An Android Trojan known as Schoolyard Bully may have stolen the data of over 300,000 Facebook users. The malware mainly targets users based in Vietnam. More: - Hackers are hiding the malware in several fake apps that were previously found in the Google Play Store. These apps pretend to have educational content and free books to read.
- Once a user downloads this content, the Schoolyard Bully trojan can steal information such as:
- Email
- Phone Number
- Password
- ID
- Name
- The trojan is also able to steal Facebook credentials by leading users to a phishing Facebook login page that contains a Javascript injection.
- While the primary target group is Vietnamese users, researchers claim that there are over 300,000 victims across 71 countries.
- Researchers claim that these kinds of attacks are made easier by the fact that 64% of individuals use the same password that was exposed in a previous breach.
Zoom Out: - Android Trojans have been a problem for the system's users for a long time.
- Three weeks ago, it was reported that Vultur Android Banking Trojan had surpassed 100,000 downloads on the Google Play Store.
- This malware is able to deploy infostealer malware and device takeovers.
- A number of other apps found in the Play Store have also been tracked.
- Fake apps such as X-File Manager and FileVoyager use malware such as Sharkbot to steal private information from targets, while the hackers who operate them constantly try to update new variants so that they are not shut down.
| |
Eight U.S. citizens have been charged over a $30M unemployment benefits fraud scheme. One person has already pleaded guilty to the charges brought against them. More: - The eight individuals, ranging from 29 to 45 years old, filed more than 5,000 fraudulent unemployment insurance claims at the Georgia Department of Labor.
- These actions resulted in at least $30M in stolen benefits, money that would've otherwise gone to those who truly needed COVID-19 relief funds.
- In order to apply for these benefits, the defendants created false employers and employee lists using stolen personally identifiable information from unemployment insurance claims on the GaDOL website and healthcare organizations.
- Four defendants are being charged with mail fraud, two of them are being charged with aggravated identity theft, and one of them is also being charged with money laundering. The defendants could face up to 20 years in prison.
Zoom Out: - One week ago, U.K. law authorities announced the largest anti-cyber fraud operation in the country's history. The operation, conducted in cooperation with the U.S., resulted in 120 arrests, the tracking of 70 million lines of code, and the seizure of other valuable assets.
| |
 A message from SECURITY COMPASS The only secure developer training that is accredited by (ISC)² Our role-based, language-specific, secure developer training meets developers where they are in their knowledge and learning style to ensure they successfully develop and apply secure coding skills. Go beyond secure coding training. Retain talent, remain competitive, and stay compliant. We offer over 49 courses covering topics including: ● Defending AWS, .NET, Angular, Java, and more ● DevSecOps Fundamentals and DevSecOps for Managers ● Defending Containers, Kubernetes, Docker ● Secure Software Requirements, Design, Testing Explore language-specific, role-based, (ISC)² accredited secure developer training. Visit our page to browse our curriculum, try a free course, or speak to the team. Browse our curriculum
| |
Albania has charged five IT staff members with negligence over the Iran cyberattacks that shut down the country's digital infrastructure, claiming that they did not do enough to detect and defend the hacking campaign. The officials could face up to seven years in prison. More: - According to the prosecutors handling the case, the five IT officials failed to check the security of the system and update it with the most recent antivirus software.
- The five individuals are being charged with accusations of "abuse of post." If found guilty, they could face up to seven years in prison.
- Government officials stated that these charges are the result of an investigation that began soon after the hacking campaign concluded. The country has worked with Microsoft and the U.S. FBI ever since the cyberattack was tracked.
- Law enforcement authorities did not state whether there would be more arrests in the future regarding what has become one of the most prominent hacking campaigns in Europe.
Zoom Out: - In July 2022, it is believed that Iran-backed hackers managed to deploy a massive malware campaign that shut down Albania's digital administration services website. The hackers were reportedly able to hide their presence for 14 months before finally launching the attack.
