By Waqas
Microsoft Bids Farewell to Standalone Cortana App on Windows 11, Welcomes Windows Copilot.
This is a post from HackRead.com Read the original post: Microsoft Bids Farewell to Cortana App on Windows 11

**IN SUMMARY**

1.  **Microsoft kills Cortana app on Windows 11, suggests other productivity assistants.**
2.  **Cortana’s downfall: No momentum or third-party interest, unlike Alexa and Google Assistant.**
3.  **Meet “Windows Copilot”: Microsoft’s promising AI assistant for productivity and user support.**
4.  **Windows Copilot preview out now, with third-party plugin support coming soon.**
5.  **Microsoft Embracing OpenAI’s GPT-4 to revolutionize user interactions on Windows.**

Microsoft has officially pulled the plug on its standalone Cortana app for **Windows 11**. Users with the app installed on their PCs will now receive a message indicating its deprecation, marking the end of an era for the once-promising voice assistant.

The company had previously **warned** of this development in June, stating that Cortana’s standalone support would cease for both Windows 11 and Windows 10 by the end of 2023.

Introduced on Windows Phone in 2014 and later brought to Windows 10 PCs, Cortana was Microsoft’s answer to voice-activated personal assistants. However, despite its early potential, the Cortana app failed to garner the same level of popularity as competitors like Amazon’s Alexa and Google Assistant. Third-party manufacturers showed little interest in integrating Cortana into their products, leading to its gradual decline over the years.

Fulfilling this vision, Microsoft is now actively embracing OpenAI’s GPT-4 technology with its new line of “**Copilot**” products. These AI-powered tools are designed to provide enhanced productivity and user assistance. Earlier this year, Microsoft introduced its **Bing chatbot** as a solid alternative to ChatGPT, which has been integrated into the company’s Edge browser. This offering was just a taste of what was to come.

Although Windows Copilot does not support voice interactions like traditional voice assistants, it is expected to outperform the Cortana app in terms of utility and relevance. Unlike Cortana, which often defaulted to displaying search results when unable to comprehend user queries, Windows Copilot takes a different approach to provide more accurate and insightful assistance.

Microsoft’s plans for Windows Copilot **are ambitious**, and the company is working on enhancing the assistant further with the forthcoming support for third-party plugins. By collaborating with OpenAI on an open standard for plugins, Microsoft aims to create an ecosystem that encourages developers to build skills and integrations for Windows Copilot, thereby avoiding the dearth of third-party support that plagued Cortana.

With the demise of the standalone Cortana app, Microsoft takes a **significant step forward in its AI strategy**, positioning itself to reclaim lost ground in the voice assistant market. As Windows Copilot continues to evolve and gain traction, Microsoft believes it will redefine the user experience on Windows and pave the way for a more productive, efficient, and AI-driven computing future.

While the curtain falls on the Cortana app, the stage is now set for Windows Copilot to shine and demonstrate Microsoft’s commitment to leveraging AI to enrich its products and services.

**RELATED ARTICLES**

1.  Microsoft patent reveals chatbot to talk to dead people
2.  6 Best Ways to Make a Collaborative PowerPoint Presentation
3.  Microsoft’s Windows File Recovery tool recovers your lost data
4.  Microsoft’s new tool detects & reports pedos from online chats
5.  AI-Powered Tools Spark Creativity and Help You Create Designs

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Microsoft Bids Farewell to Cortana App on Windows 11

By Waqas
The guilty couple goes by the names of Ilya Lichtenstein and Heather Morgan.
This is a post from HackRead.com Read the original post: NY Couple Pleads Guilty to $4.5B Bitcoin Theft in Bitfinex Hack

**IN SUMMARY**

1.  **NY couple who stole $3.6B BTC from 2016 Bitfinex crypto hack pleads guilty.**
2.  **Lichtenstein used hacking tools to access Bitfinex and move 119K Bitcoin.**
3.  **The couple used false identities and crypto mixing to launder stolen funds.**
4.  **Morgan faces up to 5 years; Lichtenstein up to 20 years in prison.**
5.  **The case serves as a landmark in cryptocurrency cybercrime prosecution.**

A New York-based couple, Ilya Lichtenstein and Heather Morgan pleaded guilty to their involvement in the infamous **Bitfinex cryptocurrency hack of 2016**.

The hack had resulted in the theft of a staggering amount of funds, and after years of investigation, the US Department of Justice (DoJ) achieved its largest-ever finance bust, seizing $3.6 billion worth of Bitcoin connected to the illicit activity.

According to **court records**, Ilya Lichtenstein, the mastermind behind the cyber attack, confessed to using a sophisticated array of hacking tools and techniques to breach the security defences of the Bitfinex exchange.

