By Waqas
Friend or Foe?
This is a post from HackRead.com Read the original post: Russian Ministry Software Backdoored with North Korean KONNI Malware

Discover the latest cybersecurity revelation: KONNI malware, linked to North Korean cyber operations, targets the Russian Ministry of Foreign Affairs. Learn about the sophisticated tactics and geopolitical implications

German cybersecurity firm DCSO has discovered a malware sample uploaded to VirusTotal in January 2024, believed to be part of North Korea-linked activity targeting the Russian Ministry of Foreign Affairs (MID). The malware is believed to be **KONNI**, a North Korean nexus tool used since 2014.

KONNI, first **discovered in 2014**, is associated with the Democratic People’s Republic of Korea (DPRK)-nexus actors like Konni Group and TA406. The malware has unique stealer functionality and remote administration capability. It’s installed in an MSI file, with C2 servers encrypted with AES-CTR, and a CustomAction for detection and payload selection.

In the latest discovery, researchers noted that KONNI’s command set remains unchanged, allowing operators to execute commands, upload/download files, specify sleep intervals, communicate via HTTP, and compress file extensions into .CAB archives.

> #ShortAndMalicious  
> Our researchers recently discovered an installer for the mandatory 🇷🇺Russian tax filling software "Spravki BK" (Справки БК) which was backdoored with #KONNI malware, generally attributed to 🇰🇵North Korean threat actors. 1/5
> 
> — DCSO CyTec (@DCSO\_CyTec) October 17, 2023

Interestingly, the sample **DCSO analyzed** was delivered via a backdoored Russian language software installer, similar to a previously observed KONNI delivery technique. The sample was for a tool called “Statistika KZU”, which is believed to be intended for internal use within the Russian MID. The software is used for relaying annual report files from overseas consular posts to the MID’s Consular Department via a secure channel.

Additionally, two user manuals were found in the backdoored installer, detailing the installation and usage of the “Statistika KZU” program. The first manual explains installing the program on an administrative account, providing minimum software requirements and screenshots.

The second 22-pager manual, “StatRKZU\_Pyкoвoдcтвo,” outlines how to use the software for generating annual report files on KZU consular activities, including templates for calculating registered and detained citizens.

The MID’s software, identified as “GosNIIAS” (a Russian federal research institute primarily involved in aerospace research), was tested offline and found legitimate. Despite no direct correlations between GosNIIAS and Statistika KZU, references to contracts were found, including a procurement order for automated system maintenance and data protection software.

This discovery comes amid increasing geopolitical proximity between Russia and the DPRK, following Russia’s renewed invasion of Ukraine in 2022.

****Russia and North Korea’s Cyber Standoff****

This is not the first time Russia and North Korea have made collective headlines over cybersecurity threats. **In August 2023**, the world witnessed another significant incident when “elite North Korean hackers” affiliated with OpenCarrot and the Lazarus group breached NPO Mashinostroyeniya, a key Russian missile developer. This breach, lasting for at least five months, revealed the alarming capabilities and determination of the attackers.

****Previous Use of KONNI Backdoor****

KONNI has been used in many cyberespionage campaigns targeting Russian agencies. FortiGuard Labs discovered a KONNI malware campaign **in November 2023**, targeting Windows systems through Word documents with malicious macros. Malwarebytes researchers **discovered** a campaign in mid-2021 using Russian language lures concerning Russian-Korean trade and economic issues and a meeting of a Russian-Mongolian intergovernmental commission.

An unknown hacking group **targeted** North Korean organizations using KONNI Malware in 2017. Three campaigns were identified back then- two by Talos Intelligence, a Cisco-owned cybersecurity firm, and the third reported by Cylance security firm.

For insights into this, we reached out to John Bambenek, President at Bambenek Consulting, who emphasised that “It is not uncommon for intelligence agencies to spy even on their putative allies, if for nothing else, for insights to either strengthen the relationship or to identify and mitigate threats.”

Mr. Bambenek highlighted that “The use of a backdoor in software used almost exclusively by the Russian Foreign Ministry stands out and shows that the DPRK did their research here for a particular hook into their victims and is, ironically, a more targeted and precise adaptation of the approach Russian intelligence used with **NotPetya**.”

“Espionage has a couple of nuances where sometimes you want more sophisticated tools and for some attacks, you want narrow and simpler tools. For espionage, you want long-term persistent infection and sophisticated and interactive tools provide defenders more opportunities for detection. It’s not uncommon to see tools used for espionage that lack some of the obfuscation commonly observed in **cybercrime tools**,” he added.

