Archive for November 24, 2022

Bahamut group targets Android users with fake VPN apps; spyware steals users’ conversations: ESET

Posted in Commentary with tags on November 24, 2022 by itnerd

ESET researchers have identified an active campaign targeting Android users, conducted by the Bahamut APT group. This campaign has been ongoing since the start of this year. Malicious spyware apps are distributed through a fake SecureVPN website that provides only trojanized Android apps to download. This website has no association whatsoever with the legitimate, multiplatform SecureVPN software and service. Malicious apps used in this campaign are able to exfiltrate contacts, SMS messages, recorded phone calls, and even chat messages from apps such as WhatsApp, Facebook Messenger, Signal, Viber, and Telegram. ESET researchers discovered at least eight versions of the Bahamut spyware, which could mean the campaign is well-maintained. The malicious apps were never available for download from Google Play. 

All exfiltrated data is stored in a local database and then sent to the Command and Control (C&C) server. The Bahamut spyware functionality includes the ability to update the app by receiving a link to a new version from the C&C server.

If the Bahamut spyware is enabled, then it can be remotely controlled by Bahamut operators and can exfiltrate various sensitive device data, such as contacts, SMS messages, call logs, a list of installed apps, device location, device accounts, device info (type of internet connection, IMEI, IP, SIM serial number), recorded phone calls, and a list of files on external storage. By misusing accessibility services, the malware can steal notes from the SafeNotes application and actively spy on chat messages and information about calls from popular messaging apps, such as imo-International Calls & Chat, Facebook Messenger, Viber, Signal Private Messenger, WhatsApp, Telegram, WeChat, and Conion apps.

The Bahamut APT group typically uses spearphishing messages and fake applications as the initial attack vector, against entities and individuals in the Middle East and South Asia. Bahamut specializes in cyberespionage, and ESET Research believes that its goal is to steal sensitive information from its victims. Bahamut is also referred to as a mercenary group offering hack-for-hire services to a wide range of clients. The name was given to this threat actor, which appears to be a master in phishing, by the Bellingcat investigative journalism group. Bellingcat named the group after the enormous fish floating in the vast Arabian Sea mentioned in the Book of Imaginary Beings written by Jorge Luis Borges. Bahamut is frequently described in Arabic mythology as an unimaginably enormous fish.

For more technical information about the latest Bahamut APT group campaign, check out the blog post “Bahamut cybermercenary group targets Android users with fake VPN apps” on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

The Pentagon Releases A Zero Trust Strategy

Posted in Commentary with tags on November 24, 2022 by itnerd

The Pentagon has put forward a Zero Trust strategy. The purpose of this is to guide the DoD how to direct their cybersecurity investments and efforts in the coming years to reach a “target” level of zero trust maturity over the next five years

The release of DoD’s zero trust strategy follows on the heels of the White House Office of Management and Budget’s federal zero trust strategy published earlier this year. DoD’s strategy lays out a detailed and ambitious plan for defense components to attain specific zero trust capabilities by 2027.

The aim is to counter a “rapid growth” in offensive cyber threats by shifting away from a perimeter defense model to a “never trust always verify” mindset, DoD Chief Information Officer John Sherman wrote in the foreword to the strategy.

Providing commentary on this strategy is Steve Judd, Solutions Architect at Venafi:

“The latest zero trust strategy from the Defense Department is an important step in ensuring investment is made to accelerate the adoption of zero trust. It’s encouraging to see that deadlines to submit execution plans and for completion have been set, as without these there is often a lack of urgency to act. The move towards a “never trust always verify” mindset is also very positive as an essential element of zero trust is identity. Every actor on the network – whether inside or outside the perimeter – must be authenticated and authorized with a valid identity. Yet what people often overlook is that there are two actors on the network: humans and machines. These machines include everything from cloud servers and Kubernetes clusters to servers and applications, with special levels of privileges to communicate with one another in a trusted and secure way. So, it’s important that any zero trust project takes machine identity into consideration alongside human identity management. The best way to enable this is through a control plane which automates the management of these machine identities.”

Groups outside the DoD should pay attention this as I am certain that this will be helpful to guide them as to how to make their environments much more secure.

