A U.S. citizen residing in Ohio has been sentenced to four years in jail for stealing and laundering $21M worth of Bitcoin. Gary James Harmon had collaborated with his sibling to commit the crime. More: - Harmon conducted a phishing campaign to obtain the login credentials of people who owned Bitcoin and other cryptocurrencies.
- The phishing campaign targeted a number of major companies as well as individual users of cryptocurrency exchanges.
- Harmon also sold stolen data on the dark web and used the proceeds to allegedly fund a lavish lifestyle.
- His sibling, Larry Dean Harmon, was arrested in February 2020 for operating a dark web cryptocurrency mixer known as Helix. The mixer was used by the two brothers to launder the stolen funds.
- The two brothers laundered around 350,000 stolen Bitcoin, currently worth around $10.3B.
| |
 Researchers have tracked a group of Minecraft clones available on the Google Play Store that have been downloaded more than 35 million times. Some apps have over 10 million downloads. - Researchers from McAfee have stated that these apps were uploaded to Google Play under various titles and package names.
- The clones, which imitate the gameplay and graphics of Minecraft, contain malicious code that displays intrusive ads and can steal users' personal data.
- The findings were reported to Google earlier this year.
- Google has since removed the offending apps from the Play Store, but it's unclear how long they were available for download.
Zoom Out: - Due to their popularity, games are a consistent target for hackers who try to steal troves of valuable data from companies.
- In 2016, Pokémon Go was targeted by hackers who created a malicious version of the game that was distributed to third-party app stores. The fake app contained malware that could steal users' personal data and install additional malicious software on their devices.
- In 2018, researchers found a serious vulnerability in Fortnite that allowed hackers to take control of players' accounts and make fraudulent purchases using their stored payment information.
- In 2021, a group of hackers targeted EA Sports, the developer of the popular soccer game FIFA, and stole the source code for the game's engine and related tools. The hackers claimed to have stolen more than 780 GB of data.
| |
 A message from UPWAY Upway, the #1 certified e-bike provider, delivers electric mobility at an affordable price. Upway believes there is an e-bike for everyone. Wherever you need to go, Upway can offer you a sustainable and stylish way to get there. They source from the top bike brands worldwide, giving customers access to top-tier American brands such as Specialized, Cannondale, and Rad Power, and European brands such as Riese & Müller or VanMoof. Whether the bike is brand new or pre-owned, it will always be up to 60% off retail. Upway ships anywhere in the continental US and you can expect your bike fully assembled and delivered to your doorstep in 2-5 business days. At Upway, every e-bike is certified and given a one-year warranty by our team of master mechanics. Explore their huge selection of bikes on their website. Use code INSIDE for $200 off your next purchase of 500+. Find your perfect e-bike
| |
Hackers have reportedly breached AT&T's digital infrastructure, stealing $20M worth of cryptocurrency. The responsible threat actor has yet to be tracked. More: - The attackers were reportedly able to gain access to AT&T's systems by exploiting a vulnerability in the company's customer service portal.
- The hackers targeted high-net-worth cryptocurrency investors, using SIM-swapping attacks to take over their accounts and transfer their funds to their own wallets.
- AT&T has categorically denied that it has been hacked, but reports claim that the company is aware of the incident.
Zoom Out: - SIM-swapping attacks have become increasingly common in recent years, with hackers using social engineering tactics to trick telecom companies into transferring control of a victim's phone number to a SIM card under their control.
- In 2019, a 20-year-old college student was arrested for using SIM-swapping attacks to steal over $5M in cryptocurrency from 40 victims.
- In 2021, a California man was arrested for allegedly stealing over $100,000 in cryptocurrency using SIM-swapping attacks. He targeted high-profile individuals.
| |
Google banned 173,000 developers in 2022 for breaking its Play Store rules. The company claims that it prevented over $2B in fraud damages by doing so. More: - The company claims that the developers were banned for policy violations, such as creating malicious software and promoting scams.
- Google says it used a combination of automated and human review processes to detect these policy violations.
- In addition to the bad accounts, the company also removed over 3.1 billion bad ads in 2020.
- Google encouraged users to report any suspicious activity on its platform to help maintain the platform's security.
Zoom Out: - Google's platforms have consistently been targeted by hackers. In 2009, a group of hackers believed to be associated with the Chinese government targeted Google and several other companies in a series of cyberattacks. The attack, named Operation Aurora, compromised Google's systems and stole intellectual property and sensitive data.
- In 2016, researchers discovered four vulnerabilities in Android devices that could be exploited by attackers to gain root access to a device.
- In 2017, a widespread phishing attack targeted Google Docs users, allowing hackers to access users' Gmail accounts and other Google services. The attack affected thousands of users before it was shut down by Google.
- In 2018, Google announced that a security vulnerability in its Google+ social network had exposed the personal data of up to 500,000 users.
| |
A new malware called Atomic Stealer has been found targeting MacOS users. The malware, sold on Telegram, can steal passwords and credit card data. More: - Atomic Stealer is distributed through phishing emails that contain a malicious attachment hidden in a .zip file.
- Once the attachment is opened, the malware is installed on the victim's computer.
- The malware is capable of stealing data from a wide range of applications, such as:
- web browsers,
- email clients,
- messaging apps,
- and cryptocurrency wallets.
- Atomic Stealer evades detection by encrypting its communication with command-and-control servers and using anti-analysis techniques.
- Users have been recommended to update their software and avoid clicking on suspicious links.
Zoom Out: - Apple has been breached several times in the past by numerous threat actors.
- In 2017, a group of hackers calling tracked as the Turkish Crime Family claimed to have access to 250 million iCloud accounts and threatened to wipe them if Apple did not pay a ransom.
- In 2018, a teenager in Australia hacked Apple's computer systems and accessed sensitive customer data, including login credentials and authorized keys.
- In 2021, REvil attacked a supplier of Apple's laptops, Quanta Computer, and stole blueprints for several new MacBook designs.
| |
Researchers have found a high-risk security flaw that enables hackers to breach thousands of Apache Superset servers. The flaw could lead to remote code execution. More: - The vulnerability, tracked as CVE-2023-27524, allows an attacker to execute arbitrary code on a vulnerable server by sending a specially crafted HTTP request.
- Hackers took advantage of the fact that Apache Superset used a default Flask Secret Key to sign authentication session cookies by falsely creating session cookies and convincing the system to provide them with admin access.
- The vulnerability affects Apache Superset versions 0.38.0 and lower and has been rated as critical by the National Vulnerability Database.
- The flaw was discovered by researchers on Oct. 11, 2021, and reported to the Apache Security team immediately.
| |
Quick Hits: - This app makes it easy (and fun) to level up fast in math, data, and CS. Try it free for 30 days + get 20% off an annual premium subscription.*
- Bits Technologies, a Sweden-based company that helps companies avoid fraud by providing multiple data sources, has raised $4.3M in a Seed round led by Unusual Ventures with participation from Fin Capital, Cherry Ventures, and Alliance Ventures.
- Accenture and Google have announced a partnership that will see the two companies collaborate on improving their cybersecurity capabilities.
- Hackers are reportedly targeting the Facebook account of Israeli PM Benjamin Netanyahu.
- Unleash Google Cloud's full potential! Learn with step-by-step recipes in the GCP Cookbook. Download your copy now.*
*This is sponsored content.
| |
Upcoming events at Inside:
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
| |