****RELATED ARTICLES****

1.  **Gone: Russian Central Bank hacked; $31 million stolen**
2.  **2 Russian Industrial Firms Hacked, 112GB of Data Leaked**
3.  **Anonymous Leaks 128 GB of Data from Russian ISP Convex**
4.  **Elite North Korean Hackers Breach Russian Missile Developer**
5.  **Anonymous Hacks Central Bank of Russia; Leaks 28GB of Data**

Russian Ministry Software Backdoored with North Korean KONNI Malware

By Waqas
The IntelBroker hacker has claimed responsibility for the breach.
This is a post from HackRead.com Read the original post: Hackers Leak 2.5M Private Plane Owners’ Data Linked to LA Intl. Airport Breach

IntelBroker informed Hackread.com that they successfully executed the data breach by exploiting a vulnerability within one of the CRM systems utilized by the Los Angeles International Airport.

The notorious hacker known as IntelBroker is making headlines once again with a daring alleged breach targeting one of the United States’ most critical organizations: the Los Angeles International Airport.

In a bold move, IntelBroker claims to have breached the database of the Los Angeles International Airport, making off with a trove of confidential user data belonging to private plane owners – The breach, according to the hacker, took place in February 2024.

It is important to note that no customer or traveller data is involved in this breach. However, the incident has apparently resulted in the compromise of a significant 2.5 million records, including sensitive information such as:

*   Full names
*   CPA numbers
*   Email addresses (1.9 million emails – total 15,8000 emails after removing duplicates).
*   Company names
*   Plane model numbers
*   Tail numbers (Refers to an identification number painted on an aircraft tail).

Data analysed by Hackread.com

The breach was publicly disclosed by IntelBroker on the notorious hacker and cybercrime platform Breach Forums, adding another high-profile hack to their already extensive. Notable targets of IntelBroker’s previous hacks include the Weee! Grocery platform, General Electric, Staffing Giant Robert Half, and a recent data leak involving a partial Facebook Marketplace database.

Upon learning of the breach, Hackread.com promptly reached out to IntelBroker, who confirmed their involvement and provided limited insight into their methods. According to IntelBroker, they exploited a vulnerability in the airport’s Customer Relationship Management (CRM) system (CRM system) to gain unauthorized access to the database, highlighting the critical need for organizations to strengthen their cybersecurity measures in the face of growing threats from skilled hackers like IntelBroker.

The screenshot below, obtained from Breach Forums, displays the listing of the data breach. It is important to highlight that the breach details attribute the hack to a user named “kwillsy.” However, in a statement to Hackread.com, IntelBroker clarified that “kwillsy” is not associated with the breach, and they take full responsibility for the hack.

Screenshot credit: Hackread.com

Hackread.com has contacted the relevant authorities at the LA Airport, and this article will be updated accordingly pending their response.

****Increasing Data Breaches****

During the initial months of 2024, there has been a marked surge in data breaches impacting various sectors, encompassing both corporate entities and governmental bodies. Last week, Infosys disclosed a breach that affected more than 57,000 Bank of America customers.

In earlier weeks of the same month, two prominent US insurance firms, Washington National Insurance Company and Bankers Life and Casualty Company, reported breaches linked to SIM-swapping incidents, impacting over 66,000 customers collectively.

In January, Jason’s Deli encountered a significant breach, exposing the personal details of over 344,000 users due to a successful credential-stuffing attack. Concurrently, hackers targeted Indian ISP Hathway, compromising the personal information and KYC records of over 4 million unsuspecting customers.

****RELATED ARTICLES****

1.  **23andMe blames its users for the massive data breach**
2.  **AnyDesk Urges Password Change Amid Security Breach**
3.  **Defunct Ambulance Service Data Breach Impacts 1 Million**
4.  **Los Angeles Traffic Sign hacked with an awesome message**
5.  **Cloudflare Hacked After State Actor Leverages Okta Breach**
6.  **RingGo Owner EasyPark Hit by Data Breach, User Data Stolen**

Hackers Leak 2.5M Private Plane Owners’ Data Linked to LA Intl. Airport Breach

By Uzair Amir
The world of cryptocurrency is unpredictable yet lucrative. Understanding the workings and creation of crypto is a topic…
This is a post from HackRead.com Read the original post: The Future of MATIC and What to Expect in 2024

The world of cryptocurrency is unpredictable yet lucrative. Understanding the workings and creation of crypto is a topic for another day, as it involves technical processes such as mining, which utilizes specialized hardware and software to add transactions to the Blockchain.

