Beijing 2022 Winter Olympics app loaded with privacy risks
The official app for the Beijing 2022 Winter Olympics, dubbed ‘My 2022,’ was found to have numerous security and privacy issues, including the app’s encryption system leaving data susceptible to man-in-the-middle attacks. The app is also subject to censorship and has an unclear privacy policy which violates both Google and Apple’s guidelines, yet it is available in both of their stores. To top it all off, the app also violates China’s own privacy laws. Finally, the app collects a slew of sensitive personal information from both domestic and foreign users, all of which is shared with the Beijing Olympics Organizing Committee. All athletes, members of the press, and the audience will be required to install the app and add their personal information to it.
Europol shuts down cybercriminals’ VPN service of choice
Europol said it took action against the misuse of VPNLab, a VPN provider favored by malicious actors to deploy ransomware and facilitate other cybercrimes. Europol undertook a coordinated law enforcement operation, grounding 15 VPNLab servers on January 17, as part of disruptive action taken across Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the US, and the UK. As part of the seizure, authorities notified at least 100 businesses identified as at risk of cyber attacks, though Europol didn’t disclose company names.
Newspaper accuses Israeli police of spying on its own citizens
The prominent Israeli financial newspaper Calcalist, has reported that Israeli police used the controversial NSO Group spyware to hack the cell phones of Israeli citizens without judicial oversight, including activists protesting former Prime Minister Benjamin Netanyahu. The report represents the first allegations of Israel targeting its own citizens with NSO spyware. The journalist who reported the story, Tomer Ganon, tweeted, “Blatant and illegal intrusion of the privacy of citizens without court orders. This is not how a democracy works.” Israeli police said they employ legally-approved cybersurveillance tools, but have not confirmed or denied using NSO technology.
(NPR)
Russian government arrests REvil ransomware gang members
Russia’s Federal Security Service (FSB) says it has arrested more than a dozen members of the infamous REvil ransomware group following police raids at 25 addresses. Authorities seized more than 426 million rubles and more than $1.1 million, along with cryptocurrency wallets, computers and 20 luxury cars. The Russian operation follows recent pressure from the Biden administration to take action against Russian cybercrime. John Bambenek, Principal Threat Hunter at Netenrich, explained, “Russia acting on any cybercrime report, especially ransomware, is especially rare,” but added, “It is doubtful that this represents a major change in Russia’s stance to criminal activity within their borders.”
Thanks to our episode sponsor, Datadog
Hackers can grab stolen credentials using VirusTotal
SafeBreach researchers have found that the popular online service for analyzing suspicious files, URLs and IP addresses, can also be used to collect credentials stolen by malware. With a €600 VirusTotal license, the researchers managed to collect more than 1,000,000 credentials just by executing simple searches with a few tools. Common ways such files can end up in VirusTotal include hackers using VirusTotal to promote selling victim data or third parties, who have their environments configured to automatically upload files to VirusTotal to verify they are “clean”. The researchers noted, “Our goal was to identify the data a criminal could gather with a VirusTotal license,” and added that they have proven this method (dubbed “VirusTotal Hacking”) works at scale.
New White Rabbit ransomware linked to FIN8 hacking group
A new ransomware family called ‘White Rabbit’ has recently appeared in the wild and researchers say the malware could be a side-operation of the financially motivated FIN8 hacking group. Trend Micro researchers note the ransomware executable is a small 100 KB payload file which requires a password to be entered to execute, after which, the malware scans and encrypts targeted files, leaving behind ransom notes that threaten to leak the stolen data if demands are not met. The ransomware uses a never-before-seen version of Badhatch (aka “Sardonic”), a backdoor associated with FIN8.
Singapore authority threatens action on bank over widespread phishing scam
The Monetary Authority of Singapore (MAS) is considering supervisory action against Oversea-Chinese Banking Corporation (OCBC), for its weak response to a phishing scheme that severely impacted some of its customers, including some who had their entire life savings wiped out. Victims received an unsolicited SMS message appearing to be from the bank prompting the account holder to click a link to resolve account issues. The scheme, which emerged in early December, affected 469 customers resulting in stolen funds totaling US $6.3 million. The OCBC said they have warned customers and have made 30 goodwill payouts so far, but that only roughly covers just 6% of impacted customers. OCBC plans to investigate and remediate deficiencies in their handling of the incident after which the Singapore authority will consider appropriate supervisory actions.
PCI updates card security standards to secure card production process
The PCI Security Standards Council (PCI SSC) has issued version 3.0 of its PCI Card Production and Provisioning Security Requirements, which aims to better secure the production of payment cards against fraud via the compromise of card materials. Provisions address card manufacturing, magnetic-stripe card encoding and embossing, card personalization, chip initializing, embedding, and personalization, card storage, as well as methods of securely shipping and mailing cards. PCI SSC SVP Standards Officer Emma Sutcliffe said, “The updates to the Card Production and Provisioning Security Requirements are intended to meet the security and business needs of card vendor environments while protecting these environments from evolving threats and increasing security across the payment chain.”