TikTok scammers tried hacking 125 targets that followed famous accounts, researchers find

More than 125 people and businesses associated with large TikTok accounts based around the world were targeted as part of a recent phishing campaign, according to research published Tuesday.

Emails warned that targeted accounts were either in danger of being deleted for copyright violations or eligible for a verification badge. If victims replied to a message, attackers directed them to click a link to a WhatsApp chat, where a purported TikTok representative would confirm their accounts.

While it remains unclear if any accounts were breached, the campaign is the latest to demonstrate how TikTok’s popularity makes its most visible users targets for scammers.

In addition to individual account holders, the latest campaign targeted talent agencies, brand-consultant firms, social media production studios, influencer management firms, according to Rachelle Chouinard, a threat intelligence analyst at email security firm Abnormal Security, which shared its findings with CyberScoop. Crane Hassold, the director of threat intelligence at Abnormal, declined to share the specific names of the people and accounts targeted, but said the accounts in question had “millions to tens of millions of followers.”

TikTok, owned by the Chinese based firm ByteDance, has more than 1 billion monthly users the company announced in September, marking a 45% increase since July 2020, Reuters reported at the time. Its rapid rise facilities more than $100 million of monthly user spending, and reportedly generates large sums for account holders with massive followings.

A TikTok spokesperson did not answer questions about the campaign in question before press time, urging users to adopt two-factor authentication and to use strong passwords.

“TikTok is committed to maintaining a positive and safe environment for our global community,” the spokesperson said.

Social media account hijacks aren’t new. Google’s in October announced the recovery of roughly 4,000 YouTube channels that were stolen through fake content collaboration offers. In July 2020, attackers took over more than 100 prominent twitter accounts  as part of a plot to generate cryptocurrency.

Prominent people are directly targeted as well, such as in October when an Irish broadstar has her Instagram accounts hijacked  and held for ransom.

Ohio hospital canceling some appointments 4 days after cyberattack

Portsmouth-based Southern Ohio Medical Center is continuing to cancel some appointments because its computer systems are down following a cyberattack, according to a Nov. 14 Facebook post.

Three things to know ::–

  • The hospital said Nov. 14 that radiology, outpatient rehabilitation and cardiac testing are among the types of appointments the hospital is canceling Nov. 15.
  • Patients might encounter challenges rescheduling appointments because the phone lines are busy, the hospital said Nov. 15 in an update to the Facebook post. The hospital said it is working around the clock to return to normal operations.
  • The hospital discovered hackers had breached its networks on the morning of Nov. 11. It is working with law enforcement and cybersecurity firms to investigate the scope of the breach and resolve the situation.

7 million Robinhood user email addresses for sale on hacker forum

The data for approximately 7 million Robinhood customers stolen in a recent data breach are being sold on a popular hacking forum and marketplace.

The data stolen during the attack includes the following personal information for Robinhood users:
  1. Email addresses for 5 million customers.
  2. Full names for 2 million other customers.
  3. Name, date of birth, and zip code for 300 people.
  4. More extensive account information for ten people.

Same threat actor responsible for recent FBI hack

This threat actor, pompompurin, was also responsible for abusing

FBI email’s servers to send threatening emails over the weekend,

This weekend, US entities began to receive emails sent from FBI infrastructure warning recipients that their “virtualized clusters ” were being targeted in a “sophisticated chain attack,” as shown in the email below.

To send these emails, pompompurin found a bug in the FBI Law Enforcement Enterprise Portal (LEEP) portal that the actor could exploit to send emails from IP addresses belonging to the FBI.

As the emails came from IP addresses owned by the FBI, it added legitimacy to the emails, causing the government agency to become flooded with concerned calls about the fake warnings.

Sibling relation = Tom and Jerry

When I have a problem, the first person I want to reach out to is my sister. She knows how to reduce my anxiety and stop me from being upset like no one else can. I believe that my sister and I share a bond that I will never be able to develop with anyone else.

Although brothers can have close relationships, Dr. Luisa Dillner discusses research that shows sisters feel closer to their siblings than brothers do. Why do sisters have such strong bonds?

A recent graduate from Georgian College, Rachel Brawn, thinks “a bond between sisters is truly unique.” When asked about Carley, her sister, Brawn says, “I absolutely find my sister to be one of my best friends.”

Weak passwords increases cyber threat

According to the police, it is a regular thing that many people use numerals from their mobile number or a string of numbers like 1234 or 0000 as their password. Hackers can find out phone numbers through social media accounts or use simple guessing to find the password.

“It becomes a simple task for hackers to access your e-Wallets or ATM using this simple technique which we observed is being used by a majority of citizens and social media users. Thus, they can easily access contact details or private photos or other content of people,” officials said, adding that over 60 per cent of users keep their contact numbers as usernames or passwords of their accounts.

With such techniques being opted by hackers to easily access personal details and then using the details to blackmail people, police are asking the people to use strong passwords, including special characters and a mix of letters, characters and numbers.

“Every user should keep a strong password with two-factor authentication, instead of a simple one which can easily be cracked by cybercriminals,” the official said.