Bullrun, which took place in 2021, was a bit tricky for many traders out there. Some coins went up in price. Some cryptos fell. The value for MATIC decreased by approximately 11% in 2022. However, it went up by around 6% in 2023.

What will happen next with this coin? Will it keep increasing its price? Is it the right time to exchange MATIC for ATOM? Or will it eventually go down again in its value? Well, the honest answer to these questions is that nobody knows for sure.

However, in this article, we will dig deeper into predictions regarding the value of MATIC for the next 5 and 10 years. Are you ready to explore these intriguing insights? Let’s dive in.

Here, it is important to explain that MATIC, often referred to as Polygon, is a Layer 2 scaling solution built on top of the Ethereum blockchain. Its primary purpose is to address the scalability issues that Ethereum currently faces, such as high transaction fees and slow processing times.

****How Much Will Polygon Cost in 2024?** **

Experts from Changelly.com assume that the Polygon value will grow in 2024. Some analysts say that the minimum price for MATIC in 2024 will be 1.16 USD per 1 coin. At the same time, the prediction of the maximum value reveals that MATIC could cost 1.32 USD per coin. 

In January 2024, it can go up a little bit. Its value is likely to be 0.867 USD. Polygon is still expected to grow slowly in February, March, and April. Most probably, it’ll cost 1.03 USD in May. In September, it’ll be available for 1.20 USD. Finally, at the end of the year, Polygon will reach the point of 1.32 USD per 1 coin.   

****What Will Happen in 2028?** **

Different experts share different opinions regarding this. Let’s check them one by one. 

*   According to Coinpedia, the highest possible value of Polygon will be 6.504 per coin. At the same time, crypto pros from this site share their opinion on the lowest possible cost of MATIC in 2028. They believe it is going to be 5.666 USD.
*   What about the prediction made by AMBCrypto? These guys think the cost of this crypto will be somewhere between $5.10 and $5.45 per 1 coin in 2028. These will be the minimum and the maximum prices accordingly. 
*   Cryptonewsz has a different estimation. They believe the value of MATIC will be somewhere around $4.93. They assume that it will be able to go up to $6.23 in the best-case scenario. Its average price is going to be $5.07. 
*   The next comes the prediction from Changelly. They state people will trade Polygon for approximately $5.07 per 1 coin in 2028. In their opinion, $6.23 per 1 coin will be the highest amount of money people want to pay for Polygon. On the other hand, $4.93 will be the lowest possible price. 
*   Finally, Gov Capital has no rough numbers to share regarding the MATIC value prediction in 2028. However, they believe MATIC could be worth $1.237 in 5 years.

Thus, as you can see, most predictions tell us that the average MATIC cost in 2028 will be either $5 or $5.66. With such uncertainty, many traders will want to stick to stablecoins and exchange BTC for USDT. 

****What Will be the Price for MATIC in 2033?** **

 Let’s wrap this up with the prediction for 2033. What is going to happen to Polygon in 2033? That’s an intriguing question to explore. In fact, during our research, we’ve discovered that not so many sites are willing to make such long-term predictions. 

Coindataflow is the only site that has made such estimates for 2033. They believe that the price of Poygon will grow by a staggering 2311.21% in the best-case scenario! Thus, it will be worth $12.55 in 2023. 

****Final Words****

In this short blog, we’ve covered all the major predictions for Polygon prices for the next year. We’ve also explored estimates of how much it could cost in 2028 and 2033. Hopefully, now you are well-versed in this regard. However, we always underline the importance of doing your own research. It’s also good to be very cautious when it comes to finances.