Once inside, he proceeded to carry out 2,000 unauthorized transactions, transferring a total of 119,754 bitcoins to his controlled wallets. To cover his tracks, Lichtenstein meticulously erased access credentials, logs, and any other digital evidence that could potentially lead to his identity.

Heather Morgan, Lichtenstein’s wife, was an active accomplice in the money laundering operation. The couple employed deceptive practices, setting up false identities on the darknet and various cryptocurrency exchanges to move and launder the stolen funds.

The couple, **arrested in February of last year**, employed crypto mixing services to obfuscate the origin of the bitcoins, making it exceptionally challenging for law enforcement to trace the illicitly obtained coins.

Furthermore, the couple created legitimate-looking businesses in the United States to conceal their nefarious activities. Morgan even went as far as promoting her ventures on social media, **including TikTok**, where she boasted about establishing a multimillion-dollar business without external funding.

Additionally, they allegedly utilized the stolen funds to purchase physical gold coins, which Morgan then buried in an attempt to further hide the money’s origins.

As a result of the criminal actions of Ilya Lichtenstein and Heather Morgan, they now face serious consequences. Lichtenstein pleaded guilty to the conspiracy to commit money laundering, which could lead to a maximum prison sentence of up to 20 years.

Meanwhile, according to the DoJ’s **press release**, Morgan admitted to one count of money laundering conspiracy and one count of conspiracy to defraud the United States, with each count carrying a maximum sentence of five years in prison.

The magnitude of the funds seized by the DoJ in connection with this case marks a significant achievement in the fight against cybercrime and money laundering in the cryptocurrency space. It serves as a stark warning to those who may attempt to exploit the anonymity and decentralization of digital assets for **illicit purposes**.

The plea hearing has sent ripples through the crypto community, reinforcing the importance of maintaining robust security measures in exchanges and other crypto-related platforms. It also emphasizes the need for increased vigilance and cooperation between industry stakeholders and law enforcement agencies to ensure the safety and integrity of the cryptocurrency ecosystem.

The sentencing of Lichtenstein and Morgan is scheduled for later this year, and it will undoubtedly serve as a landmark case in the intersection of cryptocurrency, hacking, and money laundering law. The outcome will not only impact the lives of the individuals involved but also set a precedent for future cases involving cybercrime in the world of cryptocurrencies.

**RELATED ARTICLES**

1.  Husband – wife among ransomware operators arrested in Ukraine
2.  Gender Diversity in Cybercrime Forums: Women Users on the Rise
3.  Couple sold nuclear warship data hidden in peanut butter sandwich
4.  Couple Arrested For Providing Malware Encryption Service To Crooks

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

NY Couple Pleads Guilty to $4.5B Bitcoin Theft in Bitfinex Hack

By Habiba Rashid
Cybersecurity researcher Sam Curry and his team managed to hack Points.com before malicious threat actors could.
This is a post from HackRead.com Read the original post: Globally Used Points.com Loyalty System Hacked for Good

**IN SUMMARY**

1.  **The flaws in Points.com were reported by InfoSec researcher Sam Curry.**
2.  **Points.com acts as a backend for multiple airline & hotel rewards programs.**
3.  **If hacked, scammers could’ve manipulated the loyalty progs on Points.com.**
4.  **Points.com has fixed the vulnerabilities, posing no current danger.**

In a recent discovery that raises concerns about the security of personal data in loyalty rewards systems, cybersecurity researchers have unveiled a series of security vulnerabilities within points.com, a widely used airline and hotel rewards platform.

The vulnerabilities, which were brought to light by **Sam Curry** and his team, could have potentially compromised the personal information of millions of customers.

Points.com, acting as a backend for numerous airline and hotel rewards programs, also functions as a platform for trading and redeeming loyalty points. The security researchers, including Ian Carroll and Shubham Shah, identified five distinct security flaws over a period of several months that could have allowed unauthorized access to sensitive user data, including names, addresses, emails, phone numbers, and transaction details.

(Image: Sam Curry)

According to Curry’s **blog post**, of particular concern was the possibility that these vulnerabilities could have facilitated the transfer of loyalty points between accounts. Additionally, attackers could have gained access to a global administrator website, thereby gaining the ability to issue points, manage loyalty programs, and execute various administrative actions, according to Sam Curry.

The researchers’ findings included an unauthenticated HTTP path traversal bug, discovered in early March, which could have provided access to an internal API containing over 22 million order records.

This database exposed a plethora of information, ranging from partial credit card numbers to customer authorization tokens. The flaws extended to an authorization bypass in a misconfigured API that could have been exploited to transfer rewards points from users.

