Search This Blog

Powered by Blogger.

Blog Archive

Labels

Latest News

Researchers Develop Blockchain-Based Federated Learning Model to Boost IoT Security

  In a groundbreaking development for Internet of Things (IoT) security, a team of researchers led by Wei Wang has introduced a novel distri...

All the recent news you need to know

Crypto Bull Market Targeted: The Lottie-Player Security Breach


In an alarming development for the tech community, especially for those immersed in the Web3 ecosystem, a supply chain attack has targeted the popular animation library, Lottie-Player. If users fall for this prompt, it could enable attackers to drain cryptocurrency wallets. 

Given Lottie-Player's impressive tally of over 4 million downloads and its significant presence on many prominent websites for animation embedding, this incident underscores the security vulnerabilities associated with open-source libraries.

Understanding the Attack

The breach initially came to light on GitHub when a user noticed an unusual Web3 wallet prompt while integrating Lottie-Player on their website. Upon closer examination, it was discovered that versions 2.0.5, 2.0.6, and 2.0.7 of Lottie-Player, released between 8:12 PM and 9:57 PM GMT on October 30, 2024, had been tampered with and compromised.

The attack involved the introduction of malicious code into three new versions of the Lottie-Player library, a widely used tool for rendering animations on websites and applications. Threat actors infiltrated the distribution chain, embedding code designed to steal cryptocurrencies from users' wallets. This method of attack is particularly insidious because it leverages the trust developers place in the libraries they use.

The Broader Implications

Once the compromised versions were released, they were integrated into numerous high-profile projects, unknowingly exposing countless users to the threat—the malicious code activated during transactions, redirecting funds to wallets controlled by the attackers. In one notable case, a user reportedly lost 10 Bitcoin (BTC), worth hundreds of thousands of dollars, due to a phishing transaction triggered by the malicious script.

Following the discovery of the attack, the Lottie-Player team swiftly released a clean version, 2.0.8, which developers can use to replace the compromised files. To further contain the breach and limit exposure, versions 2.0.5 through 2.0.7 were promptly removed from npm and CDN providers like unpkg and jsdelivr.

Moving Forward

The attack occurred during a pivotal phase of the crypto bull market, intensifying efforts to steal increasingly valuable tokens. To mitigate risks, it's advisable to connect a wallet only for specific purposes rather than granting full-time permissions for signing transactions. Additionally, being prompted to connect a wallet immediately upon entering a website can serve as a potential warning sign.

How to Protect Yourself Against Phishing Extortion Scams Involving Personal Data

 

Imagine receiving an email with a photo of your house, address, and a threatening message that seems ripped from a horror movie. Unfortunately, this is the reality of modern phishing scams, where attackers use personal information to intimidate victims into paying money, often in cryptocurrency like Bitcoin. One victim, Jamie Beckland, chief product officer at APIContext, received a message claiming to have embarrassing video footage of him, demanding payment to keep it private. 

While such emails appear terrifying, there are ways to verify and protect yourself. Many images in these scams, such as photos of homes, are copied from Google Maps or other online sources, so confirming this can quickly expose the scam. To check if an image is pulled from the internet, compare it to Google Maps street views. Additionally, always scrutinize email addresses for legitimacy. Cybersecurity expert Al Iverson from Valimail advises checking for any small variations in the sender’s email domain and examining SPF, DKIM, and DMARC authentication results to determine if the email domain is real. 

Be cautious if a message appears to come from your own email address, as it’s often just a spoofed sender. Links in phishing emails can lead to dangerous sites. Founder of Loop8, Zarik Megerdichian, recommends extreme caution and encourages reporting such scams to the Federal Trade Commission (FTC). Monitoring your financial accounts, disputing unauthorized charges, and updating or canceling compromised payment methods are other essential steps. To reduce vulnerability, it’s wise to change your passwords, set up a VPN, and isolate your network. Yashin Manraj, CEO of Pvotal Technologies, suggests transferring critical accounts to a new email, informing your family about the scam, and reporting it to law enforcement, such as the FBI, if necessary. 

One of the best defenses against these types of scams is to control your data proactively. Only share essential information with businesses, and avoid giving excessive details to online services. Megerdichian emphasizes the importance of asking whether every piece of data is truly necessary, as oversharing can open the door to future scams. 

With these strategies, individuals can better protect themselves from extortion phishing scams. It’s crucial to stay vigilant and avoid interacting with suspicious emails, as this will help shield you from falling victim to increasingly sophisticated cyber threats.

New Flaws in Fortinet, SonicWall, and Grafana Pose Significant Threats

 

Cyble Research and Intelligence Labs (CRIL) has discovered new IT vulnerabilities that affect Fortinet, SonicWall, Grafana Labs, and CyberPanel, among others. 