_**Disclaimer:** This article is for informational purposes only and should not be considered financial advice. Please consult with a qualified financial professional before making any investment decisions._

****RELATED ARTICLES****

1.  **The Rise of Blockchain Gaming and Secure Marketplaces**
2.  **Investing in Ethereum Blockchain-based JasmyCoin: Guide**
3.  **Signal21 Beta Bridges Gap in Blockchain Intelligence Services**

The Future of MATIC and What to Expect in 2024

By Uzair Amir
Signal21, Inc., a blockchain intelligence and data analysis platform, has announced its beta launch marking a significant milestone…
This is a post from HackRead.com Read the original post: Signal21 Beta Launch Bridges Gap in Blockchain Intelligence Services

Signal21, Inc., a blockchain intelligence and data analysis platform, has announced its beta launch marking a significant milestone within the domain of blockchain technology. Signal21 is known for providing blockchain data and intelligence services to businesses and individuals. The company offers a variety of features, including the following:

*   **Market data:** Track cryptocurrency prices, volumes, and market trends.
*   **On-chain analytics:** Analyze on-chain data to identify investment opportunities and track market activity.
*   **Compliance tools:** Help businesses comply with anti-money laundering (AML) and know-your-customer (KYC) regulations.
*   **Research reports:** Get insights from industry experts on the latest trends in the blockchain space.

****Signal21 and Bitcoin Economy****

The Bitcoin ecosystem has witnessed an unprecedented surge in activity following the Ordinals phenomenon, emphasizing the critical need for reliable on-chain data across various Bitcoin layers and projects.

In response to this demand, Signal21 claims to have emerged as a solution, offering a centralized hub for Bitcoin research and data aggregation. Signal21 aims to bridge the gap by providing comprehensive information on Bitcoin L1, Bitcoin L2s, and Bitcoin Dapps, catering to the evolving needs of the growing Bitcoin community.

Furthermore, the recent success of the Bitcoin ETF has propelled institutional investors into the Bitcoin space, with many acquiring substantial amounts of Bitcoin. In light of this development, Signal21 positions itself as a guiding beacon for institutional investors, offering assistance in navigating the complexities of the Bitcoin domain.

By leveraging its powerful insights and sophisticated tools, Signal21 aims to empower institutional investors to explore various avenues for utilization and yield generation on their Bitcoin investments. As the Bitcoin market continues to evolve, Signal21 stands ready to support individual and institutional players in maximizing their potential within this dynamic ecosystem.

In a blog post published February 23, 2024, Jonathan Sadlowe Co-founder & CEO at Signal21 stated that “Signal21 brings on-chain data across the layers of the Bitcoin Economy into one place, and empowers two distinct customer segments: Bitcoin investors and Bitcoin builders.”

****Blockchain and Signal21****

Blockchain technology offers transparency and immutability, meaning data is readily available for all participants and cannot be tampered with. However, raw data on the blockchain can be vast and complex, making it difficult to understand and derive meaningful insights. This is where companies like Signal21 enter to provide essential insights and tools for navigating the decentralized space.

As blockchain networks grow, comprehensive data analytics becomes increasingly crucial. These platforms offer real-time information about transactions, network activity, and smart contract interactions, enabling informed decision-making and risk management.

Moreover, they support research and development efforts by supplying valuable data for analyzing trends, identifying opportunities, and optimizing blockchain protocols. Overall, a robust blockchain data and intelligence platform enhances transparency, efficiency, and innovation within the blockchain domain.

Signal21 Beta Launch Bridges Gap in Blockchain Intelligence Services

By Deeba Ahmed
In 2024, over 60 countries worldwide are holding elections. The most significant threat to the integrity of these elections? Deepfake videos, readily accessible on the dark web and Telegram, with prices ranging from as low as $2 to $100.
This is a post from HackRead.com Read the original post: Deepfake Threat: $2 Deceptive Content Undermines Election Integrity

Deepfake technology poses a significant threat to the upcoming US elections as it is not just a technological challenge but a manifestation of a broader deception mechanism, explained Check Point Research (CPR).

In its latest report, cybersecurity researchers at Check Point Research team highlighted the dangers posed by the widespread availability of artificial intelligence-based technologies, particularly deepfake, in encouraging electoral fraud.

Researchers cited deepfake technology as a significant threat to the authenticity of the electoral process due to features like voice cloning that can manipulate voters and sabotage the entire process. The technology is cheap, accessible to anyone with an internet connection, and untraceable, which hinders election security given the ongoing challenges in legislating against these technologies.

**Deepfake** technology allows users to create “fabricated audiovisual content,” which poses a threat to public opinion and democratic institutions, researchers noted. With over 3,000 repositories on GitHub and hundreds of channels on Telegram (at least 400-500), deepfake services range from automated bots to personalized services. Pricing varies from $2 per video to $100 for multiple attempts, making it affordable to commission deceptive content.

