 The U.S. military has intercepted a cyberattack launched by Iranian hackers. The cyberattack targeted a website that showed preliminary results in the 2020 presidential elections. More: - According to U.S. authorities, the cyberattack couldn't have affected the 2020 U.S. election results but could have manipulated the website so that it would look like the results had been tampered with.
- Cyber Command, the military's cybersecurity unit, tracked the Iranian hacking campaign during its activity in a cyber mission.
- Upon launching the mission, the U.S. Army was able to track suspicious activity on a U.S. municipality website.
- The U.S. military then executed a cyber operation to kick the Iranians off that network so that they wouldn't be able to use their access in future elections.
- The affected U.S. city network has not been named.
Zoom Out: - Iranian hackers have consistently targeted both public and private U.S. organizations. In 2022, government-backed Iranian threat actors breached a federal agency that failed to patch against Log4Shell.
- In late 2022, the U.S. DOJ indicted three Iranian individuals for launching cyberattacks against the U.S.
| |
The U.K.'s National Crime Agency has reached a deal with Instagram, TikTok, Twitter, Facebook, and YouTube to disrupt human smuggling networks. The agency called the event a landmark agreement. More: - According to the NCA, the agency has provided the social media platforms with data that has helped them remove and suspend over 3,300 posts, pages, or accounts tied with smuggling organizations.
- The NCA claims that it is currently conducting over 90 investigations into high-ranking members of several smuggling organizations.
- This number is the largest in the organization's history, according to reports.
- In addition to this deal, Immigration Minister Robert Jenrick has stated that the British government is set to implement a new Illegal Migration Bill that would give immigration officers the power to seize electronic devices from people who come to the U.K. illegally. According to Jenrick, this would help authorities track smugglers.
- The bill has been criticized by the United Nations refugee agency, which claimed that the bill would prevent people who need to seek asylum from getting help, and would ultimately only increase the number of people who try to get into the country.
| |
 A message from UPWAY Upway, the #1 certified e-bike provider, delivers electric mobility at an affordable price. Upway believes there is an e-bike for everyone. Wherever you need to go, Upway can offer you a sustainable and stylish way to get there. They source from the top bike brands worldwide, giving customers access to top-tier American brands such as Specialized, Cannondale, and Rad Power, and European brands such as Riese & Müller or VanMoof. Whether the bike is brand new or pre-owned, it will always be up to 60% off retail. Upway ships anywhere in the continental US and you can expect your bike fully assembled and delivered to your doorstep in 2-5 business days. At Upway, every e-bike is certified and given a one-year warranty by our team of master mechanics. Explore their huge selection of bikes on their website. Use code INSIDE for $200 off your next purchase of 500+. Find your perfect e-bike
| |
North Korean hackers with ties to the Lazarus group are believed to be behind a new hacking campaign targeting Apple devices. The threat actor is deploying malware tracked as RustBucket. More: - The macOS malware is presented as a PDF viewer but is an AppleScript file that can retrieve a second-stage payload from a remote server.
- Apple claims that the threat actor responsible for this campaign is BlueNoroff, a subgroup of Lazarus, also known as APT28, Nickel Gladstone, Sapphire Sleet, Stardust Chollima, and TA444.
- The malware is written in Objective-C, which was previously the main language used to develop apps for the Apple ecosystem.
Zoom Out: - BlueNoroff is known for its sophisticated cyber-enabled heists targeting the SWIFT system and cryptocurrency exchanges.
- Earlier this year, the FBI implicated the threat actor for stealing over $100M worth of cryptocurrency assets from Harmony Horizon Bridge in June 2022. The cyberattack is considered one of the largest in the history of the cryptocurrency industry.
| |
Iranian hackers linked with the Phosphorus hacker group are targeting Israel with a phishing backdoor campaign. The backdoor can steal data, take screenshots, record audio, and log keystrokes. More: - The campaign uses ISO images as a way of initiating the infection chain.
- The infection chain continues by having the victims click on the Iraq-themed pictures.
- After the victims do so, the loader launches the PowerLess implant.
- The ISO file contains text written in Arabic, English, and Hebrew and redirects users to academic content about Iraq from a legitimate NGO called the Arab Science and Technology Foundation.
- The infection chain is then completed by executing a PowerShell script that downloads two files from a remote server and runs them.
- Hackers are implementing an additional layer of 13 customized TEA32-BASED string-decryption functions to make decryption more difficult.
- Researchers are claiming that this new variant of the backdoor has better loading mechanisms and adopting techniques than its predecessor.
| |
 A message from BRILLIANT The best way to learn CS and programming? Do it.
Interactive learning has been proven to be 6x more effective than watching lecture videos. That’s why over 10 million people love Brilliant. They get you hands-on with cutting-edge topics so that you can skill up in minutes a day. More: - Brilliant helps you master the concepts behind AI, data science, and more in minutes a day.
- Brilliant helps you quickly build skills you can put to work.
- They have thousands of quick, visual, hands-on lessons you can dip into anytime, anywhere.
Zoom out: Try it free
| |
Multiple generations of Intel CPUs are vulnerable to a new side channel of the Meltdown security flaw. The flaws were tracked by researchers from the University of Maryland, Tsinghua University, and a lab run by the Chinese government. More: - The attack works as a side channel to Meltdown, a critical security flaw discovered in 2018 that impacts x86-based microprocessors.
- The campaign enables hackers to extract secret data from user memory space.
- While the Meltdown bug was mostly patched in 2018, it has never been completely patched by any security vendor.
- The attack is carried out in two phases:
- Firstly, execution is launched through the EFLAGS register.
- Secondly, data begins to be decoded.
- Security researchers so far have been unable to determine the cause of the flaw, but they have recommended users change the implementation of the JCC instruction and rewrite EFLAGS after transient execution to reduce its influence over the JCC instruction.
| |
CyberQP has raised a $12M funding round to help companies automate Privileged Access Management. The company is based in Canada. More: - The company helps businesses with:
- Account creation,
- Zero Trust help desk,
- Azure active directory password syncing,
- Privileged identity management, etc.
- Arthur Ventures led the funding round.
- The company also announced that it has rebranded from QuickPass to CyberQP, reflecting its current mission.
- This funding round will be used to grow its product offerings and expand its market reach.
- CyberQP is headquartered in Vancouver, Canada.
| |
Quick Hits: - Looking to excel with Google Cloud? The Google Cloud Cookbook offers step-by-step tutorials for practical, hands-on learning.*
- Google announced that the Google Authenticator app for both iOS and Android now supports Google Account synchronization.
- Stack Identity, a California-based startup that automates identity governance, has raised $4M in a Seed round led by WestWave Capital and Benhamou Global Venture.
- A vulnerability tracked as CVE-2023-29552 with a CVSS score of 8.6 is impacting more than 2,000 organizations globally. The flaw affects the Service Location Protocol.
- A security flaw in a remote terminal unit made by European company Inea has been tracked by CISA.
- Brilliant’s bite-sized interactive lessons make it easy (but not too easy) to sharpen your math, data, and CS skills. Try it free for 30 days.*
*This is sponsored content.
| |
Upcoming events at Inside: - April 27 - Inside Marketing Coffee Break w/Jacob Bowman (Paloma Studios) (Register Here)
- April 27 - Inside.com Book Club - REWORK by 37signals (Register Here)
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
| |
| |