The impact of these vulnerabilities was far-reaching, with one of the identified bugs affecting United Airlines. This specific flaw could allow an attacker to generate an authorization token for any user simply by possessing their rewards number and surname. As a result, an attacker could transfer miles to themselves and even authenticate as a member on various MileagePlus-related applications.

Access allowed researchers to gain thousands of dollars worth of points on United Airlines. (Image: Sam Curry)

Curry’s team also discovered weaknesses that impacted other partner businesses. A points.com-hosted Virgin rewards website was found to leak API authentication information, enabling an attacker to manipulate accounts and modify reward program settings.

Additionally, the researchers found a vulnerability involving the “Flask session secret” for the points.com global administration website, granting unauthorized access to crucial administrative functions.

Despite the concerning implications of these vulnerabilities, Curry praised points.com’s swift response to their reports. The platform’s security team promptly addressed each issue within approximately an hour of disclosure. Affected websites were taken offline for remediation before the vulnerabilities were successfully patched.

**More Hacks from Sam Curry**

1.  Automotive Industry Exposed to Have Major API Vulnerabilities
2.  Vulnerability in Chess.com allowed access to 50M user records
3.  Honda & Nissan Cars App Flaws: Hack by Knowing VIN Number
4.  55 Apple vulnerabilities risked iCloud account takeover, data theft

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Globally Used Points.com Loyalty System Hacked for Good

By Deeba Ahmed
The technical details of these findings will be unveiled at Black Hat USA on Wednesday, August 9, 2023.
This is a post from HackRead.com Read the original post: Researchers Jailbreak Tesla Vehicles, Gain Control Over Paid Features

**IN SUMMARY**

1.  **A basic piece of hardware allows third-party jailbreaking of a Tesla vehicle.**
2.  **The findings came from a security researcher and 3 academic researchers.**
3.  **Tesla’s AMD Secure Processor was bypassed with a voltage-glitching flaw.**
4.  **The findings will be unveiled at Black Hat USA on Wednesday, August 9.**

With the involvement of smart technology, **security vulnerabilities in Tesla cars** are not a novel occurrence; they have been a well-established fact. Such vulnerabilities are an inherent possibility whenever sophisticated technology is integrated into a vehicle.

Tesla offers in-car purchases to enhance its EVs connectivity, and researchers have already found a method to jailbreak Tesla vehicles and activate crucial features like FSD Beta, or heated seats.

**Tesla EVs In-Car Paid Features are Hackable!**

Academic researchers from Technical University Berlin and independent researcher Oleg Drokin have found a way to unlock in-car purchasable features of Tesla EVs. Researchers have found that gaining complete control of a Tesla EV was possible by **exploiting a flaw in its Bluetooth system**.

According to researchers, they managed to gain root access to Tesla EV’s MCU-Z (AMD-based) infotainment system, **used** in almost all new EV models, which gave them complete control over the vehicle’s operating system and use any feature such as activating and deactivating its systems.

**How Does the Attack Work?**

Researchers exploited a voltage-glitching (aka fault injection) vulnerability in the ICE (infotainment ECU) board of the EV to bypass Tesla’s AMD Secure Processor, a Trusted Platform Module. This helped them gain root access to the OS and run arbitrary code on the MCU-Z and enable paid features like Acceleration Boost, FSD Beta, and heated seats.

Not just that, they could break geolocation restrictions on FSD Beta and navigation, which may be detrimental for Tesla users because it makes enabling FSD Beta possible in any region/country where it is unavailable.

For instance, they can enjoy fully autonomous (level 5) driving in Europe where only Level 3 autonomous driving (requiring a fair amount of human intervention) is legal under certain **conditions**.

** Tesla Jailbreak details**

Interestingly, Tesla jailbreaking turned out easier than expected, and advanced tools weren’t required to achieve it. Researchers successfully exploited MCU-Z by voltage fault injection attack against the ASP using low-cost hardware to mount to glitching attack and disrupt the ASP’s early boot code.

They then reverse-engineered the boot flow to gain a root shell. After gaining root permissions, they enabled arbitrary changes to Linux and decrypt the encrypted NVMe storage to access private user data like calendar entries or phonebook.

The ASP attack also allows extracting a TPM-protected attestation key that authenticates a Tesla EV and migrates the vehicle’s identity to another car computer without Tesla’s consent.

According to co-researcher **Christian Werling**, this attack can be pulled off with basic electronic engineering using hardware worth up to $100 and a soldering iron. Moreover, the AMD CPU’s vulnerability is unmitigable without a CPU upgrade, and gaining root permissions allows arbitrary changes to Linux that survive updates and reboots. This means the access might be irrevocable.

