It is always "sophisticated"
Anything involving computers is sophisticated.
Giant Group, the umbrella company that has thousands of contractors on its books, has been targeted by a "sophisticated" cyber-attack that floored systems and left workers out in the cold, the biz has now confirmed. The attack happened last Wednesday (September 22) and forced the outfit – known to many as Giant Pay – to shut …
Sophisticated is an interesting word. In English it used to mean "corrupted, adulterated, tampered with" (my OED from 1954). It changed some time in the latter half of last century to mean whatever it means today - elegant, complicated, modern, whatever.
Seems that the sophisticated attack made GiantPay's systems more sophisticated.
It's true. It's always a sophisticated attack from outside attackers. They'd never admit to some techy (by "techy", I mean the person in the office who has responsibility for maintaining the technology, which is not necessarily someone actually qualified for that job) being given rights way above their paygrade/knowledge level and accidentally clicking on the link in a dodgy email..
I'm guessing that their "senior" Laravel "developer" didn't bother himself with junior-level stuff such as "syntax" and "preventing SQL injections", and "concerned themselves with the bigger picture"
I'm channelling some anecdotes I got from a friend who is conducting hiring interviews and so far has rejected all the "senior" developers that came his way, with one of them saying more or less what I said in the first paragraph.
I had the "pleasure" when a contractor a good few years ago of using these cowboys as my Umbrella company. If their IT team were 1000% more competent than the rest of the company, it would still explain how this occurred. It's a rare situation where a company are really this incompetent. What made it funnier was when they asked me for feedback once I had left. Think they regretted asking. They say the truth hurts.....
Nah. Feedback is only ever used if it says something positive and then you will even be quoted on it (usually without anyone asking permission). Negative feedback will never make it past your employment record - the idea that anyone is interested is overly optimistic, and if you think anything would change because of it I'd say you have spectacularly unrealistic expectations of HR template processes.
I believe tthe word sophisticated is used now days to mean some or all of the following
A. Their tech guys knew more than the managers of our tech guys as they were put in place due to their advanced manage upwards skill set.
B. Their tech guys were better funded than our tech guys.
C. Their tech guys had more tools than our tech guys and more time to deploy them.
D. They don't have whingy share holders that expect massive profits.
E. Our C level management really don't understand the subtleties of security and what it really means these days.
"Giant Group was the victim of a sophisticated cyber-attack on September 22nd. International law firm Crowell & Moring immediately"
Because obviously when your computer system has been hacked, the first thing you do is call in the lawyers. Not only that, but when issuing a press release about your actions, people are clearly going to be most reassured by having the majority of said release waffle about your crack team of lawyers and not actually mention IT at all.
The Netherlands' Maastricht University has managed to recoup the Bitcoin ransom it paid to ransomware scum in 2019 – and has made a tidy profit on the deal.
The University explained that in 2019 it suffered a ransomware attack that prevented staff and students from accessing research data, email, or library resources.
Faced with the prospect that ransomware scum could erase research data and disrupt students, the University reluctantly decided to cough up a €200,000 ransom and was able to resume operations.
The choppy waters continue at OpenSea, whose security boss this week disclosed the NFT marketplace suffered an insider attack that could lead to hundreds of thousands of people fending off phishing attempts.
An employee of OpenSea's email delivery vendor Customer.io "misused" their access to download and share OpenSea users' and newsletter subscribers' email addresses "with an unauthorized external party," Head of Security Cory Hardman warned on Wednesday.
"If you have shared your email with OpenSea in the past, you should assume you were impacted," Hardman continued.
A former Canadian government employee has pleaded guilty in a US court to several charges related to his involvement with the NetWalker ransomware gang.
On Tuesday, 34-year-old Sebastien Vachon-Desjardins admitted he conspired to commit computer and wire fraud, intentionally damaged a protected computer, and transmitted a demand in relation to damaging a protected computer.
He will also forfeit $21.5 million and 21 laptops, mobile phones, gaming consoles, and other devices, according to his plea agreement [PDF], which described Vachon-Desjardins as "one of the most prolific NetWalker Ransomware affiliates" responsible for extorting said millions of dollars from dozens of companies worldwide.
