Weekly News Digest #42
$350,000 stolen from users by 170 Android cryptocurrency mining scam apps
Users pay money for mining but get nothing. More than 170 applications from the Android ecosystem have been identified as scam services. The applications are offering cloud-based mining services to users interested in mining cryptocurrencies. Users just need to pay a fee and the so-called mining process will be carried out by applications themselves.
Cryptocurrency mining is leveraging huge computing power and most PC even do not have the required power to manage the mining process and, thus, individuals are actively joining mining pools. According to researchers representing the company Lookout, all the applications mentioned above have not performed any legitimate mining activities. Researchers classified malicious apps into 2 large categories including “BitScams” and “CloudScams”. For example, “BitScams” apps offer users “virtual hardware” for $12.99-$259.99 to generate mining returns.
Emergency patch PrintNightmare security bug delivered by Microsoft
The out-of-band patch for the PrintNightmare security flaw has been released by Microsoft. The security flaw may allow attackers to take control of users’ PC. The bug in question is tracked as CVE-2021-1675 and CVE-2021-34527. The bug has a critical severity level and is attributed to the Windows print spooler. Microsoft has recommended admins to disable PrintSpooler until the release of a patch.
When the Windows Print Spooler improperly performs privileged file operations, the remote code execution vulnerability surfaces. The successful exploitation of the vulnerability enables running arbitrary code with SYSTEM privileges. After that, a malicious actor can install programs, modify or even delete data as well as create accounts with full user rights, – according to the warning issued by Microsoft. Upon completing the investigation of the case, Microsoft has released the required security updates.
IT management software targeted by hackers performing sophisticated ransomware attack
Hackers were actively exploiting previously unknown vulnerabilities in the IT management solutions developed by Kaseya LTD. The Russian-linked malicious group is likely to stand behind the attack. According to Marcus Murray from the Stockholm-based company TrueSec Inc., hackers were targeting victims opportunistically. Hackers were simply pushing ransomware to servers the were connected to the Internet and used the software provided by Kaseya LTD.
Kaseya was alerted to multiple vulnerabilities by the Dutch Institute for Vulnerability Disclosure. The Institute was working together with Kaseya to release fixes. Also, according to the institute, the malicious group from Russia REvil had successfully exploited the vulnerabilities before users could even patch them. Based on the results of the investigation performed by the cybersecurity firm Huntress Labs Inc., more than 1000 businesses worldwide were affected by ransomware.
Crypto scams are actively targeting vulnerable people
People are often tricked out of thousands of USD as the result of cryptocurrency scams. According to the information provided by FTC, since October 2020, due to the cryptocurrency scam, consumers have lost more than $8 mln. The year-on-year increase has amounted to 10 times. Chicago Tribune reported that in one such case, a 77-year old woman lost $12,000. The woman received a fake email alert recommending her to buy crypto and share her bank information. This incident is just a small element in the chain of crypto scams booming in the world.
According to the Guardian, in another security incident, a user of online dating services became embroiled in a cryptocurrency scam and lost $20,000 in May. Often, crypto scammers follow a long preparation process before targeting victims. At a certain age, people are becoming extremely vulnerable to scams and attackers actively exploit this pattern.
The info belonging to the Morgan Stanley clients was stolen as the result of the data breach
Morgan Stanley has recently reported on the data breach involving a third-party vendor as the result of which the info belonging to some corporate clients was stolen. Hackers could access private information like clients’ social security numbers, names, dates of birth as well as corporate company names. Morgan Stanley received notification of a breach from its vendor Guidehouse in May.
Attackers could access sensitive information by exploiting the vulnerability in Accellion FTA, the vendor’s server. The exposure was fixed within 5 days but although the files were encrypted, attackers could obtain decryption keys. However, according to Guidehouse, there is no evidence that the stolen information has appeared on the Internet. Currently, the bank is actively monitoring the situation.
Subscribe
to our
newsletter
Be the first to receive our latest company updates, Web3 security insights, and exclusive content curated for the blockchain enthusiasts.
Read next:
More related
Users lost more than $2 million in QAnon crypto trading scam4 min read
Industry News
Flashloan Attack on Inverse Finance’s Frontier3 min read
Industry News
Rug Pull Scam behind “Star Names”3 min read
Industry News