However, Werling noted that a Teensy 4.0 Development board is better for voltage-glitching as it works better with their open-source attack firmware. In addition, an SPI flash programmer and a logic analyzer can help debug this attack.

It is unclear whether researchers have informed Tesla about this vulnerability. Despite successful jailbreaking, researchers lauded Tesla’s superior security mechanism, claiming it is way ahead of most automakers.

The findings will be revealed at the **Black Hat USA** on Wednesday, August 9, 2023.

**RELATED ARTICLES**

1.  How to unlock Tesla wireless key fobs in 2 seconds
2.  Tesla autopilot feature hacked to risk oncoming traffic
3.  3rd-party flaw allowed a teen hacker to track Tesla cars
4.  Sensitive user data found in Tesla car parts sold on eBay
5.  Bug bounty: Hack Tesla Model 3 to win your own Model 3
6.  Researchers found another way to hack Tesla Model X Key Fob

Researchers Jailbreak Tesla Vehicles, Gain Control Over Paid Features

By Waqas
These networks generated revenues from advertising sexually explicit content involving children.
This is a post from HackRead.com Read the original post: Operation Narsil INTERPOL Busts Decade-Old Child Abuse Network

**IN SUMMARY**

1.  **Operation Narsil was launched in 2021 with 27 countries’ collaboration.**
2.  **Arrests were made in Argentina, Bulgaria, and Russia during the operation.**
3.  **INTERPOL disrupted finance mechanisms and seized over 20,000 domains.**
4.  **The Argentinian arrest involves a brother-sister duo running an abuse site.**
5.  **Interpol’s actions send a strong message to criminals exploiting children.**

The rise of profitable platforms that provide access to content depicting the sexual or physical exploitation of minors is an unfortunate reality. However, law enforcement agencies worldwide are actively engaged in efforts to dismantle these networks and bring the perpetrators to justice. Operation Narsil stands as a notable example of such initiatives, successfully busting several child exploitation networks.

Interpol launched Operation Narsil in December 2021 with the primary objective of tracking down criminals involved in operating children’s sexual abuse-related websites. After two years of relentless investigation, in a massive worldwide law enforcement collaboration, agencies achieved a major breakthrough in July 2023, taking down a significant network responsible for distributing child sexual abuse content.

Throughout the operation, the investigators effectively disrupted the finance mechanisms of the website operators, resulting in a severe impact on their advertising campaigns.

According to INTERPOL’s **press release**, under Operation Narsil, Interpol managed to seize over 20,000 domains in the past 13 years. In total, 27 countries have collaborated in the operation so far.

**Decade-Old Abuse Networks**

During Operation Narsil, all Interpol member countries collaborated extensively to combat the issue of child exploitation. They actively engaged in sharing intelligence information, identifying suspects, and coordinating arrests of individuals involved in running the websites that facilitated such heinous activities.

Notably, in 2010, Interpol established the Interpol Worst of List (**IWOL**), which served as a watchlist to monitor websites offering extreme child sexual abuse content. Interpol’s general secretariat headquarters worked in close partnership with law enforcement authorities in all regions, urging them to take action and shut down these harmful websites within their respective countries.

**Brother Sister Duo Ran Minor Abuse Site**

**In Argentina**, one of the websites seized during Operation Narsil had been operating for approximately a decade and was discovered to be run by a brother-sister duo based in Argentina.

These siblings were apprehended for their involvement in creating, maintaining, and profiting from a website that featured explicit child sexual abuse material, along with associated advertising campaigns. During the arrests, authorities confiscated 14 electronic devices, credit cards, and cash from the residence of the suspects.

The reason this illicit activity remained undetected for such a long period was due to the complexities of technology that the perpetrators exploited to evade law enforcement. However, the breakthrough came when digital clues from the Interpol Worst of List (IWOL) and intelligence shared by the global police community helped trace and identify the duo’s involvement in this appalling crime.

To bring the criminals to justice, Argentina’s Anti Cyber Crime against Minors’ Victim Identification Office and the Specialised Cybercrime Prosecution Unit (**UFECI**) collaborated with the Federal Courts in Mendoza Province. This joint effort led to the successful identification and subsequent arrest of the suspects, ensuring that they would face the legal consequences for their heinous actions against children.

**In Bulgaria**, law enforcement successfully apprehended a 34-year-old male who was operating an online forum dedicated to sharing child sexual abuse content. The arrest aimed to put an end to this disturbing online activity and bring the perpetrator to justice.

