News Items

According to researchers at Chainalysis, revenues generated by underground marketplaces experienced a double-digit decline in 2022, thanks to the closure of the popular Hydra Market in April. The researchers stated that dark web revenues fell from $3.1bn in 2021 to just $1.5bn last year, while average daily revenue for all markets dropped from $4.2m just prior to Hydra's closure to only $447,000 immediately after. The researchers noted that although the collective revenues of drugs markets didn't recover fully, they slowly crawled back up to reach previous levels thanks to the success of Mega Darknet Market, Blacksprut Market, and OMG!OMG! Market in the wake of the Hydra takedown. The researchers stated that criminals migrated to these primarily drug markets in an ever greater number after they also began offering money laundering services, as Hydra did. Some, like OMG, also offer hacking utilities and stolen banking information. The researchers said OMG has several overlaps with Hydra that may suggest its admins are involved in the project. These include the same "dead drop" exchange options for vendors and buyers and shared cryptocurrency deposit addresses.

Infosecurity reports: "Dark Web Market Revenues Sink 50% in 2022"

Security researchers have discovered a vulnerability that can be exploited by remote hackers to tamper with the timestamp of videos recorded by Dahua security cameras. The flaw, tracked as CVE-2022-30564, was discovered last year by India-based CCTV and IoT cybersecurity company Redinent Innovations. Advisories describing the vulnerability were published recently by both Dahua and Redinent. Redinent assigned the vulnerability a high severity rating, but Dahua has calculated a 5.3 CVSS score for it, which makes it medium severity. According to the Chinese video surveillance equipment maker, the flaw impacts several types of widely used cameras and video recorders, including IPC, SD, NVR, and XVR products. The company noted that an attacker can exploit the vulnerability to modify a device's system time by sending it a specially crafted packet. Redinent says there are thousands of internet-exposed cameras that can be targeted directly by hackers. Exploitation from the local network is also possible. However, Redinent noted that an attacker needs to have knowledge of an API's parameters in order to exploit the vulnerability. Redinent stated that an attacker can make modifications to the timestamp of the video feed, leading to inconsistent dates and times showing up on the recorded video without the need of knowing the username and password of the camera. Redinent noted that it has a direct impact on digital forensics. Dahua device vulnerabilities may be targeted by DDoS botnets, but in the case of CVE-2022-30564, it would most likely be exploited in highly targeted attacks whose goal is to tamper with evidence rather than cybercrime operations. The issue was reported to the vendor in the fall of 2022. Dahua has released patches for each of the impacted devices.

SecurityWeek reports: "Vulnerability Allows Hackers to Remotely Tamper With Dahua Security Cameras"

Researchers at SecurityScorecard published a list of proxy IPs used by the pro-Russian group Killnet in an effort to disrupt its operations and thwart its attacks. The disclosed list of proxy IPs is meant to help organizations block the Killnet Distributed Denial-of-Service (DDoS) bot. Killnet has been active since March 2022, launching DDoS attacks against the governments and critical infrastructure of Ukraine-supporting nations such as Italy, Romania, Moldova, the Czech Republic, Lithuania, Norway, and Latvia. The Dutch National Cyber Security Centre (NCSC) announced at the beginning of this month that the group Killnet launched DDoS attacks against the websites of different hospitals in the Netherlands and Europe. The hackers also targeted hospitals in the US, the UK, Germany, Poland, and Scandinavia. The group recently revealed the attacks on its Telegram channel and demanded action against the US healthcare system. This article continues to discuss the SecurityScorecard's researchers releasing a list of proxy IPs used by the pro-Russia group Killnet to neutralize its attacks.

