Hacken Token
$ -- --.--

Weekly News Digest #42

$350,000 stolen from users by 170 Android cryptocurrency mining scam apps

Users pay money for mining but get nothing. More than 170 applications from the Android ecosystem have been identified as scam services. The applications are offering cloud-based mining services to users interested in mining cryptocurrencies. Users just need to pay a fee and the so-called mining process will be carried out by applications themselves. 

Cryptocurrency mining is leveraging huge computing power and most PC even do not have the required power to manage the mining process and, thus, individuals are actively joining mining pools. According to researchers representing the company Lookout, all the applications mentioned above have not performed any legitimate mining activities. Researchers classified malicious apps into 2 large categories including “BitScams” and “CloudScams”. For example, “BitScams” apps offer users “virtual hardware” for $12.99-$259.99 to generate mining returns.

Read more 

Emergency patch PrintNightmare security bug delivered by Microsoft

The out-of-band patch for the PrintNightmare security flaw has been released by Microsoft. The security flaw may allow attackers to take control of users’ PC. The bug in question is tracked as CVE-2021-1675 and CVE-2021-34527. The bug has a critical severity level and is attributed to the Windows print spooler. Microsoft has recommended admins to disable PrintSpooler until the release of a patch.

When the Windows Print Spooler improperly performs privileged file operations, the remote code execution vulnerability surfaces. The successful exploitation of the vulnerability enables running arbitrary code with SYSTEM privileges. After that, a malicious actor can install programs, modify or even delete data as well as create accounts with full user rights, – according to the warning issued by Microsoft. Upon completing the investigation of the case, Microsoft has released the required security updates.

Read more 

IT management software targeted by hackers performing sophisticated ransomware attack

Hackers were actively exploiting previously unknown vulnerabilities in the IT management solutions developed by Kaseya LTD. The Russian-linked malicious group is likely to stand behind the attack. According to Marcus Murray from the Stockholm-based company TrueSec Inc., hackers were targeting victims opportunistically. Hackers were simply pushing ransomware to servers the were connected to the Internet and used the software provided by Kaseya LTD.

Kaseya was alerted to multiple vulnerabilities by the Dutch Institute for Vulnerability Disclosure. The Institute was working together with Kaseya to release fixes. Also, according to the institute, the malicious group from Russia REvil had successfully exploited the vulnerabilities before users could even patch them. Based on the results of the investigation performed by the cybersecurity firm Huntress Labs Inc., more than 1000 businesses worldwide were affected by ransomware.

Read more

Crypto scams are actively targeting vulnerable people

People are often tricked out of thousands of USD as the result of cryptocurrency scams. According to the information provided by FTC, since October 2020, due to the cryptocurrency scam, consumers have lost more than $8 mln. The year-on-year increase has amounted to 10 times. Chicago Tribune reported that in one such case, a 77-year old woman lost $12,000. The woman received a fake email alert recommending her to buy crypto and share her bank information. This incident is just a small element in the chain of crypto scams booming in the world.

According to the Guardian, in another security incident, a user of online dating services became embroiled in a cryptocurrency scam and lost $20,000 in May. Often, crypto scammers follow a long preparation process before targeting victims. At a certain age, people are becoming extremely vulnerable to scams and attackers actively exploit this pattern. 

Read more  

The info belonging to the Morgan Stanley clients was stolen as the result of the data breach

Morgan Stanley has recently reported on the data breach involving a third-party vendor as the result of which the info belonging to some corporate clients was stolen. Hackers could access private information like clients’ social security numbers, names, dates of birth as well as corporate company names. Morgan Stanley received notification of a breach from its vendor Guidehouse in May. 

Attackers could access sensitive information by exploiting the vulnerability in Accellion FTA, the vendor’s server. The exposure was fixed within 5 days but although the files were encrypted, attackers could obtain decryption keys. However, according to Guidehouse, there is no evidence that the stolen information has appeared on the Internet. Currently, the bank is actively monitoring the situation. 

Read more

Subscribe to our research

Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.