Cyber News: COVID Vaccine Scams are Here

In this week’s cyber news roundup, we cover the FBI’s latest warning against COVID-related scam attempts, Malwarebytes’ data breach, Google’s massive, massive threat, and a home security customer’s worst nightmare.

Without further ado:

COVID-19 Cyber Scams: Part III

Listen, we’re as tired of writing about COVID-related scams as you are of reading about them. Yet, here we are. Again. 

It started with fake contact tracing notifications as a means of extracting sensitive information back in May. Then scammers took it a step further by tapping into our undying fear of a surveillance state, reaching out to people across the country to notify them of monetary fines they’d incurred by breaking quarantine protocols. Those fines, obviously, were not real (although San Diego county’s decision to share COVID patients’ addresses with law enforcement does give us some cause for concern). 

Just last month, the FBI issued a warning against scam attempts centered around the highly sought after COVID-19 vaccine. Becoming available to select groups in late 2020, news of the vaccine’s availability prompted many to find (and be disappointed by) their place in the queue. Scammers decided to take advantage of this mystery by offering people “early access” to vaccines upon payment of a deposit or fee, according to the FBI. 

So let it be said: COVID-19 vaccines are currently free of charge, and will only be administered to those who are currently eligible as decided by your state’s distribution plan. There is no “early access” deposit you can make. Your turn will come when it comes. That’s it.

Malwarebytes Suffers Data Breach by SolarWinds Hackers

Cybersecurity company Malwarebytes recently stated it also suffered a data breach by the same hackers responsible for the SolarWinds attack. To be clear, Malwarebytes says it does not use software made by SolarWinds. It says its data was breached through its Microsoft Office 365 and Microsoft Azure environments.

Fear not, Malwarebytes customers, the company says your data is probably safe. The hack apparently only gave the actors access to “a limited subset of internal company emails.” The company, whose services are used by millions, found no evidence of a consequential breach.

“Our internal systems showed no evidence of unauthorized access or compromise in any on-premises and production environments. Our software remains safe to use,” the company wrote in a statement.

Google Threatens to Leave Australia

Read that again real quick. Google, the premier search engine company, is threatening to disable its services across an entire continent. This, after Australia continued on its course to pass legislation that would require search engines to negotiate with local news publications and broadcasters for the right to feature their content on search results or news feeds. Court-appointed arbitrators will intervene if a deal cannot be reached.

Google says it would have no choice but to leave Australia. Facebook, also required to negotiate per Australia’s looming law, stated it would prevent users in Australia from posting or sharing links to news articles if the bill passed. 

And unlike most consumers of the digital age, Google does actually realize that legitimate journalism isn’t free. Google did, after all, just agree to pay French news publications for the right to share their news. The issue, according to the New York Times, appears to stem on who gets to call the shots. Google appears to want more control over the details of the transactions. 

We’d make a joke about our Aussie friends having to settle for Bing, but now we’re just curious to see if the poor man’s search engine has a future in the Land Down Under as well. Stay tuned on how this all plays out. 

Home Security Tech Spied on Customers Having Sex

You may want to sit down for this one.

A home security technician admitted to illegally accessing cameras of over 200 customers to spy on their most intimate moments. A former employee of security company ADT, Telesforo Aviles told prosecutors he spent more than four years accessing customers’ video feeds while they undressed, slept, or had sex. 

Aviles is said to have violated company policy by adding his personal email to accounts on ADT Pulse, the company’s mobile application that allows for remote access into the home’s security cameras. 

ADT began notifying customers of the breach in April of last year, telling them a former employee had accessed their accounts for several years. 

"After we learned of the unauthorized access, we immediately took preventative steps to ensure this can never happen again, and we personally contacted each of our 220 customers who were impacted by this incident," the company wrote in a statement to Buzzfeed. 

Customers are unhappy with how this all unfolded, though. One of the lawsuits alleges that the company failed to monitor customer accounts to promptly notify them of a new user, claiming the security breach was only discovered by chance. ADT, however, claims that its contracts require customers to resolve disputes privately in arbitration. It says most of the 220 impacted customers have already agreed to settlements, with one customer reportedly claiming to have been offered as much as $50,000, per BuzzFeed News.

Maybe consider keeping the cameras outside of areas where the magic may happen.