By Deeba Ahmed
According to crypto intelligence firm Arkham, the attacker's wallet address was linked to a developer at Ankr, meaning an inside job can't be ruled out.
This is a post from HackRead.com Read the original post: 6 Quadrillion Token Heist Hits BNB Chain-Based DeFi Protocol Ankr

Web3 infrastructure provider **Ankr** is the latest victim of hacking and financial theft. The BNB Chain-Based DeFi protocol has confirmed in a series of tweets that it got hacked, and the attacker managed to steal six quadrillion tokens. The stolen crypto was Ankr Reward Bearing Stake/aBNBc.

**Incident Details**

Lookomchain, an on-chain analytics firm, stated that the hacking occurred on Friday, and the hacker stole around $10 million worth of crypto (USDC coins). The hacker could create countless Ankr Reward Bearing Staked BNB (aBNBc) tokens, which Blockchain security company PeckShield **claim** has an unlimited mint bug. Following the attack, the token’s value collapsed by at least 100%.

Soon after the attack occurred, the Binance crypto exchange **paused withdrawals**. Crypto intel firm Arkham stated that the attacker’s wallet address was linked to a developer at Ankr. Based on this, Arkham is not ruling out the possibility of an **inside job**.

As per Ankr’s spokesperson, the hacking occurred from a compromised private security key. The private-key hack helped the attacker initiate infinite tokens minting, PeckShield noted. The key was swapped out and replaced. It is worth noting that developers are allotted private keys to modify/manage smart contracts.

**Ankr’s Statement**

Ankr **tweeted** about the incident, claiming that all underlying assets on its Staking are safe at the moment, whereas all infrastructure services remain unaffected. Ankr has confirmed that after the exploitation of its aBNB token, it has urged exchanges to stop trading immediately.

The protocol has requested users to stop trading aBNB, and liquidity providers should remove liquidity from DEXes and keep the aBNBc.

Furthermore, Ankr claims that it is in touch with DEXes and will reissue tokens after evaluating the situation. the protocol suspects that it is an insider job and is devising a plan to compensate impacted users.

**What Happened to Stolen Funds?**

According to PeckShield’s **tweet**, hacker(s) transferred some funds to a decentralized cryptocurrency tumbler, Tornado Cash. It is worth noting that **Tornado Cash was blacklisted** by the US government in August 2022.

A portion of these funds was bridged through Celer and deBridgeGate. Therefore, they shifted 20 trillion of the stolen tokens into Helio, a decentralized lending protocol, and converted them into Binance Coin (BNB). Using crypto mixer Tornado Cash, they swapped the BNB for $5 million of USDC, which is equivalent to the US dollar.

1.  **Ankr Confirms Providing RPC to Sui Blockchain**
2.  **Ankr Launches Chainscanner Blockchain Explorer Tool**
3.  **Ankr Becomes First RPC Provider to the Aptos Blockchain**
4.   **Harmony’s Horizon Blockchain Bridge Hacked to Steal $100 Million**
5.  **$625m Stolen From Ronin – The Blockchain Behind Axie Infinity Game**

6 Quadrillion Token Heist Hits BNB Chain-Based DeFi Protocol Ankr

By Deeba Ahmed
Hackers are using compromised platform certificates to sign Android malware apps.
This is a post from HackRead.com Read the original post: Malware Apps Signed with Compromised Android Platform Certificates

Google’s Android security team has reported that hackers signed malicious applications using several compromised Android platform certificates. This incident also reminds us of **what happened in March 2020** when threat actors were found dropping info-stealer malware with fake security certificate alerts.

What are Platform Certificates? For your information, platform certificates are digital keys, trusted and owned by specific device original equipment manufacturers (OEMs). These are used for signing their core apps. Therefore, attackers abuse them to sign malicious apps to obtain root access as legit apps, causing serious trouble for unsuspecting users.

Every device OEM has numerous trusted certificates for signing the platform’s core apps. This is just like verifying docs with a signature to allow the signed apps to gain root privileges and let the system function optimally.

