News Items

Clemson University is opening a National Center where researchers will develop new methods to bolster the transportation system security against cyberattacks. The new National Center for Transportation Cybersecurity and Resilience (TraCR) will receive a five-year grant of $20 million from the US Department of Transportation. Researchers are working to develop software and hardware that will serve as impenetrable cyber defense. Connecting cars wirelessly to each other and to the roadway infrastructure can reduce traffic congestion, accidents, fuel consumption, pollution, and social disparities. However, it also exposes the transportation system to cyber threats from hackers, criminal gangs, terrorists, and other malicious actors. With each car and piece of infrastructure that connects to the Internet, there is the potential to steal data, breach privacy, demand a ransom, deliver false information, or even bring down an entire system. The new center will place Clemson University at the frontline of the nation's defense against major infrastructure threats. Benedict College, Florida International University, Morgan State University, Purdue University, South Carolina State University, the University of Alabama, the University of California, Santa Cruz, and the University of Texas at Dallas are partner institutions. The center's researchers plan to examine multiple modes of transportation, from cars, trucks, and bicycles to passenger rail, maritime transport, and pipelines. Researchers will create an adaptive and resilient platform to help detect threats and defend against attacks that hackers have not yet invented. The team will also delve into quantum computing, looking at how to evaluate threats from quantum computers and how such computers can be used to defend against cyberattacks. This article continues to discuss the new National Center for TraCR at Clemson University, which will develop software and hardware to combat cyberattacks on the nation's transportation systems.

Clemson University reports "Clemson University Joins Nation's Frontline Defense against Cyberattacks on the Transportation System"

The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) has released a Cybersecurity Advisory (CSA) titled "CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks," describing a red team assessment of a large organization with a mature cyber posture that manages critical infrastructure. CISA's new CSA delves into the red team's tactics, techniques, and procedures (TTPs) as well as key findings for network defenders wanting to take proactive steps to decrease the threat posed by malicious cyber actors. As described in the CSA, the CISA red team gained persistent network access to the organization, moved laterally across numerous geographically separate facilities, and gained access to systems close to the organization's sensitive business systems. This advisory emphasizes the significance of early detection and ongoing monitoring of cyber assets. This article continues to discuss the CSA on CISA red team findings to help network defenders improve the monitoring and hardening of their networks.

HSToday reports "CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks"

Pentera surveyed 300 CIOs, CISOs, and security leaders from businesses in Europe and the US, revealing that a cyberattack had impacted 88 percent of organizations over the past two years. The Pentera study finds that this is the case despite companies employing an average of nearly 44 security solutions. While regulatory requirements first drove the need for penetration testing, the primary reasons for such testing today are security validation, potential damage assessment, and cyber insurance. With only 22 percent of respondents reporting compliance as their top reason for the activity, regulatory or executive obligations remain significant but are not the key driver of penetration testing. This article continues to discuss key findings from Pentera's survey of CIOs, CISOs, and security executives.

BetaNews reports "88 Percent of Organizations Have Suffered Cyber Breaches in the Last Two Years"

Security researchers at Rapid7 discovered that in 2022, the widespread exploitation of new vulnerabilities was down 15% over the previous year, zero-day attacks declined 52% from 2021, and there were 33% fewer vulnerabilities known to have been exploited as part of a ransomware attack. The researchers noted that, on the surface, it might appear that things were easier for security teams last year. That would be wrong. During their study, the researchers also found that the time from vulnerability disclosure to exploitation is decreasing. A large number of vulnerabilities are being exploited before security teams have any time to implement patches or other mitigations. To be precise, 56% of the vulnerabilities were exploited within seven days of public disclosure, a 12% increase over 2021 and an 87% increase over 2020. The researchers noted that resources for triaging and remediating vulnerabilities remain limited, and priorities can be misdirected. The researchers believe that there are three primary takeaways from their current research. The first is that widespread threats remain high, even though they are down from 66% in 2021 to 56% in 2022's dataset. The second takeaway is the complexity of the ransomware ecosystem and how that affects visibility and statistics. And the last takeaway is that ransomware groups are leveraging fewer new vulnerabilities than they did in 2021.

