White hat hackers earn $1M in Pwn2Own Vancouver 2023 hackathon / Researchers track new North Korean hacker group / Trojanized Tor installers spreading malware

Plus: Microsoft Defender falsely flagging websites as malicious

Inside.com Part of   Network March 29, 2023

White hat hackers earned over $1M and a Tesla Model 3 in the Pwn2Own Vancouver 2023 hackathon. The event lasted three days. More: The white hat hackers exploited security flaws in systems such as: Tesla, Windows 11, Microsoft Teams, Microsoft SharePoint, macOS, Ubuntu Desktop, VMware Workstation, Oracle VirtualBox, etc. French cybersecurity company Team Synacktiv won the competition, earning $530,000 and the Model 3. They won the latter by exposing a security flaw that could be used to hack Tesla vehicles. The company reportedly managed to breach Tesla in less than two minutes. Vendors are given 90 days to release security fixes for all zero-day vulnerabilities tracked and reported during Pwn2Ow before they are publicly disclosed. Other winners in the competition include STAR Labs Team, which earned $195,000 for finding security flaws in Microsoft SharePoint, VMWare Workstation, and Ubuntu Desktop. Team Viettel won $115,000 for finding flaws in Microsoft Teams and Oracle VirtualBox.

Researchers have tracked a new self-funded North Korean hacker group that uses crypto-jacking to pay for espionage campaigns on behalf of the North Korean regime. The group has been using false monikers to hide its activity. More: The group, tracked as APT43, is a state-backed actor whose activities have sometimes been attributed to actors named Kimsuky and Thallium. The threat actor is believed to be linked to the Reconnaissance General Bureau, North Korea’s main foreign intelligence service.  APT43 is known for its spear-phishing campaigns, supported by social engineering and false email addresses. Researchers claim that its goal is to steal valuable information regarding foreign policy, nuclear security issues, and healthcare.

Trojanized TOR installers are being used to spread malware. The malware is targeting users in Eastern Europe. More: Clipper malware variants are known for being good at evading security by avoiding activation unless the clipboard data meet specific criteria. If the clipboard contains text, this variant scans its contents with a set of embedded regular expressions. If it finds a match, it is replaced with a randomly chosen address. Each sample has thousands of possible replacement addresses. The malware could be disabled by using a hotkey combination. Researchers stated they had recorded roughly 16,000 detections in 52 countries, most of which were in Russia and Ukraine. Other countries where the detections have been tracked are: The U.S., Germany, France, China, the Netherlands, the U.K., Uzbekistan, and Belarus.

Microsoft Defender is falsely flagging websites as malicious links due to an unknown technical issue. The issue was first tracked today. More: The company stated that it is investigating the case, highlighting the fact that legitimate URL links are being incorrectly categorized as malicious links. In addition to this error, users are having problems with their alerts. According to Microsoft, users can still access legitimate URLs despite the false positive alerts. The tech giant stated that it is scanning telemetry to reach a conclusion on what caused the flaw.

Spera has raised a $10M Seed funding round to offer end-to-end attack surface management services. The company is based in Israel. More: The platform creates a real-time, continuously updated, risk and context-based inventory of identities and access across cloud and on-prem environments.  According to the company, current solutions in the market fail at providing businesses with the necessary data needed to help them prevent and recover from cyberattacks. Spera claims that its solution has solved over 75% of its clients' cybersecurity challenges within the first weeks of use. The company aims to use the funding to expand its operations and boost its technology development. YL Ventures led the funding round.

Quick Hits: Wander launches the first Vacation Rental REIT. Enjoy targeted 8% annual dividend and 14% total return by owning a part of this incredible portfolio.* The Clop ransomware gang is reportedly exploiting a security flaw tracked as CVE-2023-0669. If exploited successfully, the flaw could lead to Remote Code Execution. Hackers used spyware made by Spanish company Variston to target users in the UAE, according to Google. An unknown Chinese state-sponsored hacking group has been linked to a malware variant that targets Linux servers. Attacks against APIs have increased by 400% in the last six months, according to reports. Sign up for Lemonade and have your claim paid faster than it took you to read this ad. No joke.* *This is sponsored content.

Upcoming events at Inside: March 30 - A panel on how CTOs balance and prioritize NFRs into their roadmaps (Register Here) * March 30 - Paid Media Framework: A Proven System for Successful Ad Campaigns w/ Devin Littlefield (Market Vantage) (Register Here) March 30 - Inside.com Book Club - The Creative Act by Rick Rubin (Register Here) April 13 - Inside Interview with Lacework - The Evolution of Cloud Security w/ Ulfar Erlingsson (Watch On Demand) April 14 - Inside Interview with Landing - The Ultimate Corporate Housing Resource with Torger Philosophos (Register Here) April 18 - Human Resources Summit'23 (Register Here) *This is a sponsored listing.

Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. Editor Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords.

767 Bryant St. #203, San Francisco, CA 94107 Copyright © 2023 Inside.com

Did someone forward this email to you? Head over to inside.com to get your very own free subscription! You received this email because you subscribed to Inside Security. Click here to unsubscribe from Inside Security list or manage your subscriptions.