Plus: Cinder raises $14M funding round from Intel and Y-Combinator to help organizations fight misinformation
| Part of  Network | |
 Presented by  |
Scammers are promoting a fake Elon Musk crypto giveaway campaign on Twitter. The scammers promise to donate 5,000 BTC to users who answer a quiz. More: - The hackers are creating a Twitter list that includes people who have recently followed Elon Musk.
- These users are then led to believe that Elon Musk is giving away 5,000 Bitcoin to a random 1,000 followers.
- Victims are sent a link that directs them to a website named "freedomgiveaway [.] net," which contains a fake quiz about Elon Musk and his companies.
- The visitors are promised that once they answer the questions correctly, they will be automatically eligible for the giveaway, but are told they've won regardless of the accuracy of these answers.
- Once the visitors are told that they won the random giveaway, the website shows a BTC address where the targets should send 0.2-1 BTC as a deposit fee.
- After receiving the cryptocurrency, the hackers close the pop-up page and ignore the target.
- Researchers have not identified the threat actor responsible for this campaign yet.
Zoom Out: - This is not the first time that scammers have used the image of Elon Musk as a way of attracting more visitors to their malicious websites.
- In early 2022, videos from an online conversation between Elon Musk, Jack Dorsey, and Ark Invest CEO Cathie Wood were edited with voiceovers that made it sound as if Musk was selling an investment scheme.
- It was reported that the hackers behind this campaign managed to earn over $1M.
- One of the most infamous cryptocurrency cases also happened in 2022, when North Korea-backed hackers managed to steal over $600M from the token-based game Axie Infinity. Authorities only managed to retrieve a small part of the total amount.
| |
Security researchers have managed to hack a Samsung Galaxy S22 smartphone in 55 seconds during a pen-test competition known as the Pwn2Own Toronto 2022 contest. The researchers won $25,000 for the feat. More: - During the length of the tournament, the Samsung Galaxy S22 was hacked four times. The STAR Labs team was the first to successfully exploit a zero-day on Samsung's flagship device by executing their improper input validation attack on their third attempt, earning $50,000.
- The second team to achieve the feat was Chim, which earned $25,000 and five Master of Pwn points.
- A team named NCC Group EDG received the biggest award of the three-day tournament for successfully executing a two-exploit attack against the Ubiquiti and the Lexmark printer. The team earned $50,000 and 10 Master of Pwn points.
- Contestants also demoed exploits targeting zero-day flaws in routers, smart speakers, printers, and Network Attached Storage (NAS) devices from Cisco, NETGEAR, Canon, Ubiquiti, Sonos, Lexmark, Synology, and Western Digital.
- In total, there was $934,750 awarded to multiple teams for finding 60 unique zero-day flaws during the tournament.
| |
 A message from SECURITY COMPASS So how can security teams influence developers to focus on security issues without getting in their way? We had an incredible discussion with a panel of security experts from Tricentis, Reddit, and the Royal Bank of Canada on how we can all improve application security training. By watching this webinar you will learn: -
How to influence developers to secure code rather than pushing mandates around AppSec practices. -
What developers want from application security training -
Practical advice on leveling up developer security awareness & improving secure coding skills -
How to sustain developer training (with so many changing jobs) Start watching on-demand here
| |
Iranian hackers are using GitHub to breach their targets with a new malware named Drokbk. The threat actor is a subgroup of Nemesis Kitten. More: - Nemesis Kitten is also tracked by security as TunnelVision, Cobalt Mirage, and UNC2448. It is a subgroup of the Phosphorus hacker group. The latter is tracked as DEV-0270.
- Drokbk is written in the .NET programming language.
- The hacker group is deploying the malware post-exploitation as a form of establishing persistence.
- This malware primarily executes additional commands or code from the command and control (C2) server.
- Because its traffic is encrypted and it is a renowned platform in the development community, the hacker group is using GitHub to drop its payload.
- This threat actor has been known to use similar methods to another infamous threat actor named APT42.
| |
Cinder has raised a $14M funding round from Intel and Y-Combinator to help organizations fight misinformation. The company's founding team claims it helped Meta create its misinformation and risk-tracking tools. More: - The company aims to serve as a centralized source of trust for companies that want to tackle the issue of misinformation but don't necessarily have the tools to do so.
- Its platform offers services such as trust and safety operations management, case and investigation management, moderation and reviews, and risk monitoring and compliance.
- Clients that use the platform will have the chance to set their own limits in terms of what is allowed and what is not on their platform while also having access to a suite of tools that give them specific data around key user info such as emails, usernames, texts, logins, etc.
- The company has a presence in New York, Austin, and Washington, D.C.
| |
Charleston-based Interpres Security raised an $8.5M Seed round to provide tailored threat detection technology. Ten Eleven Ventures led the funding round. More: - Interpres Security currently integrates a framework called MITRE ATT&CK. This framework is able to calculate a company's most vulnerable points and highlight the threat actors that are most likely to target those points based on the tools they use and the frequency they use them.
- It then recommends mitigations, telemetry collection strategies, and detection logic to help cover those blind spots, enabling the company to detect and mitigate cyberattacks that could cause long-term damage to the business.
- The company believes that its technology provides small and medium-sized businesses access to the same cybersecurity analytics tools that large companies do, enabling them to offer better security to their users.
| |
Quick Hits: - Taking care of yourself matters, and BetterHelp connects you to a therapist within 48 hours without having to leave home. Get 25% off your first month.*
- Former Michigan Gov. Rick Snyder announced that he has launched a cybersecurity company named SensCy. The company will provide products and services exclusively for small and medium-sized businesses.
- According to a new report, the number of supply chain cyberattacks rose in 2022, following the trend of the previous two years.
- The U.K. government has published a code of conduct that will become integrated with current laws in the country. The code will require apps to work even if users turn off location tracking, etc.
- Researchers from Cornell University are using malware planted on a specific machine to generate electromagnetic radiation in the 0-60 kHz frequency band that's picked up by a receiving device in close physical proximity. The method allows the researchers to breach air-gapped computers.
*This is sponsored content.
| |
Upcoming events at Inside:
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
Security Compass delivers best-practice, role-based, accredited eLearning solutions. | |
| 767 Bryant St. #203, San Francisco, CA 94107
Copyright © 2022 Inside.com | |
| |