**In Russia**, two individuals aged 24 were arrested for their involvement in the production and distribution of illegal content related to child sexual abuse. During the operation, authorities seized removable hard drives that contained explicit material, as well as various software and equipment that were used to create and maintain websites promoting such illicit content.

**In Thailand**, a 45-year-old male was arrested for possessing and profiting from child sexual abuse content. This reprehensible act of exploitation was met with decisive action by the authorities, intending to **ensure the safety** and protection of vulnerable children.

**The Fight is Far From Over**

The arrests indicate the effectiveness of cross-regional police cooperation, said Argentina’s Federal Police head and America’s Interpol executive committee’s delegate, Juan Carlos Hernandez.

Interpol’s secretary general, Jurgen Stock, believes that “identifying and removing these websites” is highly **crucial** to prevent the “potential normalization” of child abuse material online. It is also important to reduce the re-victimization of abused minors.

“Operation Narsil sends a strong message to the criminals making money from these websites that Interpol and its alliance of police forces in 195 member countries, know where they are, what they are doing, and how to find them,” Stock added.

**RELATED ARTICLES**

1.  Dark Web child abuse gang busted; 15TB of files seized
2.  Authorities seize world’s biggest dark web child abuse site
3.  Op protected childhood: 113 online child predators arrested
4.  Busted: Man streamed “worst child abuse content ever seen”
5.  210 days prison for crypto CEO who held 13k child abuse files
6.  BreachForums’ Pom Pleads Guilty to Holding Child Abuse Content
7.  Man sought dark web hitman to murder child victim of sexual abuse

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Operation Narsil INTERPOL Busts Decade-Old Child Abuse Network

By Habiba Rashid
Dubbed HVNC, the malware is being sold on a Russian hacker and cybercrime forum for $60,000.
This is a post from HackRead.com Read the original post: Researchers Leverage ChatGPT to Expose Notorious macOS Malware

**IN SUMMARY**

1.  **The HVNC macOS malware tool is designed to target SMEs.**
2.  **The malware tool is effective on a wide range of macOS versions.**
3.  **This is a reminder that Macs are not immune to cyberattacks**
4.  **The creators of the malware tool have placed a large escrow deposit, which shows their confidence in the tool’s effectiveness.**

Russian hackers and cybercrime forums are notorious for exploiting critical infrastructure. Last month, Hackread.com **exclusively reported** that a Russian-speaking threat actor was selling access to a US military satellite. Now, researchers have identified macOS malware being sold for $60,000.

Guardz Cyber Intelligence Research (CIR) team has uncovered a sophisticated and perilous macOS malware tool being sold on the notorious Russian cybercrime forum “Exploit.” Leveraging a lead from **ChatGPT**, the team has unearthed a Hidden Virtual Network Computer (HVNC) tool, designed to seize control of Macs within small to medium-sized enterprises (SMEs).

ChatGPT assisting researchers (screenshot: Guardz)

HVNC is a malicious tool that enables cybercriminals to infiltrate Mac devices without the victim’s knowledge. Unlike conventional remote control technologies, HVNC operates covertly, creating a hidden desktop session that escapes the user’s awareness. 

According to Guardz CIR’s report, the tool was available for the staggering price of $60,000. For this sum, cybercriminals gain access to a malicious tool capable of persistently running on a Mac, evading user authorization, and executing a range of invasive functions. The tool is effective on a spectrum of macOS versions, from 10 up to macOS Ventura 13.2.

The creators of this tool, presumed to be Russian hackers, have taken their malevolent endeavours to new heights. To substantiate the tool’s credibility, an astonishing $100,000 deposit has been placed in an escrow account, earmarked as insurance should the tool fail to deliver as promised. This unprecedented measure shows the hackers’ confidence in their creation and its grave implications.

Post by malware author on a Russian cybercrime and hacker forum (screenshot: Guardz)

Historically, Macs have enjoyed relative immunity compared to their Windows counterparts, but this equilibrium is being disrupted. Cybercriminals are increasingly targeting Macs, a trend that demands heightened awareness from both individual users and businesses alike.

Updating to the latest macOS version and refraining from downloading applications from untrusted sources is paramount. Employing reliable antivirus software, complemented by regular security audits, will further bolster defence mechanisms. 

