Cyber Security Today, January 27, 2023 – Over 800,000 victims in a hack, Dutch hacker allegedly trolled data from everyone in Austria and more.

by Arthur · January 27, 2023

Over 800,000 victims in a hack, Dutch hacker allegedly trolls data from everyone in Austria and more.

Welcome to Cyber Security today. It is Friday the 27th. January 2023. I’m Howard Solomon, contributing cybersecurity reporter for ITWorldCanada.com and TechNewsday.com in the US

A Chicago company called Zacks Investment Research alerts 820,000 customers that their information may be at risk. According to a copy of a letter sent to customers and filed with the state of Maine, the company learned in late December that it had been hacked. Access was gained once several months before that. A database of customers who registered for a product between late 1999 and February 2005 was stolen. The data included customers’ names, addresses, phone numbers, email addresses and passwords used for Zacks.com. Affected customers must reset their passwords.

The Russian Cyber War over Ukraine continues. A series of denial-of-service attacks on Thursday hit German authorities, banks and airport websites. Some websites were knocked offline. It is believed to be retaliation against Germany for allowing tanks they build to be sent to Ukraine.

A Dutch hacker arrested in November obtained and offered for sale the full names, addresses and dates of birth of practically everyone in Austria. That’s about nine million people. Reuters says the news is only being released now because other police forces are investigating the person. That’s because they also sold similar datasets from Italy, the Netherlands and Columbia.

Scientists at Trellix say they recently patched over 61,000 open source Python projects on GitHub through an automated system. The effort was to fix a 15-year-old vulnerability that some developers had inadvertently added to their projects. It took several months to find the affected projects and install the updates. Trellix cautioned developers to have proper controls and evaluation methods in place when deciding to import code libraries and frameworks into their applications.

Is your business thinking about creating non-fungible tokens to increase customer loyalty? The recent experience of Porsche should make you think twice. Non-fungible tokens, or NFTs, are digital assets on a blockchain that may or may not have value. Porsche has created NFTs for enthusiasts to acquire digital copies of their cars. However, according to The Cyber Express, the crooks have latched onto the Porsche name and created fraudulent domains to trick many into buying fake cryptocurrency tokens. Any organization looking to get into the non-fungible token game better have cyber security and blockchain expertise or their brand could be damaged.

Some exploits the Google Ads invitation capabilities to send emails promoting spam and sex sites. According to a news report, the invitations are sent from Google Ads accounts, so they appear to be legitimate. They also avoid spam filters. Google Ads is a service for advertisers to create marketing campaigns.

Finally, New York State is asking the operators of Madison Square Garden and Radio City Music Hall about the alleged use of facial recognition software to keep certain dangerous people out of their venues: Lawyers. According to Engadget, the technology is being used to keep out lawyers representing people suing the company. It quotes the Garden chief as saying the goal is to prevent evidence from being collected outside of proper litigation procedures. The New York attorney general says what is allegedly happening may violate civil and human rights laws.

That’s it for this morning’s podcast. But later today the Week in Review will be available. Guest commentator Terry Cutler of Montreal’s Cyology Labs will provide advice for Data Privacy Week and comment on other news.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to the Flash Briefing on your smart speaker. US listeners can also find my stories at TechNewsDay.com.