Security Affairs reports "Experts Published a List of Proxy IPs Used by the Pro-Russia Group Killnet"

A new US Government Accountability Office (GAO) assessment of the nation's critical infrastructure cybersecurity recommends a more robust role for the federal government in protecting Industrial Control Systems (ICS), especially those that operate the nation's energy grid and communications networks. In its report, the GAO pointed out that the US Department of Energy's (DOE) cybersecurity plan did not address vulnerabilities in the distribution systems of individual energy grids. The GAO suggested that, when establishing plans to implement the national cybersecurity strategy for the grid, DOE works with the Department of Homeland Security (DHS), states, and industry to more comprehensively address cyberattack risks to the grid's distribution systems. In addition, the Cybersecurity and Infrastructure Agency (CISA) is urged by the GAO report to improve cooperation and incident management across all levels of government in order to protect against ransomware threats. This article continues to discuss the top recommendations in the new GAO cybersecurity assessment.

Dark Reading reports "GAO Calls for Action to Protect Cybersecurity of Critical Energy, Communications Networks"

Cybereason reports that the Gootkit malware targets primarily healthcare and banking organizations in the US, UK, and Australia. According to the cybersecurity firm, it analyzed a Gootkit incident in December 2022 that involved a new deployment method, with the attackers abusing the foothold to deliver Cobalt Strike and SystemBC for post-exploitation. Cybereason stated in an analysis published on February 8, 2023, that the threat actor exhibited swift conduct, quickly gaining control of the compromised network and gaining elevated privileges in less than four hours. Mandiant attributes Gootkit, also known as Gootloader, entirely to a threat actor identified as UNC2565. Since its start as a banking Trojan in 2014, the malware has transformed into a loader capable of distributing next-stage payloads. This article continues to discuss the new tactics of the Gootkit malware.

THN reports "Gootkit Malware Adopts New Tactics to Attack Healthcare and Finance Firms"

According to researchers at the University of Michigan (U-M), a Virtual Private Network (VPN) can be one tool in an Internet user's toolbox, but it is insufficient in meeting all privacy needs. Thousands of Internet users rely on VPNs to protect their privacy and security while living and working online every day. However, recent research conducted at U-M has cast doubt on the accuracy of these expectations. VPNs enable users to create "tunnels" through their network to conceal their activities and identities as well as to establish secure connections to other Internet sites. VPNs would appear to be an ideal tool for escaping surveillance or securely accessing restricted content, but recent research indicates that users who rely on VPNs may be more vulnerable to surveillance than previously believed. Over the past two years, U-M researchers have conducted a series of research projects under the VPNalyzer initiative to expose issues such as critical flaws in popular currently available commercial VPNs, the ability of network service providers and governments to identify and block VPN use, and gaps in understanding between VPN users and VPN providers. This article continues to discuss the multi-perspective study of VPN users and VPN providers.

The University of Michigan reports "Are VPNs Really the Answer?"

There has been a surge in cybersecurity-related patent applications over the past decade, with US companies filing the most. IS Decisions, a French software company, estimates that around 2,270 patents pertaining to cybersecurity have been filed since the turn of the century. About 97 percent of cybersecurity-related patents have been filed since 2010, which is a year in which there was a significant increase in global cyberattacks. Stuxnet, the destructive computer worm that impacted Iran's nuclear weapons program, launched a decade of high-profile cyber incidents, including the Sony Pictures hack by North Korea's Lazarus Group and the Silk Road dark web drug market takedown. Countries have been competing to find new ways to prevent cyberattacks in the face of growing threats, and data shows that there are clear winners in regard to the offices getting the most cybersecurity patent filings. The US Patent and Trademark Office is in the lead, with 1,087 cybersecurity-related patent applications filed between 2000 and 2022. With roughly 1.1 million cybersecurity professionals, the US has the largest cybersecurity workforce in the world. Therefore, it is not surprising that it is the leader in cyber advancements, according to researchers. Five of the top ten most prolific cybersecurity patent applicants are American companies, including IBM, Boeing, Microsoft, Honeywell, and Qomplx. This article continues to discuss findings regarding the increase in cybersecurity-related patent applications.