The official also suggested that all devices should be protected cryptographically and the firmware should be upgraded timely, for new security features to be updated.

A cyberattack on Papua New Guinea’s finance ministry briefly disrupted government payments and operations, officials said late Thursday.

Ransomware infiltrated and compromised a core server at the department of finance last week, hampering the government’s access to foreign aid, its ability to pay cheques and carry out other basic functions in the midst of a spiralling Covid-19 surge.

“The department has now managed to fully restore the system, however, because of the risk, we are playing safe by not allowing full usage of the affected network,” said John Pundari, acting treasurer.

Pundari said the department “did not pay any ransom to the purported hacker or any of its third party agents. We have managed to restore normalcy.”

The attack took place in the middle of the night on October 22.

The platform controls budgeting and financing for the entire Papua New Guinea government.

Beware of Ranzy Locker Ransomware: FBI Warns

The FBI is warning against the activities of Ranzy Locker ransomware that has already targeted 30 companies in the U.S. Active since 2020, the ransomware group has demonstrated its abilities by crawling into the networks of multiple industries.

Ranzy a potential threat

  1. The targeted industries include the construction sub-sector of critical manufacturing, the academia sub-sector of government facilities, information technology, and transportation.
  2. After gaining access to the target network, the attackers look for sensitive data such as customer information, PII-related files, and financial records.

Decoding attack techniques

  1. Attackers attempt brute forcing techniques to crack RDP credentials. 
  2. They exploit known Microsoft Exchange Server flaws and use phishing messages to target networks.
  3. Additionally, they may create new accounts on domain controllers, servers, workstations, or active directories. 

WordPress plugin bug impacts 1M sites, allows malicious redirects

The OptinMonster plugin is affected by a high-severity flaw that allows unauthorized API access and sensitive information disclosure on roughly a million WordPress sites.

Tracked as CVE-2021-39341, the flaw was discovered by researcher Chloe Chamberland on September 28, 2021, with a patch becoming available on October 7, 2021.

All users of the OptinMonster plugin are advised to upgrade to version 2.6.5 or later, as all earlier versions are affected.

API trouble

OptinMonster is one of the most popular WordPress plugins used to create beautiful opt-in forms that help site owners convert visitors to subscribers/customers

It is essentially a lead generator and monetization tool, and thanks to its ease of use and abundance of features, it’s deployed on approximately a million sites.

An attacker holding the API key could make changes on the OptinMonster accounts or even plant malicious JavaScript snippets on the site.

The site would execute this code every time an OptinMonster element was activated by a visitor without anyone’s knowledge.

To make matters worse, the attacker wouldn’t even have to authenticate on the targeted site to access the API endpoint, as an HTTP request would bypass security checks under certain, easy to meet conditions.

all API keys that could have been stolen were invalidated immediately, and site owners were forced to generate new keys.

If you are a site owner, try to use the minimum number of plugins to cover the necessary functionality and usability and apply plugin updates as soon as possible.

US bans China Telecom Americas over national security risks

China Telecom Americas is the largest foreign subsidiary of China Telecom Corporation, China’s state-owned telecom company. It provides services in over 100 countries to over 135 million broadband subscribers and more than 255 million mobile subscribers.

Our decision today is informed by the views submitted by the Executive Branch agencies with responsibility for national security reviews,” said FCC Commissioner Brendan Carr.

Chinese telecoms under the spotlight

This is not the first Chinese-backed telecom security threat to the U.S. national security that made the news in recent years.

In February 2020, Huawei and two of its U.S. subsidiaries were were charged by the USA department of justice  with conspiracy to steal trade secrets and violate the Racketeer Influenced and Corrupt Organizations Act (RICO).

According to the DOJ, the Chinese companies obtained nonpublic intellectual property, which significantly decreased research and development costs, gaining an unfair competitive advantage against U.S. telecom equipment manufacturers.

One year earlier, in May 2019, the FCC blocked China mobile, another Chinese telecom giant, from providing international telecom services over U.S. networks.

Police arrest 150 people globally in dark web

Operation DarkHunTOR also recovered millions of euros in cash and Bitcoin, as well as drugs and guns.

Police around the world have arrested 150 suspects involved in buying or selling illegal goods online in one of the largest-ever stings on the dark web, according to Europol.

Operation DarkHunTOR also recovered millions of euros in cash and Bitcoin, as well as drugs and guns, the European Union’s police agency said on Tuesday.

The bust stems from a German-led police sting earlier this year taking down the “world’s largest” dark web marketplace, which had been used by its alleged operator, an Australian, to facilitate the sale of drugs, stolen credit card data and malware.

Police officers also confiscated 26.7 million euros ($31m) in cash and virtual currencies, as well as 45 guns and 234kg (516 pounds) of drugs, including 25,000 Ecstasy pills.

Italian police also shut down the “DeepSea” and “Berlusconi” marketplaces, “which together boasted over 100,000 announcements of illegal products”, said Europol, which coordinated the operation together with its twin judicial agency Eurojust.

We used only upper level criteria of the web
Design a site like this with WordPress.com
Get started