Author: Charley Nash

The FBI has warned US financial institutions and investors of a surge in fake apps designed to trick consumers into depositing cryptocurrency.

Over an unspecified time scale, such scams have already cost $42.7million to 244 identified victims.

The Private Industry Notification claimed, “The FBI has observed cyber-criminals using the names, logos and other identifying information of legitimate US businesses, including creating fake websites with this information, as part of their ruse to gain investors.”

“Financial institutions should warn their customers about this activity and inform customers as to whether they offer cryptocurrency services.”

The FBI highlighted three specific incidents which illustrate the scale of the threat:

  • Scammers spoofed Yibit, a brand of defunct crypto exchange, to convince at least four victims to deposit $5.5million via the fake app. The victims were also told that they would be unable to withdraw money until additional tax was paid. The scam spanned October 2021 to May 2022.
  • Investors were convinced by cyber-criminals to download an app designed to spoof a real financial institution and deposit cryptocurrency. In the scam running from December 2021 to May 2022, the victims lost all their money. Many also fell for the follow-on scam in which the fraudsters said that victims could only make withdrawals by paying tax on these funds.
  • A fake app, “Supay,” was created by cyber-criminals with the same name as an Australian currency exchange provider. Two individuals were defrauded in this scheme in November 2021.

The FBI has asked financial institutions to proactively warn customers of the threat of crypto fraud. It has also asked organisations to evaluate whether their own organisation offers similar legitimate services via mobile apps/

Additionally, it has warned customers to be extra cautious when receiving requests to download investment apps and to verify with legitimate providers where possible.

 

The post FBI Warn of Costly Fake Cryptocurrency Schemes appeared first on IT Security Guru.

A court in Moscow has imposed a fine of $358million (21 billion rubles) on Google LLC for failing to restrict access to information that the country considers prohibited.

An announcement by Russia’s internet watchdog, Roskomnadzor, Google, and its subsidiary YouTube, have failed to remove the following materials even after many requests from the Russian IT controller:

  • Content promoting extremism and terrorism
  • Information that promotes participation in unauthorised mass action
  • Content promoting harmful acts for the life and health of minors
  • Information about the course of the “special military operation” in Ukraine, which discredits the Armed Forces of the Russian Federation

The watchdog has tried to enforce sanctions over the past few months based on various parts of the Code of Administrative Offences in Russia.

In June, the organisation fined Google LLC 68 million rubles ($1.2 million) for failure to remove prohibited information.

Any further fines would be revenue based, given the multiple violations of the same legal requirement. This could reach as high as 10% of the company’s annual turnover. Roskomnadzor clarifies that the $358million was calculated on this basis.

The same measure was taken last week against Twitch Interactive, the popular streaming platform, for similar violations.

The Russian Google subsidiary, Google LLC, was forced to file for bankruptcy after the Russian invasion of Ukraine. They said that they were not able to continue business after a series of fines and asset confiscation.

Google’s non-paid services in Russia remain accessible, but restricted. No advertising campaigns can be purchased in the country.

The post Google Fined $358 Million For Not Removing Banned Content In Russia appeared first on IT Security Guru.

The Matrix open network for decentralised communication now counts more than 60 million users, announcing a record growth of 79%. The network is run by a small team of developers and volunteers working to provide a secure and private alternative to other messaging options.

In the past year, 25 million users have joined the service, as a result of three key events.

First, individuals and corporate entities sought a secure collaboration platform after recognising the advantages of the project compared to mainstream products.

Secondly, German’s healthcare system decided to adopt the Matrix network last summer, which will see over 150,000 organisations in the country eventually joining the platform.

Thirdly, Rocket.chat announced in May 2022 that it would also start supporting the Matrix protocol giving its 12 million users the option to communicate with other users through the network.

Matrix co-founder and CEO Matthew Hodgson said in an email: “Matrix’s new milestone, surpassing 60 million users, is a clear sign that users don’t want to be subjected to advertising-funded messaging apps that data-mine their information.”

The team’s next goal is to reach 100 million users. They believe they could achieve this by making the protocol more technically alluring by implementing a peer-to-peer Matrix system, decentralised E2EE video conferencing, and Third Room (a decentralised, open source metaverse platform).

The next milestone the Matrix team has in sight is to reach 100 million users. The project believes this could be achieved by making the protocol even more technically alluring.

The post The Matrix Messaging System Gains 25 Million New Users in the Last Year appeared first on IT Security Guru.

Data generated by OnePoll from a survey of over 2000 general population Americans from April 28th to May 3rd 2022 on behalf of AT&T found that the average person happens upon a suspicious social media account or online site 6.5 times a day. It also found that 54% of consumers said that they were unaware of the difference between active and passive security threats, with the majority being reactive as opposed to proactive about password security.

Only one third of participants said that they were mindful of network intrusion and rogue mobile apps. It found that 36% of participants were more willing to reply to a message if it looks like it’s from an official organisation. Harrowing as 45% of respondents said that they had received a phone call from someone claiming to be from the government.