SecurityWeek reports: "Vulnerabilities Being Exploited Faster Than Ever: Analysis"

Security experts are warning that remote workers in the UK capital are being bombarded with cyberattacks after recording 91 million threats over a 28-day period in January. Insurer Coalition set up a series of honeypots in a project with police non-profit the Cyber Resilience Centre for London in a bid to calculate the cyber threat level to organizations operating in the region. Coalition's UK security researcher, Simon Bell, stated that they use honeypots to learn about threat actors and their methods. Once the attack happens, one can see what vulnerabilities the cybercriminal is looking for and how they try to exploit them. Bell noted that in this exercise, their honeypots were given IP addresses that were identified as physical data centers in London. The study recorded 2000 attacks per minute targeting the honeypots, with 85% of them attempting to hijack remote desktop connections used by employees working outside the office. The attacks were traced back to 101,000 different threat actors, with Russia as the largest single source of attacks, followed by Bulgaria, Monaco, and Panama. However, Coalition quickly pointed out that many threat actors hide their true location using VPNs routed through other countries. Bell argued that the research showed how working from home has significantly widened the corporate attack surface.

Infosecurity reports: "London Honeypots Attacked 2000 Times Per Minute"

According to new research, pet and animal-related apps pose cybersecurity risks to their owners. Many pet owners may find the ability to track their cats and dogs appealing since it can bring peace of mind. However, enabling a third party to track their movements can be less appealing. Through the analysis of 40 popular Android apps for pets, computer scientists from Newcastle University and Royal Holloway, University of London, have uncovered a number of security and privacy problems. Several of these apps put their users at risk by disclosing their login credentials or location information. One of the issues revealed by the researchers was password weakness. They found three apps that had user login details visible in plain text within non-secure HTTP traffic. This means that anyone can look at the Internet traffic of an individual using one of these apps and obtain their login credentials. In addition to login information, two of the apps displayed user details that may allow cybercriminals to access their devices and launch an attack. The researchers identified the use of trackers as an additional area of concern. All apps except for four were discovered to include tracking software. The team also cautions that the privacy policies of the apps are poorly communicated to the user. Their study reveals that 21 apps track the user in some manner prior to the user's authorization, thus violating existing data protection regulations. This article continues findings from the research on the cybersecurity risks posed by pet and animal-related apps.

Newcastle University reports "Are Our Pets Leaking Information About Us?"

According to CrowdStrike's annual Global Threat Report, adversaries have become more sophisticated and destructive in their cyberattacks. Malware activity has declined, indicating that threat actors are experimenting with alternative means of attack. Seventy-one percent of all detections were malware-free in 2022, up from 62 percent in 2021. This was in part due to the exploitation of valid credentials by adversaries to facilitate access and persistence in victim environments. CrowdStrike stated that the rate at which new vulnerabilities were disclosed and the speed at which adversaries were able to deploy exploits also played a role. Meanwhile, interactive intrusion campaigns or attacks that required a more 'hands-on' approach from cybercriminals surged by 50 percent, indicating that threat actors are increasingly seeking ways to circumvent automated detections. Another notable trend is decrease in the time it takes for an adversary to move laterally from one compromised host to another within the victim's environment or network of targeted computer systems. This reduced from 98 minutes in 2021 to 84 minutes the year prior, meaning that defenders were under increased pressure to detect and respond to an incursion. CrowdStrike, which monitors more than 200 adversaries, also reported an increase in "China-nexus" espionage. In the last year, threat actors associated with China attacked all 39 global industry sectors and 20 geographic regions. This article continues to discuss key findings from CrowdStrike's Global Threat Report.

