We have gathered the week’s most important cybersecurity news.
- Nansen users were targeted by phishing after an email address leak.
- North Korean hackers attacked CyberLink’s supply chain.
- Hackers demanded the synthesis of catgirls from the breached nuclear laboratory.
- Researchers bypassed Windows Hello fingerprint authentication on Microsoft, Dell, and Lenovo laptops.
Nansen users targeted by phishing after email-address leak
Customers of the analytics platform Nansen received phishing emails offering participation in an exclusive airdrop. The incident was first noticed by crypto researcher Officer_cia.
Users have reported receiving phishing emails from fake @nansen_ai today… stay safe! FYI @ASvanevik pic.twitter.com/jqVRVE9by9
— Officer’s Notes (@officer_cia) November 24, 2023
The messages came from the address mail@networkforgood.com, unrelated to the company.
The attackers offered to switch within 48 hours to a forged site, allegedly distributing NANSEN tokens.
According to Officer_cia, the scammers gained access to user email during the breach of a third-party Nansen supplier.
Six point eight percent of customers were affected. Some had password hashes and wallets exposed. Nansen itself noted that the incident did not affect customer funds.
North Korean hackers attacked CyberLink’s supply chain
North Korean hacker group Diamond Sleet hacked Taiwanese multimedia software developer CyberLink. This was reported by Microsoft Threat Intelligence.
According to them, attackers infected one of the company’s installers with the LambLoad trojan to target the supply chain. As of the time of writing, the malicious activity affected more than 100 devices in various countries, including Japan, Taiwan, Canada and the United States.
The malware loads its payload from a PNG image.
Microsoft researchers first observed the modified installer activity on October 20. They notified CyberLink of the ongoing activity.
From the breached nuclear laboratory they demanded the synthesis of catgirls
The Idaho National Laboratory (INL) suffered a data breach following a hacker attack by SiegedSec. Local media reported.
INL is involved in next-generation nuclear power plant development, light-water reactors, cybersecurity of control systems, testing of advanced transport, bioenergy, robotics, and nuclear waste reprocessing.
Hackers leaked detailed information of hundreds of thousands of employees and users of systems, including full installation data, email addresses and phone numbers, Social Security numbers, home addresses, and employment information.
In a post on the hacker forum SiegedSec stated that they were willing to remove the leak if the laboratory began research into catgirl synthesis.
A representative of INL confirmed the breach. An investigation is underway with participation from intelligence and law enforcement agencies.
Researchers bypassed Windows Hello fingerprint authentication on Dell, Lenovo, and Microsoft Surface Pro X
Security flaws in the Windows Hello fingerprint scanner allowed bypassing authentication on Dell Inspiron, Lenovo ThinkPad, and Microsoft Surface Pro X laptops. This was reported by Blackwing Intelligence researchers.
Boom!
Windows Hello fingerprint authentication bypassed on top three devices:
— Dell Inspiron
— Lenovo ThinkPad
— Microsoft Surface Pro
Still waiting for recordings from our BlueHat talk to drop, but here’s our writeup: https://t.co/BTkIJQpE9F#infosec #security #vulnresearch…— Jesse D’Aguanno (@0x30n) November 21, 2023
To prevent replay and matching of fingerprints stored on the host, Microsoft developed the SDCP. However, experts found that it covers only a narrow scope of a typical device.
The MiTM attack was conducted via a dedicated Raspberry Pi 4 running Linux, connected to the tested laptops.
On Dell and Lenovo, authentication was bypassed by brute-forcing valid identifiers and substituting the attacker’s fingerprint as a legitimate Windows user.
The Microsoft Surface sensor did not have SDCP protection. To hack it, one had to disconnect the Type Cover keyboard and attach a USB device that spoofed the fingerprint sensor, signaling the system that an authorized user had logged in.
Moscow court fines Telegram 4 million rubles
The Tagansky Court of Moscow issued an administrative fine of 4 million rubles to the messenger for not removing prohibited information in Russia. This is the maximum penalty under the article.
As reported by TASS … the information discrediting the Russian army, as well as “information aimed at destabilising the country and justifying extremist activity”.
In addition, the messenger did not restrict access to information about illegal sale and cashing of Pushkin Cards.
Top scams on Black Friday
Experts from Kaspersky Lab shared with ForkLog popular online scam schemes during Black Friday.
Phishing and scams topped the list. In the first ten months of 2023, the company’s solutions detected nearly 31 million phishing attacks worldwide targeting online stores, payment systems, and financial institutions. In 43.5% of cases, attackers masqueraded as e-commerce platforms — 13 million attacks.
Since October, the number of domains using the words “Black Friday” or “black friday” has tripled. These include entirely fictitious stores as well as credible copies of real online platforms selling clothing, home appliances, and electronics. Most often, there is a scheme where buyers do not receive the goods they purchased.
Additionally, attackers actively create fake pages offering Apple products. From January to October 2023, experts detected 2.8 million phishing attacks mentioning this brand.
Also scammers may, for example, gradually drain a user’s money by tying a bank card to their “online store,” or offer to buy non-existent gift certificates of well-known marketplaces.
Also on ForkLog:
- Cyberpolice of Ukraine opened over 1500 cases related to cryptocurrencies in a year.
- A hacker drained crypto assets to the value of $47 million from KyberSwap pools. The company offered him to return 90% of the funds for a reward.
- A court in Montenegro approved the extradition of Do Kwon.
- Expert: mining pools block transactions from sanctioned addresses.
- Analysts estimated HTX and Heco Bridge breach loss at $110 million.
- Tether frozen $225 million linked to a criminal syndicate in USDT.
- Bybit, Bitstamp and several other exchanges started sharing client data with Russian banks.
- A hacker drained $25 million from Kronos Research platform.
- dYdX lost $9 million in a targeted attack.
- Justin Sun increased the reward for the Poloniex hacker to $10 million.
What to read this weekend?
ForkLog’s exclusive on the Worldcoin biometric data collection project and the hacker attack on it.