Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location

Thousands of popular apps, including Candy Crush and Tinder, may have been hacked to harvest users' location data, implicating rogue advertising industry members. This data, linked to apps from Gravy Analytics, shows extensive breaches through real-time bidding (RTB), allowing data brokers to access sensitive information without user or developer knowledge. The dataset reveals millions of device locations from various apps, including fitness and religious apps, raising privacy concerns and highlighting that many developers might remain unaware of such data exploitation.

https://www.wired.com/story/gravy-location-data-app-leak-rtb/

Banshee 2.0 Steals Apple’s Encryption to Hide on Macs

,

Banshee 2.0, a malware infostealer for Macs, uses an encryption method taken from Apple's antivirus to evade detection, spreading mainly through Russian cybercrime platforms and phishing schemes. It targets browser credentials and cryptocurrency wallet information. Initially detected by antivirus programs, a new version remained hidden for months until its source code leaked, prompting heightened vigilance among macOS users regarding emerging threats.

https://www.darkreading.com/threat-intelligence/banshee-malware-steals-apple-encryption-macs

New Web3 Attack Exploits Transaction Simulations to Steal Crypto

,

New Web3 attack, “transaction simulation spoofing,” steals crypto, exemplified by a $460,000 theft of 143.45 ETH. Attackers exploit transaction simulation flaws in wallets, luring victims to fake sites showing deceptive transaction previews. A delay allows attackers to change transaction outcomes, leading victims to authorize transactions draining their wallets. Users should be cautious of “free claims” on unverified sites, as trust in wallet simulations can be misleading. Solutions include adjusting simulation refresh rates and adding warnings for users.

https://www.bleepingcomputer.com/news/security/new-web3-attack-exploits-transaction-simulations-to-steal-crypto/

Microsoft to Force Install New Outlook on Windows 10 PCs in February

,

Microsoft will enforce installation of the new Outlook on Windows 10 starting February via a security update. Users deploying the optional January update will get it first, while others will see it installed with the February update. Classic Outlook will remain intact, and users can uninstall the new app afterward, as it cannot be blocked. The new Outlook was previewed in May 2022 and is available for personal and commercial accounts now.

https://www.bleepingcomputer.com/news/microsoft/microsoft-to-force-install-new-outlook-on-windows-10-pcs-in-february/

GitLab Patch Release: 17.7.1, 17.6.3, 17.5.5

GitLab released patch updates 17.7.1, 17.6.3, and 17.5.5 for Community and Enterprise Editions, addressing critical bug and security fixes. Users must upgrade immediately, while GitLab.com is already updated. Notably, new import features enhance user contribution mapping, addressing vulnerabilities discovered via HackerOne. Key security fixes involve access token exposure, DoS issues, and unauthorized status manipulation. Recommended actions include disabling importers temporarily until upgraded and promptly upgrading any affected version. Full details and updates available in GitLab’s documentation.

GitLab Patch Release: 17.7.1, 17.6.3, 17.5.5

Harnessing AI for Proactive Threat Intelligence and Advanced Cyber Defense

AI revolutionizes cybersecurity by enabling real-time threat detection, proactive defense, and enhanced data protection. It learns from data patterns, identifies potential threats before they manifest, and automates defense mechanisms to combat sophisticated attacks. Despite its advantages, ethical concerns and potential biases must be addressed. Key benefits include efficient incident management, better endpoint security, and continuous adaptation to emerging threats. Integrating AI with human expertise is vital for robust future cyber defense.

Harnessing AI for Proactive Threat Intelligence and Advanced Cyber Defense

Largest Us Addiction Treatment Provider Notifies Patients of Data Breach

BayMark Health Services, the largest US addiction treatment provider, notified patients of a data breach where attackers accessed personal and health information from September 24 to October 14, 2024. The breach, linked to the RansomHub ransomware gang, exposed sensitive data for an undisclosed number of patients. BayMark is offering a year of free Equifax identity monitoring to affected individuals.

