Month: September 2021

British cybersecurity researcher Bob Diachenko stumbled upon his own personal data online, after discovering an unsecured database containing the personal information of millions of visitors to Thailand. He discovered the database on August 22, 2021 and immediately alerted the Thai authorities, who acknowledged the incident and secured the data the following day.

Inside the 200 GB digital index were records dating back ten years, containing the personal data of 106 million international travelers to Thailand. The data included full names, arrival dates, gender, residency status, passport numbers, visa types, and Thai arrival card numbers.

Fortunately, none of the data exposed poses a direct financial threat to most individuals. No financial or contact information was included.

While the IP address of the database is still public, the database has been replaced with a honeypot – a digital booby trap. Visitors to the IP address who attempt to access the now secured database are presented with the message: “This is honeypot, all access were logged.” [sic]

Read more about it here.

Pacific City Bank is a California based bank that provides financial services and caters mainly to the Korean-American community. The bank started its operations in 2003, and currently has 12 branches and 8 loan offices.

On September 4, 2021, the AVOS Locker gang broke into Pacific City Bank’s systems and extracted some sensitive files. They then published a screen shot as proof of the successful attack. The screen shot is showing human resources documents and a phone directory, and threatened to leak it.

It isn’t clear yet how much the gang was asking, and whether the ransom was paid.

Read more about it here.

The US Securities and Exchange Commission (SEC) Office of Investor Education and Advocacy is warning investors to be “extremely wary” of potential investment scams related to Hurricane Ida. Scams may be promoted through email and social media posts, promising high returns for small, thinly-traded companies that supposedly will reap huge profits from recovery and cleanup efforts. Fraudsters may likely target individuals receiving compensation from insurance companies

One of the best ways to avoid investment fraud is to ne skeptical and ask questions. Individuals should ask anyone approaching them with an investment opportunity if they’re licensed and if their investment is registered with the SEC or with a US state securities regulator. This can be easily checked by contacting the SEC or the state securities regulator. “Know that promises of fast and high profits, with little or no risk, are classic signs of fraud” says the SEC alert.

Read more about it here.