**RELATED ARTICLES**

1.  MacStealer Malware Targeting macOS Catalina Devices
2.  macOS Users Targeted by Chinese Iron Tiger APT Group
3.  SysJoker backdoor targeting Windows, macOS & Linux Devices
4.  DazzleSpy malware infects macOS devices through hacked sites
5.  UpdateAgent malware variant mimics legitimate macOS software

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Researchers Leverage ChatGPT to Expose Notorious macOS Malware

By Waqas
The group of Russian hackers involved in this attack is Midnight Blizzard (aka NOBELIUM).
This is a post from HackRead.com Read the original post: Russian Midnight Blizzard Hackers Hit MS Teams in Precision Attack

**IN SUMMARY:**

1.  **Midnight Blizzard (aka NOBELIUM) was also involved in the SolarWinds hack.**
2.  **The group used hacked Microsoft 365 tenants owned by small businesses.**
3.  **The reported campaign impacted fewer than 40 unique global organizations.**
4.  **The goal of Midnight Blizzard is to collect intelligence through espionage.**
5.  **Microsoft has taken measures to mitigate the domains used by the group.**

Microsoft has recently disclosed a highly targeted social engineering attack by the threat actor known as Midnight Blizzard (previously tracked as **NOBELIUM**). The attack involves credential theft phishing lures sent via Microsoft Teams chats, and it demonstrates the actor’s continued use of both new and traditional techniques to achieve its objectives.

According to Microsoft Threat Intelligence, the latest activity involves **Midnight Blizzard** using previously compromised Microsoft 365 tenants owned by small businesses to create new domains that appear to be legitimate technical support entities.

Using these domains, the threat actor sends Teams messages as lures to steal credentials from targeted organizations. The attack relies on engaging users and eliciting approval of multifactor authentication (MFA) prompts, ultimately giving the actor access to the victims’ **Microsoft 365 accounts**.

This campaign has impacted fewer than 40 unique global organizations. These targets indicate that Midnight Blizzard’s objectives primarily revolve around espionage, with a specific focus on government entities, non-government organizations (NGOs), IT services, technology, discrete manufacturing, and media sectors.

Midnight Blizzard, attributed by the US and UK governments as the Foreign Intelligence Service of the Russian Federation (SVR), is well-known for targeting governments, diplomatic entities, NGOs, and IT service providers primarily in the US and Europe.

According to Microsoft’s **report**, their main goal is to collect intelligence through dedicated espionage, and their operations have been ongoing since early 2018. The threat actor uses various initial access methods, including stolen credentials, supply chain attacks, and exploitation of on-premises environments to move laterally to the cloud.

To execute their latest attack, Midnight Blizzard uses security-themed or product name-themed domain names in their **phishing lures**. They compromise Microsoft 365 tenants of small businesses to host and launch the social engineering attacks. This tactic includes renaming the compromised tenant, adding a new subdomain, and creating a new user associated with that domain to send outbound messages to the target tenant.

The attack chain observed in this activity relies on token theft techniques for initial access, as well as authentication spear-phishing, password spray, brute force, and other credential attacks. Additionally, the threat actor targets users with passwordless authentication configured on their accounts, asking them to enter a code displayed during the authentication flow into the **Microsoft Authenticator app** on their mobile devices.

Message from Midnight Blizzard using a Microsoft Teams account and a phishing message sent by the same group (Screenshot: Microsoft)

In a comment to Hackread.com, Mike Newman, CEO of **My1Login** said “This is a highly sophisticated phishing scam that would be almost impossible to detect to the untrained eye. Because the attackers were using a legitimate Microsoft domain, it would only have taken a very curious and security-savvy user to investigate the prompts further and realise they were fake.”

Mr. Newman advised that “Businesses need to take their own remediation action against these threats and one of the best ways to do this is by removing passwords and credentials from users’ hands. This means even when highly sophisticated scams do reach user inboxes, users can’t be tricked into handing over their credentials because they simply do not know them.”

“Removing credentials and passwords from users can be achieved by implementing modern Identity Management solutions, which improve security but also remove cumbersome security checks within the enterprise to enhance the user experience and increase operational efficiency,” added Mr. Newman.

Nevertheless, Microsoft has taken measures to mitigate the use of these domains by Midnight Blizzard and is actively investigating the campaign to remediate its impact. The company has directly notified targeted or compromised customers to help them secure their environments.

In response to this latest attack, Microsoft recommends several mitigations to reduce the risk of falling victim to such **social engineering campaigns**:

*   Pilot and deploy phishing-resistant authentication methods for users.
*   Implement Conditional Access authentication strength to require phishing-resistant authentication for employees and external users accessing critical apps.
*   Specify trusted Microsoft 365 organizations to define which external domains are allowed or blocked for chat and meetings.
*   Enable Microsoft 365 auditing to investigate audit records if required.
*   Select the best access settings for external collaboration.
*   Allow only known devices that adhere to Microsoft’s recommended security baselines.
*   Educate users about social engineering and credential phishing attacks, cautioning them against entering MFA codes sent via unsolicited messages.
*   Train Microsoft Teams users to verify the “External” tagging on communication attempts from external entities and to be cautious about sharing sensitive information or authorizing sign-in requests over chat.
*   Encourage users to review sign-in activity and report suspicious sign-in attempts.