LinkedIn encourages “Career Cushioning” to young professionals in the face of economic uncertainty

Posted in Commentary with tags on November 24, 2022 by itnerd

According to the latest Statistics Canada data, job vacancies are on the rise estimating that in August 2022, there were nearly a million unfilled positions. These vacancies coupled with the threat of recession, talent reshuffle and layoffs across sectors have young professionals examining how they can better prepare for next wave of economic uncertainty. 

In response to potential economic downturn, LinkedIn is starting to see people, “Career Cushioning”, meaning they are taking actions to keep their options open and cushioning for whatever comes next in the economy and job market. 

LinkedIn offers support in helping young professionals feel more secure about their job experience and offers ways to upskill. Below are some of the specific ways to begin “Career Cushioning” using LinkedIn as a resource.

  • Tend to Your Network: A recent global survey from LinkedIn found that almost half of people (48%) use their professional network to get job advice or referrals.  
  • Skills Matters: More than 40% of hirers on LinkedIn explicitly use skills data to fill their roles, up over 30% year-over-year. 
  • Start to put feelers out there for new roles: Turning on Open to Work on your LinkedIn profile increases your likelihood of getting a recruiter message by 2X. 

This article on LinkedIn offers additional tips.

Guest Post: Almost 50% of social media users have been victims of online shopping scams, says survey

Posted in Commentary with tags on November 24, 2022 by itnerd

While many online shops are legitimate, scammers often take advantage of the anonymous nature of the internet to exploit unsuspecting victims by setting up fake ones. And with the rise of social media e-commerce, shopping scams are increasingly taking place on social platforms.

According to the data presented by the Atlas VPN team, based on the GoodFirms online survey, 47% of social media users have fallen victim to shopping scams before. 

Social media sites offer an easy and low-cost way to set up fake online shops. With the help of social media ads, these scam schemes can reach millions of consumers worldwide.

Phishing link and gift card scams are also frequent fraud schemes that end up costing social media users money or their data. In fact, 37% of surveyees reported being a victim of each of the scam types. 

In phishing link scams, cybercriminals send malicious URLs to potential victims via social media designed to steal personal data or infect the victim’s device with malware. Meanwhile, gift card schemes involve cybercriminals offering fake gift cards in exchange for money or personal information. 

Additionally, over 33% of surveyed social media users reported being victims of help scams. In help scams, cybercriminals pretend to be acquaintances of their potential victims that happen to be in an emergency situation. To help solve the emergency situation, they ask for money. Fraudsters may also impersonate charitable organizations and ask for donations.

Other scams social media users frequently fall for include job scams (30%), targeted advertising scams (27%), cloned and hacked account scams (23%), investment scams(17%), lottery scams (13%), impersonation with fake account scams (13%), quiz and polling scams (7%), romance scams (7%), and fake ticket scams (2%).

While social media scam techniques may vary, the end goal is typically the same. The fraudsters hope to score the victim’s money, personal data, or both. 

To read the full article, head over to:

The Twitter Gong Show Is Getting Even Worse…. Where Do I Even Begin?

Posted in Commentary with tags on November 24, 2022 by itnerd

This Twitter situation is simply getting crazy. But there are some themes that intertwine. Let’s start with the fact that some really “interesting” people have signed up for Twitter Blue accounts:

Almost 140,000 people paid $8 for a Twitter Blue subscription between November 10 and 15, the New York Times reported. 

The Times cited data from Travis Brown, a software developer in Berlin, who found over 137,000 accounts with Twitter Blue subscriptions between November 10 and 15 using a computer program. The program downloaded data including user’s following lists, screen time, the date they joined Twitter, and verification status. 

Brown found that the typical Twitter Blue subscriber had around 560 followers but some had over a million including Mika Salamanca, a YouTube creator with 3.9 million Twitter followers; Arabic news site, Alwatan News with 2.7 million followers, and several adult film performers. 

Many Twitter Blue subscribers were far-right influencers like Kenosha shooter Kyle Rittenhouse, Libs of TikTok, and Catturd2. 

Brown’s data showed that thousands of subscribers were linked to around 5,000 far-right Twitter accounts that had been flagged for pushing extremist ideas and some were also listed by Cornell University for posting conspiracy theories about election fraud. 

