Plus: Microsoft finds macOS security flaw, Apple claims it has patched it
| Part of  Network | |
 |
A 44-year-old man who hacked T-Mobile cellphones has been sentenced to 10 years in prison for causing $25M in damages through his scheme. He was the owner of a T-Mobile retail store in California. More: - Conducting his criminal activity between 2014 and 2019, the 44-year-old led his customers to believe that he was improving the performance of their phones, while in reality, he was blocking and unlocking the devices so that they could be sold on the black market.
- He received T-Mobile employee credentials, which he then used to access T-Mobile systems and call the T-Mobile IT Help Desk to reset the employees' company passwords.
- Together with his business partner, the individual unlocked hundreds of thousands of Android and iOS devices.
- His business partner has pleaded guilty to conspiracy to commit wire fraud, accessing a protected computer with intent to defraud, and conspiracy to commit money laundering.
| |
DraftKings has announced that over 67,000 users have had their data breached due to a cybersecurity attack the company was hit with in November 2022. The threat actor is believed to have used credential stuffing as a threat vector. More: - A threat actor who was selling stolen accounts with deposit balances on an online marketplace is believed to be responsible for the breach. After receiving the stolen accounts, users were led to believe that if they deposited $5 and followed a specific set of instructions, they could withdraw all of the money in these accounts.
- The company claims that the hackers have likely gained access to details such as names, addresses, phone numbers, email addresses, last four digits of the payment card, profile photos, information about prior transactions, account balance, and last date of password change.
- The betting app stated that it does not have any proof that hackers have stolen Social Security numbers, driver's license numbers, or financial account number information.
- DraftKings has refunded up to $300,000 for its customers, claiming that their payment methods are safe to use since the hackers only have seen the last four digits of their credit cards.
| |
Meta has taken down over 200 covert operations on the platform since 2017, according to a report published by the company. The most common location from where the suspicious campaigns were launched was Russia. More: - All of the pages were taken down for violating the company's Coordinated Inauthentic Behavior policy.
- These malicious pages were based in 68 countries and operated in 42 languages.
- Following Russia, Iran and Mexico were the most common countries where the threat actors that ran these pages were based.
- Meta stated that Russian campaigns relied on false articles written by individuals with possible ties to state-backed agencies and groups, while Iranian threat actors mainly targeted political campaigns.
- The U.S. was the most targeted country by operations (34 cases), followed by Ukraine (20) and the U.K. (16).
| |
Microsoft has found a macOS security flaw that could allow hackers to deploy malware by bypassing Gatekeeper restrictions. The flaw is being tracked as Achilles. More: - Gatekeeper is a macOS feature that automatically checks all apps downloaded from the Internet if they are approved by Apple, making users confirm if they want to continue opening.
- Officially tracked as CVE-2022-42821, the bug allows hackers to set restrictive Access Control List permissions for key files that would enable an easy payload and infection chain execution.
- Microsoft added that special macOS features such as Lockdown Mode would not help users protect their devices from this threat because it is meant to detect zero-click remote attacks.
- Apple reportedly fixed the bug in the macOS 13 (Ventura), macOS 12.6.2 (Monterey), and macOS 1.7.2 (Big Sur) updates on Dec. 13.
| |
VMRay has raised a $34M Series B funding round to expand its threat detection solution in new markets. The cybersecurity company is based in Germany. More: - VMRay uses malware sandboxing, a method that utilizes machine learning to detect incoming cybersecurity threats. The company claims that its product comprises 30 different unique technologies, enabling companies to lower their cost in addition to the increased level of safety.
- The company claims it has worked with four of the world's five largest tech companies as well as tens of financial institutions and state agencies.
- Tikehau Capital led the funding round with participation from High-Tech Gründerfonds, Capital, NRW.BANK and Gründerfonds Ruhr.
- The company, founded in 2013, is based in Bochum, Germany.
| |
Quick Hits: - No more waiting weeks to find a therapist. Sign up with BetterHelp and you can get matched with a therapist in less than 48 hours.*
- National Security Agency Cyber Director Rob Joyce has stated that the possibility of the continuation of hacking campaigns by Russia toward the U.S. is very likely, emphasizing the energy sector as a target.
- Glupteba Botnet administrators are still managing to operate on the internet regardless of Google's efforts to shut the campaign down. The botnet, able to steal log-in credentials and mine cryptocurrency, has been active at least since 2019.
- The U.S. National Institute of Standards and Technology will phase out the use of the SHA-1 algorithm in federal agencies by Dec. 31, 2030.
- The Little Rock School District's board has voted 6-3 to pay $250,000 to settle a recent ransomware incident. This vote was leaked accidentally by members of the school board.
*This is sponsored content.
| |
Upcoming events at Inside: - January 07 - AMA with TripActions - Corporate Travel and Expense Management Solutions w/ Ram Bartov (Watch Here)
- January 07 - AMA with Security Compass - Building Secure Compliant Software for the Public Sector w/ Jay Ryan (Watch On Demand)
- January 07 - AMA with Smallstep - Secured Distributed Systems of the Future w/ Mike Malone (Watch On Demand)
- January 07 - AMA with Synthesis AI - Synthetic data for more efficient and ethical model development w/ Yashar Behzadi (Watch On Demand)
- January 07 - AMA with Teamflow - Sales Development Representative Management + Career Development w/ Joshua Garrison (Watch On Demand)
- January 07 - AMA with Gun.io - Building and managing software development teams w/ Deividi Silva (Watch On Demand)
- January 07 - AMA with LinearB - Improving workflow for developers w/ Ori Keren (Watch On Demand)
- January 10 - Inside Startups Coffee Break (Register Here)
- January 17 - Inside Marketing Coffee Break (Register Here)
- January 31 - Growth Summit 2023 (Register Here)
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
| 767 Bryant St. #203, San Francisco, CA 94107
Copyright © 2022 Inside.com | |
| |
