A federal court in California earlier this week released documents that revealed Facebook’s 2016 “Project Ghostbusters” campaign. The campaign was designed to mine Snapchat user data to understand their behavior better.
The project was a part of Facebook’s In-App Action Panel (IAPP) program, which used techniques to intercept and decrypt encrypted app traffic from Snapchat and, later, from YouTube and Amazon.
The Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against seven Chinese nationals based in Wuhan, China, for their affiliation with the ‘APT31’ hacking group.
According to OFAC, APT31 is a nation-state-backed Chinese hacking group focused on infiltrating critical infrastructure in Eastern Europe, France, and the US.
The UK’s Deputy Prime Minister, Oliver Dowden, is expected to formally announce to the press that China is behind a wave of cyber attacks against UK government officials and will urge the protection of voters’ data.
Despite the denial from China’s Ministry of Foreign Affairs, the UK government remains on high alert for politically fueled cyber attacks as the election period nears.
Microsoft’s Threat Intelligence arm issued a warning on the rise of new, sophisticated tax phishing scams that could lead to stolen personal and financial data.
These tax-related phishing scams are initiated by impersonating trusted employers, tax agencies, and payment processors. Victims click on a malicious attachment, which leads to a believable landing page designed to capture sensitive information.
The US Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about the Chinese-linked “Volt Typhoon” group, which is targeting critical infrastructure.
The CISA warning, issued in collaboration with the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI), confirmed the recent critical infrastructure attacks initiated by “Volt Typhoon” and the group’s tactics and motives.
Trend Micro reported on an advanced persistent threat actor linked to the Chinese government called ‘Earth Krahang’, compromising over 70 organizations, with a focus on governments.
Focusing on cyber espionage, ‘Earth Krahang’ and its attacks target government agencies, affecting 48 government organizations across Asia, the Americas, Europe, and Africa.
According to a Broadcom report, a banking trojan named “Cerberus” pretending to be a Google Chrome update has successfully distributed to numerous systems.
Affecting only Android users, the Cerberus malware allows attackers to completely control affected systems through its complex remote access capabilities.
Google announced major security-focused revamps to Chrome’s ‘Safe Browsing’ mode, which enables the service to work while checking against a server-side malware-site list in real-time.
The added safety feature to Google Chrome’s ‘Safe Browsing’ mode is a massive improvement compared to the browsing mode cross-checking against lists of malware-infected sites that were manually added every two hours.
According to Salt Labs research, third-party OpenAI ChatGPT plugin security flaws could allow attackers to install malicious plugins, and hijack third-party website accounts.
Leveraging security gaps in ChatGPT plugins’ large language models (LLMs), OAuth workflow, and PluginLab both feature weaponizable vulnerabilities.
Five years after its proposal, European Union lawmakers approved the artificial intelligence law, a world-first on AI rules.
Centered around consumer safety, the EU’s AI Act takes a “risk-based approach” to AI-powered products.
Google announced that the Gemini AI chatbot will be restricted to answering any global election-related questions to avoid any potential missteps.
Users have found political questions toward Gemini to result in the answer “I’m still learning how to answer this question. In the meantime, try Google Search.”
Stanford University announced that the personal information of 27,000 individuals was stolen as a result of a September 2023 ransomware attack.
The University also disclosed that only one system was breached, namely the “Department of Public Safety” network. The data included biometric data, dates of birth, social security numbers, government IDs, passport numbers, and driver’s license numbers.
Cybersecurity and Infrastructure Security Agency (CISA) confirmed that two of its systems were voluntarily shut down due to a breach stemming from Ivanti vulnerabilities last month.
Despite the successful attack mitigation, CISA claims to upgrade and modernize its systems to avoid breaches of this nature in the future.
Microsoft announced the cyber campaign by the Russian-state-sponsored ‘Midnight Blizzard’ hackers, resulting in the group stealing the tech giant’s source code.
