Browser Update Scam Takes a Decentralized Turn with Cryptocurrency Blockchain

According to Brian Krebs, a security researcher, one of the oldest malware tricks in the book has resurfaced in the past few months. In this scheme, malicious files are hosted on a decentralized, anonymous cryptocurrency blockchain, making it impossible for security experts or law enforcement to remove the malware.

The attackers use hacked WordPress sites to serve visitors with a page that claims they need to update their browsers before they can view the content. The fake browser alerts are specific to the browser you’re using, so if you’re surfing the web with Chrome, for example, you’ll get a Chrome update prompt. Those who are fooled into clicking the update button will have a malicious file dropped on their system that tries to install an information-stealing trojan.

Researchers at Guardio Labs have tracked an updated version of this scam that included an important evolution. Previously, the group had stored its malicious update files on Cloudflare, but when Cloudflare blocked those accounts, the attackers began storing their malicious files as cryptocurrency transactions in the Binance Smart Chain (BSC), a technology designed to run decentralized apps and “smart contracts,” or coded agreements that execute actions automatically when certain conditions are met.

Read: https://krebsonsecurity.com/2023/10/the-fake-browser-update-scam-gets-a-makeover/

Micfo LLC CEO Sentenced to 5 Years in Prison Over Wire Fraud

Amir Golestan, the 40-year-old CEO of the Charleston, S.C.-based technology company Micfo LLC, has been sentenced to five years in prison for wire fraud. Golestan’s sentencing comes nearly two years after he pleaded guilty to using an elaborate network of phony companies to secure more than 735,000 Internet Protocol (IP) addresses from the American Registry for Internet Numbers (ARIN), the nonprofit which oversees IP addresses assigned to entities in the U.S., Canada, and parts of the Caribbean.

In 2018, ARIN sued Golestan and Micfo, alleging they had obtained hundreds of thousands of IP addresses under false pretenses. ARIN and Micfo settled that dispute in arbitration, with Micfo returning most of the addresses that it hadn’t already sold.

During ARIN’s civil case, South Carolina federal prosecutors took note, and in May 2019, they filed charges against Golestan for wire fraud, alleging he had orchestrated an elaborate network of shell companies and fake identities to hide the fact that the addresses were all destined for the same buyer.

Golestan pleaded guilty to 20 counts of wire fraud in connection with the phantom companies he used to secure the IP addresses. Prosecutors estimated those addresses were valued at between $10 million and $14 million. ARIN says the 5-year sentence handed down by the South Carolina judge “sends an important message of deterrence to other parties contemplating fraudulent schemes to obtain or transfer Internet resources.”

Read: https://krebsonsecurity.com/2023/10/tech-ceo-sentenced-to-5-years-in-ip-address-scheme/

Nurse in Hot Water with the College of Registered Nurses of Saskatchewan Over Social Media Posts Criticizing Province’s COVID Mandates

Saskatchewan nurse Leah McInnes is on the brink of a disciplinary hearing following her expression of her reservations around COVID-19 vaccines and mandates on social media. McInnes’ case has opened up debate on the public’s right to voice their opinions on such critical issues.

McInnes’ statements have landed her in hot water with the College of Registered Nurses of Saskatchewan (CRNS), accusing her of engaging in professional misconduct. The alleged misconduct, as claimed by CRNS, is rooted in her involvement in protests against vaccine mandates and vaccine passports during the COVID-19 pandemic. McInnes is presently involved in a four-day tribunal hearing in Regina, which started yesterday.

The Justice Centre for Constitutional Freedoms (JCCF), arguing in her defense, has asserted that she has the right to express her views on vaccine mandates, vaccine passports, and related issues like freedom of choice and medical privacy.

Interestingly, McInnes’ opinions on COVID shots and mandates were explicitly aimed at Saskatchewan’s vaccine policies. Saskatchewan health officials, it should be noted, did not particularly enforce vaccine mandates for healthcare workers but heavily advocated for people to receive the shots.

However, CRNS claimed McInnes’s public articulation amounted to disinformation and misinformation and could mislead the public, alleging misuse of her power as a nurse. The JCCF, however, pointed out the regular references to the government’s vaccine policies as ‘mandates’ by media outlets.

Read: https://reclaimthenet.org/canadian-nurse-faces-disciplinary-hearing-for-social-media-posts-criticizing-covid-mandates

California Data Bill Enables Citizens to Delete PII by Data Brokers

In a groundbreaking move, California Governor Gavin Newsom has signed the Delete Act (SB 362), making it the first bill in the US to bestow residents with the right to retrieve their personal information from data brokers. This legislation enhances the existing state law by streamlining the process, allowing individuals to submit a single request to all brokers to delete their personal data.

The regulation, however, is limited as it specifically targets data brokers based in California. These brokers are required to register with the California Privacy Protection Agency (CPPA), and the agency’s list is utilized to streamline residents’ requests for their personal data. It’s worth noting that several prominent companies in this industry are located within the state.

Privacy experts predict a substantial shrinkage in the personal data market in the coming years as larger companies absorb financially strained smaller ones. They suggest that this regulation may hasten this consolidation process. Furthermore, data brokers raise concerns that the new law will complicate identity verification procedures.

Read: https://www.cpomagazine.com/data-protection/new-california-personal-data-bill-grants-state-citizens-the-right-to-have-pii-deleted-by-data-brokers/

Discord: Playground for Nation-State Hackers

Recently, Discord has emerged as a lucrative target, providing a fertile ground for hosting malware via its content delivery network (CDN). It also allows for the extraction of sensitive data by information stealers and facilitates data exfiltration through webhooks. According to a report by Trellix researchers Ernesto Fernández Provecho and David Pastor Sanz, Discord is predominantly utilized by individuals seeking information stealers and grabbers, which can be easily obtained from the internet.

Trellix’s analysis revealed that Discord’s CDN is commonly exploited by malware families like SmokeLoader, PrivateLoader, and GuLoader. These families utilize Discord to download subsequent payloads, including information stealers like RedLine, Vidar, Agent Tesla, and Umbral. Discord webhooks are also favored by malware families such as Mercurial Grabber, Stealerium, Typhon Stealer, and Venom RAT.

By infiltrating widely used communication platforms like Discord, advanced persistent threats (APTs) can establish long-term footholds within networks, posing a significant risk to critical infrastructure and sensitive data. APTs are renowned for their sophisticated and targeted attack techniques, further emphasizing the potential harm they can cause.

Read: https://thehackernews.com/2023/10/discord-playground-for-nation-state.html

Elsewhere online: 

21-year-old Spurred by AI Chatbot to Kill the Queen
Read: https://www.wired.com/story/chatbot-kill-the-queen-eliza-effect/

D-Link Debunks Hacker’s Overstated Claims Following Data Breach
Read: https://www.darkreading.com/attacks-breaches/d-link-confirms-breach-rebuts-hackers-claims-scope

Instagram Faces Accusations of Censoring Posts in Support of Palestine
Read: https://www.theguardian.com/technology/2023/oct/18/instagram-palestine-posts-censorship-accusations

Google Obliged to Disclose User Search History in Colorado Court Ruling
Read: https://www.techspot.com/news/100529-google-forced-reveal-users-search-queries-colorado-court.html

Over 996 000 AO3 Fanfiction Writers Restrict their Works to Limit AI Scraping
Read: https://techcrunch.com/2023/10/11/ao3-ai-fears-lock-account-kinktober-fanfiction/

Previously on #AxisOfEasy