Recent incidents of damage caused by deepfake technology highlight its growing threat. **In February 2024**, an Asian company fell victim to scammers who impersonated the company’s CFO during an online meeting, resulting in a loss of over $25 million.

On platforms like YouTube, deepfake technology is being exploited by scammers to perpetrate crypto scams. Verified channels have been targeted **to steal millions of dollars worth of crypto**, with deepfakes of prominent figures such as Elon Musk, Bill Gates, Ripple’s CEO Brad Garlinghouse, Michael J. Saylor, and others being used to deceive unsuspecting viewers.

**In June 2023**, deepfake technology was utilized to disseminate fabricated video messages from President Putin. Similarly, **in 2022**, a deepfake video of Ukrainian President Zelensky went viral, urging Ukrainians to surrender.

Despite efforts to combat deepfakes, such as the launch of **McAfee’s tool MockingBird**, which boasts a 90% accuracy rate in detecting malicious content, the potential damage from deepfake technology remains considerable and, in many cases, irreversible.

“The potential for election fraud through the adept use of artificial intelligence and deepfake technologies, orchestrated by a clandestine network operating from the shadows, leaving no digital fingerprints” Check Point Research Team wrote in the **blog post** published on 22 February 2024.

Researchers noted that an underground network of actors can manipulate public perception and undermine democratic integrity through deepfakes. The anonymity of this technology makes it difficult to hold anyone accountable. **Traditional cybersecurity measures** are insufficient as the threat lies in the entire ecosystem of deception it enables, including bots, fake accounts, and anonymized services.

**Voice cloning**, a subset of deepfake technology that uses machine learning and artificial intelligence to replicate a person’s voice with remarkable accuracy, is particularly effective in spreading misinformation. It allows the creation of convincing fake audio clips and is particularly effective in spreading misinformation, as incidents involving robocalls with fabricated messages from political leaders have already been observed.

For instance, a robocall featuring fake US President **Joe Biden voice warning** New Hampshire voters not to cast their ballots would cost from $10 to several hundred dollars depending on the level of accuracy and technological efficacy required.

To protect democratic processes from deepfakes, a multifaceted approach involving legislative measures, public awareness, technological solutions, and international cooperation is needed, including enhanced digital literacy and collaboration between technology companies and law enforcement, researchers concluded.

1.  **Website uses AI to create utterly realistic human faces**
2.  **Fake Voicemails Target Users, 1000 Attacks in 14 Days**
3.  **Scammers Weaponize Google Forms in New BazarCall Attack**
4.  **Scammers Made Deepfake AI Hologram of Binance Executive**
5.  **Building Defense Toolbox: Tools, Tactics to Combat Cyber Threats**

Deepfake Threat: $2 Deceptive Content Undermines Election Integrity

By Waqas
You are not alone, an AT&T outage is happening across the United States, and the company is working…
This is a post from HackRead.com Read the original post: AT&T Outage Disrupts Service for Millions of Users Across US

You are not alone, an AT&T outage is happening across the United States, and the company is working to bring back service to normal.

Millions of AT&T customers across the United States woke up to widespread service disruptions on Thursday, February 22nd, 2024. The outage, which began early in the morning, has impacted mobile phone service, leaving users unable to make and receive calls, text messages, and access data.

Reports from users and outage tracking websites like Downdetector indicate the issue is nationwide, affecting major cities like New York, Los Angeles, Chicago, Dallas, and Atlanta. Social media is flooded with complaints from frustrated customers, many unable to connect with loved ones or conduct essential business activities.

The cause of the outage remains unclear. AT&T has yet to officially comment on the issue, leaving users in the dark about the root cause and expected resolution timeframe. This lack of communication is further adding to the frustration of affected customers.

**Cyber Attack?**

The cause behind the widespread outage affecting AT&T services across the United States remains uncertain, with conflicting reports suggesting it could be either a cyber attack or technical issues. Users across various regions have reported difficulties accessing wireless services, prompting concerns about the extent and nature of the disruption.

****AT&T is Aware!****

Although some users are reporting on social media that their service has been restored, on X (formerly Twitter), AT&T stated, “Some of our customers are experiencing wireless service interruptions. We are working urgently to restore service to all who are impacted.” It is worth noting that the company also provided a link to visit and keep an eye on updates.

Ironically, that link was also down and showing an error message to visitors. However, according to a live outage map from Down Detector, a platform that monitors internet outages, AT&T is still facing service issues across the United States.