**Findings Details**

Threat actors are abusing platform certificates used by reputed Android smartphone makers, including LG Electronics, Samsung, Revoview, and Media Tek, for signing malware-infected apps. This was discovered first by Google Android Security Team’s reverse engineer Łukasz Siewierski. 

As per Siewierski, if a malicious app is signed with the same certificate for gaining the highest privilege level as the Android OS, it is possible to extract sensitive data of all kinds from the compromised device. That’s because the Android app runs with a “highly privileged user ID” dubbed android.uid.system. It holds a variety of system permissions, such as permission to access user data.

Google also published a list of malware samples signed using 10 platform certificates, which were also noted in the Android Partner Vulnerability Initiative (AVPI) issue tracker:

com.attd.da  
com.arlo.fappx  
com.android.power  
com.houla.quicken  
com.metasploit.stage  
com.sledsdffsjkh.Search  
com.management.propaganda  
com.sec.android.musicplayer  
com.russian.signato.renewis  
com.vantage.ectronic.cornmuni

**How Hackers Obtained these Certificates?**

The biggest mystery surrounding this data harvesting campaign is how the threat actors accessed these certificates. It could be possible that someone working with the company leaked them.

The apps signed with the abovementioned OEMs’ platform certificates contained HiddenAd trojans, Metasploit, info stealers, and malware droppers, with the objective of delivering additional malware or harvesting device users’ data.

Google has informed impacted manufacturers about its findings and urged them to rotate these certificates. The company confirmed that there’s no evidence that the apps were delivered via its **official Play Store.**

“Google has implemented broad detections for the malware in Build Test Suite, which scans system images. Google Play Protect also detects malware. There is no indication that this malware is or was on the Google Play Store. As always, we advise users to ensure they are running the latest version of Android,” Google stated.

1.  **Bahamut Using Fake VPN Apps to Steal Android User Credentials**
2.  **Schoolyard Bully Malware Stealing Facebook Credentials on Android**
3.  **42,000 phishing domains discovered masquerading as popular brands**
4.  **Crooks Hack World Bank SSL Certificate, Hosted PayPal Phishing Scam**
5.  **Fake Banking Rewards Apps Install Info-stealing RAT on Android Phones**

Malware Apps Signed with Compromised Android Platform Certificates

By Deeba Ahmed
The campaign is ongoing, and so far, Schoolyard Bully Malware has victimized over 300,000 Facebook users on Android devices across 71 countries.
This is a post from HackRead.com Read the original post: Schoolyard Bully Malware Stealing Facebook Credentials on Android

Mobile security company Zimperium’s zLabs has released a warning about a notorious Android trojan that has stolen around 300,000 credentials of Facebook users.

According to zLabs, Schoolyard Bully malware is the name of malware used in a brand-new Android threat campaign that has been active since at least 2008. The attackers specifically target Facebook user credentials, and the malware is found in several applications downloaded from **third-party app stores** and the Google Play Store.

The malware’s primary targets are based in Vietnam. However, zLabs researchers claim that over 300,000 victims have been identified so far, and they are located in 71 different countries since the apps were available via third-party app stores while Google Play Store has removed them from its official store.

**Trojan Details**

Schoolyard Bully malware is delivered via harmless-looking Android apps, mostly educational apps. Malicious code is hidden inside these apps, which can **steal Facebook credentials** and upload them to the Firebase C&C for threat actors. The trojan relies on JavaScript injections to display phishing pages that lure users into handing over their Facebook username/password. 

Threat actors leverage the trojan to obtain user credentials and successfully access financial accounts. Around 64% of the users used the same passwords already exposed in an earlier breach. Perhaps, this has allowed the trojan to remain active for years.

To remain hidden from antivirus software and machine learning virus detections, Schoolyard Bully Trojan uses native libraries such as libabc.so to store the stolen data. Data strings are hidden from detection software through further encoding. Moreover, the malicious educational apps are hidden in a **password-protected ZIP**.

