scare the targeted victims into paying,” Steve Ragan, an Akamai security researcher, told Bank Info Security.
A dozen such attacks have occurred this month in the U.S. and the U.K.
He said researchers were unaware of organizations paying a ransom after threats from the hackers, BIS reports.
Akamai also told BIS that the company had yet to identify the hacking groups behind the attacks.
Sources:
- Akamai Security Intelligence: Ransom Demands Return: New DDoS Extortion Threats From Old Actors Targeting Finance and Retail
- Bank Info Security: Copycat Hacking Groups Launch DDoS Attacks
— By DPN Staff