The Record reports "More Than 2,000 Cybersecurity Patent Applications Filed Since 2010"

Proofpoint researchers have observed a new threat group, tracked as TA866, spreading malware via phishing emails since October 2022. Although the group's main motive is suspected to be financial gain, an analysis of associated operations reveals that espionage may be a secondary objective. The cybersecurity firm cannot confirm that the threat group is associated with Russia and executing espionage activities on behalf of the country, but an examination of TA866's working patterns suggests this may be the case. Targeting all industries in the US and Germany, the attacks appear to have proceeded into 2023. Proofpoint discovered a cluster of growing financially-driven activity called "Screentime," and TA866's attack vector involved sending emails with a malicious attachment or URL to deliver a payload of malware dubbed "WasabiSeed" and "Screenshotter." In certain instances, Proofpoint also observed follow-up attacks using the malware tools AHK Bot and Rhadamanthys Stealer. Thousands of phishing emails were sent in just a few months by TA866's campaigns, which an analyst spotted at the end of the last year. These emails used trusted software documents to lower victims' skepticism. TA866 is considered an organized actor capable of executing well-planned attacks at scale. Proofpoint says that the threat group has the ability and connections to acquire tools and services from other vendors, allowing it to target additional victims. This article continues to discuss researchers' findings and observations regarding TA866.

Cybernews reports "Russian Threat Group Suspect Uses Screenshotting to Observe Victims Before Striking, Says Analyst"

According to researchers at the City University of Hong Kong (CityU), preserving privacy is the most difficult aspect of data collection. Even if the data is encrypted, metadata, such as the online behavior of users, can result in identity exposure. Therefore, a research team at CityU has developed "Vizard," a metadata-hiding analytic system that enables data owners to securely define their data authorization and control who can use their data. The Vizard system has potential applications in multiple areas, such as precision medical research. The team used a cryptographic tool called "Distributed Point Function" (DPF) to design Vizard as a metadata-protected data collection and analysis platform. DPF is a building block that supports secure/encrypted computations, which can be used to retrieve data anonymously during computation. According to Wang Cong, a Professor in the Department of Computer Science at CityU, the team developed the Vizard system with stream-specific pre-processing, encryption, and throughput enhancement methods based on DPF. This article continues to discuss the Vizard metadata-hiding analytic system developed by researchers at CityU.

City University of Hong Kong reports "Novel System Prevents Personal Metadata Leakage From Online Behavior for Privacy Protection"

According to security researchers at Abnormal Security, recorded business email compromise (BEC) attacks increased by more than 81% during 2022 and by 175% over the past two years, with open rates on malicious emails also surging. The researchers found that the median open rate for text-based BEC emails during the second half of 2022 was 28%. More worrying still, the researchers revealed that 15% of read malicious emails were replied to by corporate employees. The researchers noted that employees at all levels of an organization engage with BEC emails, but 78% of entry-level sales staff read and replied to these malicious messages. Staffers in transportation sector companies (16%) were most likely to reply to attacks, followed by automotive (9%) and healthcare (8%). The researchers also found that there was a concerning lack of reporting to security teams: just 2% of known attacks were flagged. The researchers stated that BEC attacks increasingly target smaller companies. The researchers saw a 145% increase in malicious emails aimed at SMB inboxes.

Infosecurity reports: "BEC Attacks Surge 81% in 2022"

According to Trustwave, the "Money Lover" financial app is leaking user transactions and their related metadata, including wallet names and email addresses. Money Lover is a tool developed by Vietnam-based Finsify for managing personal finances. It is available on Google Play for Android, the Microsoft Store for PCs, and the App Store for iOS, where it has received a 4.6-star rating from over 1,000 users who may or may not have been affected by the vulnerability. Even if the app spilled no actual bank account or credit card information, the potential threat to their customers' accounts would have a monetary impact on both the financial vendor and the customer, according to Trustwave senior security research manager Karl Sigler. Troy Driver, a Trustwave security researcher and Money Lover user, routed the app's traffic through a proxy server using its Web interface and uncovered the issue. From the Web sockets tab of the developer tools window of his browser, he was able to view the email addresses, wallet names, and live transaction data linked with each of the app's shared wallets. This article continues to discuss the broken access control vulnerability that could have led to follow-on attacks for users of the Money Lover app.

