Timberland, Vans’ parent company reveal holiday hack

Jan 05 2024

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that wishes cybercriminals were all bark and no byte ????????????

It’s Friday, folks, which can only mean one thing… It’s time for our weekly segment!

It goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it.

Congrats, the cybercriminals are no match… for your patch! ????????????

Check out these freshly hatched patches ????????????

Android’s fix-all for Pixel

????✨ Exciting News from Google! ????

Start 2024 right with the latest security patch for Pixel devices! ???? January 2024’s Android security patch is now available for Pixel 8 series and older smartphones, as well as the Pixel Tablet. ????????

The update, rolling out over the next week, addresses various issues, including camera crashes, black screen flashes during video playback, and more. ???????? Make sure to check your System Settings to initiate the update or wait for the OTA notification. ????

???? This month's patch fixes bugs and enhances device performance. It's not a massive update, but it's crucial for a smoother experience. ????️????

For Pixel users, the factory image and OTA links for the January 2024 Android security patch are available. ????

???? Note: Carrier-branded Pixels can find their update links on Google's support page. ????????

Now, on to today’s hottest cybersecurity stories:

  • ???? Timberland, Vans’ parent company reveal holiday hack ????‍????

  • ???? UPDATE: 23andMe blames victims amidst mounting lawsuits ⚖️

  • ???? Verizon again caught red-handed handing out sensitive info ????️

Hackers be like Timberrrrr(land) ????????????

???????? Cybersecurity Alert! VF Corp suffers Grinch-like hack ????

VF Corp., parent company of renowned brands like Vans, North Face, and Timberland, faced a significant cyber attack, disrupting holiday order fulfilment during the peak shopping season.

????️???? The breach, disclosed in an SEC filing on December 15, revealed that internal systems were encrypted, and both company and personal data were pilfered. Shares in VF Corp. dropped in response on December 18.

???? Timeline of Events

VF Corp. first detected the breach on December 13. The exact nature of the attack, whether it involved ransomware or another method, is still under investigation. As of now, the company is uncertain about the full scope and impact of the incident. ????️‍♂️????

????????‍???? Supply Chain Security

The uptick in supply chain attacks has prompted a reevaluation of cybersecurity practices. Many companies are now emphasising security measures during the software development stage to prevent the embedding of malware, aligning with recent federal software supply chain guidance. ????????

????✨ Real-World Impact

The VF Corp. breach during the crucial holiday season follows a 2023 trend where cyberattacks have tangible effects on distribution systems.

This incident, reminiscent of The Clorox Company attack in August, highlights the increasing real-world consequences of cyber threats on day-to-day operations. ????????

Stay vigilant in the digital age!????????

It’s the 23and#MeToo movement ????????????

???? 23andMe Faces Backlash Amid Data Breach Fallout! ????

The genetic testing giant is deflecting blame onto victims in over 30 lawsuits following a massive data breach affecting 6.9 million users. ???? In a letter to victims, 23andMe allegedly shifts responsibility, accusing users of negligent password practices.

???? Breach Details

Hackers initially assessed 14,000 accounts using credential stuffing, then leveraged the DNA Relatives feature to compromise an additional 6.9 million users. ???????? The company, however, claims users' recycled passwords were unrelated to the incident.

???? Legal Standoff ⚖️

Lawyers representing victims have called out 23andMe's attempt to blame customers as "nonsensical" and "shameless." The company's argument that stolen data can't cause monetary harm is challenged, as affected users voice their dismay.

????️ Security Measures ????

In response to the breach, 23andMe reset all passwords and mandated multi-factor authentication. Yet, changes to terms of service aimed at preventing class-action lawsuits are criticised as "cynical" and "self-serving." ????⚖️

???? Seeking Information ????

Gone Phishing invites anyone with more details about the incident or been personally affected to reach out securely. ???????? The aftermath unfolds as 23andMe grapples with legal challenges and growing customer discontent. ????????

???? Catch of the Day!! ????????????

Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

Geez, keep Verizon on the road ????????????

???????? U.S. Wireless Industry Under Fire for Ongoing Privacy Issues!

A recent report by 404 Media highlights the alarming case of a stalker exploiting Verizon's lax security measures to obtain sensitive data, including the target's address, location data, and call logs. ????

Despite the FCC's attempts to fine wireless companies for over-collecting and selling user data, the problem persists, with Verizon failing to adequately verify the stalker's identity, who posed as a police officer using a non-government email account.

????️ Ongoing Concerns

The issue of privacy breaches in the wireless industry has persisted for nearly a decade, with little improvement. The FCC's past efforts to enforce basic privacy rules were thwarted by the telecom industry, claiming potential harm to competition. ????

???? Political Dynamics

Republicans, often aligned with major telecom players, consistently oppose FCC initiatives to enhance privacy standards. Efforts to require broadband providers to promptly inform customers about hacks and breaches face resistance, contributing to a cycle of data-hoovering without proper safeguards. ????‍♂️????

???? Systemic Challenges

Despite numerous privacy scandals, Congress has failed to pass comprehensive privacy laws. The lucrative nature of data collection, coupled with powerful industry lobbying, hinders progress, raising concerns about prioritising profit over market health and human safety. ⚠️????

The relentless cycle of privacy issues may one day force a reckoning with Congress, prompting substantial reforms. One can only dream… ????‍♀️ ????‍♂️ ????

Stay tuned for updates! ????????

That’s all for this week, cyber squad. Congrats on keeping all your New Year’s resolutions for one whole work week ????????✌️ See you on Monday ????

????️ Extra, Extra! Read all about it! ????️

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa: The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter
  • ???? CACTUS ransomware exploits flaws in Qlik Sense ????

Recent articles