Amazon’s chat app has a child sex abuse problem
Amazon’s chat app, it’s encrypted messaging app, Wickr Me, has become a go-to destination for people exchanging child sexual abuse materials. NBC found dozens of forums containing hundreds of posts soliciting minors or child sex abuse content alongside Wickr screen names. Unfortunately, Amazon’s chat app and Amazon are doing little compared to other platforms to address the problem. In 2021, Facebook made over 22 million reports, while Instagram and WhatsApp combined to report nearly 5 million more instances of potential child sexual exploitation activity. Wickr only self-reported a meager 15 instances of child sex abuse materials over the same period. Though third-party reports related to Wickr, Amazon’s chat app, totaled 3,500 last year, officials are calling for the platform to take more proactive measures to address the issue.
(NBC News)
Ransomware decryptors now for sale on gaming platform
Last Thursday, researchers identified threat actors selling a decryptor for new ransomware on the Roblox gaming platform using the service’s in-game currency, called Robux. The ransomware referred to as ‘WannaFriendMe’ impersonates the notorious Ryuk Ransomware, but is actually a variant of a strain called Chaos, which is a do-it-yourself ransomware builder for wannabe criminals. The decryptor is being sold for around 1,500 Robux by a user named iRazormind, but only smaller files can be decrypted because WannaFriendMe deletes files larger than 2 MB.
China’s biggest online influencers go dark
On June 3, a 30-year-old livestreamer named Austin Li, who has over 60 million followers on the Alibaba-owned e-commerce platform Taobao, abruptly cut off a live stream just after posting an image of a military tank-shaped dessert, which has been linked to the anniversary of the June 4 Tiananmen Square protests and massacre. While the account posted that the stream experienced “technical difficulties,” government censorship is thought to have been the true cause. Li isn’t known to have been arrested, and his account remains active, but he hasn’t streamed or posted on social media since that day. Toward the end of 2021, Taobao’s first and third-most-followed livestreaming influencers had their livestream accounts deleted after being fined millions of dollars by local authorities for tax evasion. In China, livestreaming e-commerce is a massive industry worth over $180 billion.
Apple dives deeper into finance with new offering
After launching Apple Pay and a credit card in partnership with Goldman Sachs, Apple plans to offer a buy now, pay later offering in the US later this year. Consumers shopping with Apple Pay will be able to split purchases into four payments, due every two weeks, without incurring interest or late chargers. Apple will use credit reports and FICO scores to make lending decisions and will limit transactions to a maximum of $1,000 each. Apple also plans to leverage its giant store of Apple ID data for identity verification and fraud prevention.
(WSJ)
Thanks to today’s episode sponsor, Datadog
Over the course of his 20+ year career at Thomson Reuters, Cormac consistently built bridges between technical teams—and in the process helped teams achieve superior results and earned himself senior leadership positions.
Cormac shares stories and leadership lessons that are applicable to any enterprise technical leader looking to help their firm build and operate services in an increasingly competitive and treacherous digital economy. Watch now at datadoghq.com/ciso/
Hackers leverage Confluence bug to mine crypto
According to CheckPoint Research, a hacking group called the “8220 gang” is now exploiting the recently identified remote code execution flaw in Atlassian Confluence (tracked as CVE-2022-26134). The hackers first scan for vulnerable Windows and Linux endpoints, then send specially crafted HTTP requests to exploit the bug and drop a payload to set up its crypto miners. Atlassian issued a fix back on June 3, and (not shockingly) urges customers to patch the vulnerability as soon as possible.
PyPI packages mistakenly include malware
Certain versions of several PyPI packages, including ‘keep’ which gets downloaded an average of over 8,000 times per week, were found to contain a backdoor due to the presence of a malicious ‘request’ dependency. Keep project v.1.2 contains the ‘request’ command, but spelled without the ‘s’, which directs the project to a password stealer. At this time it is not clear whether this was due to a typo, self-sabotage, or by maintainer accounts getting hijacked. However, CVEs have now been assigned to vulnerable project versions (CVE-2022-30877 – ‘keep’ version 1.2, CVE-2022-30882 – ‘pyanxdns’ version 0.2, CVE-2022-31313 – ‘api-res-py’ version 0.1).
New Chrome extension helps conceal location info
On Saturday, a developer shared a new Google Chrome browser extension called Vytal, which prevents webpages from honing in on a user’s geographic location. While users commonly use a VPN to hide their IP address and physical location, it is possible to use JavaScript functions to query browser info to find a user’s general geographic location. Vytal spoofs user location and user agent info using a Chrome debugger API, making the spoofing virtually undetectable. Those who wish to try out Vytal can install it from the Google Chrome Web Store.
Do gamers make good soldiers?
In May, the US military livestreamed a virtual battle between the Air Force and Army, who competed against one another in the popular first-person shooter video game “Halo Infinite.” Over a half million people logged into Twitch to watch the Air Force win the military’s first interservice gaming championship. While Pentagon officials have become more accepting of gaming, critics contend that the military should not be using video game platforms for its recruiting efforts. Some military officials assert that recruiting from the gaming community weakens the prospective recruit pool, however Ray Perez, a program officer in the Office of Naval Research’s Warfighter Performance Department, pointed out that, “People who play video games are quicker at processing information.”