The report for the week of October 23-29 identifies seven security flaws that require immediate attention from security teams, especially given the large number of exposed devices. The most recent discoveries show that vulnerabilities in Fortinet, SonicWall, and Grafana Labs affect over 1 million web-facing assets.

Notably, two critical vulnerabilities in CyberPanel have already been exploited in huge ransomware assaults. Organisations are recommended to quickly investigate their environments for these vulnerabilities and apply the relevant fixes and mitigations. 

Cyble's researchers have detailed the following top vulnerabilities, emphasising their potential impact on IT security: 

CVE-2024-40766: SonicWall SonicOS 

CVE-2024-40766 indicates an improper access control flaw within the administrative interface of SonicWall's SonicOS, with a severity rating of 9.8. This vulnerability has piqued the interest of managed security organisations such as Arctic Wolf, who report that ransomware gangs such as Fog and Akira are exploiting it in SSL VPN setups to breach networks. 

CVE-2024-9264: Grafana labs 

The 9.4-rated vulnerability, CVE-2024-9264, affects Grafana Labs' open-source analytics and monitoring platform's SQL Expressions capability. This flaw allows for command injection and local file inclusion since user input in 'duckdb' queries is not properly sanitised. 

CVE-2024-46483: Xlight FTP server

This critical integer overflow bug impacts the Xlight FTP Server, allowing hackers to exploit packet parsing logic and cause heap overflows. With the accessibility of public Proof of Concepts (PoCs), this vulnerability could be used in a variety of attack tactics. 

Prevention tips 

  • Ensure that all software and hardware systems receive the most recent patches from official vendors. 
  • Use an organised approach to inventory management, patch assessment, testing, deployment, and verification. 
  • To reduce the attack surface, isolate key assets with firewalls, VLANs, and access controls. 
  • Establish and maintain an incident response strategy, which should be evaluated on a regular basis to respond to emerging threats. 
  • Employ complete monitoring technologies to discover and analyse suspicious actions in real time. Keep up with vendor, CERT, and other sources' alerts to promptly fix issues.

Facebook, Nvidia Push SCOTUS to Limit Investor Lawsuits

 




The US Supreme Court is set to take two landmark cases over Facebook and Nvidia that may rewrite the way investors sue the tech sector after scandals. Two firms urge the Court to narrow legal options available for investment groups, saying claims made were unrealistic.


Facebook's Cambridge Analytica Case

The current scandal is that of Cambridge Analytica, which allowed third-party vendors access to hundreds of millions of user information without adequate check or follow-up. Facebook reportedly paid over $5 billion to the FTC and SEC this year alone due to purportedly lying to the users as well as to the investors about how it uses data. Still, investor class-action lawsuits over the scandal remain, and Facebook is appealing to the Supreme Court in an effort to block such claims.

Facebook argues that the previous data risks disclosed were hypothetical and therefore should not have been portrayed as if they already had happened. The company also argues that forcing it to disclose all past data incidents may lead to "over disclosure," making the reports filled with data not helpful but rather confusing for investors. Facebook thinks disclosure rules should be flexible; if the SEC wants some specific incidents disclosed, it should create new regulations for that purpose.


Nvidia and the Cryptocurrency Boom

The second is that of Nvidia, the world's biggest graphics chip maker, which, allegedly, had played down how much of its 2017-2018 revenue was from cryptocurrency mining. When the crypto market collapsed, Nvidia was forced to cut its earnings forecast, which was an unexpected move for investors. Subsequently, the SEC charged Nvidia with $5.5 million for not disclosing how much of its revenue was tied to the erratic crypto market.

Investors argue that the statements from Nvidia were misleading due to the actual risks but point out that Nvidia responds by saying that such misrepresentation was not done out of malice. However, they argue that demand cannot be predicted in such an ever-changing market and so would lead to unintentional mistakes. According to them, the existing laws for securities lawsuits already impose very high standards to deter the "fishing expedition," where investors try to sue over financial losses without proper evidence. Nvidia's lawyers opine that relaxing these standards would invite more cases; henceforth the economy is harmed as a whole.


Possible Impact of Supreme Court on Investor Litigation


The Supreme Court will hear arguments for Facebook on November 6th, and the case for Nvidia is scheduled for Nov 13th. Judgments could forever alter the framework under which tech companies can be held accountable to the investor class. A judgement in favour of Facebook and Nvidia would make it tougher for shareholders to file a claim and collect damages after a firm has suffered a crisis. It could give tech companies respite but, at the same time, narrow legal options open to shareholders.

These cases come at a time when the trend of business-friendly rulings from the Supreme Court is lowering the regulatory authority of agencies such as the SEC. Legal experts believe that this new conservative majority on the court may be more open than ever to appeals limiting "nuisance" lawsuits, arguing that these cases threaten business stability and economic growth.

