Plus: Fitbit to require Google accounts for logins
| Part of  Network | |
 Presented by  |
Hackers are targeting potential victims with malware that tracks mousepad movement. This hacking campaign is believed to be deployed by the Russian hacker group APT28. More: - Through this hacking campaign, APT28, a group that is also tracked as Fancy Bear, is deploying the Graphite malware.
- The hacker group sends its victims a PPT file that is infected with a PowerShell script.
- This script is activated and downloads a malicious JPEG file that is saved in C:\. Graphite malware is able to override Microsoft Graph API and OneDrive, enabling the threat actor to gain remote access control.
- Graphite is known for leaving hackers enough space to deploy more variants due to the fact that they control the O2 authentication token.
Zoom Out: - Security researchers have claimed that Fancy Bear is state-backed.
- The group has targeted numerous foreign actors lately, including a NATO think tank in Germany.
| |
Apps that contain Adware on Google Play and Apple Store have been installed over 13 million times. Researchers have tracked over 85 infected apps. More: - This hacking campaign is being seen as a continuation of Poseidon, a previous adware campaign that was tracked in 2019.
- The list of infected iOS apps includes:
- Loot the Castle
- Run Bridge
- Shining Gun
- Racing Legend
- Rope Runner
- The hackers use WebView as a tool to load the apps in the background. These fake apps are manipulated in real-time, and threat actors often change their design in order to avoid suspicion.
- Threat actors have programmed specific patches that trick advertisers into believing the apps are generating a lot of interest and ad clicks. These apps send ad click reports even when a user's phone is turned off.
- There were 75 infected apps in Google's Play Store, while there were 10 adware apps in the App Store.
- Researchers claim that they've notified both Apple and Samsung regarding these findings and that the apps have been removed.
| |
 A message from SECURITY COMPASS Discover an automated, scalable, developer-centric approach to threat modeling. So what differentiates a developer-centric threat modeling platform from more traditional threat modeling tools? A holistic developer-centric threat modeling platform offers a solution that covers the entire process—from analysis to implementation to measurement and reporting. It will help you release secure software faster by: - Automatically generating threat modeling diagrams
- Identifying required threat countermeasures and security controls
- Engaging key stakeholders (especially developers)
- Ensuring developers implement the required controls
- Measuring the effectiveness of the program
- Maintaining audit trails and data
- Understanding a change in risk profile
Read Developer Centric Software Threat Modeling Powered by Automation, a comprehensive guide on why developer-centric threat modeling is critical for your business. Get the guide
| |
Two U.S. citizens have pleaded guilty to $30M Forex fraud charges. The fraudulent scheme occurred over 10 years ago. More: - The two men, both in their 40s, created a fake company under which they conducted fraudulent Forex trading. The duo would promise people big returns if they trusted them with their money. The scammers then went on to purposefully lose large amounts of money and convince the victims that there was nothing they could do to recover the funds.
- According to a statement released by the Department of Justice, the two men stole over $30M and tried to hide the money through different shell companies.
- If found guilty, they face up to five years in prison each.
- Besides the two U.S. citizens, two Dutch citizens were also involved in the scheme.
Zoom Out: - According to an FBI report, hackers stole over $1.5B in 2021 via investment fraud. The agency claims that over $18B has been lost in the last five years as a result of this hacking method.
| |
Fitbit will require users to use Google to log in, starting from 2023. The step will become mandatory due to security reasons, according to the company. More: - The company stated that it will provide a way for current users to transfer their data into new Fitbit devices safely.
- Old Fitbit accounts will be supported until 2025. Fitbit stated that it would help its customers transition to Google accounts if they need help through email and other communication tools.
- Google acquired Fitbit in 2021 for $2.1B, a transaction that was under the scrutiny of the Justice Department.
| |
 A message from QUANTUM Save Your Data Before It Needs Saving - Air-Gapped Protection: Reliable and Cost-Effective Paying a ransom may sound like the best case scenario: get your data back, make your customers feel worth it. But actually, it can affect your business in other ways and may, in some cases, be illegal. Make sure your systems are protected across the entire data lifecycle - and never pay a ransom again. You’re able to balance cost while maximizing efficiency. No one can stop ransomware or fully prevent it from taking place - but you can make sure you’re protecting your customers and your data by ensuring that there is a fully air-gapped solution. Request A Demo
| |
Allurity has acquired Aiuken cybersecurity for an undisclosed amount. The latter is based in Madrid, Spain. More: - Aiuken provides cybersecurity services for telecommunication companies.
- The company provides a SaaS platform to prevent, intercept, and analyze security threats.
- The startup claims to have over 300 clients and offices in Spain, Morocco, Saudi Arabia, UAE, Chile, Côte d’Ivoire, and Puerto Rico.
- Allurity is based in Stockholm, Sweden.
| |
Quick Hits: - Own 100% of a single-family investment property entirely online with Doorvest.*
- NVIDIA has released a statement regarding performance issues gamers have had with their NVIDIA GPUs. According to the company, the problem, which was caused by a Windows update, can be patched in the latest 3.26 GeForce Beta version.
- Researchers believe they have tracked at least three hacktivist groups that are supporting Russia in the cyberwar against Ukraine. The three groups are allegedly coordinating their efforts with the Russian GRU.
- BlackCat Ranswomare, the successor of BlackMatter, has resurfaced. The malware has been tracked by researchers due to increased activity by the BlackCat Ransomware crew.
- Researchers have tracked the development of a password-stealing malware named Erbium. The malware was being sold on internet forums a few weeks ago.
*This is sponsored content.
| |
Upcoming events at Inside: - September 28 - AMA with Leigh-Ann Buchanan (Founder of aīre ventures) (Register Here)
- October 04 - Webinar: Shrink the Attack Surface (Register Here) *
- October 05 - AMA with Ram Bartov (Chief Accounting Officer at TripActions)* (Register Here)
- October 11 - AMA with Mike Malone (Smallstep)* (Register Here)
- October 19 - AMA with Zecca Lehn (Responsibly VC) (Register Here)
- October 25 - Meet Our Fund 4, an Inside.com Summit (Register Here)
- November 02 - AMA with Bill Glenn (Executive Chairman at Crenshaw Associates) (Register Here)
*This is a sponsored listing.
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
Security Compass is on a mission to accelerate software time-to-market while managing risk. | |
With Quantum, we shift the focus from accumulating data to making it work for you. | |
| 767 Bryant St. #203, San Francisco, CA 94107
Copyright © 2022 Inside.com | |
| |
