Weekly Cybersecurity News
Ayushman Singh
Community Manager
We share this week’s important news of current events in the world of cybersecurity that directly or indirectly impact our lives as well as operations of businesses, various institutions and organizations, and governments-nation states in this highly digitalized and interconnected world.
Spyware makers express concern after US sanctions spyware veteran:The U.S. government has imposed sanctions on Tal Dilian, the founder of Intellexa, a controversial government spyware maker, and his business associate, Sara Aleksandra Fayssal Hamou. This move marks a departure from previous actions that targeted spyware companies, as the focus is now on individuals running these companies. Dilian and Hamou are accused of developing and selling spyware used to target Americans, including government employees, policy experts, and journalists, contributing to human rights violations globally. The sanctions have sparked concern among former members of the government spyware industry, with some expressing worry about the direct targeting of individuals. The article highlights Dilian’s alleged disregard for restrictions imposed by the U.S. government, leading to the sanctions. Industry insiders believe that such actions should prompt reflection within the entire spyware market. The potential risks associated with sanctions and the difficulty of ensuring trustworthy customers in the spyware industry are emphasized.
Why You Should Be Concerned About WhatsApp’s Huge New Upgrade:WhatsApp is set to undergo a significant change with the introduction of a messaging hub for third-party chats, driven by Europe’s DMA (Digital Markets Act). Despite the initial excitement, the update presents hidden threats and may not deliver the promised unified messaging experience. The update primarily offers other platforms the option to push messages into WhatsApp, but major platforms like Signal, Telegram, iMessage, Apple, and Google have shown no confirmed interest in participating. Scammers are exploiting the publicity surrounding the update, posing a serious risk to users.
The Terrifying A.I. Scam That Uses Your Loved One’s Voice:The article delves into a concerning AI scam that exploits voice cloning technology to deceive individuals into sending money. It recounts the harrowing experience of a Brooklyn couple who received a call supposedly from their relatives in distress. The scammers, armed with replicated voices, threatened harm to the loved ones unless a ransom was paid. The narrative highlights the vulnerabilities exposed by such scams, the lack of legal safeguards for voice cloning, and the urgent need for regulatory measures to combat the rising threat.
Here’s how to protect against ‘GoldPickaxe’, the first iPhone trojan [U]:GoldPickaxe trojan, considered the world’s first iOS trojan, can infect both iOS and Android devices. Discovered by security firm Group-IB, GoldPickaxe collects biometric information, intercepts web activity, and can lead to unauthorized access to a user’s bank account. Initially targeting users in Vietnam and Thailand, the trojan is part of an evolving threat landscape. It was first distributed through the iOS TestFlight beta testing system, but the latest distribution involves malicious iOS mobile device management (MDM) profiles. Recommendations to protect against GoldPickaxe include avoiding TestFlight installations from untrusted developers, being cautious with MDM profiles, and not sharing sensitive information through unexpected communication channels.
US and Europe try to tame surveillance capitalism:The US Federal Trade Commission (FTC) has warned data brokers to reconsider how they define sensitive data, specifically browsing and location data. The FTC considers such data sensitive, emphasizing that even without traditional personally identifiable information (PII), it can reveal sensitive information through inference. The European Open Rights Group has filed complaints against data broker LiveRamp, accusing it of pervasive identity surveillance. There is a growing regulatory scrutiny on surveillance capitalism and the challenges in defining and protecting sensitive information, particularly in the advertising data industry.
Predator spyware endures even after widespread exposure, analysis shows:Predator spyware, previously exposed by researchers and journalists, has managed to rebuild its infrastructure and is operational in at least 11 countries. Despite efforts to name and shame the entities involved, the operators behind Predator, known as the “Intellexa alliance,” quickly resumed their activities worldwide. There is need for a comprehensive, multi-pronged approach to combat mercenary spyware, as mere exposure and regulations prove insufficient. The spyware continues to target individuals through new infrastructure and tactics, raising concerns about the effectiveness of current measures in addressing such threats.
Traditional bank robberies are being replaced by cybercrime, says head of Interpol:The head of Interpol, Jürgen Stock, has stated that traditional bank robberies are being replaced by cybercrime, leading to a “global epidemic” of online fraud. Stock highlighted that the digitization of the modern world has resulted in a shift in criminal methods. Rather than engaging in high-risk activities like armed robbery, criminals now operate online, utilizing IT specialists and artificial intelligence to defraud victims. He mentioned a “new business model of criminals” where cyber specialists offer their services on the dark web, even having help lines and online reviews. Cybercrime is now the most significant crime by volume in the UK, costing an estimated £27 billion annually. Law enforcement faces challenges in keeping up with dynamic cybercriminals who frequently change tactics. Stock emphasized the need for a diverse workforce in law enforcement, including IT experts, to combat the evolving nature of crime.
