Tech giants, major cybersecurity companies, cryptocurrency scams, and remote work fraud are in the news this week. Here are the latest cybersecurity threats and advisories for the week of July 28, 2022.

Threat Advisories and Alerts

Liquidity Miner Scam Robs Cryptocurrency Buyers of More Than $70 Million

The FBI has warned cryptocurrency investors about a liquidity mining scam that has defrauded individuals of more than $70 million since January 2019. The scammers lure victims by first building a relationship with them over a few days to several weeks. During this time, they mention liquidity mining as an investment strategy and offer a guaranteed 1-3% daily return. If the proposal is accepted, the victim is asked to connect their cryptocurrency wallet to a fraudulent liquidity mining application, which can then be wiped of funds.

Source: https://www.ic3.gov/Media/Y2022/PSA220721

Fraudsters Apply for Remote Jobs with Deepfakes and Stolen PII

The popularity of remote work has led to an increase in reports that scammers are using stolen Personal Identifiable Information (PII) and deepfakes to apply for remote job positions. Deepfakes can include video, images, or audio that misrepresent someone. Voice spoofing during online interviews has been reported, which occurs when the audio and video of the supposed applicant doesn’t sync. The fraudsters are applying for roles that provide access to valuable information, such as financial data, customer PII, and proprietary information.

Source: https://www.ic3.gov/Media/Y2022/PSA220628

Cyber-criminal Offers 5.4m Twitter Users’ Data

A database containing 5.4m Twitter users’ data is reportedly for sale on a popular criminal forum. Twitter is investigating the issue, which the seller said exploited a vulnerability in its systems reported in January. The hack reportedly exploited a vulnerability first reported by a HackerOne user known as ‘zhirinovskiy.’ That bug enabled “an attacker with a basic knowledge of scripting/coding” to find a Twitter user’s phone number and email address, even if the user has hidden them in privacy settings.

Source: https://www.infosecurity-magazine.com/news/ncsc-startup-candidates-critical/

Emerging Threats and Research

Malware Infected Apps Downloaded from Google Play 10 Million Times

A new wave of malicious Android apps have hit the Google Play store. The malware and adware infected apps (which pose as system optimizers, wallpaper changers, virtual keyboards, image-editing tools, and more) have been installed nearly 10 million times. While most of the harmful apps have since been removed by Google, the appearance of malicious apps on Google Play is not uncommon. Users can protect themselves by checking app reviews and ratings, carefully reviewing an app’s requested permissions, and visiting the developer’s website. 

Source: https://www.bleepingcomputer.com/news/security/new-android-malware-apps-installed-10-million-times-from-google-play/

Digital Security Juggernaut Entrust Falls Victim to Cyberattack

The digital security firm Entrust recently confirmed they suffered a data breach. Corporate data was stolen from their internal systems, reportedly by a prominent ransomware gang. Few details about the attack have been revealed, and uncertainty exists as to whether customer and vendor data was also stolen. Entrust ensures that the operation or security of their products and services hasn’t been affected.

Source: https://www.bleepingcomputer.com/news/security/digital-security-giant-entrust-breached-by-ransomware-gang/

Spyware Use Against the US Set to Rise

Google and internet rights groups have called on Congress to weigh in on spyware, asking for sanctions and increased enforcement against so-called surveillanceware makers. During an open House Intelligence Committee hearing on Wednesday, US lawmakers heard testimony from Citizen Lab senior researcher John Scott-Railton; Shane Huntley, who leads Google’s Threat Analysis Group; and Carine Kanimba, whose father was the inspiration for Hotel Rwanda and who was, herself, targeted by Pegasus spyware. Once installed on a victim’s device, Pegasus can, among other things, secretly snoop on that person’s calls, messages, and other activities, and access their phone’s camera without permission.

Source: https://www.theregister.com/2022/07/27/us_congress_spyware_debate/

SonicWall Fixes Critical Analytics and GMS Bug

Network security company SonicWall has rolled out patches to fix a critical SQL injection vulnerability in two of its products: the on-premises version of the Analytics traffic data analyser and the SonicWall Global Management System (GMS). The bug is rated 9.4 out of 10 for severity on the common vulnerabilities scoring system scale, and SonicWall urges organizations to patch immediately.

Source: https://www.itnews.com.au/news/patch-out-for-critical-sqli-bug-in-sonicwall-management-products-583118

Weak Data Protection helped China Attack US Federal Reserve

China’s cyber espionage activities are extensive and sophisticated but when it tried to steal sensitive economic data from the US Fed, poor security meant its operatives didn’t have to dip too far into their bags of tricks. That’s according to the findings of an investigation by the Senate’s Committee on Homeland Security and Governmental Affairs, led by Republican Senator Rob Portman and released on Tuesday. Among the investigation’s conclusions is that the Federal Reserve must improve protection of confidential information.

Source: https://www.theregister.com/2022/07/27/weak_data_protection_helped_chinese/