SAN MATEO, CA, December 2, 2024 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Sponsored by NetworkTigers.
Tor Project seeks volunteers to fight government censorship
The Tor Project’s operators are searching for volunteers within the privacy community to help deploy 200 new WebTunnel bridges by the end of 2024 to fight increased government censorship in Russia. “Recent reports from Tor users in Russia indicate an escalation in online censorship with the goal of blocking access to Tor and other circumvention tools,” said the Tor Project in their statement. They go on to say that as “internet service providers in Russia are increasing their blocking efforts, the need for more WebTunnel bridges has become urgent.” The campaign for more WebTunnel bridges is scheduled to run until March 10, 2025, and those who set up five or more will receive a t-shirt. The Tor Project currently operates 143 WebTunnel bridges. Read more.
Magento e-commerce sites infected with skimmer software
Just in time for Black Friday, attackers target Magento e-commerce sites using a new card-skimming malware that can “dynamically lift payment details from checkout pages of online transactions.” The attack uses a malicious JavaScript injection that can steal credit card data by creating a fake payment form or extracting the information straight from the payment fields. The activity is well hidden. As the malware collects data, “it first encodes it as JSON and then XOR-encrypts it with the key ‘script’ to add an extra layer of obfuscation.” The encrypted data is also Base64-encoded before being sent to a remote server via a beaconing technique that “sends data silently from the client to a remote server without alerting the user or interrupting their activity.” Read more.
U.S. citizen spying for China sentenced
59-year-old Ping Li, of Wesley Chapel, Florida, has been sentenced to four years in prison for conspiring to act as a spy and “sharing sensitive information about his employer with China’s principal civilian intelligence agency.” Li is said to have been in contact with China’s Ministry of State Security (MSS) since 2012 and has been employed at Verizon and Infosys. Li is also fined $250,000 and will be under three years of supervision after his release. According to Li’s sentencing memorandum, he “obtained information pertaining to Chinese dissidents and pro-democracy advocates, members of the Falun Gong religious movement, and U.S.-based non-governmental organizations, and shared them with two MSS officers… He has also been found to have shared training applications used by Verizon for new employees, as well as materials relating to cybersecurity training, the SolarWinds cyber attack on the U.S. government in 2021, and publicly available information regarding several politicians.” Read more.
Godot game engine users targeted with GodLoader malware
Godot game development engine users are falling victim to a campaign that uses the app to execute undetectable malware. According to the Godot security team, “affected users thought they were downloading and executing cracks for paid software, but instead executed the malware loader” via a carefully crafted script that allowed it to bypass antivirus protection. GodLoader can target Windows, macOS, and Linux systems. Godot is warning users to only download assets and software from “trusted sources” and goes on to say that “this attack vector, while unfortunate, is not specific to Godot and does not expose a vulnerability in the engine or for its users.†Check Point Research said that this technique has been used to infect more than 17,000 devices since June 2024. Read more.
Supply chain attack disrupts major retailers
Blue Yonder, one of the world’s largest software providers, has suffered a ransomware attack affecting retailers in the U.S. and U.K. Two of the U.K.’s major supermarkets, Morrisons and Sainsbury’s, have experienced warehouse management disruptions. In the U.S., Starbucks has encountered problems resulting in managers having to pay baristas, manage schedules, and calculate pay manually. The attack has not been attributed to a specific threat group, nor has one taken credit. Blue Yonder’s systems remain affected, and the company has not provided a timeline for restoration or made any statements regarding whether or not customer data was stolen. Read more.
Kansas hacker promotes his business by hacking
The Department of Justice has unsealed an indictment against Nicholas Michael Kloster, 31, of Kansas City, for allegedly hacking into the networks of businesses to promote his cybersecurity services. In one case, he accessed a health club’s security camera system. Then he emailed the gym owner, confessing he had done so while trying to gain employment as a cybersecurity consultant. In addition to the contracting proposal to the gym owner, the U.S. Department of Justice says Kloster reduced his monthly gym membership fee to just $1, deleted his photograph from the gym’s database, stole a staff member’s name tag, and posted a screenshot on social media demonstrating that he had control over the gym’s cameras. Kloster is also accused of hacking into a nonprofit organization and using stolen credit card information from his former employer. He faces up to 15 years in prison if convicted. Read more.
New Cape phone prioritizes security
Mobile company Cape is responding to the uptick in hackers, spyware, law enforcement snooping, and cybercrime by claiming to offer a phone that prioritizes privacy. The Android-based device does not save metadata and is designed to protect against SIM-swapping, location tracking, and ads that ID the customers while only requiring a phone number. To do so, “Cape operates as a mobile virtual network operator, meaning it rents networks from other telecoms and has a deal with the mobile network carrier USCellular for wider coverage. Additionally, the underlying tech that communicates with network towers is Cape’s own mobile core software that obfuscates identifying metadata.” Critics voice concern that such a device is a double-edged sword, offering privacy to those who need it but also appealing to criminals who want to remain undetected. Read more.
2 million pig butchering accounts removed by Meta
Since the start of 2024, Meta has taken down 2 million accounts across its platforms that it found to be linked to pig butchering schemes. Most accounts originated from Myanmar, Laos, the United Arab Emirates, the Philippines, and Cambodia. “These criminal scam hubs lure often unsuspecting job seekers with too-good-to-be-true job postings on local job boards, forums and recruitment platforms to then force them to work as online scammers, often under the threat of physical abuse,” reads a statement from Meta. The FBI has reported that pig butchering scams are a significant source of income for organized crime groups, yielding $4.57 billion in 2023 alone. Meta has partnered with law enforcement agencies in the countries where the accounts originated to share intelligence. Read more.
North Korean threat actors steal $10 million using LinkedIn
Sapphire Sleet, a North Korean threat actor, has stolen an estimated $10 million in cryptocurrency over the last six months through social engineering campaigns on LinkedIn. According to Microsoft, scams involve creating fake profiles on the platform where individuals pose as job seekers and recruiters to funnel money to the country. “One of the main methods adopted by the group for over a year is to pose as a venture capitalist, deceptively claiming an interest in a target user’s company in order to set up an online meeting. Targets who fall for the bait and attempt to connect to the meeting are shown error messages that urge them to contact the room administrator or support team for assistance.” The criminal then provides an operating system-specific script to the victim that downloads malware capable of stealing credentials and cryptocurrency wallets. Read more.
100s of Chinese propaganda domains deindexed by Google
Google’s Threat Intelligence Group has removed hundreds of domains from its search and news indexes because they are “part of a complex ecosystem of four companies running two newswire services pushing pro-Chinese propaganda to international audiences,” according to their November 22 report. The network, tracked by Google as GlassBridge, spread content that included re-publications of legitimate news items from Global Times, a Chinese government-owned news site. “News stories include China’s territorial claims in the South China Sea, issues surrounding Taiwan, controversies related to the Xinjiang region, narratives about the COVID-19 pandemic, conspiracy theories and personal attacks on critics of the regime,” all designed to present pro-Chinese narratives and make it appear as though there is a large consensus of agreement with them. Read more.
More cybersecurity news
- Last week’s news
- More cybersecurity news
- All articles sponsored by NetworkTigers
