Plus:Threat actor takes credit for hacking Stanford and IBM
| Part of  Network | |
 Presented by  |
 Hackers are claiming to have stolen the data of 1B Chinese citizens. If true, the attack would represent the biggest cybersecurity incident in the country's history. More: - Binance's CEO Changpeng Zhao stated that the security team in Binance had noticed that someone was selling the data of over 1B citizens of an Asian country.
- The data stolen includes names, addresses, mobile numbers, health records, etc.
- A government staff member is believed to have accidentally written his log-in credentials among a few lines of code, causing the data to be leaked.
- The seller is asking for 10 Bitcoins as payment while claiming that they have over 23TB worth of data. The Chinese government has not released a statement regarding these claims yet, while other researchers are also investigating the case.
Zoom Out: - The country is believed to have at least 100K hackers who are at the government's disposal, while there are tens of other hacker groups who are related to authorities.
- Chinese-backed hacker groups were recently found to have conducted a cyber espionage operation that went on for at least five years. The operation targeted countries in the Indo-Pacific region and was carried out by Naikon, a group notorious for targeting government institutions.
| |
 The British Army's social media accounts were breached by an unknown threat actor. The government is still investigating the attack that led the army's Youtube and Twitter accounts to advertise crypto scams. More: - The breach lasted around four hours, with hackers changing the profile picture of the British Army's Twitter account to a Possessed NFT. This attack sparked the reaction of industry researchers as well as policymakers, with Conservative MP Tobias Ellwood stating his concern regarding the attack and claiming that there needs to be action taken against the threat actor.
- Threat actors made the pages look as if Elon Musk and Cathie Wood were having a live stream about cryptocurrency.
- Hackers encouraged the viewers to scan a QR code that would direct them to a cryptocurrency wallet address. After donating to that address, viewers promised to receive double the amount they donated back. It is unknown how many people donated, but over 20K people participated in the live streams. A major threat vector for the hackers was a phishing link that was sent to viewers. After being clicked, breachers likely gained unauthorized access.
Zoom Out: - Santander bank recently claimed that crypto scam cases were up 87% compared to last year.
- Hackers have previously scammed people out of millions of dollars by using Elon Musk's image.
| |
 A message from ASHCROFT CAPITAL With the housing market the way it is these days, it seems impossible to invest in real estate right now – except for apartments. Why invest in multifamily apartments? Because most investors are looking for passive income or growth opportunities to add to their portfolio but multifamily private placements provide both in one investment. Multifamily allows investors a unique opportunity to collect monthly cash flow (passive income) and participate in the equity (growth) as the property appreciates in value. Here lies the advantages of investing in multifamily private placements: - you don’t have to manage a property
- you don’t have to worry about repairs or renovations
- you don’t even have to find your own deals
However, before you invest in any private placement, you still need to take the time to understand the terms. You can learn how to make informed decisions when investing in real estate by downloading this free Private Offering Guide. Download Now For accredited investors only. The guide is for informational purposes only and is not intended for any other use. Not an offer to sell securities.
| |
 Ukrainian law authorities have arrested the hackers responsible for stealing over $3M in fake phishing websites. The websites convinced Ukrainian citizens to sign up for financial aid while stealing all of the funds raised. More: - The unknown hacker group was comprised of nine individuals who created over 400 different fake websites. The websites were filled with false European Union credentials, convincing Ukrainians that once they fill their bank details, the EU would send financial aid to their bank accounts.
- All of the individuals were arrested by the Ukrainian Cyber Police in cooperation with the National Bank and face 15 years in prison.
- The hackers are known to have scammed over 5K Ukrainians so far, while the exact details of the attack are still being uncovered. The threat vector through which the group breached the victims is a phishing link.
Zoom Out: - Only a few days ago, Russian hackers attempted to breach Ukraine's largest energy company.
- A few weeks ago, over 70 Ukrainian government websites were breached, as the country has sustained thousands of cyberattacks since the war began this year.
| |
 A threat actor has taken credit for hacking Stanford University and IBM. The method used to breach the two targets is expected to become more common in the near future. More: - The threat actor stated that it used Jenkins to achieve its goal of breaching the accounts. According to researchers, this threat actor is known for selling access credentials on the internet.
- In order to breach the victims, the hacker may have used search engines like Shodan to target the company's port 9443. Shodan enables users to scalp metadata from servers, allowing them to leverage this data. Afterward, the actor may have used a private script to bypass security protocols and gain unauthorized access.
- While the initial reports are considered unreliable, this method could be used by other threat actors to specifically move laterally across networks and use the same way to brute force other passwords. This could be effective if the user does not change their password on different accounts.
- Government accesses shown by the threat actor's breach have affected countries such as the UAE, Indonesia, Pakistan, Kenya, etc.
Zoom Out: - The University of California was similarly hacked last year, leading to thousands of students having their data leaked.
- Two years ago, over 20 U.K., U.S., and Canadian universities were breached, with some of them being forced to pay a ransom.
| |
 An employee of HackerOne was caught stealing customer data with the intention of personally benefiting by selling them. HackerOne is a platform that companies use to find out about vulnerabilities in their systems. More: - The breach was first noticed by a client of HackerOne. Once the company investigated the event, it noticed that a user had logged in several times and tried to send multiple vulnerability reports to customers. The reports contained the same information and were intended to be sold for a profit.
- This event happened between April 4th and June 22nd. The former employee attempted to convince one of the clients that they had been a victim of a significant breach, but the client was alarmed by that statement, triggering them to contact HackerOne. The company managed to notify all of the 7 clients whom the former employee had tried to breach.
- HackerOne claims that it did not find any other signs of data abuse and that it has added several layers of security. The company aims to improve its ability to detect inside threats, protect data, communicate possible threats with its customers, etc.
- An online account with the username Rzlr stated that the issues noted by the employee had been tracked officially within the internal company's system, but HackerOne's tracking system is inaccessible from the outside.
Zoom Out: - Numerous companies have struggled with internal data leaks this year. Many prototypes and future products of the company were publicized without the company's consent.
- In 2016, Snapchat was hit with a phishing attack that asked for financial information from more than 700 of the company's employees.
- The Equifax hack remains one of the largest in history, with over 140 million U.S. citizens having their data leaked.
| |
Quick Hits: - End your expense reporting nightmares; get $100 to see how dreamy it can be.
- German pharmaceutical company Bayer has announced that it will launch a cybersecurity company division in Israel. The news was announced after top executives from the $45B company concluded a visit to the country.
- A researcher has found several flaws in the security protocols that the U.S police uses in one of its software products.
- A new variant of the Astra Locker ransomware has been tracked by researchers. The variant differs from other ransomware in that it moves to immediately encrypt the files and lock them away from the user.
| |
Upcoming events at Inside: - July 20 - The Rise of Metaverse Gaming (Register Here)
- August 17 - Build Your Diversified Portfolio: How To Invest in Bear Markets (Register Here)
- September 14 - Are Electric Cars Worth It? (Register Here)
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Gregory Bridgman is a writer and researcher with an academic background in politics and the philosophy of science and technology. He holds a BA from the University of Cape Town, an MS from University College London, and is currently completing a PhD at the University of Cambridge. He is interested in climate issues, technological changes, and the implications of the fourth industrial revolution. Please feel free to contact me at gregory@inside.com! | |
| |
| 767 Bryant St. #203, San Francisco, CA 94107
Copyright © 2022 Inside.com | |
| |