Cybernews reports "Threat Actors Getting Smarter as China-Linked Attacks Rise"

The Russia-Ukraine conflict has impacted cyberspace on all levels, from nation-state Advanced Persistent Threats (APT) groups to low-level carders on Dark Web forums. A new report from Recorded Future details the numerous cyberspace repercussions of that event. Cybercrime activity has changed, allies have become foes, power structures have been restructured, and more. According to the Recorded Future report "Themes and Failures of Russia's War Against Ukraine," despite "compounding strategic and tactical failures," Moscow presumably remains focused on conquering Kiev, overturning the Ukrainian government, and scoring a decisive military triumph. Russia's offensive cyber operations have been unable to complement Russia's conventional military success and will likely turn to targeting civilian infrastructure in an effort to degrade Ukraine's morale. Russia's continued reliance on proxy groups to achieve its objectives in Ukraine while maintaining plausible deniability has shed additional light on the connections between Russian Intelligence Services (RIS) and non-state actors, as evidenced by Russia's direct, indirect, and tacit relationships with cybercriminal and hacktivist groups. This article continues to discuss key points from Recorded Future's report on the disruption of the cybercriminal ecosystem by Russia's war against Ukraine.

Dark Reading reports "How the Ukraine War Opened a Fault Line in Cybercrime, Possibly Forever"

Exfiltrator-22 is a new post-exploitation framework being promoted by threat actors to spread ransomware across corporate networks while evading detection. According to threat analysts at CYFIRMA, this new framework was developed by former LockBit 3.0 affiliates with expertise in anti-analysis and defense evasion, offering a powerful solution for a monthly price. Exfiltrator-22 is priced between $1,000 per month and $5,000 for lifetime access, with ongoing updates and support included. The framework's buyers are provided with an admin panel hosted by a Virtual Private Server (VPS) from which they could control the malware and issue commands to compromised systems. On November 27, 2022, the first version of the Exfiltrator-22 framework was discovered in the wild. About ten days later, its makers created a Telegram channel to advertise the framework to other cybercriminals. By the end of the year, threat actors had disclosed additional features that helped mask traffic on hacked devices, indicating that the framework was actively being developed. In January 2023, its authors deemed the framework to be 87 percent complete, and subscription prices were released, allowing interested users to purchase access to the tool. The threat actors uploaded two videos on YouTube on February 10, 2023, demonstrating Exfiltrator-22's lateral movement and ransomware-spreading capabilities. This article continues to discuss the Exfiltrator-22 framework being promoted by threat actors.

Bleeping Computer reports "New Exfiltrator-22 Post-exploitation Kit Linked to LockBit Ransomware"

According to researchers at Kaspersky, mobile malware developers were busy in 2022, flooding the cybercrime landscape with twice the number of banking trojans than the year before. The researchers stated that nearly 200,000 new mobile banking Trojans emerged in 2022, a 100% increase from the year before and the biggest acceleration of mobile malware development seen in the last six years. In total, the firm detected 1.6 million installers for mobile malware within its telemetry during the year. That's actually a decline in threat activity (down from 3.5 million in 2021 and 5.7 million in 2020), even as malware creation surges ahead. The researchers stated that this drastic increase in banking Trojan development signifies that cybercriminals are targeting mobile users and are increasingly more interested in stealing financial data and actively investing in the creation of new malware. Banking Trojans are built to steal mobile bank account credentials or e-payment details, but they can often be repurposed for other kinds of data theft or used to install additional malware. The researchers noted that while unofficial app stores pose the greatest potential for encountering a banking Trojan, Google Play has been repeatedly populated with "downloaders for banking trojan families, such as Sharkbot, Anatsa/Teaban, Octo/Coper, and Xenomorph, all disguised as utilities."