Malicious apps (left) – Facebook phishing page (right) – Image credit: Zimperium

**What Date can be Stolen?**

The Schoolyard Bully malware can steal sensitive data from innocent users’ Facebook accounts, including user ID, password, email ID, phone number, Facebook profile name, Facebook ID, and device-related information such as device RAM and API.

Zimperium researchers have **released technical information** about the campaign and its indicators of compromises, which can help detect Schoolyard Bully malware.

1.  **9 apps with 6M installs stole Facebook logins of Android users**
2.  **Mandrake Android malware stealing Facebook, crypto data since 2016**
3.  **Fake Netflix, WhatsApp, Facebook Android Apps Contain SpyNote RAT**
4.  **Facebook removes 100s of accounts for spreading iOS, Android malware**
5.  **Cookiethief Android malware hacks Facebook accounts without password**

Schoolyard Bully Malware Stealing Facebook Credentials on Android

By Owais Sultan
Java is one of the most well-known programming languages and software platforms that is used on countless devices…
This is a post from HackRead.com Read the original post: 8 Reasons Why Enterprises Use Java

Java is one of the most well-known **programming languages** and software platforms that is used on countless devices such as mobile phones, laptop computers, etc. It is a reliable and scalable solution for the development of enterprise systems as well as web applications.

In this article, we will describe a few specifications of this programming language that make it so popular for building **enterprise-grade software**. So, upcoming is a short list of what Java is used for and the eight main reasons why business owners decide to go for java enterprise application development.

**What is an enterprise application in java?**

An enterprise application in Java is a software program whose backend was created with the help of the Java programming language. Java is an excellent choice for creating back-end functionality.

In addition, the use of Java microservices enables the creation of large-scale, complex but well-performing solutions, that’s why it is often chosen by enterprises that are dealing with large amounts of data and need to create multi-functional **complex solutions** for their business.

**What is Java used for?**

**Desktop Applications**

There are numerous features that Java language offers. The existence of its frameworks such as **AWT, Swing, and JavaFX** provide developers with a series of useful elements like buttons, menus, and form fields making it easier for engineers to create a series of functional desktop apps. Another opportunity is the creation of sophisticated 3D graphical apps thanks to the use of APIs and multiple functionalities. 

**Web-Based Applications**

Java’s popularity is mostly thanks to the fact that it helps create elegant and functional web applications. Together with .NET, Python, and Node.js, Java plays an important role in the modern web back-end world as we know it. Java is one of the most commonly used development languages to build the back-end of web apps using technologies or tools like Struts or servlets, JSP, JSF, or Spring.

**Big Data Technology **

Big Data is a combination of methods and techniques to analyze and process complex and vast datasets in order to unveil patterns, trends, and other relevant information which helps businesses make smart data-driven decisions. Data scientists process massive amounts of datasets using Spark as a tool and a Java framework like Hadoop as a backup. 

*   **Why use Java in Big Data?** 

Java is among the most popular programming languages for Big Data engineers. Most of the modern tools Big Data analysts use as well as their ecosystems are written on the basis of Java: Hadoop, Hive, **MapReduce**, and Storm. Those platforms which are not written in Java, are written in Scala (like Spark) and after knowing Java Scala is a lot easier to learn than for those who know only Python. Besides, Java is very convenient for creating complex scalable enterprise applications, which are capable of collecting and processing data.

*   **Best Big Data tools for Java developers**

The majority of modern tools for collecting, processing, storing, and analyzing data are written with the help of Java or its relative language – **Scala**: **Hadoup**, Storm, Spark, Mahout. Java also has a large community of fans and a vast open-source base which enables the creation of new tools quite frequently.

**Internet of Things (IoT) Software**

The **Internet of Things** is a system of connected devices that make our life easier in many aspects. The devices range from wearables, TVs, and smartwatches to smart electric switches, security panels, and other useful objects.

This is where Java comes into action, as it is one of the primary programming languages for the Internet of Things as it was created to run on various platforms and devices. Java flexibility, security, and a rich library base make it an excellent choice for the task of allowing humans to manage, control and efficiently use hardware devices.