- Only a few weeks later, the country was hit by another cyberattack. This time, its border control system was forced to go offline, resulting in a shutdown of border controls and a manual process of evidence-keeping.
- Soon after the attacks, Albania decided to cut its diplomatic ties with Iran, directing Iran's Embassy employees to leave the country in 24 hours.
- As a result of this hacking campaign, the U.S. imposed sanctions on Iran, while NATO and the EU also denounced the act. Iran denied any responsibility.
| |
Hackers have leaked Medibank's customer data on the dark web after the company refused to pay a ransom. The company claims no banking information has been stolen. More: - The Australian Federal Police have said that law enforcement will take action against anyone attempting to benefit from the data by attempting to download and sell it.
- According to Medibank, hackers have stolen personal data, but this data does not provide enough detail for them to be able to cause significant damage.
- The company stated that in order to help its affected customers, it has hired over 300 customer support employees.
- Hackers have stated that if the company continues to refuse to pay a ransom, it will release all of the data it has stolen. Medibank is likely to continue its current stance on not fulfilling the hackers' demands.
- According to Australian institutions, Medibank could face penalties of $2.2M for each contravention of Australia's privacy laws.
Zoom Out: - This leak comes only weeks after the company acknowledged another data breach that affected nearly 10 million customers from different companies, including Medibank.
- In this breach, 5.1 million Medibank customers were hacked, along with 2.8 million ahm health insurance customers and 1.8 million international customers.
| |
 A message from REALPHA Invest In the Startup Turning Airbnbs Into An Asset Class With vacation rentals in short supply, Airbnb hosts have been making bank. But most of us are still on the sidelines of this $1.2T short-term rental industry. reAlpha’s mission is to give millions of people the opportunity to become part-owners in property through their app-based platform. The company uses machine learning and AI to select the most viable investments, renovate them, maintain them, and allow users to buy shares of them like stocks. But even before they launch their platform, you can invest in the company itself. They’ve already begun building a portfolio of vacation properties with a new $200M financing deal (one of the largest in industry history) and $40.8 million in equity to acquire more properties. And this is just the beginning. Become a reAlpha shareholder before the December 8th deadline. Invest Here
| |
Sphere Technology Solutions has raised a $31M Series B to help companies protect their valuable assets from external threat actors. The company is based in Newark, New Jersey. More: - Sphere provides a proprietary SaaS identity hygiene platform that helps companies evaluate their access and data protection controls, protect its users and data across cloud and on-premises, patch security flaws that leave certain users vulnerable, etc.
- By using this approach, companies can shrink their attack surface and lower the chance of having their data fall into the wrong hands.
- Sphere's clients include Goldman Sachs, RBC Royal Bank, TD Bank, etc.
- This Series B round was led by Edison Partners, with participation from existing investor Forgepoint Capital.
- With this investment, Sphere aims to expand its SaaS suite, develop partnerships, and boost its growth through marketing and sales.
- The company, founded in 2009, has raised $45M.
| |
Quick Hits: - Great ideas are recession-proof. See how innovators in every industry are turning their ideas into code faster and cheaper with Crowdbotics.*
- Password management service LastPass has been breached. The company claims that no passwords have been stolen from the company's storage system and that hackers only managed to extract certain parts of source code.
- According to a recent survey, only 1 in 10 U.S. defense contractors passes basic cybersecurity requirements.
- A new malware that targets remote dictionary servers has been tracked. The malware, known as CVE-2022-0543, is written in GO, a trend among hacker groups.
- Assistant Attorney General for the criminal division in the United States Department of Justice Kenneth A. Polite thanked Estonia for its role in the development of cybersecurity capabilities in Europe, stating that the country is at the forefront of combating cybercrime.
- Israel-based startup CyVers has raised an $8M round to improve cybersecurity in the Web3 industry by developing plugin solutions.
- Learn how consumers act, think, and what they expect in this special report covering purchasing habits, social media, and more. Get the free report.*
*This is sponsored content.
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
Security Compass delivers best-practice, role-based, accredited eLearning solutions. | |
| |
