Hand-picked headlines from Datarisk Canada’s dedicated cybersecurity curators.
Claudiu’s Top Story
TORRENT FREAK: “The NFT Bay” Claims to Share Multi-Terabyte Archive of ‘Pirated’ NFTs
NFTs have become popular over the past year, with people paying up to millions of dollars to “own” these digital items. NFTs are stored as entries on a blockchain, and prove that the buyer is the legitimate owner of this digital item. Recently, however, a vast trove of NFTs has been uploaded to a website called The NFT Bay. This collection of NFTs is approximately 15 terabytes of data, and puts into question the true value of NFTs.
In the News
CTV NEWS: Ontario Investigating Potential Security Breach Associated with COVID-19 Vaccine Portal
Ontario authorities are investigating reports of a possible security breach associated with the provincial COVID-19 vaccine booking portal. The government has confirmed multiple reports of spam text messages sent to individuals who schedules appointments or accessed vaccine certificates through the COVID-19 immunization system. The government is working with partner ministries and provincial law enforcement to investigate these reports.
THE VERGE: Over a Million GoDaddy WordPress Customers Had Email Addresses Exposed in Latest Breach
GoDaddy has disclosed a security breach that gave an attacker access to more than 1 million email addresses belonging to the company’s active and inactive Managed WordPress users. The attacker allegedly gained access to a provisioning system two months before the intrusion was noticed. The hackers also gained access to the original WordPress admin passwords set by the provisioner and the credentials for active users’ databases and sFTP systems.
CNN NEWS: US Government Issues Thanksgiving Ransomware Warning
US officials are warning American businesses and organizations to be cautious of potential ransomware threats this Thanksgiving season. While there is no one specific threat, but ransomware attacks commonly happen on weekends and holidays, when organizations are short-staffed and potentially off-guard. CISA suggests identifying key IT security employees who can be on call in the event of a ransomware attack.
Smart Home Devices
THE WASHINGTON POST: Big Tech is Pushing Smart Home Devices as the Latest Work-From-Home Tools
The move to work-from-home activity has caused many to use their smart home devices (Amazon Echo or Google Nest, for example) as part of their work life; some workers ask their Google Assistant or Alexa to book meetings, fetch company information, or remind them about events. While this may add convenience to many workers’ lives, the question then becomes: at what expense to security and privacy does convenience come?
CLEAFY: SharkBot: A New Generation of Android Trojans is Targeting Banks in Europe
Security firm Cleafy has discovered a few Android banking trojan named SharkBot that does not belong to any known families. SharkBot’s goal is to initiate money transfers from compromised devices via Automatic Transfer Systems technique bypassing multi-factor authentication mechanisms. Once installed, SharkBot can help hackers gain access to banking information through Accessibility Services.