SAN MATEO, CA, December 5, 2022 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.
- Hive social network taken offline due to major security flaws
- Three Android keyboard apps found to to vulnerable to remote hacking
- Vatican website attacked after Pope criticizes Russia
- Second LastPass breach this year exposes customer data
- Malicious Google Play Store app Symoo steals text messages, creates fake accounts
- “CashRewindow” malvertising campaign relies on aged domains to remain undetected
- Hackers spreading malware via TikTok “Invisible Challenge”
- 5.4 million Twitter users have data stolen and leaked online, potentially larger breach looming
Hive social network taken offline due to major security flaws
Hive, a microblogging site that has experienced tremendous growth as Twitter users migrated to the platform in response to Elon Musk’s takeover of Twitter, has been taken offline due to security flaws. According to researchers from German cybersecurity collective Zerforschung, Hive had numerous issues that exposed nearly all of its users’ data to the internet. A cybercriminal with knowledge of its flaws would have been able to copy everything from account information to private messages. Hive will reportedly be back online in a safer form in a number of days. Read more.
Three Android keyboard apps found to to vulnerable to remote hacking
The Synopsis Cybersecurity Research Center has found that three Android apps that allow users to use their phone as a keyboard and mouse can be hacked remotely. Lazy Mouse, PC Keyboard and Telepad, with a cumulative download total of 2 million, harbor security flaws that can be exploited in order to trigger commands or exfiltrate data. The widely used apps were created years ago and are no longer reciting updates or support, making them more dangerous as time goes by. Read more.
Vatican website attacked after Pope criticizes Russia
The Vatican’s website was taken down amidst what appeared to be a DDoS attack that flooded it with traffic. The attack follows Pope Francis’s comments on the war in Ukraine in which he condemned Russia’s actions. Moscow-aligned hackers have repeatedly targeted those that speak out against the country’s actions with website crippling attacks, although they have thus far little impact outside of inconvenience. The Pope has been an outspoken critic of Russia’s invasion. Read more.
Second LastPass breach this year exposes customer data
A new breach of LastPass that was carried out using information stolen from one that took place in August has exposed some customer data, according to a statement from the company’s CEO. Hackers used a third party cloud storage service to achieve access to customer information, but passwords are said to remain safely encrypted and LastPass users will experience no disruption to the password manager’s services. LastPass is investigating the incident and has yet to reveal further details about the breach. Read more.
Malicious Google Play Store app Symoo steals text messages, creates fake accounts
Symoo, an SMS app available in the Google Play Store, has been discovered to steal text messages in order to create fake accounts on Facebook, WhatsApp and more. Symoo, downloaded over 100,000 times, asks users for their phone number upon being downloaded and appears to load the app after input. However, it is in fact hiding its nefarious processes in the background. Google has reportedly banned the app, and its developer, from the Google Play Store. Read more.
“CashRewindow” malvertising campaign relies on aged domains to remain undetected
A malvertising campaign spearheaded by a threat actor called “CashRewindo” has been discovered to be using aged domains to escape detection. By allowing domains to remain inactive for at least two years, the sites gain trust on the internet and are unlikely to be flagged by security tools. Additionally, CashRewindo pays meticulous attention to detail with regard to the language, currency and targeting of ads, opting for a quality-over-quantity approach that is rare in the world of cybercrime. The campaign has been observed targeting North and South America, Europe, Asia and Africa and has been tracked since 2018. Read more.
Hackers spreading malware via TikTok “Invisible Challenge”
TikTok’s viral “Invisible Challenge,” which sees users apply a filter to their videos that makes their skin appear to be transparent, has been hijacked by hackers. Threat actors, capitalizing on users who want to remove the filter from videos in order to see creators who may be unclothed, have embedded malware into apps that claim to do just that. The fraudulent software, available to download on GitHub has been found to contain WASP malware that can be used to steal passwords, Discord accounts, crypto wallets and more. Read more.
5.4 million Twitter users have data stolen and leaked online, potentially larger breach looming
An API vulnerability that allowed criminals to access non-public information has reared its head, as 5.4 million stolen user records have been posted on a hacker forum. The vulnerability was fixed in January, but clearly not before it had been leveraged by multiple hackers. The breached data was initially sold in July with an asking price of $30,000, but this recent post offers the data for free. More troublingly, security researcher Chad Loder tweeted that there is evidence of an even larger Twitter breach that may contain data for tens of millions of users. Shortly after the tweet, Loder’s account was suspended by Twitter. Read more.