Dark Reading reports: "Mobile Banking Trojans Surge, Doubling in Volume"

Fully Homomorphic Encryption (FHE) enables algorithms to do direct computations on encrypted data. Usually, sensitive data is encrypted, and it must be decrypted before it can be used for any form of analysis or computing. The analysis or computation is conducted while the sensitive data is in an unencrypted state, and then the data is re-encrypted. Matthew French, Research Director at USC Viterbi's Information Sciences Institute (ISI), says that the problem with these schemes is that there is inevitably a breakdown in the process, and someone can snoop on the unencrypted processing, or someone can forget to re-encrypt the data. In the past decade, breakthrough advances in algorithms have enabled FHE, which eliminates the need to decrypt and re-encrypt data, resulting in a far more secure system, according to French. However, FHE requires substantially more computational power to accomplish tasks equivalent to those that are not encrypted. FHE requires around 100,000 times more processing than conventional techniques, so FHE must decrease the computation gap in order to be useful. French and his colleagues took on the challenge with their co-processor, TREBUCHET, which addresses this by developing custom computer hardware to accelerate FHE processing with the aim of achieving ten times the speed of traditional processing. TREBUCHET was created for the Data Protection in Virtual Environments (DPRIVE) Program of the Defense Advanced Research Projects Agency (DARPA). There are both private research facilities and academic institutions on the team. This article continues to dicuss the concept of FHE and the TREBUCHET solution.

USC Viterbi reports "TREBUCHET: A High-Powered Processor for Cutting-Edge Encryption"

According to security researchers at Menlo Security, an unknown threat actor is targeting APAC and North American governments with info-stealing malware and ransomware. The researchers noted that the group's attacks begin with a phishing email containing a malicious Discord link, which points to a password-protected zip file. That, in turn, contains a .NET malware downloader known as PureCrypter. The researchers stated that the loader will try to download a secondary payload from the group's command and control (C2) infrastructure, which is a compromised domain belonging to a non-profit. Among the malicious payloads observed by the researchers in this campaign are various info-stealers and ransomware variants: Redline Stealer, AgentTesla, Eternity, Blackmoon, and Philadelphia ransomware. In the sample analyzed by the researchers, PureCrypter attempts to download AgentTesla, an advanced backdoor designed to steal browser-based passwords, as well as take screen captures and log keystrokes. The researchers stated that in their investigation, they found that AgentTesla establishes a connection to an FTP server where it stores the stolen victim's credentials. The FTP server appears to have been taken over, and the leaked credentials for the domain were found online, thus suggesting that the threat actors used these credentials to gain access to the server. The researchers noted that the FTP server was also seen in a campaign using OneNote to deliver malware. Attackers have been sending phishing emails with links to malicious OneNote files that can download additional malware or steal information from the victim's device. Altogether, the researchers found 106 files using said FTP server.

Infosecurity reports: "Governments Targeted by Discord-Based Threat Campaign"

Researchers at a Quebec university are looking into how prepared power utilities are for cyberattacks, as well as the security of wireless industrial Internet-connected devices. Ottawa recently announced that it gave the University of Sherbrooke the second half of just under $2 million for the study. One project is evaluating the resiliency of Hydro Sherbrooke, a medium-sized power distributor, in the context of Industry 4.0, specifically its ability to detect new threats. Industry 4.0 refers to the incorporation of new technologies such as Internet of Things (IoT) devices, cloud computing, and Artificial Intelligence (AI) into a company's production centers and general operations. The second project analyzes the security of industrial IoT devices with 5G connectivity and edge computing. It involves exploring the applications of the devices in agriculture, water management, and building management. Bell Canada, VMware, Honeywell, and the cities of Sherbrooke and Magog, Quebec, are partners in this study. Lessons learned from both projects will be shared with the power, telecommunications, and Information Technology (IT) manufacturing industries. This article continues to discuss the new projects investigating the readiness of power utilities to face cyberattacks and the security of wireless industrial Internet-connected devices.

