Facebook has been hit with a $275M fine by the Irish national regulatory authority for failing to protect the data of over 533 million users. The leaked data includes passwords, email addresses, phone numbers, locations, genders, etc. More: - The Irish Data Protection Commission started its investigation into the matter on April 14, 2021, following media reports about a potential data leak of a large magnitude that involved 533 million users in 106 countries.
- Meta has stated that the leaked information is old data and that hackers managed to steal it by taking advantage of a technique called phone number enumeration, also known as scraping.
- Aware of the potential for misuse that the technique had, Facebook removed the ability to use phone numbers to retrieve information via scraping in August 2019.
- In addition to the fine, the regulator has also directed the company to ensure that it is fully compliant with EU data protection regulations.
- This is the third time that the social media giant has been fined in the span of one year.
- WhatsApp was similarly ordered to pay over $220M due to a lack of transparency over data use, while Instagram had to pay over $400M because of its mishandling of children's data.
- Meta's European operations are based in Dublin, making the country the primary authority for the company's accountability in Europe.
- The EU has 13 more privacy inquiries into the social media group, none of which have been completed yet.
| |
Hackers are using a TikTok trend known as Invisible Body to spread WASP malware. WASP can steal information such as passwords and credit card information. More: - The Invisible Body trend includes videos with a filter that leaves a silhouette behind the person's body. Hackers used the filter to add a link that led users to believe that they would be able to remove the filter by clicking it.
- Once the target clicked the link, they were redirected to a Discord server with over 30,000 members and to a GitHub repository.
- This GitHub repository was presented as an open-source tool that can remove the invisible body effect trending on TikTok and currently has 103 starts and 17 forks. To grow its popularity, its creators asked all those who clicked on the link to share the project, making it a trending repository on the site.
- The project was updated by the hackers with new Python-written files but has since been removed by GitHub.
- The TikTok accounts that initially spread the videos were "@learncyber" and "@kodibtc," both of which have been suspended.
Zoom Out: - WASP malware uses steganography and polymorphism to evade detection. Hackers deploy the malware with its malicious Python packages that are able to steal credentials, personal information, and cryptocurrency.
- In the past, copies of WASP have been sold for $20 to other criminals, with payment coming in cryptocurrency or gift cards.
| |
 A message from SECURITY COMPASS Security teams and developers may be aligned on what is needed, but the delivery of these requirements leaves room for improvement. This interactive report examines the maturity and approaches of application security training for software developers. It emphasizes the frustrations developers experience with current eLearning options and organizational views on its effectiveness. Key takeaways from the study include: - 40% of respondents indicate their company provides interactive content, yet a lack of interactive content remains a top frustration.
- In total, 75% of respondents indicated they had to look up security-related topics regularly - once or twice a week (54%) or daily (21%).
- The best time to do secure development training was during code implementation.
- 37% of developers stated that implementing new code to satisfy security requirements was the most costly and time-consuming activity they perform.
To view the full “2022 DevSecOps Perspectives on AppSec Training” research report and learn more. Click here
| |
The Black Basta ransomware group has taken credit for hacking Canadian company Maple Leaf Foods in a recent cyberattack that forced the company to shut down its systems. The company has stated that it does not plan on paying ransom to the group. More: - Maple Leaf Foods is a meat packing company with over 14,000 employees and has dozens of stores in different countries. Two weeks ago, the company was cyberattacked with a ransomware attack and was forced to go offline.
- Black Basta has now taken responsibility for the attack, publishing what it claims to be private data stolen from the company's servers.
- Maple Leaf Foods has confirmed the validity of these claims, saying that the hacker group is asking the company for ransom but that it does not intend to pay it. Furthermore, the company asked the media 'not to entertain any potential leads' sent by the group.
Zoom Out: - Black Basta is a ransomware group operating as ransomware-as-a-service (RaaS) that was initially spotted in April 2022. The group is believed to be tied to Russian threat actors and uses affiliates to spread its Black Basta ransomware, a C++-written malware that affects both Windows and Linux.
- The group managed to make headlines when it hacked the American Dental Association in early 2022, along with 75 other organizations worldwide.
