Pantropic Newsletter #26

Posted December 28, 2023

by Sarah



 




Pantropic Newsletter #26 (November 2023)

Loyalty marketing agency gets S$10,000 fine over data leak of Starbucks Singapore customers

 

Singapore’s privacy watchdog fined the developer behind Starbucks’ e-commerce platform S$10,000 following a data breach impacting over 300,000 rewards members. The breach occurred after a former staffer’s account was not disabled, granting unauthorized access. Starbucks Singapore itself avoided penalties by bolstering security, although the developer’s remedial actions, including on multi-factor authentication, came late. A sobering reminder Overall of the need for vigilance when handling such personal data.

(Source: Today Online)

LEARN MORE INFO

In a first, cryptographic keys protecting SSH connections stolen in new attack

 

Researchers stumbled upon computational glitches in a small portion of SSH traffic that fully exposed private encryption keys, enabling remote server impersonation. Despite existing defenses, several vendors’ implementations remained vulnerable over years, challenging assumptions of protocol security and laying bare the fragility of encryption to simple data corruption.

(Source: ArsTechnica)

LEARN MORE INFO

Personal data of 665,000 Marina Bay Sands shoppers accessed by ‘unknown third party’ in October

 

An unknown third party accessed the personal data of approximately 665,000 Marina Bay Sands shoppers in October, affecting the venue’s lifestyle rewards program but likely sparing its casino database. Marina Bay Sands responded promptly upon discovering the breach on October 20th, working with authorities and investigating further.

(Source: Today Online)

LEARN MORE INFO

Google Drive users angry over losing months of stored data

 

Google Drive users recently reported a mass file disappearance, with storage reverting months. Google confirmed its awareness and ongoing investigation by engineers, but the cause and solution remain unclear for now. Users are advised to avoid further changes and contact support pending an update.

(Source: Bleeping Computer)

LEARN MORE INFO

SCAM OF THE WEEK: Job Offer or Digital Danger?

 

Recently, cybercriminal groups in Vietnam have been targeting individuals by sharing fake job postings. According to WithSecure experts, these groups are primarily targeting the digital marketing sector and Facebook business accounts. These fake job postings are used to spread known malware such as DarkGate and Ducktail.

In this scam, cybercriminals use LinkedIn messenger to send you a link to a fake job description. If you click on the link, you’ll be sent to an unsafe website that will lead you to malware-infected Google Drive files. If you download these files, the cybercriminals can gain access to your internet browser’s cookies and session data. This information helps them steal your login credentials and other sensitive information.

Follow the tips below to stay safe from similar scams:

  • Be suspicious of unexpected LinkedIn messages, especially those with job offers from unfamiliar sources.
  • Confirm that the person you’re speaking to is actually who they say they are. Look up the organization on official websites to verify job offers.
  • Be cautious of offers that seem too good to be true. Cybercriminals will use unrealistic job offers to lure you into fake websites to access your sensitive information.

Backup and Data Security Solutions

ATEGO® ENTERPRISE

This “white glove” managed service is the next generation secure offsite backup you need right now. We monitor your backups daily, help you troubleshoot any problems, and can assist you with restorations when you need it. Our Data Security Module can perform bi-directional anti-malware scans, content disarm and reconstruction (CDR), and protect your backups with biometric Deep MFA and multi-person workflow, crucial in stopping stolen credential attacks.

CRASHPLAN

Leading desktop and laptop backup solution providing automated and continuous data backup protection with unlimited capacity backup licensing and flexible deployment options. Ensures fast and complete backup and recovery anytime, anywhere.

CROWDSTRIKE FALCON

A next-generation endpoint protection platform using AI and machine learning to effectively stop breaches including true NGAV, endpoint detection and response (EDR), threat intelligence management and automation.

KNOWBE4 

World’s largest security awareness training platform with simulated phishing attacks, educating and empowering employees to strengthen IT security against cybercriminals.

GET IN TOUCH

Copyright © 2023 Pantropic Online Pte Ltd. All rights reserved.