Authorities Dismantled Cybercrime-Affiliated VPN Provider VPNLab
Crypto.com reportedly suffered $15 million theft, Israel police spy on citizens using Pegasus malware, China's Olympics' health app lacks encryption, Chinese spy group Earth Lusca discovered, more
Check out my latest CSO column on the White House meeting last week and the tech sector’s embrace of a public-private partnership to secure open source software.
In an international operation, law enforcement took down VPNLab.net, a virtual private network provider that advertised its services on the criminal underground and catered to various cybercrime groups, including ransomware gangs. The operation involved Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the United States, and the United Kingdom.
Led by the Central Criminal Office of the Hannover Police Department in Germany, the action took place under the EMPACT security framework objective called Cybercrime - Attacks Against Information Systems. Europol said that authorities seized or disrupted the 15 servers that hosted VPNLab.net’s service in Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the US, and the UK. (Catalin Cimpanu / The Record)
Related: POLITICO EU, Europol, ZDNet, The Daily Swig, Bleeping Computer
Cryptocurrency exchange Crypto.com has reportedly fallen victim to a hack, with at least $15 million worth of Ethereum stolen. The exchange has become a household name after spending $700 million to buy the naming rights to the Staples Center, the Los Angeles home venue of the NBA's Lakers and Clippers.
Although the exchange said that all funds are “safe,” security research company Peckshield said that Crypto.com had lost at least 4,600 ETH (around $15 million in current prices), with half of the stolen funds sent to Tornado Cash, the Ethereum-centric mixing service. However, Peckshield said that scale of the damage is “definitely worse” than $15 million.
The exchange halted withdrawals after “a small number of users experienced unauthorized activity in their accounts,” stressing that “all funds are safe.” Crypto.com exchange also urged users to sign back into their accounts and reset their two-factor authentication (2FA). (Andrew Asmakov / Decrypt)
Related: CryptoPotato, ZDNet Security, Lend Academy, HackRead, Cointelegraph, WebProNews, Security Affairs, The Block, ibtimes.sg : Top News, U.Today, Finance Magnates, City A.M. - Technology, U.Today, Finance Magnates, City A.M. - Technology, Security Affairs, Hackademicus, Hackademicus, Security Affairs, Gizmodo
Crypto.com @cryptocom
We have a small number of users reporting suspicious activity on their accounts. We will be pausing withdrawals shortly, as our team is investigating. All funds are safe.Israel police use NSO’s Pegasus spyware to remotely hack phones of Israeli citizens, control them and extract information from them. Among those targeted by the spyware are former Prime Minister Benjamin Netanyahu, former governmental employees, and a person close to a senior politician.
The use of the spyware reportedly took place without court supervision. Police reportedly don’t request a search or bugging warrant to conduct the surveillance nor is there supervision in the way police use it and how it distributes it to other investigative agencies. In some cases, cops used the spyware to save them the legwork of investigative work and identifying proven suspicions. (Tomer Ganon / CTech)
Related: JewishPress.com, CyberNews, Haaretz
Researchers at the University of Toronto’s Citizen Lab said that inadequate encryption measures within China’s My 2022 health app built for the Beijing Olympic Winter Games could leave Olympians, journalists, and sports officials vulnerable to hackers, privacy breaches, and surveillance. Moreover, they found that the app includes a censorship keyword list.
The app's SSL certificates are not validated, meaning the app has a severe encryption vulnerability that can allow information to be intercepted or even malicious data to be sent back to the app. (Deutsche Welle)
Related: Citizen Lab
Researchers at Trend Micro say they discovered a Chinese cyber-espionage group dubbed Earth Lusca that, besides spying on strategic targets, also dabbled in financially-motivated attacks against gambling companies in China and various cryptocurrency platforms.
The group has been spying on targets of interest to the Chinese government, including government organizations in Taiwan, Thailand, Philippines, Vietnam, United Arab Emirates, Mongolia, and Nigeria, educational institutions in Taiwan, Hong Kong, Japan, France, and more. The group also deployed cryptominers on infected hosts. However, it remains unclear if they did so intending to generate funds for themselves or as a way to throw off security teams. (Catalin Cimpanu / The Record)
Related: The Hacker News, Trend Micro
U.S. authorities have been using the 1986 Pen Register Act to secretly track WhatsApp users without explaining why and without knowing who they are targeting.
In Ohio, a just-unsealed government surveillance application reveals that in November 2021, DEA investigators demanded the Facebook-owned messaging company track seven users based in China and Macau without knowing any of the targets' identities. Another previous case in Ohio saw another seven WhatsApp users targeted, three in the U.S., four in Mexico. For each, the U.S. either knew the alias or the user's actual name. (Thomas Brewster / Forbes)
Researchers at Check Point say that DHL took over the top spot of its list of the most imitated brands among cybercriminals in the fourth quarter of 2021, surpassing Microsoft and Google as the brand used most often in phishing emails and scams.
DHL's brand was used in 23% of all phishing attacks they saw globally during the quarter. Microsoft was second at 20%, while WhatsApp came in at 11% and Google appeared in 10%. (Jonathan Greig / ZDNet)
Related: Check Point, GlobeNewswire
Microsoft released emergency out-of-band (OOB) updates to address multiple issues caused by Windows Updates issued during the January 2021 Patch Tuesday.
The update addresses issues related to VPN connectivity, Windows Server Domain Controllers restarting, Virtual Machines start failures and ReFS-formatted removable media failing to mount. (Sergiu Gatlan / Bleeping Computer)
Related: Reddit - cybersecurity, TechDator, Security Affairs, gHacks, Windows Central, Infosecurity Magazine
Law firm DLA Piper said that fines for violating the European Union’s landmark privacy law, the General Data Protection Regulation (GDPR), have soared nearly sevenfold in the past year, with data protection authorities handing out a total of $1.25 billion in fines over breaches of the bloc’s in 2021.
The total GDPR fines in 2020 were only about $180 million in 2020. (Ryan Browne / CNBC)
Related: MediaNama, CNBC Technology, Govinfosecurity, Tech.Co, Techaeris, South China Morning Post
Berlin-based SME cybersecurity startup Baobab raised around $3.98 million in a pre-seed round.
Project A Ventures led the round with participation from La Famiglia, Discovery Ventures, and several angel investors such Christopher Oster and Marco Adelt (Clark), Michael Riegel (Comtravo), Hanno Fichtner (Gabi), Emilios Markou and Alexis Pantazis (Hellas Direct), Philippe Mota and Jan Beckers (Bit Capital & Ioniq). (Patricia Allen / EU Startups)
Related: Germany – FinSMEs
Image by OSeveno, CC BY-SA 3.0 via Wikimedia Commons