By adhering to these best practices, organizations can strengthen their defences against social engineering attacks and minimize the risk of unauthorized access to critical resources.

**RELATED ARTICLES**

1.  Check Point: Microsoft the Most Phished Brand in Q2 2023
2.  NodeStealer 2.0 Poses as ‘Microsoft’ to Hack Browser Data
3.  Microsoft Teams Flaw Sends Malware to Employees’ Inboxes
4.  Microsoft Message Queuing Service Exposed to DoS Attacks
5.  Microsoft sued for alleged misuse of stolen Dark Web credentials
6.  Microsoft-Signed Drivers Helped Hackers Breach System Defenses

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Russian Midnight Blizzard Hackers Hit MS Teams in Precision Attack

By Deeba Ahmed
NodeStealer 2.0 is a variant of the NodeStealer infostealing malware, which was taken down by Meta in May 2023.
This is a post from HackRead.com Read the original post: NodeStealer 2.0 Poses as ‘Microsoft’ to Hack Facebook and Browser Data

**IN SUMMARY**

1.  **Palo Alto Networks’ Unit 42 identified and reported NodeStealer 2.0.**
2.  **The Python-based malware steals crypto, Facebook and browser data.**
3.  **It spreads through phishing, masquerading as advertising opportunities.**
4.  **NodeStealer 2.0 campaign originated in Vietnam.**

Phishing scams targeting Facebook business accounts to conduct advertising frauds or account takeovers are on the rise, which is a concerning trend. Recently Hackread published MalwareBytes’ Jerome Segura’s **research** on fake Meta ad managers and Chrome extensions allowing attackers to lure business account holders into making ad investments to increase sales revenues.

Now Palo Alto Networks’ Unit 42 researchers have **shared** details of a new phishing attack distributing a brand-new version of a deadly information stealer NodeStealer. This new version is dubbed NodeStealer 2.0, which also targets Facebook business accounts. Researchers believe this trend of targeting Facebook business accounts started in July 2022 with the emergence of the **Ducktail infostealer**. 

NodeStealer malware was detected and taken down by Meta in May 2023. It could steal browser cookies to hijack Facebook business accounts, commendably perform ad frauds, steal account credentials and download additional payloads, etc.

In this campaign, the attack chain starts with a phishing lure, for instance, offering tools like spreadsheet templates for businesses. Previously, we have seen **ChatGPT-inspired scams** offering malicious extensions to business account users. 

NodeStealer 2.0r is similar to its predecessor, using phishing tactics to lure users and distributing malware-infected executable files in the guise of advertising opportunities. Victims are lured into downloading a .ZIP file from reputable Cloud file storage providers to gain their trust, but they get their devices infected.

Screenshot of a Facebook phishing scam tricking users into downloading .ZIP file (Screenshot: Palo Alto Networks’ Unit 42)

According to Unit 42’s **report**, NodeStealer 2.0 has additional features such as downloader and cryptocurrency stealing capabilities and a complete takeover of Facebook business accounts. The first attack in which NodeStealer 2.0 was used was discovered in December 2022, mainly targeting Facebook pages.

It is worth noting that both versions (named by Unit 42 as Variant 1 and Variant 2) are written in Python language. NodeStealer 2.0 posed as Microsoft Corporation and can steal emails, Facebook accounts, and even boasts anti-analysis features.

> The second variant of the infostealer in the campaign was internally named MicrosofOffice.exe and was compiled with Nuitka, the same as the first variant. Unlike the first variant, it does not generate a lot of activity visible to the unsuspecting user. For this variant, the threat actor used the product name “Microsoft Coporation” (originally misspelled by the malware authors).
> 
> Lior Rochberger – Palo Alto Networks’ Unit 42

NodeStealer 2.0 campaign originated in Vietnam, and as per researchers, it is no more active. The Vietnamese link was identified because previous campaigns involving **Ducktail and NodeStealer** were launched by threat actors based in Vietnam. 

Malware seen stealing passwords from a targeted browse (Screenshot: Palo Alto Networks’ Unit 42)

However, it could be part of a larger campaign where attackers are using different methods to target Facebook business account holders for monetary gains. NodeStealer 2.0 seems a continuation of the same agenda, which can cause huge financial losses for organizations, and users get exposed to additional threats due to credential leaks, apart from reputational damage.