Dark Reading reports "'Money Lover' Finance App Exposes User Data"

The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) has provided a script to recover VMWare ESXi servers that were recently encrypted by ESXiArgs ransomware attacks. Recently, vulnerable VMWare ESXi servers were the subject of ESXiArgs ransomware attacks. Since then, according to a list of bitcoin addresses compiled by CISA technical advisor Jack Cable, the attacks have encrypted 2,800 servers. While many devices were encrypted, the campaign was mainly ineffective since the threat actors failed to encrypt flat files, where virtual disk data is stored. This oversight enabled Enes Sonmez and Ahmet Aykac of the YoreGroup Tech Team to develop a way for rebuilding virtual machines from unencrypted flat files. This solution has helped individuals recover their servers, but the process has proven difficult for some. In order to help users recover their servers, CISA released an ESXiArgs-Recover script on GitHub to automate the recovery process. This article continues to discuss CISA's release of a recovery script for ESXiArgs ransomware victims.

Bleeping Computer reports "CISA Releases Recovery Script for ESXiArgs Ransomware Victims"

In a new report titled "Americans Can't Consent to Companies' Use of Their Data," researchers surveyed more than 2,000 Americans about digital marketing policies and how companies can and should use their personal data. Their objective was to determine whether online "informed consent" techniques are effective. They discovered that most Americans do not understand the basics of online marketing techniques and policies. Many Americans feel incapable of consenting to how businesses use their personal information. Therefore, according to the researchers, Americans cannot truly grant informed consent to the collection of their digital data. Results from the survey showed that 56 percent of American adults do not understand the phrase "privacy policy," often misunderstanding that it indicates a company will not share their personal data with third parties without consent. In reality, many of these policies say that a company may share or sell whatever data it collects about site users to other websites or businesses. Since many Americans find it difficult to understand online privacy, with "opting-out," "opting-in," biometrics, and Virtual Private Networks (VPNs), they do not trust what is done with their digital data. Eighty percent of Americans believe that the information companies have about them can be used against them. This article continues to discuss findings from the survey that provide insights into Americans' knowledge regarding online marketing practices and how companies can use their data.

The University of Pennsylvania reports "Americans Don't Understand What Companies Can Do With Their Personal Data -- and That's a Problem"

A government-backed competition to encourage school-aged children to pursue a career in cybersecurity persuaded thousands across the UK to enter this year. According to the National Cyber Security Centre (NCSC), thirteen teams were named champions of their region at the 2023 CyberFirst Girls Competition finals last weekend, with more than 8700 entering the contest. The NCSC noted that after passing an online qualifying round, teams of up to four aged 12-13 were invited to face off against each other in regional finals. The challenges posed to teams included tests of their knowledge of cryptography and logic, artificial intelligence, and networking. The winners from each regional final have been invited to a grand prize-giving dinner and celebration day later this year, where a host of other prizes will be handed out, including the top scoring team, school, state newcomer, and most team entries award. The NCSC stated that the industry increasingly needs to build a pipeline of talent to replace retiring cybersecurity professionals whose successors are in short supply. According to the ISC2, there's a current shortfall of 3.4 million security professionals globally, including nearly 57,000 in the UK and over 410,000 in the US. Although diversity is improving, women account for just 30% of those under 30 and even fewer (24%) 30-38 year olds in the industry. For older age groups, their share of the workforce falls to between 12 and 14%. That's part of the reason for the NCSC's focus on school-aged girls for this competition.