The sophisticated ‘Midnight Blizzard’ campaign is said to be rooted in a grander scheme to gain unauthorized access to Microsoft’s environment using the stolen source code.
Zscaler discovered a new remote access trojan (RAT) campaign that lures victims through fake online meeting links.
Once the victims are lured into downloading the RAT through the meeting links impersonating Skype, Google Meet, and Zoom, the RAT payload may enable threat actors to steal sensitive information.
Cyberint reported that three threat actor groups (Skynet, Godzilla, and Anonymous Sudan) are suspected to be behind the temporary shutdown of Meta social media platforms; Facebook, Instagram, and Threads.
Despite the claims from the three threat actor groups on the Meta shutdown across various Telegram groups, there is still suspicion that these claims could be a hoax.
American Express released a notification to its customers, informing them of a third-party data breach, placing ‘some’ customer information at risk.
Despite the breach, American Express ensured that its systems remain secure, is taking measures to address the issue, and will constantly monitor the integrity of its accounts for fraudulent activity.
Researchers from the Israel Institute of Technology, in collaboration with Intuit, and Cornell Tech developed the “Morris II Worm” to automatically leverage GenAI systems to spread malware and steal data.
The researchers made the worm to demonstrate the dangers behind GenAI systems through the dangerous “0-click propagation” worm which unleashes unprompted payloads, allowing easier attacks from threat actors.
A Viakoo survey unveiled that 50% of respondents experienced IoT cyber incidents in 2023.
Among those IoT cyber incidents, 44% were reported to be ‘severe’, while 22% were labeled as ‘threatening’.
As part of the US Biden-Harris administration’s “Investing in America” agenda, the US energy sector received a $45M investment to bolster the sector’s cybersecurity infrastructure.
The announcement strengthens the US government’s initiatives to boost cybersecurity efforts for critical infrastructure, in light of attacks on US critical infrastructure.
Arriving days after law enforcement agencies took down LockBit’s servers, the ransomware gang resurfaces with a new data leak portal on the dark web.
On a public announcement of their re-launch, a LockBit administrator disclosed that their websites were confiscated, however, their operations recovered due to backup servers.
The U.S. Federal Trade Commission (FTC) filed a complaint against Avast for selling user data, along with a $16.5M fine.
The FTC’s complaint claims “Avast unfairly collected consumers’ browsing information through the company’s browser extensions and antivirus software, stored it indefinitely, and sold it without adequate notice and consumer consent.”
The Chinese Police reported on a nation-state sensitive data leak on Chinese company, I-Soon.
The data uncovers in detail, methods used by Chinese authorities to surveil dissidents, and hacking networks across Central and Southeast Asia.
IBM X-Force released a report, disclosing that ransomware attacks declined by 11.5% in 2023, compared to 2022.
IBM says the decline in ransomware attacks is largely due to the new cybercrime focus of infostealing tactics which rose by 32%. IBM X-Force’s report gathered data for the report based on 150 billion daily security events from 130 countries last year.
U.S. and U.K. authorities announced the seizure of the LockBit ransomware gang’s extortion website.
The “Operation Cronos” campaign was led by the UK’s National Crime Agency, the US Federal Bureau of Investigation, and Europol, in collaboration with a coalition of police agencies from 9 countries globally. However, LockBit posted messages on an encrypted messaging app saying its backup servers were unaffected.
Cyberint announced the launch of ‘Ransomania’ a free-to-use ransomware attack repository featuring thousands of recorded ransomware attacks.
Ransomania allows users to browse a global map of ransomware hotspots, filtered by region, industry, and time of attack.
Group-IB discovered a new iOS Trojan named “GoldPickaxe.iOS” that was built to steal facial recognition data from infected iOS devices.
The ‘GoldPickaxe’ Trojan abuses the TestFlight exploit, which sends users innocent URLs that downloads the malware when clicked. According to Group-IB, the stolen biometric data is used to gain unauthorized access to banking accounts.
