Hackers Ran Amok Inside GoDaddy for Nearly 3 Years
Hackers detected having had sneaky access to your corporate network for three years is bad enough. Web hosting company GoDaddy this week confessed something even worse: A group of hackers it repeatedly discovered inside its network returned—or never left—and died out. hacked their networks at least since March 2020, despite all efforts by the company to prevent their expulsion.
We will do that. Meanwhile, the increase of pig slaughter scam has left more and more victims in dire straits—and the scammers are getting more sophisticated. this week we details new techniques criminals are using to withdraw people’s bank accounts through social engineering and legitimate-looking financial apps designed to fool targets into giving cash to scammers under the guise of bogus investments.
Talking about bogus investments, 24 percent of new crypto tokens gaining any value in 2022 are pump and dump plans, according to new findings from cryptocurrency tracking firm Chainalysis. The creators of these tokens inflate them to attract buyers, then sell off their holdings as the value increases, thus increasing the price and causing investors to hold the cryptocurrency suddenly. but it’s of no value. Chainalysis found that one token creator was responsible for at least 264 successful pumps and sales last year.
Of course, what goes up must come down—especially if it’s a suspicious object that has flown over the United States in the past two weeks. after America shoot down Chinese spy balloon Earlier this month, it went on to knock down three more unidentified aerial objects. But don’t worry, no more spy balloons than usual—the government is just paying more attention to what’s in the sky.
While the mainstream media focuses on spy balloons, another top story is emerging on TikTok and other social media platforms: the February 3 train derailment in East Palestine, Ohio, spills toxic chemicals on land and waterways, forcing small-town residents to flee. Relatively little news coverage, growing questions about the health and environmental impacts of chemical spills, and mistrust of government officials and regulators created the perfect recipe for disinformation and conspiracy theories.
However, the view that government is slow and inefficient is also partly true. This week, US Customs and Border Protection revealed that it has finally implemented the necessary system update to cryptographically verify the data on the e-Passport—16 years after the United States and Visa Waiver countries began issuing passports containing RFID chips containing detailed information about travelers.
If you’re planning a trip but don’t want anyone to know where you’re going, we can helpcompiled a complete guide to make sure you don’t accidentally share your location.
But that’s not all. We’ve rounded up the week’s top security and privacy news that we haven’t covered in depth ourselves. Click on the title to read the full story and stay safe while out there.
GoDaddy revealed in a statement on Thursday that it had discovered that hackers inside its systems installed malware on the network and stole parts of its code. The company said it became aware of the breach in December 2022 when customers — the company did not say how many — began reporting that their websites were being mysteriously redirected to other domains. . GoDaddy said it was investigating the breach and working with law enforcement, who told the company that the “clear goal of hackers was to infect websites and servers with malware.” for phishing campaigns, malware distribution and other malicious activities”.
It’s getting worse: GoDaddy reveals in SEC filings that they believe the hackers are the same group they found inside the company’s network in March 2020 and stole the login credentials of 28,000 customers and some GoDaddy employees. Then, in November 2021, hackers used the stolen password to compromise WordPress instances of 1.2 million customers, gaining access to email addresses, usernames, passwords, and in in some cases their website’s SSL private key. “Based on our investigation, we believe these incidents were part of a multi-year campaign by a sophisticated group of threat actors,” the filing reads.