Infosecurity reports: "Thirteen Teams Win at UK's CyberFirst Girls Competition"

A security researcher named Eaton Zveare discovered a severe vulnerability in the web portal of Toyota's global supplier management network, which allowed the researcher to gain access to sensitive information. The vulnerability was identified in Toyota's Global Supplier Preparation Information Management System (GSPIMS), a web portal that provides Toyota employees and suppliers with access to ongoing projects, surveys, information on purchases, and more. The issue, Zveare says, was related to the implementation of JWT (JSON Web Token) authentication. The researcher noted that the issue could allow anyone to access any account using a valid email address. JWT is a session token that is typically generated when logging in to a website, which is then used to authenticate the user to secure sections of the website or APIs. The researcher discovered that Toyota's GSPIMS contained a function allowing users to generate a JWT based on the provided email address without requiring a password. With corporate Toyota email addresses easy to guess, the researcher was able to guess an email address by searching the internet for Toyota employees that might be involved in the supply chain. Next, Zveare used that email address to generate a valid JWT and used it to access the GSPIMS. After some reconnaissance on the portal, he discovered an account with system administrator privileges and used the same method to access it. The researcher noted that the system admin account provided access to everything on the portal, including information on over 14,000 user accounts, control over roles each account could have, and details on all available projects, surveys, and various classified documents. According to Zveare, the GSPIMS also allows the system admin to log in as any of the available 14,000 users to supervise their activities. The function that generates the JWT based on email address was apparently implemented to enable this option, but it also created a backdoor into the network. The researchers stated that an attacker with system admin access to GSPIMS could have created a rogue account for persistence, exfiltrated all available data, tampered with or deleted the data, and fetched the corporate email and roles of all 14,000 user accounts to target them in phishing attacks. The researcher reported the vulnerability to Toyota on November 3, 2022. The carmaker patched the issue shortly after.

SecurityWeek reports: "Vulnerability Provided Access to Toyota Supplier Management Network"

Google announced its new security and privacy initiatives on Safer Internet Day. Among these are new methods for easily and securely entering passwords in Chrome, increased privacy protection for the Google app, enhancements to Google Password Manager, and an expansion of SafeSearch's protection against certain content. Before filling a saved password, Chrome and Android's built-in Password Manager can now use biometric authentication to verify a user's identity. This capability can also be used to reveal, copy, or edit passwords in a secure manner. Face ID will be added to the Google App for iOS to preserve the privacy of the app, preventing unauthorized access to a user's data even if their device gets into the wrong hands. Google blocks a significant amount of phishing attempts and urges the use of multi-factor authentication (MFA). In 2023, Google will boost its anti-phishing efforts by offering 100,000 free Titan Security Keys to individuals at the highest risk of targeted attacks. Google has partnered with the International Foundation for Electoral Systems (IFES) to provide free security training and tools to journalists, politicians, and more who are most at risk of having their accounts compromised. This article continues to discuss the new security and privacy features announced by Google.

BetaNews reports "Google Launches New Security and Privacy Features to Mark Safer Internet Day"

Fortra, known until recently as HelpSystems, alerted GoAnywhere MFT users on February 1 about a "zero-day remote code injection exploit." The company has since released two other security notifications, each of them providing mitigations and indicators of compromise (IoCs). GoAnywhere users are now being informed that a patch has been made available. The company is advising users to install GoAnywhere MFT 7.1.2. Customers running an admin portal exposed to the Internet should install the new version ASAP. Presently there does not appear to be any information about attacks exploiting the vulnerability. It's unclear if state-sponsored threat actors or profit-driven cybercriminals have leveraged it. A CVE identifier has yet to be assigned to the flaw. The company has told users to check log files for a particular line that indicates a system has been targeted in an attack exploiting the zero-day vulnerability. If the log files show signs of compromise, users should check their installation for suspicious administrator users. A researcher has published technical details on the flaw, and a proof-of-concept (PoC) exploit. A Shodan search shows nearly 1,000 internet-exposed instances of GoAnywhere. The company stated that exploitation requires access to the application's admin console, and at least some of the exposed instances appear to be associated with the product's web client interface, which is not affected.

