By OptionOne Technologies
We searched through the most popular cybersecurity websites to bring you the latest industry news, updates, and tips.
Hackers Exploit TikTok Challenge to Spread Malware
According to research from Checkmarx, threat actors are exploiting a popular TikTok challenge to trick users into downloading information-stealing malware, The Hacker News reported. Known as the “Invisible Challenge,” the trend involves applying a filter known as “Invisible Body” that removes the user’s image, leaving only a silhouette in the frame. In some cases, users attempting the challenge are undressed.
Hackers have posted TikTok videos with links to rogue software that purport to remove the applied filters, revealing the user. Whether the software works or not, Checkmarx researcher Guy Nachson says, “Instructions to get the ‘unfilter’ software deploy WASP stealer malware hiding inside malicious Python packages.”
The WASP stealer (aka W4SP Stealer) is a malware that’s designed to steal users’ passwords, Discord accounts, cryptocurrency wallets, and other sensitive information.
The stealer code is said to have been embedded in various Python packages such as “tiktok-filter-api,” “pyshftuler,” “pyiopcs,” and “pydesings.” Operators published the malware on GitHub, and swiftly published new replacements to the Python Package Index (PyPI) under different names upon getting removed.
According to Nachshon, the behavior is evidence that hackers are becoming smarter and are focusing their attention on “the open-source package ecosystem.”
Black Basta Gang Attacks U.S. Companies with Qakbot Malware
The Black Basta ransomware group is using Qakbot malware — also known as QBot or Pinkslipbot — to perpetrate an aggressive and widespread campaign using an .IMG file as the initial compromise vector. According to a report by DarkReading, more than 10 different customers have been targeted by the campaign in the last two weeks and most of the focus has been on companies in the U.S.
The infections begin with either a spam or phishing email containing malicious URL links.
The Qakbot group has ramped up its operations by installing attack frameworks and selling access to other groups.
Black Basta offers ransomware-as-a-service (RaaS) in various underground forums, which means multiple operators have access to Black Basta in their toolset. This makes attribution difficult.
The group has been active since at least February 2022.
CryptoRom Scam Sites Seized, Suspects Arrested
Scammers who utilized dating sites to lure people into bogus cryptocurrency investments have been arrested, and their scam sites have been seized. According to a report by Naked Security by Sophos, the scam group, dubbed “CryptoRom” (Crypto-Romance) used invitation-only apps to create an air of exclusivity and convince people to send them money for “investments.”
SophosLabs tracked the criminals using Apple’s business and developer toolkits to bypass the App Store, using systems such as Apple’s Enterprise Provisioning system, which allows phones directly managed by a business to install proprietary apps.
Despite the arrests, other scam groups that fit the “CryptoRom” profile are still active.
Acer Releases Update to Address Security Vulnerability in Laptops
A flaw in Acer Laptops could let attackers disable secure boot protection, The Hacker News reported. The vulnerability could be weaponized to turn off UEFI Secure Boot on affected machines. Acer has since released a firmware update to address the vulnerability.
Tracked as CVE-2022-4020, the high-severity vulnerability affects five different models that consist of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G.
Acer said the issue “may allow changes to Secure Boot settings by creating NVRAM variables.” Secure Boot guarantees that only trusted software is loaded during system startup. If disabled, a malicious actor could tamper with boot loaders.
The flaw was discovered by ESET researcher Martin Smolár, who previously disclosed similar bugs in Lenovo computers.
Chrome Fixes 8th Zero-Day of 2022
Google has patched Chrome’s eighth zero-day hole of 2022. Zero-days are bugs that give users no time to update proactively because cybercriminals found the bug first and determined a way to exploit it before a patch was released.
Chrome should update automatically, but Naked Security by Sophos suggests Chrome users should still go to Chrome’s Three-dot menu (⋮), choose Help > About Chrome, and check that they have version 107.0.5304.121 or later.
Zero-days are more difficult to exploit these days because of multiple defensive layers that have been put in place over the years. These include more secure programming languages and additional protections built into operating systems themselves. However, they still represent a risk for users to fail to update their software regularly.
Here are our latest cybersecurity tips:
- Minimize your attack surface. Your attack surface represents all your systems exposed to the internet, such as Microsoft Exchange for email or WordPress for your company website. You can use a Virtual Private Network (VPN) to avoid exposing sensitive systems directly to the internet.
- Monitor your network constantly. Even when you minimize your attack surface, it is exposed and available 24/7. If you don’t have the resources in-house for constant monitoring, reach out to a cybersecurity expert for managed network monitoring services.
- Data backups can help you avoid paying ransoms. Ransomware attacks can be costly, and they can happen at any time. Most companies should expect to be attacked at some point. If you back up your data often—even every day—you can restore your systems quickly and avoid paying a ransom.
Thanks for Reading
That’s it for the latest Cybersecurity Briefing from OptionOne Technologies. Contact us today to learn more about our services.