**Cloud-Based Apps**

As simple as it is, cloud computing is the **on-demand provision of IT resources** on the internet that include servers, storage, databases, and networking with accessible pricing models. This means that cloud-based applications make extensive use of Java as businesses use it to create cloud-based SaaS, IaaS, and PaaS services due to the low cost and extensive usage. 

**3 main reasons**

1.  Thanks to its distributed nature
2.  It features building apps used in SaaS, IaaS, and PaaS 
3.  Provides Java development tools such as Oracle Java

**Mobile Apps **

Java uses a cross-platform framework J2ME to create mobile apps that have the objective to function on smartphones. One of the most useful operating systems for mobile apps is Android, which is based on Java. Additionally, Java is also compatible with AndroidStudio and Kotlin.

**Examples of mobile apps written using Java: **

*   Social media: Tinder
*   Location App: Google Earth
*   Service Apps: Uber, CashApp
*   Entertainment: Netflix, Twitter, Spotify

**Enterprise Applications **

Why should you use java for enterprise apps? Because it’s only among the few programming languages that offer the needed scalability, flexibility, and security. Java enterprise applications require. a lot more resources, power, and nuances than ordinary apps. Here Java plays a significant role in the build and deployment of enterprise applications thanks to its robust features and outstanding performance.

In addition, Java improves performance and strengthens the enterprise apps’ security, documentation process, maintainability, and troubleshooting.

**8 reasons to choose Java for Enterprise Applications**

Java enterprise software development is very common for the same reason that Java presents advantages in comparison to other programming languages, its robust nature being one of the main ones. However, the following list will give a clear scope of why java is used so often as a tool for programming various software systems. 

1.  Its complexity level is low, it is easy to write, compile and/or debug. 
2.  It is object-oriented allowing the creation of modular programs and reusable code.
3.  It is cloud independent as it moves easily from one computer system to another. 

The above section explains in detail what Java is used for. The following portion of the information is to give a clear scope and the reasons to choose Java for enterprises even when **outsourcing java development** services. 

**Stable Language**

Among **all programming languages**, Java has the highest stability. Besides gaining stability in growth, it has developed into a stable language as well. This is the reason why firms around the world hire Java experts, to create solutions that use the needed technology to attain stability. One thing that has helped this stability is the use of different testing methods to remove faults. Additionally, it allows the creation of programs that do not require a lot of upkeep. 

**Scalability **

Scalability is the capacity for something to be changed in size or scale. In technological terms, it is the versatility with which a computing method can be applied or produced. Java is used to build applications that are easy to handle any growing workload. 

**High Speed and Performance**

In addition to the stability and scalability, Java leverages multi-threading and less memory use to achieve improved performance. It is a quick-moving technology that helps programmers provide solutions instantly. Companies that require fast and efficient results rely on programming languages to power up their products. 

**Extensive and Active Community**

Java fosters innovative and analytical thinking in all types of developers and designers. It helps large engineering firms with the greatest information networks expand. Everything is free, and it is a pleasure to create, offer, and receive professional advice on Java application development.

**Cross-Platform Compatibility**

Operating systems including Mac OS, Unix, and Windows can easily run Java applications thanks to the **Java Virtual Machine (JVM)**. The Java apps can be run on any device with a contemporary processor. It is possible to manage multiple threads since JVM has been optimized for operation on potent multi-core machines.

**Various Libraries**

Java Libraries are crucial for creating enterprise applications because they enable the addition of new features, the resolution of frequent issues, or the discovery of novel development techniques. It is simpler for developers to use free and open-source libraries for practical applications because they have business-friendly licenses.

**Platform-Independence**

Java is used on enterprise software applications due to being a platform-independent language. There is no need to repeat tasks, the moment a code is developed it can be dragged across a variety of platforms without having to redo the code. In short, developers use this and work on building Java enterprise applications without worrying about the platforms they are building them for.

**Economic Maintenance**

When choosing enterprise software development with java, firms must think of the economical aspects as well. Java’s clear nature makes it cheap and simple to create. Programmers dealing with it can run it on any computer, regardless of hardware, which significantly reduces high costs. 