SecurityWeek reports: "Patch Released for Actively Exploited GoAnywhere MFT Zero-Day"

Vesuvius, a UK-based molten metal flow engineering company, recently issued an alert on February 6, 2023, which stated it was "currently managing a cyber incident, which involved unauthorized access to their systems." The ceramics manufacturer is listed on the London Stock Exchange. The company did not give any information on the nature and scope of the incident, the systems impacted, or the attacker's identity. The company stated that immediately upon becoming aware of unauthorized activity on its networks, it took the necessary steps to investigate and respond to the incident, including shutting down affected systems. The company noted that they are working with leading cybersecurity experts to support their investigations and identify the extent of the issue, including the impact on production and contract fulfillment. This incident is the latest of a series of cyberattacks targeting UK companies, with Royal Mail hit in January and Ion, a trading software provider, in early February.

Infosecurity reports: "UK Metal Engineering Firm Vesuvius Hit by Cyberattack"

The Royal Ransomware group has now added support for encrypting Linux devices and targeting VMWare ESXi virtual machines. Other ransomware operators, including AvosLocker, Black Basta, BlackMatter, HelloKitty, Hive, LockBit, Luna, Nevada, RansomEXX, and REvil, already support Linux encryption. Will Thomas, a researcher at the Equinix Threat Analysis Center (ETAC), found the Linux variant of the Royal Ransomware. The variant appends the .royal_u extension to all encrypted filenames on the virtual machine. The ransomware variant has a 32 out of 63 detection rate, according to VirusTotal query results. According to Thomas, the malware is executed through the command line and supports several parameters for controlling encryption activities. Royal Ransomware is a human-operated threat that emerged in September 2022. It has demanded ransoms of up to millions of dollars. Unlike other ransomware operations, it does not appear to offer Ransomware-as-a-Service (RaaS). Instead, it appears to be a private group with no affiliates. This article continues to discuss Royal Ransomware operators adding support for encrypting Linux devices.

Security Affairs reports "Royal Ransomware Adds Support for Encrypting Linux, VMWare ESXi Systems"

The Linux variant of the Cl0p ransomware contains flawed encryption logic, which allowed researchers from SentinelOne to develop and release a free decryptor. Using the asymmetric algorithm RSA and a public key, the Windows variant of Cl0p encrypts the generated RC4 key responsible for file encryption. Researchers explained that in the Linux variant, the generated RC4 key is encrypted using an RC4 master key. This article discusses the differences between the Windows and Linux variants of the Cl0p ransomware and the release of a free decryptor for the Linux variant.

Help Net Security reports "Released: Decryptor for Cl0p Ransomware's Linux Variant"

Security researchers at Cleafy have discovered a new Android banking Trojan dubbed "PixPirate" targeting financial institutions in Brazil between the end of 2022 and the beginning of this year. The researchers stated that PixPirate belongs to the newest generation of Android banking trojan, as it can perform ATS (automatic transfer system), enabling attackers to automate the insertion of a malicious money transfer over the Instant Payment platform Pix, adopted by multiple Brazilian banks. The researchers noted that the primary goal of this malware was to steal sensitive information and perpetrate fraud attempts on Pix users. PixPirate is usually delivered using a dropper application, used to download (or in some cases just to unpack) and install the banking trojan. The researchers noted that during its installation, PixPirate immediately tries to enable Accessibility Services that keep being requested persistently with fake pop-ups until the victim accepts. After these permissions were given, the threat actors were observed using PixPirate to write scripts that could interact with the device's UI and perform actions like entering text, simulating touch events, and scrolling through lists, among others. After inspecting the PixPirate code, the researchers identified a few references related to a framework called Auto.js. This is an open-source tool for automating tasks on Android devices using JavaScript. Auto.js also provides a built-in JavaScript interpreter, allowing scripts to run on the device itself without needing external runtime. The researchers noted that Auto.js represents a new framework for mobile banking Trojans that allows malicious actors to speed up the development phase via JavaScript automation scripts, web communication management features within the application, and built-in code encryption/obfuscation capabilities. The researchers warned that the "introduction of ATS capabilities paired with frameworks that will help the development of mobile applications using flexible and more widespread languages could lead to more sophisticated malware.