Dealing with such cases, the Court would decide whether the federal rules must permit private investors to enforce standards of corporate accountability or if such responsibility of accountability should rest primarily with the regulatory bodies like the SEC.


LightSpy Update Expands Surveillance on iOS Devices

 


It has been discovered that a newer version of LightSpy spyware, commonly used to target iOS devices, has been enhanced with the capability to compromise the security and stability of the device. LightSpy for macOS was first discovered by ThreatFabric, which published a report in May 2024 in which they described their findings with the malware. 

After a thorough investigation of the LightSpy client and server systems, the analysts discovered that they were using the same server to manage both the macOS and iOS versions of the program. IPhones are undeniably more secure than Android devices, however, Google has been making constant efforts to close the gap, so Apple devices are not immune to attacks. 

The fact that Apple now regularly alerts consumers when the company detects an attack, the fact that a new cyber report just released recently warns that iPhones are under attack from hackers who are equipped with enhanced cyber tools, and the fact that "rebooting an Apple device regularly is a good practice for Apple device owners" is a better practice. LightSpy is a program that many users are familiar with. Several security firms have reported that this spyware has already been identified on multiple occasions. 

The spyware attacks iOS, macOS, and Android devices at the same time. In any case, it has resurfaced in the headlines again, and ThreatFabric reports that it has been improved greatly. Among other things, the toolset has increased considerably from 12 to 28 plugins - notably, seven of these plugins are destructive, allowing them to interfere with the device's boot process adversely. The malware is being distributed by attack chains utilizing known security flaws in Apple iOS and macOS as a means of triggering a WebKit exploit. 

A file with an extension ".PNG" is dropped by this exploit, but this file, in fact, is a Mach-O binary that exploits a memory corruption flaw known as CVE-2020-3837 to retrieve next-stage payloads from a remote server. LightSpy comes with a component called FrameworkLoader, which in turn downloads the application's main module, the Core module, and the available plugins, which have increased from 12 to 28 since LightSpy 7.9.0 was released. 

The Dutch security company reports that after the Core starts up, it will perform an Internet connectivity check using Baidu.com domains and, upon checking those arguments, the arguments will be compared against those passed from FrameworkLoader, which will be used to determine the [command-and-control] data and working directory," the security company stated. This means that the Core will create subfolders for log files, databases, and exfiltrated data using the /var/containers/Bundle/AppleAppLit/working directory path. 

This plugin can collect a wide range of data, including Wi-Fi information, screenshots, location, iCloud Keychain, sound recordings, photos, browser history, contacts, call history, and SMS messages. Additionally, these plugins can be used to gather information from apps such as Files, LINE, Mail Master, Telegram, Tencent QQ, WeChat, and WhatsApp as well. In the latest version of LightSpy (7.9.0), a component called FrameworkLoader is responsible for downloading and installing LightSpy's Core module and its various plugins, which has increased in number from 12 to 28 in the most recent version. 

Upon Core's startup, it will query the Baidu.com domain for Internet connectivity before examining the arguments provided by FrameworkLoader as the working directory and command-and-control data to determine whether it can establish Internet connectivity. In the Core, subfolders for logs, databases, and exfiltrated data are made using the working directory path /var/containers/Bundle/AppleAppLit/ as a default path. 

Among the many details that the plugins can collect are information about Wi-Fi networks, screenshots, locations, iCloud Keychain, sound recordings, images, contacts, call history, and SMS messages, just to mention a few. The apps can also be configured to collect data from apps such as Files, LINE, Mail Master, Telegram, Tencent QQ, WeChat, and WhatsApp as well as from search engines. It should be noted that some of the recent additions to Google Chrome include some potentially damaging features that can erase contacts, media files, SMS messages, Wi-Fi settings profiles, and browsing history in addition to wiping contacts and media files. 

In some cases, these plugins are even capable of freezing the device and preventing it from starting up again once it is frozen. It has also been discovered that some LightSpy plugins can be used to create phony push alerts with a different URL embedded within them. Upon analyzing the C2 logs, it was found that 15 devices were infected, out of which eight were iOS devices. 

Researchers suspect that most of these devices are intentionally spreading malware from China or Hong Kong, and frequently connect to a special Wi-Fi network called Haso_618_5G, which resembles a test network and seems to originate from China or Hong Kong. It was also discovered during ThreatFabric's investigation that Light Spy contains a unique plugin for recalculating location data specific to Chinese systems, suggesting that the spyware's developers may live in China, as the information it contains appears to have been obtained from Chinese sources. 

