• TSB is advising consumers to avoid making online purchases on Facebook Marketplace, warning that over a third (34%) of the adverts tested on the platform are scam posts

  Members of TSB’s fraud team sampled 100 Facebook Marketplace posts on their feed - including cars, watches, games consoles, air fryers and handbags - and engaged with the seller to determine whether the items were genuinely for sale or scams.
  The study concluded that 34 percent of the listings were fraudulent once the seller used tactics known to be commonly used by purchase fraud criminals. For instance, sellers deemed to be scammers directed TSB fraud experts to fake websites; refused to allow viewing of an item in person and demanded advanced fees. TSB also discovered items advertised as ‘brand new’, for hundreds of pounds less than their real retail price

• Researcher uncovers one of the biggest password dumps in recent history Nearly 71 million unique credentials stolen for logging into websites such as Facebook, Roblox, eBay, and Yahoo have been circulating on the Internet for at least four months, a researcher said Wednesday.

  Troy Hunt, operator of the Have I Been Pwned breach notification service, said the massive amount of data was posted to a well-known underground market that brokers sales of compromised credentials. Hunt said he often pays little attention to dumps like these because they simply compile and repackage previously published passwords taken in earlier campaigns.

• New iShutdown Method Exposes Hidden Spyware Like Pegasus on Your iPhone Cybersecurity researchers have identified a "lightweight method" called iShutdown for reliably identifying signs of spyware on Apple iOS devices, including notorious threats like NSO Group's Pegasus, QuaDream's Reign, and Intellexa's Predator.
  Kaspersky, which analyzed a set of iPhones that were compromised with Pegasus, said the infections left traces in a file named "Shutdown.log," a text-based system log file available on all iOS devices and which records every reboot event alongside its environment characteristics.

  ---

Insight

Narrative Attacks: The Stealth Bombers of Cyberwarfare, Espionage, and Extortion

In the shadowy world of cyber conflict, a new and insidious weapon is redefining warfare: narrative attacks. More than mere misinformation, these are calculated campaigns designed to hijack minds and warp perceptions. In the hands of skilled cyber warriors, they become tools to control the narrative battlefield, turning public opinion into a puppet dancing on digital strings.

Masters of Deception in a Digital Age

These narrative assaults craft a web of lies and half-truths, disseminated with surgical precision across social media and news platforms. They blur reality, breeding confusion and chaos. In the high-stakes game of espionage, they are the perfect smokescreens, diverting attention and discrediting crucial intelligence. They turn the truth into a shape-shifting shadow, elusive and ungraspable.

The Dark Art of Cyber Extortion

In the grimy underworld of cyber extortion, narrative attacks have become psychological siege engines. They spin tales of invulnerability and inevitable defeat, breaking the will of their targets. This isn't just hacking: it's digital intimidation, a mind game designed to force capitulation and fill coffers.

From Fiction to Frightening Reality

The real-world impacts are chillingly vivid. Elections upended, democracies shaken, secrets pilfered—all under the cover of deceptive narratives. The SolarWinds breach is a testament to this new warfare's potency, where crafty narrative manipulation allowed cyber spies to lurk undetected, siphoning secrets at will.

The Shield Against the Unseen Enemy

Combating this new breed of attack demands more than just technical firewalls. It requires arming the public with the discernment to question and challenge, building a societal immune response to the virus of falsehood. Intelligence agencies and corporations must not only track but actively dismantle these digital houses of mirrors.

The Future Battlefront

As the art of narrative manipulation evolves, it stands as the new frontier in the cyber domain—a battleground not just for data, but for reality itself. The war ahead is as much about guarding against the distortion of facts as it is about shielding servers and systems. In this age, the pen and the keyboard stand mightier than ever, as the line between perception and reality blurs in the cyber shadows.

Scammers Corner

The Digital Pandora's Box: Unmasking the Perils of Free Facebook Apps

The Seductive Trap of 'Free'

In the sprawling digital playground of Facebook, free gaming and face-morphing apps beckon with their siren songs, promising amusement and whimsy, but the allure of 'free' is a masterful illusion, and these fantastical transformations come at a steep price. Beneath their alluring veneer lurks a labyrinth of hidden dangers, often unseen until it's too late. This essay ventures into the shadowy realms of these apps, revealing the treacherous pitfalls that lie in wait for the unwary visitor.

The Mirage of Free Play

The 'free' app ecosystem is a misnomer. It's a realm where progress and special features often come with a hidden price tag, preying on impulsive desires. Deceptive advertisements further muddy the waters, luring users deeper into the quicksand of unintended expenditures.

A Breach in the Fortress of Privacy

At the heart of this digital minefield is the invasion of privacy. These apps, draped in the guise of harmless fun, are often vampiric in their thirst for personal data. They harvest everything from mundane browsing patterns to the intimate contours of our faces, turning our digital footprints into gold for data brokers.

Anonymity Lost: The Face Morphing Conundrum

Face morphing apps provide a momentary escape into other identities, tempting us with digital metamorphoses into Vikings, hippies, and any number of fantasy characters or celebrities. They also strip away the veil of anonymity. Each shared image is a digital breadcrumb, feeding the ever-hungry maw of facial recognition databases and leaving users vulnerable to identity theft and deepfake deceptions.

