Author: FBI Internet Crime Complaint Center. (2023,
The companies use deceptive tactics—including threats, manipulation,
and providing false information—to coerce sextortion victims into paying
for their services. Some of the services for which the companies charge
fees, such as sending the perpetrators cease and desist orders, make
victims feel better but are not legally enforceable. The companies may
also attempt to discourage victims from reporting the sextortion to law
enforcement. Limited reporting indicates the companies are directly or
indirectly involved in the sextortion activity.
Nickolas Sharp, a former senior developer of Ubiquiti, was sentenced
to six years in prison for stealing company data, attempting to extort
his employer, and aiding the publication of misleading news articles
that severely impacted the firm's market capitalization.
Author: Traffic Commissioners for Great Britain.
(2023, May 4).
The Traffic Commissioner for the West Midlands, Miles Dorrington,
imposed a financial penalty under section 155 of the Transport Act 2000
of £1500, based on a £100 penalty for each of the vehicles authorised on
the operator’s licence.
Author: FBI Internet Crime Complaint Center. (2023,
The FBI warns of criminal actors posing as Chinese law enforcement
officials or prosecutors in financial fraud schemes targeting the
US-based Chinese community. Criminals tell victims they are suspects in
financial crimes and threaten them with arrest or violence if they do
not pay the criminals. Criminals exploit widely publicized efforts by
the People’s Republic of China government to harass and facilitate
repatriation of individuals living in the United States to build
plausibility for their fraud. Criminals typically call victims,
sometimes using spoofed numbers to appear as if the call is from the
Chinese Ministry of Public Security, one of its localized Public
Security Bureaus, or a US-based Chinese Consulate. Criminals may also
communicate through online applications.
Discord is notifying users of a data breach that occurred after the
account of a third-party support agent was compromised.
The security breach exposed the agent's support ticket queue, which
contained user email addresses, messages exchanged with Discord support,
and any attachments sent as part of the tickets.
What is a "Data
Breach"? A data breach is a security violation, in which sensitive,
protected or confidential data is copied, transmitted, viewed, stolen,
altered or used by an individual unauthorized to do so.
What is "Malware"?
Malware (a portmanteau for
malicious software) is any software intentionally designed to cause
disruption to a computer, server, client, or computer network, leak
private information, gain unauthorized access to information or systems,
deprive access to information, or which unknowingly interferes with the
user's computer security and privacy.
What is a "Payload"?
In the context of a computer virus or worm, the payload is the portion
of the malware which performs malicious action; deleting data, sending
spam or encrypting data. In addition to the payload, such malware also
typically has overhead code aimed at simply spreading itself, or
What is "Phishing"?
Phishing is a form of social engineering
where attackers deceive people into revealing sensitive information or
installing malware such as ransomware. Phishing
attacks have become increasingly sophisticated and often transparently
mirror the site being targeted, allowing the attacker to observe
everything while the victim is navigating the site, and transverse any
additional security boundaries with the victim.
Information Security Attributes:Confidentiality, Integrity and Availability (C.I.A.).
Information Systems are composed in three main portions, hardware,
software and communications with the purpose to help identify and apply
information security industry standards, as mechanisms of protection and
prevention, at three levels or layers: physical, personal and
organizational. Essentially, procedures or policies are implemented to
tell administrators, users and operators how to use products to ensure
information security within the organizations.
What is "Risk
management"? Risk management is the identification, evaluation, and
prioritization of risks followed by coordinated and economical
application of resources to minimize, monitor, and control the
probability or impact of unfortunate events or to maximize the
realization of opportunities.
What is a "Vulnerability"
(computing)? Vulnerabilities are flaws in a computer system that
weaken the overall security of the device/system. Vulnerabilities can be
weaknesses in either the hardware itself, or the software that runs on
What is an "Attack
Surface"? The attack surface of a software environment is the sum of
the different points (for "attack vectors") where an unauthorized user
(the "attacker") can try to enter data to or extract data from an
environment. Keeping the attack surface as small as possible is a basic
What is an "Attack
Vector"? In computer security, an attack vector is a specific path,
method, or scenario that can be exploited to break into an IT system,
thus compromising its security. The term was derived from the
corresponding notion of vector in biology. An attack vector may be
exploited manually, automatically, or through a combination of manual
and automatic activity.
"Standardization"? Standardization is the process of implementing
and developing technical standards based on the consensus of different
parties that include firms, users, interest groups, standards
organizations and governments. Standardization can help maximize
compatibility, interoperability, safety, repeatability, or quality. It
can also facilitate a normalization of formerly custom processes.
What is a "Replay
attack"? A replay attack is a form of network attack in which valid
data transmission is maliciously or fraudulently repeated or delayed.
Another way of describing such an attack is: "an attack on a security
protocol using a replay of messages from a different context into the
intended (or original and expected) context, thereby fooling the honest
participant(s) into thinking they have successfully completed the
What is a
"Man-in-the-middle attack"? In cryptography and computer security, a
man-in-the-middle, ..., attack is a cyberattack where the attacker
secretly relays and possibly alters the communications between two
parties who believe that they are directly communicating with each
other, as the attacker has inserted themselves between the two
What is "Transport Layer
Security" (TLS)? Transport Layer Security (TLS) is a cryptographic
protocol designed to provide communications security over a computer
network. The protocol is widely used in applications such as email,
instant messaging, and voice over IP, but its use in securing HTTPS
remains the most publicly visible.
What is a "Handshake"
(computing)?. In computing, a handshake is a signal between two
devices or programs, used to, e.g., authenticate, coordinate. An example
is the handshaking between a hypervisor and an application in a guest