Plus: CISA warns government agencies to update their authentication to Modern Auth
| Part of  Network | |
 Presented by  |
 New malware is being used by threat actors to hack YouTubers. The malware is being sold as a MaaS on forums online. More: - The malware is being tracked as YTStealer. In addition to YTstealer, the threat actors are also using RedLine Stealer.
- Similarly, with RedLine Stealer, YTStealer extracts data from a user's browsing history and other autosaved browser data such as credit card information, log-in credentials, etc. The malware is targeting YouTube creators that have large followings, supposedly so that their data could be sold on the dark web. Hackers gather information such as subscriber count, the data when the channel was created, the channel's monetization status, how much the creator has earned, etc.
- While the origin of the malware is not known yet, researchers have connected a domain linked with the malware to an Iranian app.
Zoom Out: - YouTubers have been previously attacked by hackers numerous times. In 2021, several channels were hacked and had their entire content changed to advertise cryptocurrency scams.
- A few months ago, hackers breached the channel of a dead YouTuber to advertise online scams.
| |
 The U.S. Department of Justice and HSI took down six domains that were illegally streaming music. The U.S. collaborated with Brazil, where 266 similar websites were taken down. More: - The names of the six domains that were taken down are Corourbanos.com, Corourbano.com, Pautamp3.com, SIMP3.com, flowactivo.co, and Mp3Teca.ws. All of these websites were registered with U.S. registrars.
- In addition, the 266 domains shut down in Brazil were all part of the same group as the ones in the U.S. Brazilian authorities arrested six people involved with these websites.
- It is estimated that these websites had close to 7 million users per month. In addition to the websites, over 450 mobile apps were shut down.
Zoom Out: - A few weeks ago, a Brazilian airport was hacked, as passengers were shown inappropriate content on the airplane screens.
- Brazil's vaccination data was stolen due to a breach by the infamous Lapsus$ group in 2021.
| |
 A message from SECURITY COMPASS Current approaches to Threat Modeling simply don’t work. - They are manual and inconsistent
- They take too long
- They don’t scale
- They don’t give developers what they need
Here you can find a series of posts breaking down how you can anticipate threats earlier in the software development life cycle to create more secure software. Learn more about current threat modeling challenges. See how a new, developer-centric approach to threat modeling can help your organization deliver secure software faster. Read Series on Threat Modeling And, yes, we understand that threat modeling is a time-consuming process that requires the expertise of security professionals and figuring out the best approach to mature application security programs can be difficult, especially with increasing internal demands for a faster time to market. According to this Total Economic Impact™study, SD Elements enabled its users to decrease the time needed to develop security requirements for products by 90%. See how
| |
 Google released updates for its Workspace platform that will alert admins every time changes are made in their accounts. The admins will not be able to turn off the alert notifications. More: - Admins will receive the notifications by Google in their email and will be provided with an investigation tool that will help them analyze the situation. The tool will only be provided to them once the email is opened.
- Changes that will be reported to the admins include password resets, SSO profile adding or removal, SSO profile updates, etc. Besides email, Google will also alert admins on the admin log.
- Google stated that the update has already begun rolling out, and it is expected to reach all users within weeks.
Zoom Out: - Google's products have been previously breached. Google Chrome announced a zero-day vulnerability exploitation in February, with two similar flaws announced in March and April.
| |
 CISA has warned government agencies that use Microsoft Exchange to update their authentication methods to Modern Authentication. The latter provides a more secure way of authenticating an account by giving tokens that have not been used before. More: - CISA has warned government agencies that hackers are primarily attacking their targets using password spray attacks. In this type of attack, threat actors try the same password on multiple accounts to gain unauthorized access. This happens because users have passwords that are easy to guess, and therefore hackers simply have to generate a certain number of combinations.
- The premier cybersecurity authority directed that government agencies stop using basic authentication, which is less secure, and start upgrading to modern auth. Basic auth log-ins are not encrypted and hashed, making them vulnerable.
- Almost all companies have recommended multi-factor authentication for both government institutions and private individuals. Google has an authenticator app that is integrated with other apps that enable 2FA as a way of convincing users to browse the internet more safely. Multi-factor authentication is required by an executive order signed by President Biden.
- Microsoft itself will disable basic auth by the end of 2022, as the company has had numerous breaches in recent times. Microsoft Exchange servers were hacked to distribute ransomware. Other threat actors have also consistently targeted the company's Exchange service.
| |
Wiltshire Farm Foods, a producer of frozen foods in the U.K., was shut down after being cyber-attacked on Sunday. The food company is still suffering from the hack, with deliveries suffering long delays. More: - The company is believed to have been hit with ransomware, but the exact details of the attack are unclear, including the threat actor who deployed it.
- Customers could not order food from the company's online service, and they complained about the lack of information.
- Wiltshire stated that it is trying to get back on track by next week, as it has left investigations in the hands of law authorities.
Zoom Out: - JBS, the largest meat company in the U.S., was previously attacked by threat actors. The attack resulted in JBS shutting down almost all of its plants.
| |
Quick Hits: - Testim helps teams accelerate software testing with fast authoring of AI-powered, resilient tests. Sign up for your free account!*
- The Evilnum hacker group has been spotted with a new hacking campaign targeting European organizations.
- Cyolo announced that it has raised a Series B round consisting of $60M in funding.
- Normalyze has secured a $22.2M Series A round, marking its first time out of stealth mode as a startup.
- Opaque Systems has raised a Series A $22M funding round led by Walden Catalyst Partners. The company combines AI with cybersecurity protocols.
- Assets are getting larger, and end-users have you stuck between the cloud and a hard place. Deliver far beyond user expectations with Cox Edge’s CDN.*
*This is a sponsored post.
| |
Upcoming events at Inside: - June 29 - AMA with Peter Rousseau (AngelList Venture) (Register Here)
- June 30 - HR Strategies to Retain Remote Employees (Register Here)
- July 20 - The Rise of Metaverse Gaming (Register Here)
- July 27 - Need To Know NoCoder - Yassine Tahi (Kinetix) (Register Here)
- August 17 - Build Your Diversified Portfolio: How To Invest in Bear Markets (Register Here)
- September 14 - Are Electric Cars Worth It? (Register Here)
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 Ford. | |
Security Compass is on a mission to accelerate software time-to-market while managing risk. | |
| 767 Bryant St. #203, San Francisco, CA 94107
Copyright © 2022 Inside.com | |
| |