Josh Goodell, Vice President of Broadband Technology at AT&T, stated that “one way people can help mitigate their cybersecurity risks across the home is by using a VPN, or virtual private network, to encrypt their data and prevent potential hackers from tracking their online activity.”

“Combining your own proactive security habits with an internet service provider that offers security features such as identity monitoring, malicious site blocking and anti-virus scanning can help protect you against potential threats and provide peace of mind for your overall connected experience.”

The post Survey Finds That the Average American Accesses Suspicious Sites 6.5 Times a Day appeared first on IT Security Guru.

Crypto exchanges on the dark web are facing a “bank run” because of falling cryptocurrency prices, security researchers have discovered. The fall in value is making it harder for threat actors to “monetise” their attacks, fun malware-as-a-service operations or buy vulnerabilities.

Cryptocurrencies have lost up to $1.8tn in value since the market’s peak in November 2021, Dov Lerner, security research lead at Cybersixgill, suggested. Holders are exchanging their crypto for more stable currencies.

Lerner also said that this has put pressure on regular cryptocurrency exchanges, forcing some to slow withdrawals to maintain liquidity. Further impact has been felt on the dark web.

Dark web exchanges operate outside the regulated financial markets and do not perform identity checks on their users. Lerner also says that the are purely changes and not crypto banks with the ability to store currencies. They also allow users to change money from service such as PayPal to crypto. Fees are often substantial.

Additionally, Lerner argued that the dark web exchanges have invested in branding and marketing to build trust.

Cybersixgill researchers have noted a significant drop-off in posts since the crash. Sampling 34 actors known to be operating on crypto exchanges in 2021, none are now posting about their services, despite being found in forums elsewhere.

Dark web actors also face a loss of their purchasing power. While dark web transactions use crypto, prices for services and materials are set in dollars. With crypto values falling, actors may be struggling to cover costs elsewhere.

Lerner speculates that if the value of crypto increases, the exchanges could well come back again too.

The post Cybercrime Activity Stalling Due to Falling Cryptocurrency Market appeared first on IT Security Guru.

The Virginia Commonwealth University Health System (VCU) has warned almost 4500 transplant participants about a privacy breach affecting the healthcare information.

The company warned that some transplant recipients’ medical records included information about their donor too. Some recipient information also appeared on donors’ records too. In some cases, this information has been exposed since 2006.

The information visible included Social Security numbers, names, and medical record numbers, amongst other things. In total, 4441 people were affected.

VCU warned that “this information may have been viewable to transplant recipients, donors, and/or their representatives when they logged into the recipient’s and/or donor’s patient portal.”

The discovery was made by VCU on 7th February this year. More information was discovered in April. The statement added that the information had been accessible to donors and recipients as far back as 2006.

The organisation has contacted affected individuals where possible and has offered free credit reports to anyone whose social security numbers were stolen.

Chad McDonald, CISO at Radiant Logic explained: “Proper data classification and controls should have identified that this information was sensitive, and that users should not have access to other peoples’ medical records.”

The post Transplant Donor and Recipient Data Exposed by Healthcare Provider appeared first on IT Security Guru.

In Microsoft’s latest Patch Tuesday update this week, Microsoft patched a zero-day bug that allowed remote execution on Windows machines and which is already being exploited in the wild.

CVE-2022-22047 is an elevation of privilege vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS), which is responsible for Windows features, including the shutdown process. Details on how to exploit the bug have not been publicly disclosed. An attack that succeeds could, however, gain access to SYSTEM privileges in Windows.

The bug was ranked as important by Microsoft. This could cause some customers to miss it. As it is being exploited in the wild, it is crucial that organisations patch it as soon as possible.

Additionally, CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) list and has given federal agencies three weeks to patch it. Under Binding Operational Directive 22-01, issued in November, these patches are mandatory and agencies must fix bugs in the KEV list.

Four critical bugs were patched in Microsoft’s patch Tuesday this week. Allowing remote code execution, CVE-2022-22029 and CVE-2022-22039 affect the Windows Network File System. They are exploitable with a maliciously crafted call to an NFS service.

Another critical bug, dubbed CVE-2022-22038, is a remote code execution vulnerability in the Windows RPC runtime. According to Microsoft, it can be exploited by attackers by sending “constant or intermittent data.”

CVE-2022-30221 was the final critical bug to be patched in the update. It’s a flaw in the Windows Graphics Component which also allows for remote code execution. Microsoft said, that to exploit this flaw, an attacker would need to target machines with RDP 8.0 or 8.1. They would need to convince a user to connect to a malicious RDP server that could then execute remote code on the victim’s systems.

Adobe also released updates for many of its programs on Tuesday, including Photoshop and Acrobat. The Reader and Acrobat updates fixed over 20 vulnerabilities, including some that allowed arbitrary code execution.

The post Microsoft Patches Zero-Day Bug That Allowed Remote Execution on Windows Machines appeared first on IT Security Guru.

Hackers are impersonating well-known cybersecurity companies in callback phishing emails to gain initial access to corporate networks. CrowdStrike have been recently targeted.