The Mozilla Foundation released research that unveils that all 11 romantic AI chatbots tested, failed security and privacy tests.
All 11 chatbots feature data privacy concerns, pulling much more data than is needed from the collective 100 million users of these chatbots. Mozilla urges these chatbots to minimize exploiting vulnerable users through more transparent data privacy practices.
A cyber-criminal known as “algoatson” placed the data of over 200,000 Facebook Marketplace users for sale on Breach Forums, an illicit marketplace.
The Facebook Marketplace compromised user information including full names, passwords, Facebook IDs, emails, and phone numbers, which was claimed to be stolen on October 2023.
According to the US Federal Trade Commission (FTC), US adults lost over $10B to cyber fraud incidents in 2023, led by investment scams.
Marking a historic rise, the rates of US fraud incidents rose by 14% compared to 2022. Leading fraud incidents consist of investment scams, e-commerce fraud, fake prize scams, and business and job opportunity scams.
In the UK’s move to phase out physical immigration documents by 2025, the UK’s Home Office claims the implementation of e-Visas to be not only for convenience and cost safety but also for ‘enhanced security’.
Although not much information is known on the newly implemented e-visa, the UK Home Office claims the e-visa to be securely linked with biometric information for enhanced security measures.
According to a report by Qrator Labs, blocked IP addresses associated with malicious activity increased by 116% in Q3 2023. The increase in blocked IP addresses is credited to threat actors attempting to bypass geo-blocking.
Top top 5 countries originating these blocked IP addresses consist of the United States (5.66 million), China (4.97 million), Germany (1.39 million), Indonesia (1.32 million), and Singapore (1.03 million).
According to Chainalysis, the estimated total value received by ransomware attackers reached $1.1B in 2023.
The Chainalysis report also states that the estimated $1.1B only pertains to ransomware demands collected, and does not account for operational and third-party disruption costs.
Specialists from the Netherlands’ Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) announced a Chinese nation-state-sponsored malware ‘Coathanger’ and its breach on the Dutch Ministry of Defense (MoD).
The stealthy ‘Coathanger’ malware’s code revealed a remote access trojan (RAT) specifically built to infiltrate Fortinet’s FortiGate firewalls through the ‘CVE-2022-42475’ vulnerability, which resulted in stolen user account credentials from the Dutch MoD’s servers.
Officials from the Administrative Office of Pennsylvania Courts announced their website was hit by a Distributed Denial of Service (DDoS) attack, which the city says did not compromise data or halt government operations.
The attack is now being investigated by the U.S. Department of Homeland Security and the Federal Bureau of Investigation to uncover the hackers behind the attack and to ensure it is not a symptom of a larger-scale ransomware attack.
The US Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions placed on six Iranian officials behind cyberattacks on US critical infrastructure entities.
The Treasury Department further stated all six officials have strong involvement in US critical infrastructure attacks using Israel-made programmable logic controllers and are suspected to span the water, healthcare, and public sectors.
CISA and EPA Launch Water Sector Cyber Toolkit Amid the recent string of critical water infrastructure cyber attacks, the Cybersecurity and Infrastructure Security Agency (CISA) and the Environmental Protection Agency (EPA) co-launched a toolkit to fortify the cybersecurity posture of water and wastewater systems in the United States. The water sector cyber toolkit serves as […]
A report released by cybersecurity researchers at Guardio Labs called attention to the emergence of Telegram as the ‘epicenter for cybercrime’.
The Guardio researchers attribute the rise of Telegram for cybercrime to the “democratization” of the phishing ecosystem enabled by the messaging platform, allowing threat actors to initiate a mass attack for as low as $230.
Schneider Electric announced that they were hit by a ransomware attack on January 17th, resulting in a data breach exposing their customer’s information. The ‘Cactus’ ransomware group claimed the ransomware attack.
Schneider has since informed the affected customers of the breach, which include Hilton, Pepsico, and Walmart. The attack also caused Schneider to shut down several division-specific systems.
admin