Twitter and Travis Brown did not immediately respond to a request for comment about the data outside normal working hours.

Now this isn’t exactly promising. But let’s go down the rabbit hole. Musk is now doing this:

Musk posted a poll on Wednesday asking whether the platform should offer “a general amnesty to suspended accounts, provided that they have not broken the law or engaged in egregious spam.” 

At the time of writing, 72% of the almost 3 million voters have said yes. 

That ties into this Tweet from Musk:

One based on this could get the impression that Musk is using this as a pretext to slant Twitter to the right. If that’s the case, this whole situation with Twitter will get ugly. How so you ask? How about this:

Julia Mozer and Dario La Nasa, who were in charge of Twitter’s digital policy in Europe, left the company last week, according to the Financial Times.

The executives were the driving force in getting the company to comply with the EU’s landmark Digital Services act, which came into force last week setting new rules for Big Tech firms to keep users safe online.

Other executives had already left the small Brussels office at the start of the month as Mr Musk sacked half of the company’s from 7,500 to around 3,750 in the weeks following his £38bn takeover. 

The Tesla and SpaceX chief executive had tweeted that “the bird is freed” after completing his acquisition of the platform. 

Shortly afterwards, European commissioner Thierry Breton issued a curt reminder of the EU’s content-moderation laws, saying: “In Europe, the bird will fly by our rules.” 

Mr Musk had said that Twitter’s series of layoffs was over this week, as he launched a recruitment drive. 

If you recall, Twitter is in the crosshairs of the EU due to moves like the stuff that I mentioned above for starters. And they will look at moves like the ones above with some degree of alarm. And they will react accordingly by calling Musk onto the carpet. The thing is, I can see Musk flipping the bird to the EU which will start a big fight between the two. You should get your popcorn ready for that when it happens. Because Elon’s right wing leanings are clearly coming into play here.

In other Twitter news, Musk also did this:

Elon Musk’s Twitter has decided to scrap holiday pay for contractors working for the social-media company, according to Platformer reporter Zoë Schiffer.

The measure will start during Thanksgiving, according to Schiffer.

Amid the mass layoffs since Musk’s takeover, Twitter started to fire contractors on November 12 and those affected found out they’d lost their job when they were locked out of work accounts, Axios reported.

It’s not the only measure that Twitter has reportedly introduced in the runup to Thanksgiving.

The Verge’s Alex Heath said on Thursday that some Twitter engineers received an email on Wednesday evening, saying they were fired because their “code is not satisfactory.” Twitter sent “performance warning” emails to other engineers, telling them to “restore our confidence and demonstrate your contributions to the team,” according to Heath.

The report came off the back of a leaked email, seen by Insider, saying on Monday that all Twitter employees who were coding or doing technical work would be expected to submit a weekly summary of everything they’ve worked on.

This is just plain stupid and is sure to send more employees to the exits. Nobody likes to be micromanaged. And when you combine that with no holiday pay, that’s a recipe for a big reaction from the workers in question. Especially since other companies are circling to grab Twitter employees.

Finally, let’s go back to Musk. I’m going to put it out there that he is a racist. I say that because of this:

What hasn’t been clear is what, exactly Musk thinks of Black Twitter, which is arguably the most critical community to have taken shape organically and to elevate Twitter’s relevance as a platform for conversation, activism and storytelling along the way. Before now, that wouldn’t have mattered. Nobody cared what Twitter co-founder and ex-CEO Jack Dorsey thought about Black Twitter, because it was undeniable that Black Twitter was good for business under his watch.

Musk, however, is a different story: his notions of “free speech” on the platform mean greenlighting the comeback of Donald Trump and other hatemongers and as a manager he’s fired thousands of employees who were part of an intentional internal strategy to attempt to make the company as diverse as the voices on its platform. And now, weeks into his tenure as “chief twit”, we have an idea of exactly what regard Musk holds Black Twitter and the community of Black staffers inside the company. The Independent reports on a Musk tweet, since deleted, in which he made light of t-shirts that had been created by the company’s “Blackbirds” employee resource group, and mocked the Black Lives Matter movement.

I encourage you to read the entire article because clearly this is unacceptable and needs to be called out. And you might want to keep this in mind the next time you think of buying a Tesla. Or using Twitter.