Plus: Raccoon Stealer malware is back
| Part of  Network | |
 Presented by  |
 The FBI released a statement that warned that hackers are using stolen personal information from American citizens to create deepfakes. These deepfakes are being used to misdirect people into being hacked by pretending to be someone else in a remote job application. More: - The FBI has warned that the number of complaints by different individuals and companies regarding personal information abuse has gone up. Hackers are using leaked personal information that belongs to U.S. citizens to confuse employers who are hiring for remote tech positions.
- Threat actors utilizing this strategy usually apply for positions that require programming, knowledge of databases, or access to company finances. These fake applications are easier to spot when a video conference is being held due to the fact that the deepfake videos do not correspond with normal behavior and gestures.
- Companies that face this issue can report it on IC3, the FBI's platform that deals with complaints regarding internet crime. The agency stated that providing the IP addresses, emails, names, or phone numbers of the scammers would be helpful in tackling the problem.
Zoom Out: - The FBI has previously warned of North Korean hackers who present fake identification information to get hired in remote jobs so that they can exploit their access later and conduct malicious acts.
| |
 China-backed hackers are attacking targets in Afghanistan, Malaysia, and Pakistan through unpatched Microsoft weaknesses. The threat actor is using the ShadowPad trojan to infect its victims. More: - The hacker group, which has previously been relatively under the radar, attacked the telecom industry in both Pakistan and Afghanistan. The group used a similar kind of attack to breach a transportation academy in Malaysia.
- This attack occurred in Oct. 2021, while the threat actor specifically breached a flaw tracked as CVE-2021-26855.
- ShadowPad trojan is malware that has been used by numerous Chinese hacker groups.ShadowPad samples analyzed a while ago showed clusters of activity linked with the Chinese Ministry of State Security and the People's Liberation Army (PLA).
- The malware was downloaded to the victims' devices as mscoree.dll, while also utilizing other tools such as CobaltStrike.ShadowPad extracts information about the host, executes commands, interacts with the file system and registry, and deploys new modules to extend functionality.
Zoom Out: - This attack may be related to other China-backed cyber espionage attempts that focus on gathering long-term information.
| |
 A message from SECURITY COMPASS Current approaches to Threat Modeling simply don’t work. - They are manual and inconsistent
- They take too long
- They don’t scale
- They don’t give developers what they need
Here you can find a series of posts breaking down how you can anticipate threats earlier in the software development life cycle to create more secure software. Learn more about current threat modeling challenges. See how a new, developer-centric approach to threat modeling can help your organization deliver secure software faster. Read Series on Threat Modeling And, yes, we understand that threat modeling is a time-consuming process that requires the expertise of security professionals and figuring out the best approach to mature application security programs can be difficult, especially with increasing internal demands for a faster time to market. According to this Total Economic Impact™study, SD Elements enabled its users to decrease the time needed to develop security requirements for products by 90%. See how
| |
 A new trojan that is targeting Spanish banks has been tracked by researchers. Hackers are attacking the customers of BBVA. More: - The threat actor is using phishing as a tool to spread the hacking campaign.
- Hackers have created a fake two-factor authentication app that impersonates the app that BBVA uses, as the code suggests the trojan has been created to specifically impersonate this bank's app.
- 2FA technology is a verification method that enables users to verify their log-in credentials with a specific code generated every time they use the app. It is meant to serve as a safe way for users to log in to their accounts beyond using a username and password. Almost all companies recommend using it, leading to many hackers trying to find ways to breach this technology.
- The trojan's origin is unknown so far, but it is known that the virus affects Android operating systems. Google has stated that it has addressed the issue in the upcoming Android update.
Zoom Out: - Germany recently warned its banks that cyber-attack attempts could intensify in the upcoming months due to the Ukrainian invasion and the Russia-backed hacker groups.
- Wall Street banks tested their cyber security defense capabilities only a few days ago, signaling that this aspect is now becoming a priority for many companies around the world.
| |
 Raccoon Stealer malware has returned with an updated MaaS variant. The malware is being openly promoted on Telegram. More: - Raccoon Stealer malware is a MaaS (malware as a service) that sells online as a subscription. People who pay for a weekly or monthly subscription get access to the malware, which they can use to breach their targets.
- The malware's operating group initially shut down after a member of the group died during Russia's invasion of Ukraine. The group announced that it is coming back and claims that the software was rewritten from the beginning.
- This malware has different features, such as collecting basic system fingerprinting info, browser passwords, cookies, autofill data, and saved credit cards. Cryptocurrency wallets and web browser extensions include MetaMask, TronLink, BinanceChain, Ronin, Exodus, Atomic, etc.
- Users were able to use the malware for $75 per week or $200 per month. It is unclear how large the group operating Raccoon is, but many of them joined Mars Stealer after the malware shut down temporarily, causing the group to put a halt on accepting new members.
| |
The State of New York named its first chief cyber officer. The position will be held by Colin Ahern, the previous head of New York City's Cyber Command. More: - Ahern's responsibilities will include building the city's cyber capabilities, helping develop its human infrastructure, education programs, etc. Additionally, Ahern will lead the Joint Security Operations Center.
- Ahern has previously served in the U.S. Army, while currently, he is a professor.
- New York City's cybersecurity investment budget for the fiscal year of 2023 will be $61.9M, as the U.S., in general, continues to increase its cybersecurity spending. The Federal government has planned $16B in spending for IT and cybersecurity, marking the largest budget increase for this field ever.
| |
Quick Hits: - Testim helps teams accelerate software testing with fast authoring of AI-powered, resilient tests. Sign up for your free account!
- India has delayed the implementation of a new law that obliged companies to report cyber attacks for at least two more months.
- A survey suggests that 97% of U.K. business owners expect quantum computing to affect their business and disrupt their business model.
- A new hacking campaign is targeting home routers across Europe and North America.
- The OpenSSL library will release a patch in order to address its flaws that may leave users vulnerable.
- Assets are getting larger, and end-users have you stuck between the cloud and a hard place. Deliver far beyond user expectations with Cox Edge’s CDN.*
*This is a sponsored post.
| |
Upcoming events at Inside: - June 29 - AMA with Peter Rousseau (AngelList Venture) (Register Here)
- June 30 - HR Strategies to Retain Remote Employees (Register Here)
- July 20 - The Rise of Metaverse Gaming (Register Here)
- July 27 - Need To Know NoCoder - Yassine Tahi (Kinetix) (Register Here)
- August 17 - Build Your Diversified Portfolio: How To Invest in Bear Markets (Register Here)
- September 14 - Are Electric Cars Worth It? (Register Here)
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 Ford. | |
Security Compass is on a mission to accelerate software time-to-market while managing risk. | |
| 767 Bryant St. #203, San Francisco, CA 94107
Copyright © 2022 Inside.com | |
| |
