KW 38: New DeFi hack causes millions in damage, Windows and Microsoft Office – Hackers exploit dangerous security gap, Malicious apps spread via fake Facebook profiles

NEWS

New DeFi hack causes millions in damage: pNetwork, a cross-chain decentralized finance (DeFi) protocol, has become the latest protocol to be targeted by hackers on Binance Smart Chain (BSC), reporting a loss of roughly $12.7 million worth of Bitcoin (BTC). According to a Twitter thread published by pNetwork on Monday, the incursion resulted in 277 pBTC being siphoned from the exchange. The hackers made off with the majority of the network’s collateral, pNetwork added. pNetwork did not detail how the attack took place but said a hacker was able to leverage a bug in its codebase and drained pBTC from the BSC blockchain.
cointelegraph.com, theblockcrypto.com

Windows and Microsoft Office – Hackers exploit dangerous security gap: In August, Microsoft Threat Intelligence Center (MSTIC) identified a small number of attacks (less than 10) that attempted to exploit a remote code execution vulnerability in MSHTML using specially crafted Microsoft Office documents. These attacks used the vulnerability, tracked as CVE-2021-40444, as part of an initial access campaign that distributed custom Cobalt Strike Beacon loaders. These loaders communicated with an infrastructure that Microsoft associates with multiple cybercriminal campaigns, including human-operated ransomware.
microsoft.com

Malicious apps spread via fake Facebook profiles: Attackers have been targeting the Kurdish ethic group for more than a year through an Facebook-based spyware campaign that disguises backdoors in legitimate Android apps, researchers have found. A group called BladeHawk is behind the campaign, discovered by researchers from cybersecurity firm ESET and active since at least March 2020, according to a report published at the start of September. The campaign disguises the 888 RAT in Android apps using dedicated Facebook profiles, researchers aid.
threatpost.com

– Advertisement –
IoT – Ticker -The physical world meets the digital one. Internet of Things as an interface that revolutionizes both the industry and everyday life. Get a weekly update from the world of „Internet of Things“. iot-ticker.net

Malware in Teamviewer download links – Cyber attack on German bank customers: SentinelLabs researchers have identified a new targeted campaign delivering ZLoader banking trojan. The malware is also known as ZBot and Silent Night which has been spreading its infection since 2016. The latest campaign involving ZLoader is believed to be targeting financial institutions in Australia and Germany. The campaign aims to intercept users’ web requests made to the banking portals and steal banking credentials. To stay under the radar, threat actors have included a series of commands to disable Windows Defender. The trojan is distributed via Google AdWords once all Windows Defender modules are disabled on the targeted machine.
hackread.com

Cyber police achieved major breakthrough, arrested 11 criminals from Jamtara: Cyber police in the Indian city of Jamtara have arrested 11 suspected cybercriminals, recovering 27 mobile phones, 37 SIM cards, eight ATM cards, two cheque books, eight savings account passbooks, one laptop, one bike and one Aadhaar card. All the criminals are said to be residents of Karamatand and Narayanpur. Earlier in September, the Delhi Police cyber cell arrested 14 cyber criminals linked to the Jamtara gang. The Delhi Police cyber cell had interrogated the criminals rigorously, leading to fresh revelations. The gang had admitted to cheating more than 1500 people in 27 states of the country. The police thus succeeded in exposing the scam that had been going on for a long time.
english.newstracklive.com

IIoT systems are particularly vulnerable to hacker attacks: The security company IoT Inspector criticizes massive security gaps in industrial plants. A hacker attack could have dire consequences for a company. IoT Inspector found security gaps in nine out of ten devices in random samples. The reason for this is that production computers and other IoT devices often contain OEM technology from several third-party manufacturers. This means that the security vulnerability is often hidden and almost invisible to the company’s own IT department, unless a deep firmware analysis is carried out. Florian Lukavsky, IoT expert and managing director of IoT Inspector, called for a security control with fixed guidelines for IoT technology.
industry-of-things.de, iot-inspector.com

Election check: The German parties‘ plans on data security and data protection t3n.de
Data leak: Data of 106 million travelers to Thailand leaked golem.de
Hacking: Tiktok deletes how-tos and tutorials t3n.de
Cybersecurity: Police break up mafia cybercrime activities golem.de
New scam: This is how cybercriminals steal your bank data netzwelt.de

– Advertisement –
African Edition – The weekly newsletter that provides you with hand-picked news about current discussions and news from Africa: from socio-political developments to African-European relations. The continent at a glance. african-edition.com

NUMBER OF THE WEEK

Bitdefender, a Romanian manufacturer of antivirus software packages, reported that the number of ransomware attacks increased by a staggering 485% in 2020, with many targets located in the public sector.
it-daily.net

BACKGROUND

Google Assistant – how voice AI helps with German elections: Many first-time voters are still asking themselves the question: How do elections actually work? Google Assistant provides the answers. Google’s voice assistant is available on every device based on a Google operating system. This includes smartwatches with WearOS, infotainment systems in vehicles with Android Automotive, smart speakers, smart displays with CastOS or Fuchsia OS and, of course, Android smartphones. Meanwhile, there is also a Google Assistant app for Apple’s iPhones. For Germany’s upcoming election, Google has published a list of voice commands that are intended to provide first-time voters or inexperienced users with relevant information, explaining the voting system or how postal voting works. Google Assistant also lists all parties that are up for election on display devices such as the Google Nest Hub 2. In addition, Google is offering the „How to vote“ function for the first time in Germany. For various search queries on terms related to the election, the search engine offers direct answers.
mixed.de

Artificial intelligence a key challenge for Germany’s next government: AI is poised to become one of the key technologies of the economic and industrial future. Germany’s federal election is just around the corner, and the country’s next government will have a laundry list of grievances to address to make the country fit for the AI future. Since 2018, the German government has had a strategy in place aimed at cultivating the use of artificial intelligence at home, backed up by similar efforts on the EU level. To become attractive to international AI talent, Germany will have to improve its reputation in the realm of tech and innovation. In 2019, over 50% of AI job vacancies in Germany either could not be filled or were filled later than wished or with less desirable candidates. „AI can assist in the management of pandemics, for example in pandemic forecasting, monitoring and modeling the course of the epidemic or the effectiveness of different measures, and in research, inter alia in developing vaccines,“ wrote the authors of the government’s strategy update.
dw.com

QUOTE

„Congratulations @Inspiration4x!!!“
SpaceX founder Elon Musk on Twitter. For three days, an „amateur troop“ orbited the Earth in the SpaceX founder’s spaceship without a professional astronaut on board.
twitter.com, faz.net

SECURE?

An AI app assembles arbitrary faces into porn: A website allows users to turn anyone into a porn star by using deepfake technology to swap the person’s face into an adult video. All it requires is the picture and the push of a button. The service was discovered and brought to the attention of MIT Technology Review by deepfake researcher Henry Ajder, who has been tracking the evolution and rise of synthetic media online. From the beginning, deepfakes, or AI-generated synthetic media, have primarily been used to create pornographic representations of women, who often find this psychologically devastating. To this day, the research company Sensity AI estimates, between 90% and 95% of all online deepfake videos are nonconsensual porn, and around 90% of those feature women.
technologyreview.com

Newsletter subscription

Subscribe to our free weekly newsletter for a compact overview of safety and security topics:

Safety-Security-Ticker

More digital news briefings

Our political briefings