Most phishing campaigns embed malicious links that lead to landing pages that steal login credentials or emails that include harmful attachments to install malware.

Over the past year, threat actors have increasingly used “callback” phishing campaigns that impersonate well-known cybersecurity companies requesting victims to call a number to resolve a problem, cancel a subscription, or to discuss other issues.

When the target calls the number, the threat actors employ social engineering tactics to convince users to install remote access software on their devices. This provides the threat actors with access to corporate networks. This access is then used to compromise the whole Windows domain.

Focusing on social engineering, a new phishing campaign has surfaced recently, where hackers impersonating CrowdStrike try to warn recipients that a malicious network intruder has compromised their workstations and that an in-depth security audit is urgently required.

The email asks employees to ring them on an enclosed phone number to schedule the audit.

If called, the hackers will guide an employee through installing remote administration tools (RATs) that give the threat actor complete control over the workstation.

Further tools are then remotely installed by the threat actor which allows them to spread laterally through the network, potentially stealing data and deploying ransomware to encrypt devices.

CrowdStrike warns, “this is the first identified callback campaign impersonating cybersecurity entities and has higher potential success given the urgent nature of cyber breaches.”

In March 2022, CrowdStrike’s analysts identified a similar campaign in which threat actors used AteraRMM to install Cobalt Strike and then move laterally across a victim’s network before deploying malware.

The post New Callback Phishing Attacks Sees Hackers Impersonate Cybersecurity Firms appeared first on IT Security Guru.

On Tuesday, TikTok, the popular video-sharing platform, agreed to halt a controversial privacy policy update that could have allowed it to serve targeted ads based on users’ activity on the platform without their permission.

TechCrunch reported the reversal, which comes a day after the Italian data protection company (the Garante per la Protezione dei Dati Personali) warned the company against the change, citing violations of data protection laws.

The Garante said, “The personal data stored in users’ devices may not be used to profile those users and send personalised ads without their explicit consent.”

The formal warning was in response to a privacy policy revision that noted that the service had previously asked for users’ “consent” to their activity, both on and off TikTok, to serve personalised ads and that the platform intends to stop asking users for this permission.

The company, owned by ByteDance said, “from 13 July, 2022, TikTok will rely on its ‘legitimate interests’ as its legal basis to use on-TikTok activity to personalise the ads of users who are 18 or over.”

The new update covers users who reside in the European Economic Area (EEA), Switzerland, and the UK.

After reportedly launching a fact-finding exercise, the Garante stated that the proposed police modifications are incompatible with the Italian personal data protection law as well as the EU ePrivacy Directive, which regulates email marketing, user cookies and other aspects of data privacy by mandating a user’s consent before processing such information.

The watchdog said, “both legal instruments set out explicitly that the data subjects’ consent is the only legal basis for ‘the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user.'”

Additionally, it said that “processing data on the basis of its ‘legitimate interest’ would be in conflict with the current regulatory framework, at least with regard to the information stored in users’ devices, and would entail all the relevant consequences also in terms of corrective measures and fines.”

The intervention from the Garante arrives less than two weeks after TikTok attracted scrutiny in the US over concerns that US users’ data had been accessed by its engineers in China.

The post TikTok Postpones European Privacy Policy Update After Italy Warns of GDPR Breach appeared first on IT Security Guru.

A report released by Panaseer, a cybersecurity company, last week suggests that cyber insurance companies are looking for new ways to assess risk as they grow increasingly wary of rising claims.

The 2022 Cyber Insurance Market Trends Report found that there is a lack of confidence in underwriting processes. Nearly one in 10 respondents admitted that they were ‘not that confident’ in their underwriting capabilities for cyber insurance. Only 44% of insurers said that they were ‘very confident’ in evaluating cyber risk.

When asked about the most significant factor when assessing a client’s security posture, 40% of respondents said cloud security. The next most significant factors were security awareness and application security. At the bottom of the list was identity access management and endpoint detection and response with just one in four insurance companies deeming these as important risk factors.

Almost nine in 10 insurers called for a consistent industry approach to evaluate client cyber risk. In the US, at the top of the risk assessment changes that insurers are planning over the next two years was requiring more detailed evidence of a client’s security posture. Followed by reducing customer numbers.

The report shows that cyber insurers are beginning to avoid offering cover for ransomware attacks. Interestingly, one in 10 UK respondents stated that they would exit the cyber insurance market within the next three years unless they could change preexisting risk assessment methods.

The largest ransom paid by an insurer in the US during the last two years was $3.52million, while the largest in the UK was £3.26million. The report showed a 27% increase in the cost of ransomware claims during the last two years, resulting in large payouts like these.

Manufacturing companies made the most cyber insurance claims, followed by financial services and healthcare, according to the report.

Panaseer surveyed 400 global insurers along with risk experts and CISOs to produce the study.

The post Cyber Insurance Companies Are Looking for New Ways to Assess Risk, Report Finds appeared first on IT Security Guru.