The potential impact of this outage is significant. Disruptions to mobile phone service can hinder communication, impact emergency services for some, and cause inconvenience for countless individuals and businesses relying on their mobile devices for daily activities.

While AT&T is working to restore service, no estimated time for resolution has been announced. In the meantime, users are advised to:

*   **Use Wi-Fi calling:** If available, utilize Wi-Fi calling to make and receive calls over a Wi-Fi network.
*   **Stay informed:** Check the AT&T website and social media for updates on the outage.
*   **Consider alternative communication methods:** Explore options like text messaging apps or social media to connect with others if unable to use your phone.

This latest outage highlights the critical role of reliable mobile phone service in today’s interconnected world. It also underscores the importance of clear and timely communication from service providers during such disruptions to minimize inconvenience and ensure user safety.

As the situation unfolds, we will continue to monitor developments and provide updates on this evolving story.

1.  **ChatGPT Down? OpenAI Blames Outages on DDoS Attacks**
2.  **Amazon Web Services suffer outage taking popular sites down**
3.  **Facebook down with Messenger, Instagram, WhatsApp disruption**

AT&T Outage Disrupts Service for Millions of Users Across US

By Waqas
Another day, another Apple Security Vulnerability!
This is a post from HackRead.com Read the original post: Apple Shortcuts Vulnerability Exposes Sensitive Data, Update Now!

Apple Shortcuts security vulnerability (CVE-2024-23204) allows attackers to access targeted devices and steal sensitive data – update your devices now!

Cybersecurity firm Bitdefender has discovered a 7.5/10 severity rating vulnerability in Apple Shortcuts, allowing attackers to access sensitive data without prompting users. According to Bitdefender’s blog post published on 22 February 2024, this vulnerability tracked as **CVE-2024-23204**, allows attackers to create a Shortcuts file bypassing Apple’s security framework for macOS and iOS.

Apple Shortcuts is a popular **macOS and iOS** automation app that simplifies tasks by allowing users to create personalized workflows using visual programming to automate tasks like app control, media management, messaging, location-based actions, and more. Users can create workflows for file management, health tracking, web automation, education, and smart home integration, thereby improving productivity and user experience.

The vulnerability was found in the shortcut sharing/expanding mechanism in Apple’s Shortcuts community. The community allows users to discover and expedite automation workflows and export/share shortcuts.

CVE-2024-23204 on the other hand, lets users unknowingly import shortcuts that could exploit the Transparency, Consent, and Control (TCC) security framework in macOS and iOS. This framework helps ensure user privacy and security by requiring explicit permission before accessing sensitive data or functionalities.

During the attack, as noted by researchers in their **blog post**, the ‘Expand URL’ function in Shortcuts lets attackers transmit base64-encoded photo data to a malicious website. This involves selecting sensitive data, importing it, converting it using the base64 encode option, and forwarding it to the server. A Flask program captures the transmitted data, allowing the attacker to store it for exploitation. The issue is fixed in **macOS Sonoma 14.3**, **watchOS 10.3**, **iOS 17.3, and iPadOS 17.3**. 

Still, it highlights the need for continuous security vigilance in Apple’s Shortcuts application, given its potential for privacy breaches. Users are advised to use the latest software. Users are advised to update macOS, iPadOS, and watchOS devices, remain cautious when executing shortcuts from untrusted sources, and regularly check for **Apple security updates and patches**.

****Watch the vulnerability in action!****

The rising number of flaws identified in Apple apps and devices recently has effectively busted the myth of Apple products being the most reliable in safeguarding user data. Last year Apple patched a record number of vulnerabilities.

In July 2023, Apple issued a critical **security alert** for iPhone, iPad, and Mac users, urging them to update their devices soon due to a software vulnerability in its Safari WebKit browser engine.

In October 2023, researchers from Georgia Tech, the University of Michigan, and Ruhr University Bochum **discovered an iLeakage** vulnerability in Apple devices, affecting Macs and iPhones since 2020. The attack exploited a side-channel vulnerability in CPUs, allowing Safari to divulge sensitive data, including passwords and Gmail content.

In December 2023, a **Bluetooth vulnerability**, CVE-2023-45866, let attackers control Android, Linux, macOS, and iOS devices without user confirmation to install malicious apps, run commands, and perform unauthorized actions.

The same month, Apple **released** security updates to address two zero-day vulnerabilities, CVE-2023-42916 and CVE-2023-42917, which allowed hackers to execute code and access sensitive data on compromised devices through malicious web pages.

