The EU parliament has voted through two pieces of legislation with the aim of leveling the tech industry playing field in Europe: the Digital Markets Act and Digital Services Act. 

By now, it probably seems like you know all about how to protect yourself online. You’ve downloaded the antiviruses, implemented the firewalls, your password is uncrackable, and you reckon you could spot a phisher a mile off. But do you know how to protect yourself from social engineering?

Google has released a report outlining how their Threat Analysis Group disrupted an extensive phishing campaign targeting YouTubers with Cookie Theft malware since 2019. Stopping the hackers in their tracks was no mean feat, considering the campaign involved 15,000 fake accounts and sending over 1 million messages to targets.

A 20-year-old man in Pennsylvania has pleaded guilty to his involvement in a “SIM swap” and cryptocurrency theft scheme. Kyell Bryan carried out the plan in 2019 with several others. After he too pleaded guilty, Jordan Milleson, a co-conspirator in the scheme, was sentenced to two years in federal prison earlier this year.

Microsoft has revealed that in August 2021, it mitigated one of the largest distributed denial of service (DDoS) attacks ever recorded. The 2.4Tbps attack targeted an Azure cloud computing service client based in Europe and surprisingly resulted in minimal downtime for users. The size of the attack is second only to a 2.54Tbps DDoS attack directed at Google in 2017, though higher than any attack ever recorded on Azure previously. 

There will be a change in the requirements for SSL certificates seeking validation using the HTTP domain control validation (DCV) method in the coming weeks. This change is in keeping with new rules set out by the CA/Browser Forum, which has determined that in some instances, HTTP validation may allow threat actors to obtain SSL certificates for domains they don’t actually own.

Many website owners with SSL certificates issued by Let’s Encrypt faced outages over the past few days. This is due to the expiration of its IdenTrust DST Root CA X3 cross-signed root certificate. Although this root certificate has been replaced by one called ISRG Root X1, many users are still encountering service issues, particularly business owners and their customers. So those worst hit include not only website owners using legacy servers and older devices, but also hosting service companies that failed to update their software, leaving their customers and users without service.