Daily Digest (8/20)

New South Wales Police Remain Silent Amid Leaked Email Probe; Canva Hijacked in Phishing Attack; Facebook to Force User Accounts Onto Oculus Platform; Canva Hijacked in Phishing Attack. Click “Continue reading” below.

New South Wales Police Remain Silent Amid Leaked Email Probe

An internal investigation has been launched by the New South Wales police after 150 Black Lives Matter protesters complained that their email addresses were leaked.

The protesters say the emails contained complaints about the use of pepper spray at a June 6 rally in Sydney, The Guardian reports.

Victims of the breach told the Guardian that they had yet to be contacted by authorities and might take the matter to the NSW information and privacy commissioner.

In an email from NSW police last week, Australian writer Samuel Leighton-Dore was told that his complaint about the use of force against protesters had been dismissed, according to the Guardian.

In reviewing the body-camera footage, authorities told Leighton-Dore there was “no reason to conduct a further internal investigation,” the Guardian reports.

The breach, first reported by the Gizmodo blog, was stated to be an “administrative error” — and NSW police would address the breached victims directly.

Sources (all external links):

Canva Hijacked in Phishing Attack

Canva, the graphic-design platform, unknowingly provided phishing campaigns for hackers so their attacks would appear more legitimate. 

A blog post by KnowBe4 said hackers stole user credentials with more than 4,200 emails generated through Canvas’ system, SC Media reports.

“Businesses and their employees should be on the alert for phishing campaigns that exploit or spoof legitimate online services and brands,” Eric Howes, author of KnowBe4, told SC Media.

“All it takes is one user to fall for a credentials phish and open the door,” he added.


Facebook to Force User Accounts Onto Oculus Platform

Facebook now requires Oculus device users to have a Facebook account in order to log onto their virtual-reality profiles.

Starting in October, Facebook also will merge existing Oculus accounts with the company’s accounts. Un-merged accounts will be terminated, ZD Net reports.

“If you choose not to merge your account after two years, you can continue using your Oculus device, but without full functionality” Oculus wrote in a blog post cited by ZD Net.

“All future unreleased Oculus devices will require a Facebook account.”

With user privacy being a high priority, users can choose what virtual-reality activity is posted to their Facebook account, according to ZD Net.


Copycat Hackers Launch ‘Denial of Service’ Attacks

The Akamai’s Security Intelligence Research Team has reported that copycat hackers are using well-known hacker names to launch campaigns through distributed denial-of-service (DDoS) attacks against financial institutions.

“We believe these are copycat hackers leveraging the names in order to scare the targeted victims into paying,” Steve Ragan, an Akamai security researcher, told Bank Info Security.

A dozen such attacks have occurred this month in the U.S. and the U.K.

He said researchers were unaware of organizations paying a ransom after threats from the hackers, BIS reports.

Akamai also told BIS that the company had yet to identify the hacking groups behind the attacks.


By DPN Staff