IT World Canada reports "Researchers Looking Into Cybersecurity of Canada's Power, IoT Sectors"

Researchers discovered a new payload delivered by the Wslink malware downloader and believe it is part of the toolset maintained and deployed by the Lazarus Group, which is associated with North Korea. ESET researchers found the Wslink loader in 2021, which has a few unique features, the most notable of which is its ability to run as a server rather than a client. Wslink, like other loaders, allows the actors who deploy it to download and install additional malware or tools onto a compromised machine. The researchers were unable to find the payload that Wslink delivered when ESET examined the loader, but they recently discovered one, which they dubbed WinorDLL64. The payload was discovered on a small number of victim machines in locations previously targeted by the Lazarus Group, including Europe and North America. There are also some code commonalities between WinorDLL and other samples used by the Lazarus Group, such as Bankshot and GhostSecret. The ESET researchers discovered several behavioral parallels with known Lazarus Group tools, but they were not certain that WinorDLL was used by the gang. This article continues to discuss the new payload delivered by the Wslink malware downloader, possibly part of the cache of tools maintained and deployed by the Lazarus Group.

Decipher reports "Possible New Lazarus Group Backdoor Found"

Intel has reported recently that it has paid out more than $4.1 million through its bug bounty program since its creation in 2017. Intel noted that, on average, between 2018 and 2021, they paid $800,000 through its bug bounty program each year for vulnerabilities discovered in the company's products. In 2022, it awarded $935,000. Intel says a total of 243 vulnerabilities were reported in 2022, roughly the same as in the previous three years. Intel noted that more than half of the 2022 vulnerabilities were found internally by them, and 90 security flaws, representing 37% of the total, were reported via its bug bounty program. The company engaged 151 researchers last year, more than double compared to the previous three years. Intel stated that most of the vulnerabilities were discovered in Intel software, processors, and network communications products. Only two issues were assigned a "critical" severity rating, but 79 were classified as having "high" severity. Intel has helped create a hardware common weakness enumeration (CWE) list, and 19 of the hardware vulnerabilities addressed last year were assigned to 13 hardware CWEs.

SecurityWeek reports: "Intel Paid Out Over $4.1 Million via Bug Bounty Program Since 2017"

Many aircraft, spacecraft, and weapons systems contain an onboard computer network referred to as military standard 1553, sometimes known as MIL-STD-1553 or just 1553. The network is a tried-and-true protocol for enabling communications between systems such as radar, flight controls, and the heads-up display. According to Chris Jenkins, a Sandia cybersecurity scientist, securing these networks against a cyberattack is a national security issue. He said that if a hacker took control of 1553 mid-flight, the pilot would lose control of critical aircraft systems. Several researchers across the US are developing protections for systems that use the MIL-STD-1553 protocol. Chris and his Sandia team recently collaborated with Purdue University researchers in West Lafayette, Indiana, to test an idea that could protect these critical networks. Their findings, which were recently published in the scientific journal IEEE Transactions on Dependable and Secure Computing, show that when used correctly, a technique known in the cybersecurity realm as Moving Target Defense (MTD) can effectively secure MIL-STD-1553 networks against a Machine Learning (ML) algorithm. This article continues to discuss the collaborative work on a moving target defense that makes a computer network commonly used on many aircraft, spacecraft, and weapons systems less vulnerable to cyberattacks.

Sandia National Laboratories reports "Hackers Could Try to Take over a Military Aircraft; Can a Cyber Shuffle Stop Them?"

Radio stations in multiple Russian cities were recently hacked to broadcast fake air raid warnings. Air raid alerts were heard in Belgorod, Kazan, Novosibirsk, Penza, Magnitogorsk, Ufa, Voronezh, Nizhny Novgorod, Tyumen, Izhevsk, and other cities, according to the Russian state news agency RIA Novosti. Radio stations, including Relax FM, Funny FM, Business FM, Like FM, Comedy FM, Romantika, Avtoradio, Radio Energy, and Children's Radio, were hacked. According to RIA Novosti, many stations are owned by Gazprom Media. The Russian Ministry of Emergency Situations verified the hack in a Telegram post, but provided no other details or attribution. This is not the first time hackers have infiltrated Russian radio stations or breached other Russian systems. For example, a hacker took over Kommersant FM radio in June 2022, blasting the Ukrainian anthem and anti-war songs. As a result, the company briefly discontinued its air programming for a few hours. This article continues to discuss the recent hacking of Russian radio stations to broadcast fake air raid warnings.

