Plus, Samsung and Google patch an Android 13 flaw that did not allow users to access Microsoft Intune
| Part of  Network | |
 |
A global counter-ransomware team will be launched in January 2023, with Australia set to lead the group. The announcement was made by White House staff. More: - The official launch will be announced by Clare O'Neil, Australia's cybersecurity minister.
- According to White House representatives, Australia has been chosen to lead the task force due to its experience with ransomware attacks in recent times. The country has been hit by numerous hacking campaigns which have managed to cause significant damage, especially to its healthcare sector.
- The task force will be part of the Counter Ransomware Initiative, a partnership that includes 36 countries and the European Union.
Zoom Out: - Medibank, one of the largest health insurers in Australia, was breached earlier in 2022. The company claims that Russia-backed hackers stole nearly 10 million users' data.
| |
Defrost Finance stated that its stolen funds had been returned by hackers. The company had previously claimed that it would be willing to give the hacker 20% of the stolen funds if they gave back the rest. More: - Defrost Finance is a DeFi protocol that enables users to participate in leveraged trading or earn leveraged yields.
- Yesterday, the Web3 company stated that it had been hacked by unknown threat actors. The hackers are reported to have stolen $12M worth of tokens at the time.
- The company tweeted that it would be willing to negotiate with them and let them have 20% of the stolen funds.
- Defrost has stated that it will soon start scanning the data on-chain to calculate how much needs to be returned to each platform user affected by the breach.
- The company has not made any claims regarding the hacker's identity.
| |
The administrators of GuLoader Malware are using new methods to avoid being detected, according to researchers. The new method involves a three-step process that deploys the payload in the end. More: - GuLoader is a malware downloader that uses a polymorphic shellcode loader to disrupt its targeted security system.
- GuLoader was first tracked in 2019, initially being used to distribute remote access trojans, distributed via spam email campaigns containing archived attachments.
- Recent variants include an updated delivery mechanism where the payload is delivered using a VBS file and deploying advanced anti-analysis techniques such as anti-debug, anti-sandbox, anti-VM, etc.
- The method is separated into three stages:
- The first stage includes a VBS file that deploys a payload into a registry key. It then uses a PowerShell script to execute the payload from the registry key within memory.
- The second stage payload performs all anti-analysis routines, creates a Windows process, and injects shellcode.
- The third stage reimplements all the anti-analysis techniques, downloads the final payload from a remote server, and executes it on the victim’s machine.
| |
Samsung and Google have patched an Android 13 flaw that did not allow users to access Microsoft Intune. The flaw affected Samsung S21 and S22 smartphones. More: - Microsoft Intune is a cloud-based service that helps enterprise admins manage Windows, Android, macOS, iOS, and iPadOS apps and devices.
- Samsung claims that it is aware that the error affects S21 and S22 smartphones but added that the flaw might also be active in other devices.
- The company stated that users need to reboot the device before enrollment to fix the issue.
- If the issue reappears after a device restart, users should manually install the Android Device Policy app, reboot, and restart the enrollment process.
| |
PrivateLoader PPI is being used to spread new malware tracked as RisePro. The latter is known as information steal malware that may originate from Russian hacker groups. More: - RisePro is an information-stealing malware that began appearing in industry reports and on the illegal dark web 'Russian Market' on Dec. 13, 2022.
- RisePro may have been dropped or downloaded by the pay-per-install malware downloader service PrivateLoader in the past year.
- The malware is written in C++, but researchers believe that parts of the malware are a clone of the Vidar stealer malware.
- It can steal data such as cookies, passwords, credit cards, crypto wallets, and other targeted files that may be of special interest.
- Its use is being offered for sale on Telegram, with the malware's creator launching a Telegram channel that enables criminal actors to interact with infected systems by connecting a bot ID with a remote server-enabled access point.
| |
Quick Hits: - Jamf Now is helping businesses set up and secure Apple devices with no IT experience necessary. Manage up to 3 devices for free.*
- Hackers are believed to have stolen $8M worth of crypto from cryptocurrency wallet company BitKeep.
- A North Korea-based hacker group known as APT has stolen around 1000 NFTs and 300 ETH in a recent phishing hacking campaign that may have been deployed in cooperation with European hackers.
- BTC.com announced that earlier in December, it was the victim of a cyberattack. As a result, the company lost $2.3M worth of cryptocurrency, stolen by threat actors that are unknown at this point.
- Real estate has outperformed the S&P500 (20+ years). Arrived, a Bezos-backed company, finally lets everyone take advantage of it.*
*This is sponsored content.
| |
Upcoming events at Inside: - January 05 - AMA with Gun.io - Building and managing software development teams w/ Deividi Silva (Watch On Demand)
- January 06 - AMA with LinearB - Improving workflow for developers w/ Ori Keren (Watch On Demand)
- January 10 - Inside Startups Coffee Break (Register Here)
- January 17 - Inside Marketing Coffee Break (Register Here)
- January 31 - Growth Summit 2023 (Register Here)
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Vibha Chapparike is a Freelance Writer & Editor at Inside.com. With her post-graduation in Management and Finance completed, Vibha is expanding her knowledge in venture capital, business, startups, and technology. She has had a career in public relations and communications. An ardent reader and writer currently residing in Singapore, you can follow Vibha on Twitter @VChapparike. | |
| 767 Bryant St. #203, San Francisco, CA 94107
Copyright © 2022 Inside.com | |
| |
