Faked crypto journalists steal real crypto
The analysts at ScamSniffer found that the threat group Pink Drainer successfully impersonated journalists covering cryptocurrency to steal roughly $3 million worth of crypto assets, including $327,000 worth of NFTs from a single wallet. The attackers used hijacked accounts to impersonate journalists from Cointelegraph and Decrypt to conduct fake interviews, using this trust to get victims to enter information in malicious “Know Your Customer” validation sites. These sites stole Discord tokens, which they used to launch further phishing attacks. The researchers warn that Punk Drainer remains highly active and warned crypto investors to remain vigilant.
Strava heat maps leak addresses
Since 2018, the popular running app Strava offers a heatmap feature, which aggregates user activity to help people find common routes and workout spots. Strava claims this data remains anonymous. However researchers at North Carolina State University Raleigh found this data can be used to track individuals or locate their home address. They first used stop and start areas to determine home locations using OpenStreetMaps data. Researchers combined this with data scraped from Strava’s search function, finding it could identify a home address with 37.5% accuracy for users posting 308 or more activities in Strava. The researchers noted their approach becomes much less effective in densely populated areas. They also recommended Strava allow users to set up privacy zones around homes and other sensitive areas to prevent this type of tracking.
API changes lead to Reddit protests
Reddit recently made changes to its API pricing, leading to several prominent third-party applications announcing their services became no longer feasible. This included the popular Apollo client. After a poorly received Reddit Ask Me Anything by CEO Steve Huffman, over 200 subreddit communities switched from public to private in protest. Some communities said this will last for 48 hours, although others plan to keep the change indefinitely. Going private would mean only existing subreddit followers would see its content. Over 4500 subreddits pledged to private in the following week.
Twitter missing cloud bills
While Twitter hosts some services used for the platform on its own servers, it also utilizes public cloud providers Amazon Web Services and Google Cloud for parts of its infrastructure. This includes services used by its trust and safety teams. The newsletter Platformer’s sources say that ahead of its contract renegotiation with GCP, Twitter refuses to pay its current bills with the provider, going back to at least March. The Information previously reports Twitter missed payments to AWS, with Amazon threatening to withhold advertising payments to Twitter. Platformer reports cutting off service by GCP would severely limit its trust and safety teams.
And now a word from our sponsor, Conveyor
Conveyor’s GPT-questionnaire response tool auto-generates precise, accurate answers to entire questionnaires.
With accuracy far superior to other tools, you can spend almost zero time reviewing generated answers. There’s an in platform auto-fill feature or a browser extension for tricky portals.
Stop settling for mediocre tools that only provide lousy “near hits” from your library. Try a free proof of concept with your own data. Learn more at www.conveyor.com.
Cyber Anarchy Squad hits Russian telco
The pro-Ukrainian hacktivist group claims responsibility for a recent attack on the Russian firm Infotel JSC. This telco provides services to the Russian financial sector, resulting in disruption to Russian banks ability to access the national banking system, make payments or even contact regulators. Infotel claims the attack damaged network equipment and continues working to restore services. The Cyber Anarchy Squad published several images related to the attack, like email account screenshots and network infrastructure maps.
Microsoft warns of multi-stage banking attacks
Security researchers at Microsoft detailed a new campaign against financial and banking organizations. This sees the attackers compromising trusted vendors. Once achieved, they then target multiple organizations with adversary-in-the-middle and business email compromise attacks. Microsoft found these approaches show continuing evolution by threat actors, which differ from typical approaches by using indirect proxy techniques rather than reverse proxies. The attackers attempt to gain access to session cookies to defeat MFA, then send out emails as part of a second stage attack. In it’s security advisory, Microsoft recommends revoking session cookies and rolling back modifications made by threat actors.
University of Manchester hit with cyber attack
One of the UK’s largest educational institutions confirmed the attack and suspects attackers stole data in the incident, including data on students. It first discovered the breach on June 6th and notified the Information Commissioner’s Office as well as the National Cyber Security Centre. It did not disclose any specific data exfiltration, how the attack was performed, or a possible organizations behind the attack. University officials did not find any evidence of any financial information lost in the attack. Bleeping Computer’s source says a ransomware group performed the attack.
Bluesky faces first moderation challenge
Bluesky spun out of a Twitter effort to create a decentralized version of its microblogging platform. Then CEO Jack Dorsey fully spun out the group into an independent entity, open to about 50,000 early access users as of the end of April. However the site faces its first moderation challenges even as it plans to begin testing federating with other servers “soon.”
The incident started when a user suggested another user get shoved off “somewhere real high.” This got reported as a violation of Bluesky’s policy against extreme violence. Bluesky CEO Jay Graber announced changes to its platform policies that would temporarily suspend accounts that threaten violence of physical harm in any physical or metaphorical sense, with repeat offenders banned from a server. However Graber said once the service federates, these users could transfer an account to another server. This also comes as Bluesky rolled out support for custom algorithms to recommend content on its service