Wizz, a social media app for US teenagers, has been removed from the Apple App Store and the Google Play Store due to concerns of sextortion. The app was flagged by the National Center on Sexual Exploitation for its role in cybercriminal activity. Wizz is owned by Voodoo, a French mobile video game developer, who markets the app as a safe space for teenagers. However, a recent report by the Network Contagion Research Institute identified Wizz as one of the top platforms used for sextortion after Instagram and Snapchat. The app has been accused of serving pornographic ads to minors and coercing users into producing child exploitation material. Wizz is currently working with Apple and Google to address these concerns. #Wizz #Teenagersafety #Sextortion
https://www.infosecurity-magazine.com/news/wizz-removed-apple-google-stores/
Cloudflare's server was hacked using a leaked access token. The attack occurred on a self-hosted Atlassian server and was carried out by a nation-state attacker. Cloudflare's security team quickly cut off the threat actor's access and no customer data or systems were impacted. The company failed to rotate some service tokens and service account credentials following a previous Okta compromise. The attacker was likely searching for information about Cloudflare's network architecture and security. Cloudflare took extensive measures to remediate the incident, including rotating all production credentials and strengthening controls. #cyberattack #cybersecurity #cybersecuritynews
US disrupts Chinese botnet targeting SOHO routers. #cybersecurity #malware #botnet #cyberattack
Arrests made in $400M SIM-Swap tied to FTX heist. Three Americans charged with stealing from FTX. Indictment names ringleader and accomplices. SIM-Swapping attack allows interception of texts and calls. Stolen funds laundered through Russian-based criminal groups. FTX staff had just declared bankruptcy. Over $400M stolen in cryptocurrencies. No other thefts reported on this scale. U.S. residents responsible. Possible ties to organized cybercriminals in Russia #SIMSwap #FTX #CryptoHeist #Laundering
https://krebsonsecurity.com/2024/02/arrests-in-400m-sim-swap-tied-to-heist-at-ftx/
Albania’s Institute of Statistics (INSTAT) suffered a cyberattack, affecting some systems. The cyberattack targeted the INSTAT systems and prompted the activation of emergency protocols. The recent census systems were not affected. INSTAT is working with authorities to identify the source and motives of the cyberattack and strengthen cybersecurity. In the past, Albania has experienced cyberattacks and cut diplomatic relations with Iran. The United States, NATO, and the EU supported Albania in the dispute. #Cybersecurity #INSTAT #Albania #Cyberattack #DataBreach #Iran
A new variant of VileRAT is infecting Windows systems through fake software pirate websites #cybersecurity #malware
The Python-based VileRAT malware is specific to the Evilnum threat group, DeathStalker #cybersecurity
It is distributed by the VileLoader loader, allowing attackers to record keystrokes and run commands remotely #cybersecurity
Evilnum is a hacker-for-hire service targeting governments, financial institutions, and cryptocurrency organizations #cybersecurity
New variants of VileRAT are being spread through modified installers and utilize a malicious Nulloy media player installer #cybersecurity
The VileLoader is stored within a modified version of a legitimate NVIDIA 3D Vision Test Application #cybersecurity
Between 1,000 and 10,000 devices are estimated to be infected with this VileRAT strain #cybersecurity
Evilnum's use of software piracy marks a departure from their previous tactics #cybersecurity #malware
https://cybersecuritynews.com/vilerat-attacking-windows-machines/
Summary:
UNC4990, a financially motivated threat actor, is using USB devices to exploit victims. They have been using popular and legitimate websites like GitHub, GitLab, Ars Technica, and Vimeo as part of their tactics. The threat actor uses the EMPTYSPACE downloader and QUIETBOARD backdoor to execute payloads. The infection chain begins with delivering USB drives to victims through social engineering. The victims open a malicious LNK shortcut file that executes a PowerShell script, which fetches the EMPTYSPACE downloader. The threat actor has been making changes to their tactics, such as replacing GitHub with Vimeo and using an image embedded with the payload on Ars Technica. They have also used multiple versions of EMPTYSPACE loader and the Python-based QUIETBOARD backdoor. Host-based IOC and network-based IOC indicators are provided.
Hashtags: #cybersecurity #malware
https://cybersecuritynews.com/usb-malware-with-text-strings/
Ex-CIA computer engineer sentenced to 40 years for giving hacking secrets to WikiLeaks. #CIA #prison
Summary: Former CIA software engineer sentenced to 40 years for stealing classified information and possessing child sexual abuse images.
Facebook's extensive surveillance network is exposed in a new study. Consumer Reports found that 186,892 companies sent data about Facebook users to the social network. On average, each participant had their data sent to Facebook by 2,230 companies. The study highlights the need for interventions to reduce tracking, improve privacy laws, and increase transparency. #DataPrivacy #Facebook #Surveillance #Tracking
https://www.schneier.com/blog/archives/2024/02/facebooks-extensive-surveillance-network.html
Top US cyber officials testify on China's cyber threat to US critical infrastructure. Officials warn that Chinese hackers are preparing to cause real-world harm to American citizens and communities. The testimony comes on the same day as the takedown of a botnet used by Chinese hackers. Hashtags: #CyberThreat #USInfrastructure #ChinaHackers
https://www.securityweek.com/watch-top-cyber-officials-testify-on-chinas-cyber-threat-to-us/
Summary: Several potentially serious container escape vulnerabilities, collectively known as Leaky Vessels, have been discovered in Docker's Runc and BuildKit tools. The vulnerabilities could allow attackers to escape containers and gain access to the underlying host operating system, potentially compromising data and conducting further attacks. Patches and mitigations are available, and users are advised to update their systems.