**Conclusion**

Java is a programming language that is the first choice by many, whether engineers or enterprises. In general terms, it is a programming language that has been and will continue to be used. It has the proper characteristics and components to produce adaptive applications in different businesses and start-ups.

Enterprise applications in Java are scalable, resilient, secure, and highly maintainable, which is why we believe this trend will continue and Java will be in demand for years to come.

8 Reasons Why Enterprises Use Java

By Habiba Rashid
In total, there are records belonging to alleged WhatsApp users from 108 countries.
This is a post from HackRead.com Read the original post: 360m Alleged WhatsApp Records Shared Freely on Telegram and Dark Web

Previously we **covered** the news of a database containing 487 million up-to-date WhatsApp user records from 84 countries being sold online on the hacking forum BreachForums which surfaced as an alternative to popular and **now-sized Raidforums**.

It is worth noting that, as **reported** by Hackread.com, it is the same forum where the personal details of 5.3 million Twitter users were recently leaked.

Now, Check Point Research (CPR) has published a report where they confirm seeing files available for sale on the **Dark Web** and Telegram groups containing 360 million phone numbers from 108 countries. 

Data seen by Check Point on the Dark Web

Each country had a different amount of mobile phone numbers present in the records and they range from 604 in Bosnia and Herzegovina to 35 million attributed to Italy. For the past four days, the files were set for sale but in a turn of events, they are now being distributed freely amongst hackers. 

In its **report**, CPR also stated that it could not confirm whether these numbers really belonged to WhatsApp users or not. On the other hand, Hackread.com downloaded a file that the threat actors claimed contained 500 million WhatsApp numbers. This is what it looks like:

Data seen by Hackread.com on Telegram

Karol Paciorek, a cybersecurity researcher and expert from the computer security incident response team of the Polish financial sector (CSIRT KNF) **wrote** on Twitter on Tuesday that the leaked database was simply a re-use of an older **2019 Facebook breach**.

He stated that the sample of the 5000 WhatsApp data records from Poland is identical to the one they saw in 2019. 

Keeping the current situation in mind, it is likely that vishing and smishing attacks will rise. They are both forms of phishing but instead of sending malicious links through email, threat actors dupe the victim into giving information over the phone (**vishing**) or through SMS (**smishing**). 

Certain measures that users should take to protect themselves from any such attacks include the following:

*   Do not click links that you are unable to verify due to link shortening and the inability to hover over links to see targets. Instead of clicking directly on the links in text messages, open the target site directly from the browser.
*   Do not install apps from any links sent through SMS. Instead, always use reputable app stores for downloading applications and ideally, also verify their authenticity from the creator’s website.

*   Smishing and vishing attacks can only harm you if you interact with them and give out information. Therefore, never provide any personal data to someone that you have not called or texted using the number shown on their website.

*   Always verify phone numbers to confirm that the caller belongs to a legitimate organization. Before providing any data or following any instructions, get the caller’s name and call them back using the official number from the company website. If the caller does not straightforwardly give his name and talks you out of it, it is likely to be a scam.
*   Never provide remote computer access to any individual claiming to help you in “removing malware” or fixing some other issue. Only trust the verified members of the IT department.

1.  **142M MGM Resorts Records Leaked on Telegram**
2.  **Ransomware Gang Leaks Medibank Data on Dark Web**
3.  **New credit card skimmers channel funds through Telegram**
4.  **Data of 21M SuperVPN, GeckoVPN users leaked on Telegram**
5.  **8 Online Best Dark Web Search Engines for Tor Browser (2022)**

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

360m Alleged WhatsApp Records Shared Freely on Telegram and Dark Web

By Habiba Rashid
A Barcelona-based company, a spyware vendor named Variston IT, is exploiting flaws under the guise of a custom cybersecurity solutions provider.
This is a post from HackRead.com Read the original post: Spyware Vendor Variston Exploited Chrome, Firefox and Windows 0-days

On 30th November, Google’s Threat Analysis Group (TAG) reported that a Barcelona-based company, actually a spyware vendor, named Variston IT has been exploiting n-day vulnerabilities in Chrome, Firefox, and **Microsoft Defender** under the guise of a custom cybersecurity solutions provider. 