Infosecurity reports: "Novel Banking Trojan 'PixPirate' Targets Brazil"

A cyberattack caused a nearly daylong outage of the nation's new 988 mental health helpline late last year. Lawmakers are now calling for the federal agency that oversees the program to prevent future attacks. A spokeswoman for the Substance Abuse and Mental Health Services Administration stated that on December 1, the voice calling functionality of the 988 Lifeline was rendered unavailable due to a cybersecurity incident. The spokeswoman noted that the attack occurred on the network of Intrado, which provides telecommunications services for the helpline. The agency did not disclose details about who it believes launched the attack or what kind of cyberattack occurred. Intrado is working with a third-party assessor to investigate the incident, and law enforcement agencies have been notified of the breach. The national 988 phone number, which can be reached by text, chat, or voice calling, has become a lifeline for millions of Americans seeking help during a mental crisis, with millions of calls pouring in during the first six months since its launch in July. Last week, Democrat Rep. Tony Cardenas and Republican Rep. Jay Obernolte, both of California, introduced a bill calling for better coordination and reporting around cyberattacks on the 988 system. The representatives stated that even an outage of a few hours of the national suicide hotline could cost American lives. The representatives believe that it is critical that we mitigate the risks of future disruptions to the service and take steps to resolve cybersecurity vulnerabilities that could put the hotline at risk.

SecurityWeek reports: "Feds Say Cyberattack Caused Suicide Helpline's Outage"

Security researchers at Check Point have warned that a popular cryptocurrency is a scam after spotting backdoor functionality designed to effectively steal users' funds. Dingo Token is relatively small by cryptocurrency standards: its market cap of close to $11m meant it ranked down in 774th place by size when the researchers analyzed it. However, its functionality has the researchers concerned. The researchers stated that the token's developers have embedded backdoor functionality in the token's smart contract, which adds a 95% "taxFee" and a 4% "LiquidityFee." Manipulation of this "setTaxFeePercent" function in the smart contract code of the token has been used 47 times by its developers, according to the researchers. The researchers noted that what they have found at Dingo Token is increasingly commonplace. The researchers stated that this is a common tactic that locks users' funds, and eventually, the scammers pull out all the money. Scammers are increasingly finding cryptocurrency attractive. The researchers recommended that if you've incorporated crypto into your investment portfolio or are interested in investing in crypto in the future, you should use credible exchanges and buy from an established token with numerous transactions behind it. Recently, the value of Dingo Token has surged 36% in a day to reach over $67m. That means it has shot up the rankings to reach #338, according to CoinMarketCap. The researchers stated that the developers will probably activate the backdoor to take 99% of all users' coins once they judge the value of the cryptocurrency has peaked.

Infosecurity reports: "Scam Alert for Dingo Token That Charges 99% Fee"

Following a deal with the New York attorney general's office, a New York-based spyware maker will notify the individuals whose phones were compromised by its mobile spying software. Under the terms of the agreement, Patrick Hinchy, whose 16 companies promoted apps such as PhoneSpector and Highster, will also pay $410,000 in civil fines for illegally promoting mobile surveillance software that allowed its clients to secretly spy on another person's phone. According to the New York attorney general's office, the apps allowed customers to secretly monitor a victim's phone and access their device data, including text messages, emails, images, browsing history, and location information. This article continues to discuss the New York-based spyware maker agreeing to notify those whose phones were compromised by its mobile surveillance software.

TechCrunch reports "New York Attorney General Orders Stalkerware Maker to Notify Hacked Victims"