Cybersecurity: The Invisible Predator

Beyond the assault on privacy lies the specter of cybersecurity threats. These apps are akin to Trojan horses, potentially riddled with malware and phishing traps, waiting to unleash chaos on the unsuspecting user's digital life.

Addiction by Design: The Psychological Snare

There's also a darker, more insidious aspect to these apps: the psychological chains they forge. Purposefully designed to be addictive, they ensnare users in a web of endless play and cunning in-app purchases, leading to a vortex of wasted time and mental health erosion.

Conclusion

The world of free gaming and face-morphing apps on Facebook is very much akin to a digital Pandora's Box, releasing unseen perils into our virtual lives. As digital explorers, we must tread with caution, eyes wide open to the reality that in the realm of 'free' apps, we are not just users: we are the product being traded in a shadowy market. The key to our digital safety lies in our awareness and the choices we make in these deceptive digital mirages.

The Deep Dive

In January 2024, Trello experienced a significant data breach, resulting in the personal details of over 15 million users being put up for sale on the dark web. The data breach reportedly involved scraping a large amount of user data from Trello and was later confirmed by the website Have I Been Pwned. The compromised data includes email addresses, usernames, full names, and other account details of the users. Notably, passwords were not included in this data.

The method used in the breach involved enumerating a publicly accessible resource on Trello, using email addresses from previous breaches. This suggests a sophisticated approach to exploiting vulnerabilities in the system. Despite the alarming nature of the breach, Trello maintained that there was no unauthorized access to its internal networks or databases. In response, Trello users are advised to ensure that their passwords are both unique and strong, and to be vigilant for potential phishing attempts using their personal information. Trello, known for its project management capabilities, has faced similar security concerns in the past, highlighting the importance of data security vigilance for both users and organizations.

In the shadowy realm of cyberspace, the recent Trello data breach stands as a chilling testament to the ever-looming specter of digital vulnerability. This seismic event, ripping through the cyber fabric, exposed over 15 million users to the murky depths of the dark web. However, there are some important points to note regarding our perception of this event:

1. The Mirage of Data Safety: We often lull ourselves into a false sense of security, believing our data is fortress-protected. This breach shatters that illusion, revealing that even robust platforms like Trello can become prey to the cyber predators lurking in the digital underbrush.
2. The Underestimated Adversary: The breach was not a mere hit-and-run in the cyber world; it was a calculated strike. Using a sophisticated technique that leverages previously breached email addresses, the perpetrators executed a digital heist with surgical precision, calling into question the ever-escalating arms race in cybersecurity tactics.
3. The Echo Chamber of Speculation: In the aftermath, the echo chamber of the internet buzzes with theories and conjectures, often blurring the lines between factual analysis and sensationalist speculation. This frenzy of guesswork can obscure the hard truths of the incident.
4. The Tarnished Shield of Trello: The breach casts a long, ominous shadow over Trello's digital fortress, stirring doubts about the impregnability of its cyber walls. The breach could unfairly brand Trello as a weakened sentry in the fight against data piracy, despite their efforts to bolster their digital defenses in the aftermath.
5. The Ripple Effect in the Cyber Pond: This incident is more than a mere ripple; it's a tidal wave that raises alarm bells about the broader implications for cybersecurity. It serves as a stark reminder that in the digital age, no one is an island, and a breach against one is a breach against all.
6. The Masquerade of Motives: The true motives of the digital marauders behind this breach are shrouded in mystery. Were they mere data bandits or part of a larger, more sinister cyber conspiracy? The truth remains elusive, buried in the digital sands.
7. The Misdirected Blame Game: It's easy to point fingers at Trello, but in doing so, we might overlook the complex, multifaceted nature of cybersecurity and the collective responsibility of users and providers in fortifying the digital realm.

This Trello data breach is not just another cyber incident; it's a stark wake-up call in the digital night, a reminder of the fragility of our online existence and the ever-present threat lurking in the cyber shadows. For a more detailed and nuanced analysis, stay tuned to credible cybersecurity news sources and follow Trello's official updates.

And Finally ….

In the wake of events like the Trello data breach and the pervasive reach of free Facebook apps, we find ourselves at a pivotal juncture in the digital age. These incidents are stark indicators that we may well be entering a post-data privacy era. An age where the concept of personal data protection is being relentlessly challenged and reshaped by the incessant tide of technological advancement and the ubiquitous hunger for data.

In this new world our personal information, from mundane preferences to intimate details, is no longer just ours. It's a commodity, traded in the vast digital marketplace, often without our explicit consent. The sanctity of personal data privacy, once held as a digital right, is being eroded, leaving us exposed in ways we're only beginning to comprehend.

Join us next time when we review why security awareness training is a four-letter word for both CISOs and end users, how various cyber warfare groups have different tactics, and why nudge psychology is so attractive to people who are after our money.

Thanks for reading Cyberwarfare, Espionage & Extortion! Subscribe for free to receive new posts and support my work.

Follow My Socials

Computercrime on LinkedIn
X (formerly Twitter)
That Fraud Guy on Mastodon
Read my stuff on Dark Reading