In their detailed technical report, TAG explained that Variston IT had been using their exploitation framework called Heliconia to install spyware on the targeted devices. The researchers at Google received an anonymous submission to Chrome’s bug reporting program which brought to their attention the exploitation framework.

Heliconia actually contains three separate exploitation frameworks. One of them is used to compromise the Chrome renderer bug so that it can escape the walls of the app’s sandbox and run malware on the operating system.

Another one is used to deploy **malicious PDF documents** containing an exploit for Windows Defender (a built-in antivirus engine in the newer versions of Windows).  The last framework is for compromising Windows and Linux machines by using a set of Firefox exploits. 

A manifest file in the source code provides a product description (Image: Google)

In its **report**, the tech giant observed that the Heliconia exploit is successful against Firefox versions 64 to 68, which suggests that it was created and used as early as December 2018 when Firefox 64 first came out.

Google, Microsoft, and Mozilla fixed the vulnerabilities in 2021 and early 2022. They further stated that, although they had not detected active exploitation, it is likely that the vulnerabilities had been exploited before they could be fixed.

1.  **Google cracks down on sites with ties to hack-for-hire groups**
2.  **Israeli Spyware Vendor Use Chrome 0day to Target Journalists**
3.  **ISPs Helping Attackers Install Hermit Spyware on Smartphones**
4.  **Malware vendor returns with yet another nasty Android malware**
5.  **European Spyware Vendor Offer Android and iOS Device Exploits**

According to Google, **commercial spyware vendors** put advanced surveillance capabilities in the hands of governments who can then use them to spy on journalists, human rights activists, political opposition, and dissidents.

Therefore, there needs to be more transparency to ensure that companies adhere to their stated ethical standards in whom they make transactions with and whom they target with their products.

It is advised that users keep their Chrome and other software up-to-date with the security patches to ensure full protection against Heliconia.

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Spyware Vendor Variston Exploited Chrome, Firefox and Windows 0-days

By Deeba Ahmed
The KmsdBot was known for targeting both Linux and Windows devices.
This is a post from HackRead.com Read the original post: A Syntax Error Led to Crashing of KmsdBot Cryptomining Botnet

KmsdBot was a newly discovered cryptocurrency mining botnet killed accidentally by Akamai’s team of researchers while researching on KmsdBot. According to researchers, a syntax error caused it to stop sending commands, which destroyed the botnet.

**What is KmsdBot?**

Named by Akamai Security Intelligence Response Team (SIRT) in November 2022, KmsdBot is was a **crypto mining botnet** equipped with command-and-control abilities. It infected victims by exploiting weak credentials and SSH via brute force.

The Akamai team assessed and **reported** on the botnet after one of its honeypots got infected. The botnet targeted both **Linux and Windows devices** using a range of microarchitectures to deploy mining software and include the compromised hosts in its DDoS bot army. Its main targets included gaming and tech firms and luxury vehicle makers.

1.  **Dangerous WireX Android DDoS Botnet Killed by Security Giants**
2.  **Andromeda Botnet that infected millions of devices is dismantled**
3.  **Mirai botnet resurfaces with MooBot variant against D-Link devices**
4.  **Russian Rsocks Botnet Powered by Millions of IoT Devices dismantled**
5.  **FBI Disrupts Cyclops Blink Botnet Used by Russian Intelligence agency**

**Incident Details**

In a **blog post**, Larry W. Cashdollar, a researcher at Akamai, the commands sent to the botnet while assessing its operational mechanism within a controlled environment mistakenly led to the malware’s neutralization.

After a single “improperly formatted command,” Cashdollar explains, the bot stopped sending any command. This could be possible because of the absence of an internal error-checking feature built into its source code to verify the incoming commands. 

So, any instruction given without a space between the port and the target website caused the Go binary on the infected device to crash entirely and stop communicating with its C2 server. Hence, this **killed the botnet**.

