Users pay money for mining but get nothing. More than 170 applications from the Android ecosystem have been identified as scam services. The applications are offering cloud-based mining services to users interested in mining cryptocurrencies. Users just need to pay a fee and the so-called mining process will be carried out by applications themselves.
Cryptocurrency mining is leveraging huge computing power and most PC even do not have the required power to manage the mining process and, thus, individuals are actively joining mining pools. According to researchers representing the company Lookout, all the applications mentioned above have not performed any legitimate mining activities. Researchers classified malicious apps into 2 large categories including “BitScams” and “CloudScams”. For example, “BitScams” apps offer users “virtual hardware” for $12.99-$259.99 to generate mining returns.
The out-of-band patch for the PrintNightmare security flaw has been released by Microsoft. The security flaw may allow attackers to take control of users’ PC. The bug in question is tracked as CVE-2021-1675 and CVE-2021-34527. The bug has a critical severity level and is attributed to the Windows print spooler. Microsoft has recommended admins to disable PrintSpooler until the release of a patch.
When the Windows Print Spooler improperly performs privileged file operations, the remote code execution vulnerability surfaces. The successful exploitation of the vulnerability enables running arbitrary code with SYSTEM privileges. After that, a malicious actor can install programs, modify or even delete data as well as create accounts with full user rights, – according to the warning issued by Microsoft. Upon completing the investigation of the case, Microsoft has released the required security updates.
Hackers were actively exploiting previously unknown vulnerabilities in the IT management solutions developed by Kaseya LTD. The Russian-linked malicious group is likely to stand behind the attack. According to Marcus Murray from the Stockholm-based company TrueSec Inc., hackers were targeting victims opportunistically. Hackers were simply pushing ransomware to servers the were connected to the Internet and used the software provided by Kaseya LTD.
Kaseya was alerted to multiple vulnerabilities by the Dutch Institute for Vulnerability Disclosure. The Institute was working together with Kaseya to release fixes. Also, according to the institute, the malicious group from Russia REvil had successfully exploited the vulnerabilities before users could even patch them. Based on the results of the investigation performed by the cybersecurity firm Huntress Labs Inc., more than 1000 businesses worldwide were affected by ransomware.
People are often tricked out of thousands of USD as the result of cryptocurrency scams. According to the information provided by FTC, since October 2020, due to the cryptocurrency scam, consumers have lost more than $8 mln. The year-on-year increase has amounted to 10 times. Chicago Tribune reported that in one such case, a 77-year old woman lost $12,000. The woman received a fake email alert recommending her to buy crypto and share her bank information. This incident is just a small element in the chain of crypto scams booming in the world.
According to the Guardian, in another security incident, a user of online dating services became embroiled in a cryptocurrency scam and lost $20,000 in May. Often, crypto scammers follow a long preparation process before targeting victims. At a certain age, people are becoming extremely vulnerable to scams and attackers actively exploit this pattern.
Morgan Stanley has recently reported on the data breach involving a third-party vendor as the result of which the info belonging to some corporate clients was stolen. Hackers could access private information like clients’ social security numbers, names, dates of birth as well as corporate company names. Morgan Stanley received notification of a breach from its vendor Guidehouse in May.
Attackers could access sensitive information by exploiting the vulnerability in Accellion FTA, the vendor’s server. The exposure was fixed within 5 days but although the files were encrypted, attackers could obtain decryption keys. However, according to Guidehouse, there is no evidence that the stolen information has appeared on the Internet. Currently, the bank is actively monitoring the situation.
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.