 Microsoft has reported that hackers are targeting accountants to steal financial information given on Tax Day from millions of U.S. citizens. The most common threat vector being used is phishing. More: - This phishing campaign's infection chain initiates with emails that aim to convince accountants that they are clients who are sending mandatory tax documents.
- These emails contain links that evade detection and lead the victim to a file-hosting site that downloads a ZIP archive.
- This ZIP archive contains files pretending to be PDF files for various tax forms but are actually Windows shortcuts.
- When double-clicked, these Windows shortcuts execute PowerShell scripts and download a decoy PDF file that is opened on Microsoft Edge to avoid arousing suspicion by the targeted person.
- Microsoft says that these VBS files download and execute the GuLoader malware, which then installs the Remcos remote access trojan.
| |
Users in multiple countries were reportedly infected by the infamous Pegasus spyware in the last six months. NSO Group, the company behind Pegasus, has been highly controversial in recent years. More: - A report from security researchers tracked at least two cases of victims that were hit by Pegasus in recent months.
- One case includes an infected iPhone 12 Pro Max that belonged to a Middle East-based human rights activist.
- Cybersecurity forensic teams found traces of a process called "libtouchregd," which is known to be tied to the Pegasus spyware.
- Further analysis of the device showed signs that the iPhone 12 Pro Max had been tampered with, triggering the company to warn the individual.
- The second device analyzed by the team was an Apple 6s, belonging to a journalist in Europe working for a global news agency.
Zoom Out: - This report comes a year after Spanish government regulators started investigating claims that the authorities used Pegasus to snoop on separatist politicians from the Catalonia region.
- The spyware was reportedly also used to spy on high-ranking officials in the European Union, among others.
| |
 A message from DOIT Take your Google Cloud knowledge to the next level with the Google Cloud Cookbook. Master building on Google Cloud with real-world examples and code snippets. Whether you’re looking for practical ways to apply microservices, AI, analytics, security, or networking solutions, this cookbook helps you level up your cloud computing, regardless of your experience level. In this book, you will: - Gain hands-on experience using practical examples and labs
- Explore topics that include BigQuery, Cloud Run, and Kubernetes
- Build and run mobile and web applications on Google Cloud
- Examine ways to build your cloud applications for scale
- Build a minimum viable product (MVP) app to use in production
- Learn data platform and pipeline skills
This book is offered compliments of DoiT, your partner to provide technology and cloud expertise to reduce cloud costs and boost engineer productivity. Download Now
| |
Researchers have tracked a hacking campaign that is spreading the Aurora malware through YouTube videos. The malware is an information stealer written in the GO programming language. More: - Clicking the links in these YouTube video descriptions redirects the victim to false websites.
- The malware is designed to query the vendor ID of the graphics card installed on a system and compare it against a set of listed vendors, such as :
- If the value doesn't match, the loader terminates itself.
- The loader ultimately decrypts the final payload and injects it into a legitimate process called "sihost.exe" using a technique called process hollowing.
- The threat actors behind the campaign, tracked as in2al5d p3in4er, are using social hacking to continue redirecting new waves of users onto the false websites.
| |
Hackers have leaked stolen Social Security numbers and bank accounts from CommScope. The Vice Society ransomware group is considered the threat actor behind the campaign. More: - CommScope is a network infrastructure company that operates in four main sectors:
- home networks,
- broadband networks,
- venue and campus Networks,
- and outdoor wireless networks.
- CommScope designs and manufactures network infrastructure products for hospitals, schools, U.S. federal agencies, etc.
- The leaked data contains the personal data of thousands of CommScope employees, including details such as:
- full names,
- postal addresses,
- email addresses,
- personal numbers,
- Social Security numbers,
- and bank account information.
- CommScope has not commented on the threat actor responsible for the cyberattack or the threat vector used by that actor.
- Researchers, however, claim that the Vice Society ransomware group is responsible for this cyber attack.
- While the scale of this breach is not known yet, CommScope employs more than 30,000 people worldwide, meaning that more than 30,000 datasets could potentially be at risk.
- The company is based in North Carolina.
| |
 A message from MONOGRAM The $19.4B joint replacement market may be entering a new era, and this company is hoping to lead the way. It is estimated that up to 50% of joint replacements will be robotic by 2030 and Monogram is aiming to have the first active navigated robotic arm on the market. And you can invest in the company ahead of their planned Nasdaq listing. With 100,000 failed joint replacement surgeries every year, we believe that this market has been due for a realignment. Surgeons have been forced to rely on the same technology, like hand saws and generic-sized joint implants for the last 40 years. Monogram’s surgical robots and 3D-printed joint components are hoping to up the ante when it comes to personalization and precision. They’ve already demonstrated how their surgical system works on cadavers in front of 5,000+ live viewers, they have 20 patents filed, and 17,000+ people have previously invested. Join Monogram ahead of their intended NASDAQ listing. Invest Now
| |
WhatsApp, Signal, and other messaging apps have released a joint letter criticizing the U.K. government's proposed Online Safety Bill. The companies claim that this proposed bill would risk citizens' privacy rights. More: - While the U.K. government claims that the legislation aims to tackle online abuse, the companies have stated their concern that if this bill is approved, fundamental digital privacy rights would be threatened.
- According to the letter, having the ability to read personal messages would be government overreach, essentially making end-to-end encryption useless.
- Signal and WhatsApp even threatened to withdraw from the U.K. if this bill is implemented.
- The letter was signed by representatives from the following companies:
- WhatsApp,
- Signal,
- Viber,
- Threema,
- Element, etc.
- WhatsApp is currently banned in China, North Korea, Syria, Qatar, and the UAE.
- In China, the app is blocked because Meta did not give the Chinese government permission to access conversations.
| |
Quick Hits: - Say goodbye to silos. With Miro, teams can sync, flow, and feel the connection of working side by side, even in remote and hybrid work environments.*
- Oblivious (Ireland), which aims to help data scientists protect their sensitive data, raised a $5.8M Seed round led by Cavalry Ventures with participation from Act VC, Atlantic Bridge, Firestreak Ventures, Expeditions Fund, and Hustle Fund.
- Researchers have reported on a new tool being used by Iran-based hackers.
- The FIN7 cybercrime group is believed to be behind a new malware variant tracked as Domino.
- Security researchers have discovered a new malware campaign that can steal GPS data, a list of downloaded apps, Bluetooth connection history, etc.
- Sales pros worldwide say sales ops are key to productivity. Download the new "Trends in Sales Ops" report to learn more.*
*This is sponsored content.
| |
Upcoming events at Inside: - April 18 - Human Resources Summit'23 (Watch Now)
- April 18 - Inside Interview with TravelBank: Why Employee Happiness Is Falling More Into The Financial Sector * (Watch On Demand)
- April 26 - The world's largest gathering that brings together all sides of the cryptocurrency, blockchain and Web3 community (Register Here) *
- April 27 - Inside.com Book Club - REWORK by 37signals (Register Here)
- May 02 - Inside Startups Coffee Break (Register Here)
*This is a sponsored listing.
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
| |
Surgery won’t look the same in 10 years – invest in Monogram, the robots pioneering more precise procedures. | |