1.  **Apple Approves Fake App Before Real Rabby Wallet**
2.  **Apple Safari Safest, Google Chrome Riskiest Browser**
3.  **Apple AirTags can be used as trojan for credential hacking**
4.  **55 Apple vulnerabilities risked iCloud account takeover, data theft**
5.  **Apple Bug bounty: Earn big backs for hacking iPhone, other products**

Apple Shortcuts Vulnerability Exposes Sensitive Data, Update Now!

By Owais Sultan
Startale Labs, the developer behind Japan’s leading Web3 products like Astar Network and Startale Web3 Cloud, has secured…
This is a post from HackRead.com Read the original post: UOB, Samsung Back Singapore’s Startale Labs in $7 Million Web3 Push

Startale Labs, the developer behind Japan’s leading Web3 products like Astar Network and Startale Web3 Cloud, has secured an additional $3.5 million in funding. This brings their total seed funding to $7 million, following a previous investment from Sony Network Communications in September 2023.

The latest round saw participation from UOB Venture Management, a subsidiary of Singapore’s top bank UOB, and Samsung Next, the investment arm of Samsung. This strategic investment from leading Asian companies positions Startale to become a key player in the region’s Web3 domain.

Startale aims to utilize the fresh capital to accelerate the development of its Web3 products and attract top talent from around the globe. Their vision is to become the leading Web3 company in Asia, leveraging the support of prominent Asian corporations.

It is worth noting that the company has already made significant strides, collaborating with Sony Network Communications on a joint blockchain venture and launching the beta version of Startale Web3 Cloud, a developer-friendly platform for deploying and managing blockchain infrastructure.

Sota Watanabe, CEO of Startale Labs, expressed his enthusiasm, stating, “Within a year, Startale has garnered support from leading Asian companies like Sony, Samsung, and UOB Venture Management, significantly expanding our potential. The raised funds will be directed towards product development and talent acquisition, allowing us to establish ourselves as a prominent Web3 force in Asia and beyond.”

Lead investor Paul Ng, Executive Director of UOB Venture Management, shared his belief in Startale’s potential, stating, “We believe real-world applications are key to onboarding new users to Web3. Startale Labs, with their expertise and experience, is well-positioned to make Web3 accessible to the masses, particularly in Asia. We are excited to support them in bringing billions of users into the Web3 space.”

This successful funding round signals the increasing adoption of Web3 and growing trust within the Asian Web3 community.

****RELATED ARTICLES****

1.  **Nexo Teams Up with Sift for Enhanced Digital Security**
2.  **GAM3S.GG Raises $2M to Grow Web3 Gaming Superapp**
3.  **Particle Network: Securing Web3 with Intent-Centric Approach**
4.  **Overworld secures $10M for cross-platform ARPG development**
5.  **READYgg Partners with Aptos Labs – 15M Web2 Players into Web3**

UOB, Samsung Back Singapore’s Startale Labs in $7 Million Web3 Push

By Uzair Amir
Meet Curium by Bluzelle, a new Miner Pool app.
This is a post from HackRead.com Read the original post: Bluzelle’s Curium App Makes Crypto Earning Effortless

Bluzelle, a Singapore-based decentralized storage company, is making it easier than ever to earn cryptocurrency with the launch of Curium, a new Miner Pool app. Curium allows anyone to contribute storage space and security to Bluzelle’s network and earn BLZ tokens in return, all from their computer or mobile device.

Traditionally, running nodes for blockchain projects has been a complex process requiring technical expertise and expensive hardware. Curium eliminates these barriers by offering a user-friendly app that works on any device, regardless of operating system.

The good news is that Bluzelle solves this by making it easy for anyone to install the Curium app on their computers or mobile devices. This app works on any operating system, including Windows, Mac, Linux, Android, or iOS. Once installed, users simply need to provide their Bluzelle wallet address.

Their device then becomes a “just in time” (JIT) storage node service provider, earning BLZ tokens for the fractional times their machine is online. This operation is similar to an Ethereum PoS pooler miner app, where anyone can install the app on their PC and start earning fractional amounts of ETH based on their device’s uptime.

However, it’s worth mentioning that users must remain alert against fake crypto apps created by scammers targeting iOS, Android, and Windows devices. Recently, Apple approved a fake wallet app on the Play Store that stole user data.