Largest US addiction treatment provider notifies patients of data breach

Banshee: The Stealer That “Stole Code” From MacOS XProtect

Banshee Stealer Overview: Check Point Research monitors Banshee, a macOS malware linked to Russian cyber criminals. The updated version, detected in late September 2024, utilized an encryption algorithm similar to Apple's XProtect for improved evasion tactics. Sold as a ‘stealer-as-a-service' at $3,000, Banshee continued operating until its source code leaked in November, leading to its shutdown. Despite this, modified versions persist via phishing websites. The malware targets browser credentials and various cryptocurrency wallets while employing techniques like process forking to avoid detection. The report emphasizes the vulnerability of macOS to such attacks and the need for increased cybersecurity vigilance among users.

Banshee: The Stealer That “Stole Code” From MacOS XProtect

Protecting Web-based Work: Connecting People, Web Browsers and Security

Web browsers are essential for modern work but pose security risks as organizations shift to hybrid models. Security measures lag behind, leading to breaches and financial losses. A high percentage of workplaces face browser-based attacks, highlighting the need for advanced security like SASE frameworks and enterprise browsers that mitigate risks from personal devices. Proactive measures, including zero-trust architecture and ongoing employee training, are crucial for safeguarding sensitive data and fostering a resilient cybersecurity posture.

Protecting Web-Based Work: Connecting People, Web Browsers and Security

Over 4,000 Backdoors Hijacked by Registering Expired Domains

,

Over 4,000 backdoors hijacked via expired domains; researchers at WatchTowr Labs sinkholed communication from compromised systems, preventing further malicious use. They identified numerous infected systems, including government and educational institutions in multiple countries. Control of the hijacked domains was transferred to The Shadowserver Foundation for ongoing monitoring.

Over 4,000 backdoors hijacked by registering expired domains

SonicWall Urges Admins to Patch Exploitable SSLVPN Bug Immediately

,

SonicWall advises immediate firmware updates to fix a critical SSLVPN authentication bypass vulnerability (CVE-2024-53704, CVSS 8.2) affecting certain firewall models. Patches are available to prevent exploitation. Additional vulnerabilities noted include weak PRNG in SSL VPN tokens, SSRF in SSH management, and privilege escalation in cloud editions. Users should upgrade to specified SonicOS versions and limit access to mitigate risks.

SonicWall urges admins to patch exploitable SSLVPN bug immediately

Telegram Hands over Data on Thousands of Users to Us Law Enforcement

Telegram shares data on 2,253 users with U.S. law enforcement following a policy shift, fulfilling 900 requests in 2024, up from only 14 requests before. The change comes after pressure from authorities and the arrest of founder Pavel Durov for cybercrime-related charges. Telegram now cooperates on various crimes beyond terrorism, despite cybercriminals expressing concerns about leaving the platform. An updated transparency report is expected in April 2025.

Telegram hands over data on thousands of users to US law enforcement

New PhishWP Plugin Enables Sophisticated Payment Page Scams

,

New PhishWP plugin enables creation of fake payment pages, allowing cybercriminals to steal sensitive data. It mimics trusted services like Stripe, collecting credit card info and OTPs, sending this data to attackers via Telegram. PhishWP can compromise existing WordPress sites or create fraudulent ones, making scams difficult to detect. It features customizable checkouts, data collection capabilities, and real-time data transmission, posing a significant security threat. Experts recommend using advanced phishing protection tools to combat such scams.

New PhishWP Plugin Enables Sophisticated Payment Page Scams

Weaponizing Oast: How Malicious Packages Exploit Npm, Pypi, …

Malicious packages in npm, PyPI, and RubyGems exploit Out-of-Band Application Security Testing (OAST) techniques for data exfiltration. Threat actors leverage services like oastify.com to stealthily extract sensitive data and probe developer environments. Examples include a spoofed npm package (adobe-dcapi-web) designed to bypass detection, a typosquatted PyPI package (monoliht) for silent metadata collection, and various RubyGems targeting user information via DNS queries. These techniques pose significant risks, emphasizing the need for enhanced security measures in software supply chains.

Weaponizing OAST: How Malicious Packages Exploit npm, PyPI, …

Scroll to Top