Since the botnet doesn’t feature a persistence mechanism, the malware operators will need to re-infect the devices once again and rebuild the entire infrastructure from scratch.

“This botnet has been going after some very large luxury brands and gaming companies, and yet, with one failed command it cannot continue. This is a strong example of the fickle nature of technology and how even the exploiter can be exploited by it,” Cashdollar explained.

A Syntax Error Led to Crashing of KmsdBot Cryptomining Botnet

By Deeba Ahmed
On Wednesday, LastPass’s CEO Karim Toubba issued a security advisory revealing that they detected unusual activity on its cloud storage shared with GoTo.
This is a post from HackRead.com Read the original post: LastPass Breached Again – The Second Time in 2022

Password-management firm LastPass has suffered a second security incident this year. In August, **Hackread reported** an intrusion into the company’s development environment due to a compromised developer account.

This time, the company’s affiliate GoTo has become a victim of a breach in which unidentified attackers targeted their shared cloud-storage service.

**Breach Details**

GoTo is a renowned company known for its desktop-sharing and virtual meeting software. On Wednesday, LastPass’s CEO Karim Toubba issued a security advisory revealing that they detected unusual activity on its cloud storage shared with GoTo and immediately started an investigation after hiring Mandiant and notifying relevant law enforcement authorities.

Independent security researcher Brian Krebs tweeted GoTo‘s response, explaining that GoTo Meeting is investigating the “security incident” and that the unusual activity was detected in its 3rd party cloud storage service and development ecosystem.

**GoTo’s Notification**

On Wednesday, Boston-based GoTo’s chief executive Paddy Srinivasan shared a post but didn’t mention that an unauthorized party accessed any customer data. Srinivasan did note that they were investigating the security incident and trying to “better understand the scope of the issue.”

He also confirmed roping in Mandiant and notifying law enforcement about the breach. Srinivasan stated that both GoTo and **LastPass** share the 3rd party cloud storage service. However, neither LastPass nor GoTo mentioned the name of that 3rd part service in their respective notices.

“GoTo‘s products and services remain fully functional. As part of our efforts, we also continue to deploy enhanced security measures and monitoring capabilities across our infrastructure to help detect and prevent threat actor activity,” Srinivasan added.

**LastPass’s Analysis**

In its **blog post**, LastPass stated that an “unauthorized party” accessed the cloud storage service using information from the earlier security breach incident in August 2022. Armed with data required to access various elements of their customer data, the attackers could invade the system. However, customers’ passwords are safely encrypted as the company uses the Zero-Knowledge framework to save confidential data.

“We are working diligently to understand the scope of the incident and identify what specific information has been accessed,” Toubba said.

He confirmed that the company’s products and services are fully operational, but customers should be cautious and follow LastPass’ setup and configuration-related best practices.

1.  **LastPass hacked; security compromised for good**
2.  **LastPass Flaw Allowed Hackers to Steal Credentials**
3.  **Critical vulnerabilities found in popular Password Managers**
4.  **PasswordState password manager’s update dropped malware**

LastPass Breached Again – The Second Time in 2022

By Habiba Rashid
Currently, hackers are targeting public and private entities in Southeast Asia, the Asia-Pacific region, Europe, and the U.S., with a focus on the Philippines.
This is a post from HackRead.com Read the original post: Hackers using USB drives to spread malware in ongoing attack

According to a recent post by the cybersecurity firm Mandiant, **USB drives** are being used to hack targets in Southeast Asia. The threat actor behind this activity, referred to as UNC4191 is targeting public and private entities in Southeast Asia, Asia-Pacific, Europe, and the US, with a focus on the Philippines. 

This new campaign began as far back as September 2021, according to Mandiant’s report. The researchers assess that this operation is being conducted as a **cyberespionage operation** related to China’s political and commercial interests. 

**Google-owned Mandiant** states that their observations suggest the Philippines is the main target of this operation, due to the number of affected systems located in the country. They also added that, even when the targeted organizations were based in other locations, the specific systems targeted were found to be physically located in the Philippines.

