Key cracking concerns emerge from LastPass breach

In November 2022, LastPass, a password management service, fell victim to a security breach where hackers accessed password vaults containing encrypted and plaintext data for over 25 million users. Since then, several six-figure cryptocurrency heists have targeted security-conscious individuals in the tech industry, leading some experts to believe that the hackers have successfully cracked some of the stolen LastPass vaults.

Taylor Monahan, lead product manager of MetaMask, a popular software cryptocurrency wallet used to interact with the Ethereum blockchain, and other researchers have identified a set of clues that connect recent thefts targeting more than 150 people who have collectively lost more than $35 million in cryptocurrency. Surprisingly, these victims were seasoned cryptocurrency investors with strong security measures in place, showing no signs of the typical attacks that precede large-scale crypto thefts.

Since March 2023, Monahan has diligently documented these crypto thefts but has faced difficulties in identifying a common thread among the victims. A breakthrough occurred on August 28th when she discovered that nearly all victims had stored their crucial “seed phrase,” the private key necessary for accessing their cryptocurrency holdings, within LastPass. This seed phrase provides immediate access to their entire crypto portfolio, underscoring the critical importance of secure storage methods, such as password managers or dedicated offline hardware wallets like Trezor or Ledger.

Read:
https://krebsonsecurity.com/2023/09/experts-fear-crooks-are-cracking-keys-stolen-in-lastpass-breach/

X updates its privacy policy to include biometric data verification from premium users to combat identity fraud

X, the social media site previously known as Twitter, has updated its privacy policy to collect users’ biometric data. The social media platform hopes this measure will tackle fraud and impersonation. The revised policy is expected to go into effect on September 29, 2023.

In a statement to Bloomberg, which first reported the development, the platform clarified that the change is only limited to premium users. X also claims that a biometric matching process will “help X fight impersonation attempts and make the platform more secure.”

Users will be given the option to provide their government ID and a photo for identity matching and/or verification using biometric data. There is, however, no current clarity on how X plans to collect and store such information in its systems. The policy update is also expected to include a caveat for collecting users’ employment and educational history to surface potential job recommendations, share that information with prospective employers, and serve tailored ads.

Read: https://thehackernews.com/2023/09/x-twitter-to-collect-biometric-data.html

Threat actors published the scraped data of 2.6M Duolingo users in August 2023

Duolingo recently told Recorded Future’s The Record that certain threat actors had managed to scrape user account information from publicly available profile information. The data, which included publicly available names and usernames, private email addresses, phone numbers, experience level, language, learning progress, achievements, and social media information, was recently leaked on an underground hacking forum.

The language-learning platform claimed that its systems were not compromised during the incident yet failed to explain exactly how the threat actors had become privy to private user information.

According to VX Underground, the threat actors published the scraped data of 2.6 million Duolingo users on a hacking forum on August 21, 2023, for 8 credits worth only $2.13. In January 2023, a threat actor was selling the same data on the Breached hacking forum for $1,500.

Researchers explained that the private information was obtained by scraping an exposed application programming interface (API). The exposed API allows anybody to submit an email address and confirm if it is associated with a Duolingo account. On success, it returns personal data associated with the username.

The previously leaked users’ data could contain additional information, such as phone numbers, allowing threat actors to execute social engineering and targeted phishing attacks on Duolingo users.

However, Max Gannon, a Senior Cyber Threat Intelligence Analyst at Cofense, believes the scraped data is worthless except for targeted attacks. “The scraped data doesn’t have much value outside of targeted attacks where the attacker spoofs Duolingo, this is demonstrated by the fact that the dump is now only worth $2.13,” Gannon said. “The only mitigation steps that can be taken are for users of Duolingo to be particularly suspicious of potentially spoofed communications.”

Read:
https://www.cpomagazine.com/cyber-security/over-2-6-million-duolingo-user-records-obtained-via-data-scraping-published-on-hacking-forum/

New crackdown on Saudi free speech online leads to man receiving death penalty

A Saudi court sentenced a man to death over his posts on the social media platform X, formerly Twitter, in the country’s latest crackdown on dissent. The judgment against Mohammed bin Nasser al-Ghamdi comes after doctoral student Salma al-Shehab and several others were facing decades-long prison sentences over their comments online.

This latest wave of sentences seems to be part of Crown Prince Mohammed bin Salman’s wider effort to stamp out any defiance in the kingdom as he pursues massive building projects and other diplomatic deals to raise his global profile.

“Al-Ghamdi’s death sentence over tweets is extremely horrific but stands in line with the Saudi authorities’ escalating crackdown,” said Lina Alhathloul, the head of monitoring and advocacy at the London-based advocacy group ALQST.

“Lengthy prison sentences issued for free speech, such as 27 years against Salma al-Shehab, have not received sufficient outcry, and the authorities have taken this as a green light to double down on their repression,” Alhathloul said. “They are sending a clear and sinister message — that nobody is safe and even a tweet can get you killed.”

Officials did not immediately respond to a request for comment over the sentence handed down by Saudi Arabia’s Specialized Criminal Court, which was established to hear terror cases but now also weighs charges against activists.

According to court documents, the charges levied against al-Ghamdi include “betraying his religion,” “disturbing the security of society,” “conspiring against the government,” and “impugning the kingdom and the crown prince” — all for his activity online that involved re-sharing critics’ posts.

Saudi officials offered no reason for why they specifically targeted al-Ghamdi, a retired school teacher living in the city of Mecca. However, his brother, Saeed bin Nasser al-Ghamdi, is a well-known critic of the Saudi government living in the United Kingdom.

“This false ruling aims to spite me personally after failed attempts by the investigators to have me return to the country,” the brother tweeted last Thursday.

Read:
https://apnews.com/article/saudi-arabia-death-sentence-twitter-a2b5549806605d1d21f332ac4c36e43f

Ransomware Alert: Threat actors exploit MS SQL servers to deploy FreeWorld ransomware

In a recent cyber threat campaign dubbed DB#JAMMER, threat actors have exploited unsecured Microsoft SQL servers to distribute a new strain of ransomware called FreeWorld. Researchers at Securonix have identified the attack chain, which involves brute-forcing MS SQL servers, damaging the system firewall, establishing persistence, and deploying malicious tools such as Cobalt Strike.

The attackers leverage AnyDesk software deployment to distribute the FreeWorld ransomware. This highlights the ongoing vulnerability of SQL servers to ransomware attacks, emphasizing the importance of strong passwords and limited exposure to the internet. Organizations are advised to take the necessary measures to secure their SQL services and protect against such attacks.

Read:
https://cyware.com/news/threat-actors-exploit-ms-sql-servers-to-deploy-freeworld-ransomware-91fc7399/

US Government refutes allegations of restricting chip sales to the Middle East
Read: https://www.darkreading.com/dr-global/us-government-denies-blocking-chip-sales-middle-east

Possible Chinese hackers suspected in security breach at Japan’s cyber security agency
Read: https://www.cpomagazine.com/cyber-security/security-breach-at-japans-cyber-security-agency-may-have-been-the-work-of-chinese-hackers/

Facebook Business accounts under attack: Vietnamese cybercriminals exploit malvertising tactics
Read: https://thehackernews.com/2023/09/vietnamese-cybercriminals-targeting.html

Fake apps masquerading as Signal and Telegram on the App Store have been stealing user data since January
Read: https://www.hackread.com/chinese-apt-fake-signal-telegram-app-stores/

ReversingLabs cybersecurity experts reveal rising trend of Python Package Index (PyPI) infiltration
Read: https://www.infosecurity-magazine.com/news/pypi-targeted-vmconnect/