Cybernews "Hacked Russian Radio Stations Broadcast Fake Air Raid Warnings"

According to the US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA), the IBM Aspera Faspex file transfer tool, which many large organizations use, has a critical vulnerability that hackers are actively exploiting. CISA added the flaw, tracked as CVE-2022-47986, to its list of Known Exploited Vulnerabilities (KEV) catalog, along with two other vulnerabilities impacting the Mitel business communication platform. According to the agency, the IBM vulnerability poses significant risks to the federal enterprise. Bud Broomhead, CEO of the cybersecurity company Viakoo, highlighted that Aspera is so popular that it received an Emmy in 2014 for enabling faster media production workflows by allowing companies to exchange massive video files quickly. For many years, Aspera was the go-to solution for any organization transferring massive datasets, such as genomics and biomedical research, media production, military signals intelligence, or financial services. According to Broomhead, the vulnerability is simple to exploit and allows a remote attacker to conduct activities on a device without needing to circumvent network authentication processes. A search using the Internet scanning tool Shodan found 138 exposed Aspera Faspex instances. This article continues to discuss the IBM Aspera Faspex file transfer tool's vulnerability to cyberattacks.

The Record reports "Popular IBM File Transfer Tool Vulnerable to Cyberattacks, CISA Says"

Microsoft announced last year that its enterprise protection suite, Microsoft 365 Defender, will include automatic attack disruption capabilities. It has now been announced that these capabilities will help companies disrupt Business Email Compromise (BEC) attacks and human-operated ransomware attacks. A quick defensive response to cyberattacks is becoming increasingly important for companies. According to IBM Security's X-Force team, the average time to complete a ransomware attack has decreased from two months to less than four days, and the rate at which attackers target employees using compromised email accounts and existing email threads has doubled. Ideally, all organizations would have the appropriate technology in place, as well as a well-staffed Security Operations Center (SOC) that can detect the first signals of an attack. However, SOC analysts are bombarded with alerts, navigating through false positives, and frequently missing critical signs. Several security providers believe that automation is the solution. This article continues to discuss Microsoft's announcement of automatic BEC and ransomware attack disruption capabilities, as well as the need to improve reaction speed to disrupt attacks.

Help Net Security reports "Microsoft Announces Automatic BEC, Ransomware Attack Disruption Capabilities"

TELUS, Canada's second-largest telecommunications company, is investigating a possible data breach after a threat actor released samples of what seems to be employee data online. The threat actor uploaded screenshots of the company's private source code repositories and payroll records. TELUS has found no evidence of corporate or retail customer data theft thus far and is continuing to monitor the potential problem. On February 17, a threat actor advertised what they claimed to be TELUS' employee list on a data breach forum, which included names and email addresses. The same threat actor had published another forum post by February 21, this time offering to sell TELUS' private GitHub repositories, source code, and payroll records. The seller also claims that the stolen source code contains the company's "sim-swap-api," which could allow attackers to conduct SIM swap attacks. This article continues to discuss TELUS investigating the sale of alleged stolen source code and employee information.

Bleeping Computer reports "TELUS Investigating Leak of Stolen Source Code, Employee Data"

Cyberattacks on public safety organizations have become common. However, according to a recent Verizon survey of these organizations, only a few believe they are "very prepared" for cyberattacks. This study overlaps with Resecurity research citing an increase in malicious activity targeting law enforcement organizations during the second quarter of 2022. Any incident has the potential to affect the welfare and public safety of different communities. It remains a challenge to determine how to strengthen security while working with limited public funds. According to the Verizon survey, less than half of respondents say their organization is at least partially prepared for a cyberattack. Just 15 percent feel "very prepared" overall. Law enforcement agencies appear to be more confident in their security. In case of a cyberattack, 58 percent of police departments believe they are somewhat prepared, while 20 percent believe they are very prepared. Emergency Medical Services (EMS) departments had the lowest sentiment, with only 12 percent feeling very prepared. Resecurity researchers revealed that malicious actors were hacking law enforcement email accounts in the second quarter of 2022. A recent trend among hackers is issuing fake subpoenas and Emergency Data Requests (EDRs) to organizations in order to steal sensitive information. In May 2022, a large New York EMS provider faced a ransomware attack that exposed the personal information of over 300,000 patients. The cybercriminals behind the incident stole files and encrypted systems before threatening to disclose the information unless a ransom was paid. Fire services are also susceptible to cyberattacks, as threat actors allegedly stole department paychecks from a South Carolina fire department in September 2022. This article continues to discuss public safety organizations being unprepared for cyberattacks and examples of incidents faced by such organizations.