After the initial infection via Universal Serial Bus drives, the hackers then deployed legitimately-signed binaries while side-loading malware. The malware families used in the cyberespionage have been identified by Mandiant as Mistcloak Launcher, Darkdew Dropper, and Bluehaze Launcher.

Mandiant splits the overall infection cycle from the UNC4191 campaign into three distinct phases. 

Mistcloak is the first malware to be side-loaded because the execution of a version of the USB Network Gate application is triggered as soon as an infected USB is plugged into the machine. 

This piece of malware loads an INI file containing Darkdew, which is designed to achieve persistence and **infect USB drives** when they are connected to the system. 

Bluehaze, which is executed at the third phase of the infection chain, was designed to execute a renamed NCAT executable, which creates a reverse shell to a hardcoded command-and-control (C&C) server.

UNC4191 malware infection cycle (Image: Mandiant)

In their **blog post**, Mandiant researchers noted that these viruses are known to provide a reverse shell on the victim’s system, giving the UNC4191 hackers backdoor access. The malware then self-replicates by infecting any new removable devices plugged into the compromised systems. Due to this, the malware is even able to spread through air-gapped systems.

> “Mandiant has not observed evidence of reverse shell interaction; however, based on the age of the activity, this may be a result of visibility gaps or short log retention periods.”
> 
> Mandiant

1.  **Schneider Electric Shipped USB Drives Loaded with Malware**
2.  **VictoryGate cryptominer infected 35,000 devices via USB drives**
3.  **New malware tool can steal files from airgapped PCs using USBs**
4.  **Hackers sending malware infected USBs with Best Buy Gift Cards**
5.  **China’s insidious surveillance against Uyghurs with Android malware**

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Hackers using USB drives to spread malware in ongoing attack

By Habiba Rashid
Meet XRAI Glass, an AI-powered augmented reality smart glasses that gives deaf people the power to see conversations.
This is a post from HackRead.com Read the original post: AI-Powered Smart Glasses Give Deaf People the Power of Speech

In a recent example of innovative technology making a positive difference, there is now new **artificial intelligence (AI)** powered smart glasses that allow deaf people to listen in on real-time conversations by reading subtitles. 

Branded XRAI Glass has developed these glasses using ordinary **augmented reality (AR)** glasses synchronized to a smartphone app with AI-powered software. This latest technology also has the feature to rewind the chat and acts as a personal assistant that remembers what the person might have forgotten. 

Image credit: XRAI Glass

Not only this, but the live captioning app can also translate over nine languages and there are soon more to come in the next few months. The translation takes place near-real time, allowing the wearer to keep up with the conversation. 

**XRAI Glass** co-founder and chief marketing officer Mitchell Feldman referred to it as “Alexa in front of your eyes” which is quite a fitting analogy. 

The idea for this product was inspired by co-founder Dan Scarfe’s 97-year-old grandfather who experienced hearing loss and found it increasingly difficult to participate in family gatherings. 

​​“Where his grandfather came to life the most was watching television and using subtitles,” Feldman said.

He added, “If he enjoys captioning, why can’t we caption his life? And that was the genesis of how this product started.”

1.  **AI-based Model to Predict Extreme Wildfire Danger**
2.  **This AI Can Generate Unique and Free Bored Ape NFTs**
3.  **IRpair & Phantom; powerful anti-facial recognition glasses**
4.  **Anti-facial recognition glasses protect privacy from CCTV cams**
5.  **Apple Glass may feature 3D Audio and Self-Cleaning in new patent**

The standard live captioning app is currently free to download with the assistant on fourteen android smartphone models however, it is not yet compatible with the iPhone. A free version of the app is expected to soon be made available on Apple smartphones, but users will have to pay for premium features themselves. The translation services have to be paid via subscription while the glasses separately cost $484. 

Aside from this, there are some other improvements that are required before the glasses can be fully incorporated into daily life. For example, understanding group conversations can be a struggle with people speaking over each other. Moreover, a fairly quiet environment is a prerequisite for interpreting speech accurately. 

As this exciting innovation advances, we look forward to seeing it enable engagement and participation for those with hearing loss. 

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Source

HackRead