Top infosec trends in the social media spotlight this week
Microsoft’s re-tooled Edge browser leaked this week, and, yup, as expected it looks a lot like Chrome.
What appears to be an early version of the browser is now available via file sharing sites and beta software sharing forums. The public preview is expected to be available soon for Windows 10, 7, 8.1, and – possibly some time later – macOS.
As part of a continuing move by Microsoft towards open source, the browser has been rebuilt to rely on the Chromium rendering engine, ditching its previous EdgeHTML engine.
The software reportedly runs well on older versions of Windows as well as Windows 10. And there’s buzz that a dark mode is currently in testing.
Edge will hook users into a Microsoft account rather than a Google account – great news according to some…
Meanwhile, an attack against ASUS targeted “only a very small number of [a] specific user group”, says the Taiwanese hardware manufacturer – but according to Kaspersky this was “one of the biggest supply-chain incidents ever”.
In an operation dubbed ‘Shadowhammer’, nation-state threat actors are believed to have targeted around 600 users in the second half of last year by using the ASUS Live Update Utility.
The company since issued a patch – but Kim Zetter, who broke the story in Motherboard, still has questions about what happens next:
The ASUS incident has once again highlighted the damage that can be caused by supply chain attacks.
In the wake of the revelations, however, Georgetown University professor Matt Blaze penned an article for The New York Times warning consumers not to stop updating their devices.
Over in Singapore, and with Black Hat Asia in full swing, cryptocurrency exchange DragonEx has admitted it’s been hacked. Around $7 million has apparently been stolen.
Risk-scoring platform SingleSource says the funds have been consolidated into a smallish number of wallets under the hackers’ control:
DragonEx suspended all services on the platform; it says it’s got the wallet addresses and is asking fellow exchanges to help it investigate. Some of the stolen assets have been blocked already, it says.
The crypto-exchange said it’s working on a compensation plan, and will square things with victims “no matter what”.
In other cybercrime news this week, Lithuanian man Evaldas Rimasauskas has pleaded guilty to wire fraud for conning Facebook and Google out of more than $100 million.
Rimasauskas and his accomplices allegedly sent fake invoices purporting to come from Quanta Computer, a Taiwanese manufacturer that genuinely does business with the two companies. The money was funnelled through fake accounts in Latvia and Cyprus.
Google and Facebook say they’ve managed to recover most of the funds.
Meanwhile, thousands of Twitter users have a less serious – but rather more embarrassing – problem.
Over the last few days, a hoax has been doing the rounds suggesting that changing one’s birth date to 2007 will unlock a rainbow of colours.
The problem? You have to be 13 years old to have a Twitter account – and if you were born in 2007, you’re too young.
As a result, some unfortunate users have found themselves suddenly booted off the platform.
Many of those who fell for the hoax say that the Twitter support team has been quick to reinstate their accounts when contacted. Others, though, have given up and simply created new accounts.
Most of the victims seem remarkably good-humoured about the affair. All the same, perhaps Twitter should require a mental age of 13 to sign up instead?