Similarly, Microsoft permitted a fake fundraising app that siphoned almost a million dollars from users. Furthermore, Google has been involved in multiple incidents where fake apps led to the theft of users’ funds. Therefore, it is significant to note that the Curium app is expected to be released by the end of 2024.

“The Curium storage node application is one of the core technologies we envisioned when we launched Bluzelle’s white paper over six years ago,” said Neeraj Murarka, co-founder and CTO of Bluzelle. “Now anyone can become part of our decentralized infrastructure network and earn rewards for simply having their device online.”

With Curium, users can contribute to the security and storage of Bluzelle’s network while earning BLZ tokens. This opens up the world of cryptocurrency to a wider audience, making it easier for anyone to participate in the Web3 revolution.

1.  **Navigating the new frontier of cryptocurrency futures**
2.  **What the Bitcoin ETF Approval Mean for the Crypto Market** 
3.  **Powerloom to Hold First Ever Node Mint on Polygon Network**
4.  **Exploring the Phenomenal Rise of Ethereum as a Digital Asset**
5.  **The Anatomy of Trading Bot Scams: Strategies for Secure Investments**

Bluzelle’s Curium App Makes Crypto Earning Effortless

By Waqas
Crypto Nightmare! Fake Rabby Wallet App Steals Millions After Apple App Store Fails to Catch It.
This is a post from HackRead.com Read the original post: Apple Approves Fake App Before Real Rabby Wallet, Users’ Funds Stolen

Users report significant losses due to the fake Rabby Wallet app, including one reporting a $5000 loss, another experiencing a 10% portfolio loss, and an NFT collector reporting $40,000 worth of ETH drained from their wallet. 

A fake version of the Rabby Wallet app, a popular crypto wallet developed by DeBank Global Pte Ltd., was tricking users and stealing their funds on the Apple App Store. DeBank’s team confirmed that any app available on the store currently is fake, as its official app is still under review and yet to be approved by Apple.

For your information, Rabby Wallet’s mobile app’s beta version was announced on 16 February by team DeBank. However, scammers acted quickly and uploaded the app’s fake version to the iOS App Store, which was a wallet drainer and had no connection with the real app.

Interestingly, this fake version was approved by Apple before the actual wallet app, prompting users to download the drainer and get scammed.

The fake Rabby Wallet app, created by a developer called “Solution Development,” appeared on the App Store under the name “Rabby Wallet & Crypto Solution” and was detected after four days. A thread warning others about the fake app was posted on Rabby Wallet’s **Apple discussion board** and **Discord** channel with screenshots from scammed users.

The fake Rabby App on the Apple App Store

Affected users have also created a thread on Reddit to warn others about the fake app. One user claimed that a fake app by “VIET LONG FINANCIAL INVESTMENT JOINT STOCK COMPANY” has been approved, causing users to lose cryptocurrencies, with a user losing around 14 ETH.

“This scammer’s approved AppStore App called “Rabby Wallet & Crypto Solution” is tricking people into thinking it is the genuine one, they enter the seed phrase or private key, and moments later all of their life savings, crypto belongings are GONE!” a user u/CryptoCurrency **wrote** on Reddit.

Rabby Wallet team **posted** a statement on X to notify users about the presence of a fake app and to avoid downloading it. The fake app has now been removed by Apple.

However, this isn’t the first instance where fake apps appeared on a credible platform like the Apple App Store and deceived users. On February 7, 2024, Hackread.com **published a warning from LastPass**, urging users to avoid downloading fraudulent applications and remain cautious after a fake app was uploaded to the Apple App Store, posing as the legitimate LastPass Password Manager app. The app was developed by Parvati Patel and closely resembled LastPass’ branding and user interface.

In July 2023, **Apple approved a fake THREADS app**, which subsequently ranked first on the European Apple Store, despite the original app being launched by META just days before and wasn’t available in Europe. Nevertheless, such incidents are steadily rising, making Apple’s app review and approval process doubtful and questionable.

****RELATED ARTICLES****

1.  **Google Deletes Fake BatteryBot Pro Malware App**
2.  **MMRat Android Trojan Uses Fake App Stores for Bank Fraud**
3.  **Fake Ledger App on Microsoft Store Stole $800,000 in Crypto**
4.  **Chinese Scammers Use Fake Loan Apps for Money Laundering**
5.  **Hackers Send Fake Rocket Alerts to Israelis via Hacked Red Alert App**

Source

HackRead