- Only a few days ago, Black Basta was tracked using Qakbot malware, also known as QBot or Pinkslipbot, to boost its aggressive and widespread campaign that targets U.S. companies.
| |
Over 16,000 scam World Cup-related websites and 40 Google Play Store fake apps that contain phishing campaigns and other malicious content have been tracked by researchers. Hackers are using malware such as Redline and Erbium. More: - The research, conducted by security company Group-IB, says that hackers are using a plethora of ways to breach their targets.
- Firstly, threat actors are using social media ads to direct traffic to fake ticket-selling websites and merchandise stores with the hope of stealing credit card information.
- Another method hackers are using is creating fake surveys that require the users to write their numbers and share a link on WhatsApp.This method has reached over 60,000 targets, according to the report.
- Lastly, the hackers are using the controversial Hayya app to breach World Cup visitors. Hayya is the official identification app for the 2022 World Cup, but many security companies have warned against its use or have asked users to delete the app as soon as they no longer need it.
Zoom Out: - Hackers began their malicious campaign over a year ago when they started sending phishing emails to companies, pretending to be government officials who invited them to partake in tendering procedures regarding World Cup activities.
- The EU regulatory authority, as well as the German, Norwegian and French governments, instructed citizens to avoid using both Hayya and Ehteraz due to the fact that they store data on a centralized server.
| |
 A message from SEGMENT.IO Segment is now free for Startups! Segment helps over 15,000 startups get analytics right. We collect, unify and send data to all of the tools you use, giving you consistent data, everywhere. - Collect: Use our analytics API to collect data across web (Javascript), mobile (SDK) and server-side data sources.
- Send: Send that data to 300+ destinations, including data warehouses, analytics & BI, marketing platforms, A/B testing, and more.
- Send data to new tools with the flip of a switch, no implementation required.
- Keep your engineers working on core product, not integrations or internal requests.
Qualifying companies get: - $50,000 in Segment credits for up to 2 years
- Access to our dealbook of over $1M in other software deals
- Expedited support, access to our webinars and content to help startups get analytics right
See if you qualify for our startup program. Apply Now 
| |
A security flaw in Acer laptops could've allowed hackers to deploy malware during the device's system startup and take control over them. The flaw is being tracked as CVE-2022-4020. More: - The security flaw enabled hackers to disable Secure Boot, a feature that protects the device by only allowing trusted software to run during the time the device is being activated.
- By disabling the Secure Boot feature, an attacker can load their own unsigned malicious bootloader to allow control over the operating system/device.
- The security flaw affects the following devices:
- Aspire A315-22,
- A115-21,
- A315-22G,
- Extensa EX215-21
- EX215-21G.
- Acer has stated that it is currently working on finding a solution and has recommended its users update their devices to the latest Windows system.
Zoom Out - Acer has been previously hacked by cybercrime groups. In 2021, the company was breached twice within a week by a threat actor tracked as Desorden. The group claimed that it stole employee and product information.
| |
Quick Hits: - HubSpot and Brandwatch partnered this year to survey over 1,000 individuals across the U.S. to better understand consumer purchasing habits, thoughts, and behaviors.*
- Europol has managed to seize nearly 13,000 domains that were linked with illegal cyber activities, such as the distribution of television content, selling counterfeit merchandise, selling false investment programs, etc. The prime suspect in this operation was earning over $150,000 per month through his illegal activities.
- Ransomware gang RagnarLocker has leaked data from police in Belgium, exposing 16 years of information kept on record, including sensitive material revolving around children's abuse.
- Data extortion gang Vice Society claims that it has leaked data that belongs to Swedish conglomerate IKEA. The group has reportedly breached Ikea's branches in Kuwait and Morocco.
- CISA has added CVE-2021-35587, an Oracle Fusion middleware security flaw, to its vulnerabilities list. The agency has given the flaw a 9.8 CVSS rating.
- Tech innovation is surging in education, finance, health care, and other industries. See what your competitors are building with Crowdbotics.*
*This is sponsored content.
| |
Upcoming events at Inside:
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
Security Compass delivers best-practice, role-based, accredited eLearning solutions. | |
Segment is an API-first analytics solution that empowers 15,000+ startups to scale their data infrastructure. | |