America's Federal Trade Commission has sued Walmart, claiming it turned a blind eye to fraudsters using its money transfer services to con folks out of "hundreds of millions of dollars."
In a lawsuit [PDF] filed Tuesday, the regulator claimed the superstore giant is "well aware" of telemarketing fraudsters and other scammers convincing victims to part with their hard-earned cash via its services, with the money being funneled to domestic and international crime rings.
Walmart is accused of allowing these fraudulent money transfers to continue, failing to warn people to be on their guard, and failing to adopt policies and train employees on how to prevent these types of hustles.
The FTC is warning members of the LGBTQ+ community about online extortion via dating apps such as Grindr and Feeld.
According to the American watchdog, a common scam involves a fraudster posing as a potential romantic partner on one of the apps. The cybercriminal sends explicit of a stranger photos while posing as them, and asks for similar ones in return from the mark. If the victim sends photos, the extortionist demands a payment – usually in the form of gift cards – or threatens to share the photos on the chat to the victim's family members, friends, or employer.
Spyware developed by Italian firm RCS Labs was used to target cellphones in Italy and Kazakhstan — in some cases with an assist from the victims' cellular network providers, according to Google's Threat Analysis Group (TAG).
RCS Labs customers include law-enforcement agencies worldwide, according to the vendor's website. It's one of more than 30 outfits Google researchers are tracking that sell exploits or surveillance capabilities to government-backed groups. And we're told this particular spyware runs on both iOS and Android phones.
We understand this particular campaign of espionage involving RCS's spyware was documented last week by Lookout, which dubbed the toolkit "Hermit." We're told it is potentially capable of spying on the victims' chat apps, camera and microphone, contacts book and calendars, browser, and clipboard, and beam that info back to base. It's said that Italian authorities have used this tool in tackling corruption cases, and the Kazakh government has had its hands on it, too.
NSO Group told European lawmakers this week that "under 50" customers use its notorious Pegasus spyware, though these customers include "more than five" European Union member states.
The surveillance-ware maker's General Counsel Chaim Gelfand refused to answer specific questions about the company's customers during a European Parliament committee meeting on Thursday.
Instead, he frequently repeated the company line that NSO exclusively sells its spyware to government agencies — not private companies or individuals — and only "for the purpose of preventing and investigating terrorism and other serious crimes."
Europol cops have arrested nine suspected members of a cybercrime ring involved in phishing, internet scams, and money laundering.
The alleged crooks are believed to have stolen "several million euros" from at least "dozens of Belgian victims," according to that nation's police, which, along with the Dutch, supported the cross-border operation.
On Tuesday, after searching 24 houses in the Netherlands, officers cuffed eight men between the ages of 25 and 36 from Amsterdam, Almere, Rotterdam, and Spijkenisse, and a 25-year-old woman from Deventer. We're told the cops seized, among other things, a firearm, designer clothing, expensive watches, and tens of thousands of euros.
Updated A former Seattle tech worker has been convicted of wire fraud and computer intrusions in a US federal district court.
The conviction follows the infamous 2019 hack of Capital One in which personal information of more than 100 million US and Canadian credit card applicants were swiped from the financial giant's misconfigured cloud-based storage.
Paige Thompson (aka "erratic") was arrested in July 2019 after data was leaked between March and July of that year. The data was submitted by credit card hopefuls between 2005 and early 2019, and Thompson was able to get into Capital One's AWS storage thanks to a "misconfigured web application firewall."
A US task force aims to prevent online harassment and abuse, with a specific focus on protecting women, girls and LGBTQI+ individuals.
In the next 180 days, the White House Task Force to Address Online Harassment and Abuse will, among other things, draft a blueprint on a "whole-of-government approach" to stopping "technology-facilitated, gender-based violence."
A year after submitting the blueprint, the group will provide additional recommendations that federal and state agencies, service providers, technology companies, schools and other organisations should take to prevent online harassment, which VP Kamala Harris noted often spills over into physical violence, including self-harm and suicide for victims of cyberstalking as well mass shootings.
Biting the hand that feeds IT © 1998–2022