Security Intelligence reports "Public Safety Organizations are Unprepared for Cyberattacks"

Jamf security researchers have detailed a family of malware that infects pirated macOS applications and mines cryptocurrency. The malware uses XMRig, an open-source command-line cryptocurrency mining tool. Researchers first discovered XMRig in a pirated copy of Apple's Final Cut Pro video editing software. At the time of discovery, no security vendors on VirusTotal, a free service that analyzes files and URLs for viruses, worms, trojans, and other forms of hostile content, detected the sample as malicious. Later, it was reported that some vendors had detected the malware in January. However, some of the maliciously altered apps remain unidentified. A malicious version of Final Cut Pro is not very alarming on its own, but the researchers discovered that the malware was using the Invisible Internet Project (I2P) for communication. I2P is a private network layer that anonymizes traffic, which makes it a less conspicuous alternative to Tor. The researchers traced related malware and identified a reference to a similar instance reported by Trend Micro at the beginning of February, a pirated edition of Adobe Photoshop for Mac. In their search for more examples of malware using I2P, the researchers traced and identified a reference to a similar example reported by Trend Micro in early February, a pirated version of Adobe Photoshop for Mac. Both malicious versions of Final Cut Pro and Photoshop were traced back to the same individual with a lengthy history of sharing pirated software. This article continues to discuss the malware family that infects pirated macOS applications to mine cryptocurrency.

SiliconANGLE reports "Largely Undetected Malware Family Targets Pirated macOS Applications"

The European Union's executive branch said Thursday that it has temporarily banned TikTok from phones used by employees as a cybersecurity measure, reflecting widening worries from Western officials over the Chinese-owned video-sharing app. The European Commission's Corporate Management Board suspended the use of TikTok on devices issued to staff or personal devices that staff use for work. TikTok faces intensifying scrutiny from Europe and the U.S. over security and data privacy amid worries that the hugely popular app could be used to promote pro-Beijing views or sweep up users' information. The EU's action follows similar moves in the U.S., where more than half of the states and Congress have banned TikTok from official government devices. A Commission spokesperson declined to say whether something specific triggered the suspension or what's needed to get it lifted. EU representatives stated that staffers would be required to delete TikTok from private devices that they use for professional business by March 15 but did not provide any details on how that would be enforced.

SecurityWeek reports: "TikTok Banned From EU Commission Phones Over Cybersecurity"

An active malware campaign has been targeting Facebook and YouTube users through a new information stealer aimed at taking over accounts and exploiting system resources for cryptocurrency mining. Bitdefender dubbed the malware S1deload Stealer due to its use of DLL side-loading techniques to bypass security measures and execute its malicious components. Once infected, S1deload Stealer steals user credentials, mimics human behavior to artificially boost videos and other content engagement, evaluates the value of individual accounts, mines for BEAM cryptocurrency, and distributes the malicious link to the user's followers. The ultimate goal of the campaign is to seize control of users' Facebook and YouTube accounts and rent out access to increase the number of views and likes for shared videos and posts. It is suspected that more than 600 unique users were affected during the six-month period between July and December 2022. Most infections have been found in Canada, Romania, Turkey, France, Bangladesh, Mexico, and Peru. This article continues to discuss findings regarding the S1deload Stealer malware campaign.

THN reports "New S1deload Malware Hijacking Users' Social Media Accounts and Mining Cryptocurrency"