LightSpy's operators heavily rely on "one-day exploits," and consequently they take advantage of vulnerabilities as soon as they become public information. Using ThreatFabric's recommendation as a guide to iOS users, they are advised to reboot their iOS devices regularly since LightSpy, since it relies on a "rootless jailbreak," can not survive a reboot, giving users a simple, but effective, means to disrupt persistent spyware infections on their devices. 

As the researchers say, "The LightSpy iOS case illustrates the importance of keeping system updates current," and advise users to do just that. "Terrorists behind the LightSpy attack monitor security researchers' publications closely, using exploits that have recently been reported by security researchers as a means of delivering payloads and escalating their privileges on affected devices." Most likely, the infection takes place through the use of lures, which lead to infected websites used by the intended victim groups, i.e. so-called watering holes on the Internet. 

For users concerned about potential vulnerability to such attacks, ThreatFabric advises a regular reboot if their iOS is not up-to-date. Although rebooting will not prevent the spyware from re-infecting the device, it can reduce the amount of data attackers can extract. Keeping the device restarted regularly provides an additional layer of defence by temporarily disrupting spyware's ability to persistently gather sensitive information.

Scammers Impersonate Thunder Bay RCMP in New Phone Spoofing Scheme

 



Phone number of the RCMP used in scams across Thunder Bay. The local Royal Canadian Mounted Police detachment is warning residents of Thunder Bay about a phone scam. Scammers are spoofing the official RCMP number, 807-623-2791, which will have calls that appear to be from the police when they actually are not. The RCMP has issued a public alert to raise awareness and try to prevent potential fraud.

How the Spoofing Scam Works

Spoofing is a technique by which fraudsters mask their real phone numbers through technology, making it seem as though the call is coming from a trusted source. In this case, they are masquerading as the Thunder Bay RCMP in an attempt to intimidate or defraud unsuspecting victims. The fraudsters might use the RCMP's name to give their requests a semblance of legitimacy. These requests usually demand sensitive personal information or money.

The RCMP clears the air on its communication practices

As far as the spoofing cases are concerned, the RCMP states that neither them nor any government institution will ever ask for a fee in an odd manner such as Bitcoin, gift cards, or cash collections. In fact, police will never visit your home to collect money as a reason a family member is behind bars. According to the RCMP, it does not seek social insurance numbers, birthdays, or phone numbers via phone call.

How to Verify an RCMP Call 

 In case somebody is doubtful whether a call claiming that it is from her detachment is genuine or not, then she must hanger and call again at 807-623-2791 between 8 a.m. and 4 p.m. Therefore, he will know if that was the genuine call or an attempt by a scammer.

Role of RCMP in Ontario

Another thing the public should be aware of is that the RCMP does not deal with local law enforcement in Ontario but rather deals with issues involving federal law, such as national security, border integrity, organised crime, and financial crimes, including cybercrime and money laundering.

What to Do if You Suspect a Scam

If you believe you are a target, the best action is to hang up. Victims of telephone scams are advised to contact either their local police service or the Canadian Anti-Fraud Centre to report the incident, helping investigators to track and follow up on ongoing schemes.

By knowing how to validate government calls and remaining vigilant, the citizens will be able to guard themselves against spoofing scams and other fraudulent schemes.


Rising Bank Fraud: Steps You Can Take to Safeguard Your Money

 

Bank fraud is becoming an increasingly serious issue, with cybercriminals devising new tactics to access people’s bank accounts. In 2023, global losses from bank fraud reached nearly $500 billion, according to the 2024 NASDAQ Global Financial Crimes Report. As digital banking grows in popularity, scammers are finding more opportunities to exploit vulnerabilities. 

Some of the most common schemes include phishing, credential stuffing, and social engineering. Phishing involves sending fake emails or text messages designed to trick individuals into sharing their banking details. Credential stuffing occurs when criminals use stolen login credentials to access multiple accounts, while social engineering involves impersonating bank officials to manipulate victims into giving away personal information. 

Other scams like wire transfer fraud and ATM skimming remain widespread. Skimming devices installed at ATMs can steal card information, while unauthorized wire transfers are difficult to stop once initiated. Security experts recommend three primary strategies to protect your account: staying informed, cautious behavior, and using available security tools. Being aware of emerging threats, pausing to verify suspicious communications before responding, and enabling features like two-factor authentication can all help protect your funds. 

If you suspect your account has been compromised, it’s crucial to act quickly. Immediately contact your bank to freeze transactions and change your account credentials. It’s also important to check your credit report to ensure the attack hasn’t spread to other areas. Although cybercriminals are leveraging advanced technologies, including artificial intelligence, to improve their scams, experts emphasize that the most effective defense remains human attentiveness. 

By being vigilant, identifying potential red flags, and implementing strong security practices, individuals can greatly lower their chances of becoming victims of bank fraud.