Hashtags: #ContainerEscape #Vulnerabilities #Docker #Security
https://www.securityweek.com/leaky-vessels-container-escape-vulnerabilities-impact-docker-others/
CISA sets 48-hour deadline for removal of insecure Ivanti products. Hashtags: #CISA #Ivanti #Cybersecurity #Deadline
https://www.securityweek.com/cisa-sets-48-hour-deadline-for-removal-of-insecure-ivanti-products/
Pump-and-Dump Schemes: Crypto fraudsters made $240m by artificially inflating Ethereum tokens #CryptoFraud #MarketManipulation #PumpAndDump #Cryptocurrency #Ethereum
Blockchain analysis firm Chainalysis reveals that market manipulators may have made over $240m by inflating the value of Ethereum tokens #MarketManipulation #EthereumTokens #CryptoProfits
Less than 14% of all tokens launched on Ethereum achieved more than $300 of DEX liquidity in a month, suggesting fraudulent activity linked to pump-and-dump schemes #MarketManipulation #FraudulentTokens #PumpAndDump
Chainalysis identifies tokens meeting criteria for pump-and-dump schemes, including market traction, liquidity removal, and market collapse, affecting 24% of Ethereum tokens and 54% listed on a DEX #MarketManipulation #PumpAndDumpSchemes #TokenFraud
While market manipulation produced an average profit of $2600 per token, Chainalysis warns that these schemes undermine the overall crypto market and calls for safer markets with increased transparency #CryptoMarket #SaferMarkets #IncreasedTransparency
https://www.infosecurity-magazine.com/news/pumpanddump-schemes-crypto/
Interpol-led operation Synergia targeted 1300 suspicious IPs associated with cyberattacks including phishing, malware, and ransomware. Officers conducted house searches, seized servers and devices, and detained 31 individuals. Command-and-control (C2) servers were taken down in Europe, Hong Kong, Singapore, South Sudan, and Zimbabwe. 70% of the identified C2 servers have been dismantled. Interpol, along with its partners, provided analysis and intelligence support. Hashtags: #Interpol #Cybersecurity #Synergia #Phishing #Malware #Ransomware.
https://www.infosecurity-magazine.com/news/interpol-targets-1300-suspicious/
Summary:
US federal agencies' failure to oversee ransomware protections threatens the White House's goals of bolstering cyber resilience in critical infrastructure, according to a report by the Government Accountability Office (GAO). The report found that agencies assess basic cybersecurity protections and general guidance, rather than federal guidelines on addressing ransomware specifically. The GAO analyzed ransomware mitigation strategies in critical manufacturing, energy, healthcare, and transportation sectors. The agencies have not fully assessed the use of leading cybersecurity practices or the effectiveness of federal support in mitigating risks. The report recommends improved oversight and evaluation procedures.
Hashtags:
#RansomwareProtections #CyberResilience #GovernmentOversight #CriticalInfrastructure #FederalAgencies #CybersecurityPractices
https://www.infosecurity-magazine.com/news/us-agencies-ransomware-white-house/
Russian APTs employ HTTP-Shell for attacks on government entities. Spear-phishing campaign named "The Bear and the Shell" targets Russian government critics. Attacks utilize social engineering tactics and disguise files as job offers. HTTP-Shell allows remote access to victim's systems. Attackers pose as PDF editing site for command and control. Campaign extends beyond NASA theme, targeting USAID and news outlets. Attribution points to Russian state-sponsored threat actor. Concerns raised over targeted cyberattacks on dissenting voices. #RussianAPT #HTTPShell #CyberAttacks #GovernmentEntities #ThreatActor
US officials have disrupted a state-backed Chinese effort to plant malware in order to damage US civilian infrastructure, including water treatment plants and transportation systems. FBI Director Chris Wray warned that Chinese hackers are positioning themselves to cause havoc in the event of a war between the US and China. The operation disrupted a botnet of hijacked routers owned by private citizens and companies. The Chinese hackers are using basic flaws in US technology to infiltrate critical infrastructure networks. The US has become more aggressive in its efforts to disrupt cyber operations. State-backed hackers, especially from China and Russia, are adapting and finding new intrusion methods. Major software providers often sacrifice security for convenience. Chinese hackers have previously targeted US critical infrastructure. The Chinese government denies the allegations and claims to be the victim of cyber attacks.
#China #CyberThreat #USInfrastructure #Hacking #NationalSecurity #Cybersecurity
Apple has released the first security update for its Vision Pro VR headset, which addresses a WebKit vulnerability. The vulnerability allows for arbitrary code execution through specially crafted web content. The US cybersecurity agency CISA has also warned about the exploitation of an iOS vulnerability. #Apple #VisionPro #iOS #Cybersecurity #Vulnerability
Change Your Password Day: Five Reasons to (Finally) Do It
#ChangeYourPasswordDay #PasswordSecurity #Cybersecurity #DataProtection #OnlineSafety
https://www.infosecurity-magazine.com/news-features/change-your-password-day/
Summary:
Ivanti has released patches for two critical zero-day vulnerabilities, which also cover two new bugs. One of the new bugs is actively being exploited in attacks. The vulnerabilities impact Ivanti's Connect Secure VPN product and Policy Secure network access control offering. Ivanti advises customers to factory reset their appliances before applying the patch to prevent threat actors from gaining "upgrade persistence." In related news, security researchers have discovered new malware linked to the original Ivanti zero-day vulnerabilities, including a webshell called Bushwalk.
Hashtags:
#Ivanti #security #vulnerabilities #zero-day #patches #bugs #malware #webshell #ConnectSecure #PolicySecure
https://www.infosecurity-magazine.com/news/ivanti-zeroday-patches-two-new-bugs/