July 2023, 3rd. Week Newsletter

TikTok is now supporting passkeys on iPhone

TikTok is the latest app to gain passkey authentication support that lets users log in to their accounts using biometrics like Face ID and Touch ID, but it’s only coming to iOS devices for now.

Wormgpt New AI Tool Allows Cybercriminals to Launch Sophisticated Cyber Attacks

A new AI cybercrime tool called WormGPT has been advertised on underground forums as a way for adversaries to launch sophisticated phishing and business email compromise (BEC) attacks.?

New cryptocurrency offers users tokens for scanning their eyeballs

Worldcoin is a cryptocurrency project aiming to distribute coins to every person on the planet. They plan to achieve this by using facial recognition via an app called "Worldchat."?However, the project has sparked concerns about privacy and surveillance. OpenAI's ChatGPT will be involved in verifying identities for coin distribution, which raises further questions about data security and control.

North Korean State-Sponsored Hackers Suspected in JumpCloud Supply Chain Attack

North Korean state-sponsored hackers are suspected to be involved in the supply chain attack on JumpCloud, according to the analysis of the indicators of compromise by cybersecurity firms SentinelOne and CrowdStrike. The attack was attributed to a North Korean actor known as Labyrinth Chollima, a sub-cluster within the Lazarus Group. The hackers demonstrated strategic awareness and a multifaceted approach to infiltrate developer environments. This attack was used as a springboard to target cryptocurrency companies and generate illegal revenues for the sanctions-hit nation. In addition, a social engineering campaign targeting personal accounts of employees in technology firms, particularly in the blockchain and cryptocurrency sectors, was also linked to a North Korean hacking group named Jade Sleet.

Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats

Microsoft is expanding its cloud logging capabilities to help organizations investigate cybersecurity incidents and combat nation-state cyber threats. This move comes after Microsoft faced criticism for a recent espionage attack campaign on its email infrastructure. The change will provide customers with access to wider cloud security logs at no additional cost, allowing them to visualize more types of cloud log data across their enterprise. Users will have access to detailed logs of email access and other log data, and the retention period for Audit Standard customers will be extended. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has praised this development as a significant step forward in advancing security.

HotRat: The Risks of Illegal Software Downloads and Hidden AutoHotkey Script Within

Despite risks to their own data and devices, some users continue to be lured into downloading illegal versions of popular paid-for software, disregarding the potentially more severe repercussions than legitimate alternatives. We have analyzed how cybercriminals deploy HotRat, a remote access trojan (RAT), through an AutoHotkey script attached to cracked software. This malware variant facilitates a range of malicious actions, including the theft of credentials, capturing screenshots, and installing additional malware. The post HotRat: The Risks of Illegal Software Downloads and Hidden AutoHotkey Script Within appeared first on Avast Threat Labs.

macOS Under Attack: Examining the Growing Threat and User Perspectives

As the number of macOS users continues to increase, hackers are increasingly targeting Apple's operating system. Recent attacks, such as the "Geacon" Cobalt Strike tool attack and the MacStealer malware, have put the security and privacy of Mac users at risk. Other malware, like CloudMensis and JockerSpy, also pose threats by stealing sensitive information and gaining unauthorized access to users' systems. Even state-sponsored hacking organizations have started targeting Apple Macs. Despite these growing threats, many Mac users still underestimate the importance of cybersecurity and engage in risky online behaviors. There is a lack of clarity around security tools and a need for reliable sources of information. It is crucial for Mac users to be vigilant, prioritize cybersecurity, and stay informed about the evolving threat landscape

Introducing EncryptionSafe: A Free and Easy-to-Use Encryption App for Windows PC

EncryptionSafe is a free, user-friendly encryption application specifically designed for Windows PCs. Developed by SmartPC Tools, EncryptionSafe aims to make encryption accessible to all users, regardless of their technical expertise. With the increasing amount of sensitive information stored on PCs and in the cloud, EncryptionSafe provides an easy solution for encrypting personal and confidential files. It offers a user-friendly interface, and file-level encryption, and utilizes strong encryption algorithms to ensure robust security. EncryptionSafe is available as a free download exclusively for Windows PC users, reflecting SmartPC Tools' commitment to making privacy accessible to all.