Top infosec trends in the media spotlight this week

Google was in the news after updating its policy following protests against how the tech giant handles sexual harassment claims.

Employees from offices across the globe held coordinated rallies, holding banners displaying phrases such as ‘Time’s Up Tech’ and ‘Not OK, Google’. 

They were arguing against Google’s harassment complaints procedure, which mandated that those making claims would be forced into arbitration.

Other complaints alleged that some of the accused were discreetly made redundant, with significant severance packages offered to soften the blow.

On Thursday, the Silicon Valley company announced it will no longer employ forced arbitration, and made a number of changes to its policy.

An email was sent laying out the proposed changes, and a town hall meeting was scheduled to discuss the issue – though there were reports that many staff members either didn’t receive the email or weren’t invited to the discussion.

Some did praise the company, though, for listening and responding to their employee’s needs.

Changes include mandatory sexual harassment training every two years, and discouraging staff from over-consumption of alcohol at work-related events.

It comes after a global-wide discussion surrounding sexual harassment and women’s rights was sparked by Hollywood in the wake of the Harvey Weinstein allegations.

The movement – dubbed ‘Time's Up’ – encourages women to speak out against alleged harassment, and calls for more support from men, particularly in industries which are often dominated by males.

You can find out more about Google’s new policy here.

Spammers continued to peddle fake bitcoin investments this week by posing as Elon Musk on Twitter.

You might remember that Twitter banned Musk-related handles (except for Elon Musk himself) after an influx of copycat accounts posed as him to trick people into handing over money.

This blanket ban even saw the death of (IMO) One Of The Greatest Memes Of All Time.

The scammers upped their game, however, this week by hacking into well-known corporate accounts and taking them over.

Pathe UK, Pantheon Books, and UK retailer Matalan were all hijacked this week, their pictures and names changed to resemble Musk.

Other accounts were hijacked and were used to respond to the tweets, in an attempt to make the cryptocurrency offer seem legit.

Spam tweets were also promoted by the hackers, seemingly without Twitter realizing what was going on.

Strange messages about bitcoin began appearing, such as one posted on the Pantheon page which read: “I’m giving 10 000 Bitcoin (BTC) to all community!”

Another tweet read: “To verify your [bitcoin] address, send from 0.1 to 2 BTC to the address below and get from 1 to 20 BTC back.”

According to reports, more than 400 people fell for the scam, collectively sending around $180,000 to the fake Musk hackers before they were shut down.

As it stands, it appears that all of the accounts that were hacked have recovered, and have since deleted the spam tweets.

Mere weeks after recreational marijuana was made legal across Canada, the Ontario Cannabis Store suffered a data breach affecting 4,500 customers.

The Swig previously reported how a security incident at Canada Post resulted in customer details being exposed to an unknown third party.

The Twitter community was also buzzing with the news which, although a serious breach of people’s privacy, was also mocked online.

“Pretty sad when the government can't even get selling weed right. Back in my day, a high school kid could do it,” remarked one user.

Others quipped that it was “high time” we started taking cybersecurity seriously.

Finally, a Chinese headmaster was fired after setting up a secret cryptomining rig at a school in the central province of Hunan.

According to reports, Lei Hua spent 10,000 yuan ($1400) for the cryptomining hardware, which he set up at the school after complaining that the machine was running his electricity bill too high.

The school’s deputy headmaster, who was not named, was allegedly also involved in the plan.

But they were foiled when the school received a huge electricity bill, raising suspicion and eventually leading to the discovery of eight cryptomining rigs.