Hackers use trending TikTok ‘Invisible Challenge’ to spread malware
A popular TikTok challenge challenge is now being used by threat actors to get people to download information-stealing malware, this according to research from Checkmarx. The scheme is based on Invisible Challenge, which involved a filter known as “Invisible Body” that erases a person from a photo, leaving behind a silhouette. This led to the demand for an unfilter that would allow viewer to see the person within the silhouette. Attackers are now posting TikTok videos with links to rogue software dubbed “unfilter” that promises to remove the applied silhouette. However, this software deploys WASP stealer malware inside malicious Python packages, and is designed to steal users’ passwords, Discord accounts, cryptocurrency wallets, and other sensitive information.
Cyber Monday online sales hit record
Although Expectations for this year’s holiday online spend were lukewarm, Cyber Monday pulled in $11.3 billion in sales online according to figures from Adobe Analytics, which tracks seasonal e-commerce activity. This number represents 5.8% more than consumers spent on the same day last year, and sets a record for the day and the year so far. This is despite the fears of inflation potentially dampening consumers’ spirits. Adobe said that these figures were based on more transactions overall, and points to retailers’ deep discounts paired with greater availability of goods after shortages of the years before.
Sandworm gang launches Monster ransomware attacks on Ukraine
The Russian Sandworm operation has launched attacks against Ukraine, using a ransomware that ESET analysts have named RansomBoggs. The researchers wrote that they had “detected RansomBoggs deployed within the networks of multiple organizations in Ukraine.” They say that although RansomBoggs differs in many ways from other Sandworm malware, including the code being written in .NET – “the deployment methods are similar to the one seen last April during the Industroyer2 attacks against the energy sector.”
North Carolina college confirms ransomware group stole sensitive data
According to The Record, “Guilford College in North Carolina has confirmed that ransomware actors who attacked their school also stole sensitive data of students, faculty and staff. A spokesperson for the 185-year-old college said the attack occurred in October. “While our investigation remains ongoing, we do have evidence to suggest the unauthorized actor responsible for this incident may have illegally accessed sensitive data,” the spokesperson said. On Friday, the Hive ransomware group took credit for the attack and threatened to leak the data stolen, posting samples of what was taken on October 21.”
Thanks to this week’s episode sponsor, Automox
Microsoft Defender boosts default tamper protection for all enterprise users
Microsoft has announced built-in protection as being “generally” available for all devices connected to Defender for Endpoint. These settings provide “better protection for enterprise endpoints against advanced and emerging threats, including ransomware attacks.” Microsoft stated, “initially, built-in protection will include turning tamper protection on for your tenant, with other default settings coming soon,” This announcement follows action by the company to toggle on tamper protection for all new customers with Defender for Endpoint Plan 2 or Microsoft 365 E5 licenses starting last year.
Twitter users’ stolen data leaked online — more shared privately
The non-public records of more than 5.4 million Twitter user records that were stolen through an API vulnerability (that was fixed in January), have been shared for free on a hacker forum. Furthermore, according to Bleeping Computer, “another potentially more significant data dump of millions of Twitter records has also been disclosed by a security researcher, demonstrating how widely abused this bug was by threat actors.” The data consists of scraped public information as well as private phone numbers and email addresses that are not meant to be public. “This data was collected in December 2021 using a Twitter API vulnerability disclosed in the HackerOne bug bounty program that allowed people to submit phone numbers and email addresses into the API to retrieve the associated Twitter ID.” This is an expansion of an ongoing exploit by the hacker known as Pompompurin who initially offered Twitter user records for sale in July, and is now stating that this second data dump was not sold and was only shared privately among a few people.
Wave of cyber-enabled scams target FIFA World Cup fans
With the soccer tournament entering its second full week in Qatar, cybercriminals are looking to lure unsuspecting FIFA fans, according to cybersecurity firm Group-IB. The researchers stated on Tuesday that they have identified as many as 90 potentially compromised Hayya accounts. Hayya is the mandatory system used by the World Cup to allow attendees can enter Qatar and buy tickets for access and transportation. They have also observed the attackers using info-stealing malware such as Redline and Erbium, fake merchandise and ticket websites used to steal money directly or swipe banking credentials, 40 fake apps in the Google Play Store promising access to tickets, and at least five websites purporting to be job application forms used to harvest personal information.
Irish regulator fines Facebook for leak of users’ data
According to The Hacker News, “Ireland’s Data Protection Commission (DPC) has levied fines of €265 million ($277 million) against Meta Platforms for failing to safeguard the personal data of more than half a billion users of its Facebook service, ramping up privacy enforcement against U.S. tech firms.” The fines are the result of an inquiry initiated by the DPC in April 2021. “Meta acknowledged that the information was “old data” that was obtained by malicious actors by taking advantage of a technique called “phone number enumeration” to scrape users’ public profiles. This entailed misusing a tool called “Contact Importer” to upload a huge list of phone numbers to uncover matches.”