Chinese Cybercriminals Obtain Thousands of Texans’ Driver’s LicensesImage above by Gerd Altmann from Pixabay.
The Texas Department of Public Safety announced on February 27 that the personally identifiable information (PII) of a minimum of 3000 Texans with Asian descent have been compromised by an organized Chinese crime gang based in New York.
The modus operandi of the gang supposedly involved collecting the personal information of Asian-American targets from the dark web, using that information to crack password security questions on Texas.gov and finally, employing stolen credit cards to order duplicate copies of driver’s licenses that were reported to be missing.
According to DPS, the cybercriminals took advantage of security vulnerabilities in Texas.gov, the state’s main portal which is used to order the licenses and is handled by a different agency, the Texas Department of Information Resources. The culprits created thousands of fake accounts and directed their orders to addresses that differ from those of the real license holders.
At the time that the identity theft occurred, payment for replacement licenses were done by placing only the credit card number. The Credit Card Verification (CCV), the 3-digit code at the back of the card was not required. Due to this security lapse, the Texas DPS was duped into shipping thousands of Texans driver’s licenses to the wrong individuals.
Compromised Code Signing Certificates Revoked by GitHubImage above by Pexels from Pixabay.
GitHub, a widely-used CI/CD platform for software devops, revealed that it experienced a cyberattack in December 2022. In that attack, malicious actors were able to steal code signing certificates used for Github’s Desktop and Atom applications after hacking into their repositories.
“On December 6, 2022, repositories from our atom, desktop, and other deprecated GitHub-owned organizations were cloned by a compromised Personal Access Token (PAT) associated with a machine account” Github said in a news release.
One certificate expired last January 4, another expired last February 1, while the third certificate was set to expire in 2027. Since the stolen code signing certificates were protected by password, GitHub maintains that they have not seen any evidence of these being used by the hackers.
The compromised credentials were immediately revoked by GitHub a day after the attack while the three stolen certificates were all revoked last February 2. In the event that any of the certificates were successfully used to sign code before their expiration date, the revocation would be able to nullify such action.
Activision Employee Slack Account Breached by HackerImage above by Kris from Pixabay.
Leading video game publisher Activision made headlines in the 3rd week of February when it gave confirmation that it suffered a data breach on December 4th of last year.
An HR employee’s Slack account was infiltrated by hackers through social engineering, particularly SMS-based phishing. The employee was duped into providing the SMS 2FA code to the hackers leading to the data breach of other employees’ personal information and scheduled game content.
The compromised data included the personally identifiable information of Activision employees, including names, addresses, phone numbers, and emails and the scheduled release date of future Call of Duty game content.
Other employees were also targeted but they replied with curses, signaling that they were aware of the phishing scheme. Despite this, researchers do not think that anyone escalated the incident to the company’s cybersecurity team. Activision maintained that the hackers were not able to steal any game code.
Other companies in the entertainment software industry have also dealt with cyberattacks during the previous year. Source code for Riot Games’ popular League of Legends was breached. In September 2022, threat actors divulged upcoming footage for the newest release of Grand Theft Auto VI.
Cloudflare Overcomes Record-high Distributed Denial-of-Service (DDoS) Attack
Image by Benjamin Hartwich from Pixabay.
Cloudflare announced last February 13 that it was able to repel a massive DDoS attack that went as high as 71 millions requests per second (RPS).Previously, Google Cloud held the record for the biggest DDoS attack which was at 46 million RPS DDoS. The attack on Cloudflare was 35% higher than Google Cloud. Included among the websites hit with the attack were hosting providers, cryptocurrency firms, and gaming companies.
A DDoS attack occurs when multiple machines disrupt the services of a host connected to a network resource by overwhelming the target computer with traffic until it ends up crashing.
Common targets are major web servers such as banks and government sites while services affected include online banking, email, and website access. With the continued popularity of video games and crypto companies, it is no wonder that threat actors targeted these industries.
1) For those looking for easy enrollment of a high volume of email signing and encryption S/MIME certificates for company staff members, Enterprise PKI (EPKI) Agreement is now available for Individual Validation + Organization Validation (IV+OV) S/MIME certificate validation. An Enterprise PKI (EPKI) Agreement allows an authorized representative to assume responsibility for retaining and validating identity evidence of employees or contractors within a company or organization, enabling a single validation process for an entire organization. Click this link to learn more about the EPKI Agreement Setup.
2) SSL.com’s Document Signing Watch Folder service is now available for our customers. This is a digital signing service for Windows and Linux that can be used to sign bulk volumes of electronic documents (including PDFs) by simply placing them into a local folder. Click here to learn more about the Document Signing Watch Folder service.< p align=”justify”>3) With input from most of its membership, the CA/Browser Forum is changing the OV & IV Code Signing Key Storage Requirements. The change date is June 1, 2023. OV & IV Code Signing Certificates will be issued on Yubico USB Tokens or available via the SSL.com eSigner cloud signing service. Additional information on this change can be found on the CA/Browser Forum website. Learn more about the SSL.com eSigner cloud code signing solution: https://www.ssl.com/esigner/.