Is Cybersecurity The Achilles’ Heel Of The Electric Vehicle Revolution?The electric vehicle (EV) sector, though in its early stages, is facing challenges beyond “range anxiety” and vehicle performance in cold temperatures. One critical but often overlooked issue is cybersecurity vulnerabilities. Cyber threats to EVs include signal interception, introduction of malicious software, exposure of security vulnerabilities, risk of malware, and threats to grid-connected EVSE (Electric Vehicle Supply Equipment). The interconnected and digital nature of EVs makes them susceptible to cyberattacks, necessitating a proactive approach to cybersecurity to ensure the safety, trust, and reliability of EVs. The EV industry must adhere to stringent security standards to build consumer confidence and navigate the complexities of this rapidly evolving market.
The hack of 15,000 Roku accounts is a great reminder: Stop using the same password!The recent data breach involving Roku serves as a reminder to use unique passwords for each online account. In this case, over 15,000 Roku customer accounts were breached in a “credential stuffing attack,” where hackers reused passwords from other sites. Roku stated that the hackers likely obtained username and password combinations from other non-Roku sites, and then used those credentials to access Roku accounts. The attackers changed login information, locked users out of their accounts, and attempted to make unauthorized streaming subscription purchases.
PixPirate Android malware uses new tactic to hide on phones:The banking trojan for Android has introduced a new evasion tactic to stay hidden on devices. Unlike typical malware, PixPirate doesn’t display an icon, making it hard to detect and remove. It uses two apps: a downloader and the actual malware. The downloader requests permissions, installs the malware, and triggers its launch without an icon. PixPirate targets the Pix payment platform in Brazil, automating fraud processes.
Serious Google Messages Problem Exposed By Surprise New Update:The latest update to Google Messages has revealed a significant problem for its users, highlighting the importance of secure messaging platforms. While Google has introduced end-to-end encryption using the Signal protocol, similar to WhatsApp, it still lacks the ability to ensure end-to-end encryption between Android and iPhone users. This limitation becomes more apparent as WhatsApp strengthens its security features and warns about the vulnerabilities of third-party chats. As a result, Google Messages users may face challenges in maintaining secure communication, especially when compared to WhatsApp’s dominance on Android. The situation underscores the need for cross-platform end-to-end encryption in messaging apps and raises questions about the viability of Google Messages in the long run.
Tor Introduces New ‘WebTunnel’ Bridge to Help Bypass Censorship:The Tor Project has introduced a new bridge called ‘WebTunnel’ to help users bypass censorship in regions where accessing the Tor network is difficult. WebTunnel functions as a pluggable transport that mimics encrypted web traffic, making it challenging for censors to detect. Users can enable WebTunnel in their Tor browser settings and connect to the Tor network even in highly censored environments.
What would a TikTok ban look like for users?The potential ban of TikTok in the U.S. under the Protecting Americans from Foreign Adversary Controlled Applications Act could prompt significant challenges for users and the app’s accessibility. If ByteDance, TikTok’s parent company, is compelled to sell the app, it would initiate a complex process with uncertain outcomes, given ByteDance’s global success and China’s economic interests. In the event of a ban, app stores like Google Play and Apple’s App Store would be prohibited from hosting TikTok, potentially driving users to seek alternative means of accessing the app, which could lead to the development of circumvention methods and the spread of malicious versions of TikTok. Overall, a TikTok ban would likely trigger a surge in efforts to access the app through unconventional channels, presenting new challenges in enforcing app store regulations and ensuring user safety.
Redefining multifactor authentication: Why we need passkeys:Conventional authentication methods like authenticator apps and IP fencing, are increasingly susceptible to exploitation by sophisticated attackers. To address these vulnerabilities, there is a need for adoption of passkeys, a robust and user-friendly alternative rooted in FIDO2 standards.
Passkeys offer a significant advancement in authentication by providing stronger phishing resistance and device-bound authentication, thus bolstering security measures while streamlining user experience. Additionally, by integrating passkeys into authentication practices and embracing the principles of zero trust, organizations can effectively mitigate cyber threats and safeguard sensitive resources in an increasingly digital world. This proactive approach not only enhances security but also aligns with the evolving needs of modern IT environments characterized by cloud adoption and remote work trends.
In 2023, scammers in the United States made approximately $1.3 billion by impersonating government officials or tech support agents, according to FBI data. These fraudsters tricked people into sending money or sensitive information by pretending to be from legitimate organizations. The scams typically involve fake stories to persuade victims to share personal details, such as claiming someone will lose Medicare benefits if they don’t pay a fee or convincing them there’s a computer virus that requires purchasing a special tool. The number of complaints about tech support scams nearly tripled between 2019 and 2023, with older individuals being particularly vulnerable. Despite these figures, many victims do not report these crimes due to embarrassment or fear of retaliation. Impersonation scams have become more prevalent due to the availability of AI tools and the rise of remote work, making people more susceptible to fraudulent calls. It’s essential to remain vigilant and skeptical of unexpected requests for money or personal information, as legitimate organizations typically do not solicit payments through unsolicited calls, emails, texts, or social media messages.
Relevant tags:
Published on Medium