The data of nearly 500M WhatsApp users is being sold online, according to reports from researchers. 32M of the affected users are U.S. citizens. More: - While the hackers have managed to steal the data of citizens from 84 countries, the most affected countries are:
- Egypt (45M)
- Italy (35M)
- Saudi Arabia (29M),
- France (20M)
- Turkey (20M)
- Russia(10M)
- According to communication that researchers made with the threat actors, the data is being sold for different prices based on the location of the users that were hacked. If the user is located in the U.S., the data is sold for $7k, if they are located in the U.K., the data is sold for $2.5k, and if they are in Germany, it is sold for $2k.
- Meta has not confirmed the legitimacy of these claims yet, but if the reports are true, the implications could be huge due to the fact that WhatsApp has over 2B monthly users.
- The report does not state the name of the hacker group responsible for the breach, but researchers suspect that the hackers could have abused data stored on Meta's large database collected through ad targeting.
| |
Interpol has announced that it has seized $130M from a criminal hacker group during a global operation. 975 individuals were arrested during the operation. More: - The operation, officially called Operation HAECHI III, started on June 28th, 2022 and ended on November 23rd, 2022.
- The conclusion of this operation resulted in the creation of 1600 court cases and the arrest of two South Korean fugitives wanted for organizing a Ponzi scheme that stole $30M from over 2,000 citizens. The two individuals were arrested in Greece and Italy.
- Another high-profile arrest related to this case involves a call center in India that was making false investment promises to citizens in Austria. The scammers in this call center managed to steal over $160k from their victims and tried to hide the transactions through various tools such as cryptocurrency mixers and online gift cards.
- Interpol claims that these arrests were made possible by a new tool called Anti-Money Laundering Rapid Response Protocol. According to the agency, this tool helps counties cooperate with each other more efficiently and has resulted in the seizure of $120M since it was launched in January 2022.
- The countries that participated in this global operation include Australia, Austria, Brunei, Cambodia, Cote d’Ivoire, France, Ghana, India, Indonesia, Ireland, Japan, Korea, Malaysia, Maldives, Nigeria, Philippines, Poland, Romania, Singapore, Slovenia, South Africa, Spain, Sweden, Thailand, United Arab Emirates, United Kingdom, United States, etc.
| |
 A message from SECURITY COMPASS The only secure developer training that is accredited by (ISC)² Explore role-based, language-specific, secure developer training that meets developers where they are in their knowledge and learning style to ensure they successfully develop and apply secure coding skills. Go beyond secure coding training. Retain talent, remain competitive, and stay compliant. Choose over 50 cybersecurity courses covering topics including: - AppSec Fundamentals
- Secure Coding
- Secure Mobile
- Compliance, PCI-DSS, CCPA, HIPAA
- Operational Security, like DevSecOps Fundamentals and DevSecOps for Managers
Influence developers to adopt secure coding without getting in their way. Learn more
| |
Google Chrome has released a new security update that fixed a high-severity zero-day flaw. The security flaw is being tracked as CVE-2022-4135. More: - The security flaw is a heap-buffer overflow bug that, if abused, could lead to hackers being able to execute arbitrary code remotely.
- Technical details pertaining to the bug, which was tracked by the Google Threat Analysis Group, have not been made public due to the fact that the company wants to make sure all of the weak points have been patched.
- Other researchers have speculated that through this flaw, remote attackers can escape the Chrome sandbox by luring a target to a web page crafted in a way that exploits the security issue in the graphics renderer process.
- Google has acknowledged the fact that the bug is present, advising all Google Chrome users to update to versions 07.0.5304.121 for macOS and Linux and 107.0.5304.121/.122 for Windows to ensure safety.
- This bug marks the eighth time that Google has patched an actively exploited zero-day in Chrome.
| |
Cyberattacks against esports players have increased as there is more money in esports than ever before. Web app cyberattacks alone have increased by 167%. More: - The videogame industry has seen revenue growth of 32% YoY from 2019, reaching $253.7B in 2022. The industry saw a major boost during the Covid-19 lockdown, maintaining its momentum with increased demand and a lack of supply that has made gaming consoles more popular than ever.
- Hackers are particularly interested in stealing the credit card payments stored from users who buy in-game purchases and complete microtransactions.
- The online microtransaction market is expected to reach $106.02B in 2026. This niche is particularly popular for hackers due to the fact that transactions under $10k are generally not looked at as thoroughly by government agencies as transactions that surpass this value.
- In parallel with this growth in revenue, the number of cyberattacks launched against gaming companies has also grown. Hackers are attacking the gaming industry so much that it has even surpassed the finance industry in terms of the number of cyberattacks.
- DDoS attacks are the most used threat vector by hackers, representing 37% of all DDoS attacks launched globally.
- In terms of the technologies that are targeted the most, web app attacks are arguably the most popular. The three most used attacks are LFI (38%), SQLi (34%), and XSS (24%). Web app attacks represent half of all cyberattack cases in the gaming industry, as the main assets that games have to offer are stored in APIs and web apps.
| |
Sweden-based Holm Security has raised $4M to expand its 750+ company portfolio and help companies detect and defend against cyberattacks. Subvenio Invest led the funding round. More: - The company offers a platform that scans systems and detects possible flaws that could be used by threat actors. Holm Security separates its offering into five categories:
- Threat Intelligence
- Web app security
- Attack Surface
- Cloud Security
- Network scanning
- By helping reduce a client's attack surface, Holm Security believes that hackers will have a harder time breaching its defense systems because it would take a longer time to find security flaws, thus making it easier for the software to detect the threat actors.
- In addition to helping clients spot the security flaws in their technology, Holm also helps them avoid human-made errors by offering employee training programs. In these programs, employees are taught how to spot a phishing campaign, how to report when they find something suspicious, and how to proceed if there has been a breach.
- Besides its headquarters in Stockholm, the company has offices in London, Amsterdam, Copenhagen, Ghent, New Delhi, and Petaling Jaya.
| |
Quick Hits: - DUER's founder wanted pants that stretch "from bike lane to boardroom to an evening night out." Try the World's Most Comfortable Pants during Black Friday — shop up to 50% off sitewide.*
- Apple is expected to release a new security feature in iOS 16 that is able to isolate all malware, block attachments, facetime calls, etc. The feature targets a small number of users who may be at risk.
- Orange Group, one of the largest telecom companies in France, has stated that it intends to increase its cybersecurity budget. The company claims that money deployed in cybersecurity is 'an investment and not an expense.'
- Vice Society hacker group, a threat actor known for its numerous cyberattacks against education organizations, has taken responsibility for a recent cyberattack against Cincinnati State college. The attack managed to shut down voicemail, network printing, VPN access, and other devices.
- Sektor Australia, a tech company that creates products for mobility, retail, healthcare, point of sale, payments, and ergonomics, has announced the creation of is cybersecurity division. The company stated that it has offered cybersecurity services for a time now and that the creation of this division is the culmination of the successful work that has been done so far.
*This is sponsored content.
| |
Upcoming events at Inside:
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Gregory Bridgman is a writer and researcher with an academic background in politics and the philosophy of science and technology. He holds a BA from the University of Cape Town, an MS from University College London, and a Ph.D. from the University of Cambridge. He is interested in climate issues, technological changes, and the implications of the fourth industrial revolution. Please feel free to contact me at gregory@inside.com! | |
Security Compass delivers best-practice, role-based, accredited eLearning solutions. | |
