Google Translate app is actually Windows crypto-mining malware
A cryptocurrency-mining malware is being distributed under the guised of more legitimate-looking applications such as Google Translate, on software download sites and through Google searches. The cryptomining Trojan known hidden within these apps is called Nitrokod. It looks and acts like a legitimate Windows app at least for a few days or weeks before it executes its Monero-crafting code. A Turkish-speaking group is behind Nitrokod was detected by Check Point Research threat hunters at the end of July. “The malware is dropped from popular applications that don’t have an actual desktop version, such as Google Translate,” they wrote in a report Monday.
White House to give aviation executives classified cyberthreat briefing
Following on with its series of classified cybersecurity briefings with executives from critical infrastructure sectors, the White House has scheduled its next such meeting scheduled in September, with executives from across the aviation industry. This is all part of an ongoing effort to compel industry leaders to invest more in their digital defenses, said a senior White House cybersecurity official speaking to CyberScoop. The initiative seeks to compel federal agencies to develop cybersecurity performance goals for various critical infrastructure initiatives.
Book distributor Baker & Taylor hit by ransomware
One of the world’s largest distributors of books suffered a ransomware attack on August 23, which impacted the company’s phone systems, offices, and service centers. According to Security Affairs, “on August 24, the company announced that the attack caused disruptions to its business-critical systems, and its technical staff is working on restoring impacted servers.” The company has not yet revealed the name of the ransomware family that infected its systems or whether the threat actors stole data.
Akasa Air suffers data leak on first day of operation
A bad first day for India’s newest commercial airline, which accidentally exposed personal customer data, due to technical configuration errors. Security researcher Ashutosh Barot stated the issue originated in the account registration process, leading to the exposure of personal information such as gender, email addresses, names, and phone numbers. He found an HTTP request which gave [his] name, email, phone number, gender, etc. in JSON format, and by changing some parameters in the request, was able to see other user’s PII. Once the company received the report, they temporarily shut down parts of its system and reported the incident to the Indian Computer Emergency Response Team.
Thanks to our episode sponsor, Code42
In fact, the Code42 Annual Data Exposure Report revealed there’s a 1 in 3 chance that your company will lose IP when an employee quits. To learn more about stopping data leaks with Insider Risk Management visit Code42.com/showme.
Cybersecurity teams are facing unprecedented challenges when it comes to protecting sensitive corporate data from exposure, leak and theft.
In fact, the Code42 Annual Data Exposure Report revealed there’s a 1 in 3 chance that your company will lose IP when an employee quits. To learn more about stopping data leaks with Insider Risk Management visit Code42.com/showme.
A ban on pirate sites in Austria mistakenly takes down CDNs by mistake
A legal case launched by an Austrian copyright organization convinced an Austrian court to block 14 websites for copyright law violations. Unfortunately, the ban also extends to specific IP addresses belonging to Cloudflare servers that support many other sites that do not violate copyright laws. A report on the matter identified the root of the problem being that the copyright organization provided a list of IP addresses that ISPs banned without checking who used them. This included nine IP addresses that Cloudflare uses for its CDN to provide services (security, reliability, performance) to legitimate websites.
Chinese hackers zero in on Australian manufacturers, wind turbine operators
A Chinese-based cyberespionage group used reconnaissance malware to obtain details that would be useful in strikes against wind turbine manufacturers. This according to researchers from Proofpoint and the PwC Threat Intelligence team in joint research published Tuesday. The campaign deployed phishing emails which pointed victims to a fake news outlet called “Australian Morning News” which contained images and stories lifted from legitimate news organizations. “With subject lines such as “Sick Leave,” “User Research” and “Request Cooperation,” the phishing emails explained that the sender was starting a “humble news website” and wanted feedback.” The attackers — referred to as both TA423, Red Landon and APT40 — designed the site to deliver malware known as ScanBox.
AI detects 20,000 hidden taxable swimming pools in France
AI software combined with aerial photography helped French tax officials locate €10 million ($10 million) in extra property levies. Given that home improvements, which boost the value of a property, are supposed to be declared in France as elsewhere, nine departments working under France’s tax office tested out machine-learning software to automatically find undeclared swimming pools from overhead photos. “The software scanned the images for the telltale shapes of swimming pools and then cross-matched these to home addresses and property tax records. The program is expected to generate €40 million overall.”
Twitter’s VP of engineering jumps to Meta
According to a report by Insider, and confirmed by Twitter, Sandeep Pandey, the vice president of Engineering, is leaving Twitter after more than a decade to join Meta, formerly known as Facebook. Pandey joined Twitter in 2012 and worked his way up from staff engineer to the VP role. A Twitter spokesperson confirmed the departure and said this is natural given industry trends.