Visit this link to check out the **indicators of compromise**. This is becoming a raging threat; therefore, organizations and Facebook business account holders must remain cautious while downloading executables. Using strong passwords with MFA and training employees to detect phishing lures can prove crucial in safeguarding your privacy and data on social media.

**RELATED ARTICLES**

1.  Fake ChatGPT Extension Hijacks Facebook Accounts
2.  Phishers Now Actively Automating Scams with Telegram
3.  Alert: Scammers Pose as ChatGPT in New Phishing Scam
4.  Fake ChatGPT, AI pages on Facebook spread infostealers
5.  Fake Facebook Profiles, Google Ads Pushing Sys01 Stealer

NodeStealer 2.0 Poses as ‘Microsoft’ to Hack Facebook and Browser Data

By Owais Sultan
London, England, August 2, 2023 – Open Campus, a leading educational technology protocol, has announced an exciting new…
This is a post from HackRead.com Read the original post: Care Bears and Open Campus Launch Educational Games on Climate Change

London, England, August 2, 2023 – Open Campus, a leading educational technology protocol, has announced an exciting new collaboration with Cloudco Entertainment’s Care Bears to develop educational games for children centered around the topic of Climate Change.

This partnership will leverage the platform TinyTap, known for creating and sharing educational games, to impart the Care Bears’ messages of sharing, caring, friendship, and courage to young learners, inspiring them to take care of the planet.

Through this joint effort, Open Campus will utilize the Care Bears‘ intellectual property to design educational games aimed at teaching children about environmental conservation and ways to protect the planet. These games will engage children in interactive and enjoyable learning experiences while imparting essential lessons on sustainability and the environment.

The partnership will also explore the application of non-fungible tokens (NFTs) to enhance the educational experience. This includes Publisher NFTs from Open Campus’ content tokenization engine, as well as a collection of co-branded digital collectables, to delight Care Bears fans and collectors. This innovative approach opens up exciting opportunities to engage children in learning about critical topics like climate change.

Yogev Shelly, CEO of TinyTap and Council Member of Open Campus, expressed excitement about the partnership, stating, “We are thrilled to partner with Care Bears to create innovative educational content that helps children learn about the environment and climate change.

By combining the power of TinyTap with the iconic and beloved characters of the Care Bears franchise, we believe we can create games that are not only fun and engaging but also teach important lessons about sustainability and the environment.”

Robert Prinzo, Head of Licensing at Cloudco Entertainment, added, “We couldn’t be more excited to collaborate with TinyTap on this educational venture. The Care Bears have always been committed to sharing messages of sharing, caring, friendship, and courage with their fans.

Partnering with TinyTap allows us to extend that mission into the digital world, using interactive games and content to teach valuable lessons about sustainability, the environment, and more. Together, we aim to inspire and empower young minds to make a positive impact on the world around them.”

The educational games will be available on the TinyTap platform in the coming months, and the partnership will continue exploring ways to enhance the learning experience for children.

1.  The Most In-Demand Freelance Skills for 2023
2.  Teach Your Child Coding: A Gift for Their Digital Future
3.  How Technology Has Altered the Education Landscape
4.  Develop Complex Marketing Operations with “No Code” Tools
5.  Top 10 Android Educational Apps That Collect Most User Data?

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Care Bears and Open Campus Launch Educational Games on Climate Change

By Waqas
Cado Security Labs' 2023 Cloud Threat Findings Report dives deep into the world of cybercrime, cyberattacks, and vulnerabilities.
This is a post from HackRead.com Read the original post: SSH Remains Most Targeted Service in Cado’s Cloud Threat Report

**IN SUMMARY**

1.  **Botnet agents dominate the malware landscape, comprising 40.3% of all traffic.**
2.  **SSH remains the most targeted service, representing 68.2% of observed samples.**
3.  **A staggering 97.5% of threat actors target vulnerabilities in a single specific service.**

Cado Security, a pioneer in cloud forensics and incident response solutions, has released the much-anticipated Cado Security Labs 2023 Cloud Threat Findings Report. The report uncovers groundbreaking insights into the evolving cloud threat landscape, highlighting the escalating risk of cyberattacks in the wake of widespread cloud service adoption.

Headed by Chris Doman, CTO, and Co-Founder, of Cado Security Labs; their discoveries have exposed novel cloud-based malware and threat techniques, including the infamous Denonia, the first-known malware designed explicitly for AWS Lambda environments.

The report, which the company shared with Hackread.com, is crucial since Cado Security Labs employs honeypot infrastructure to capture real-time cloud attacker telemetry, providing timely insights into emerging attack patterns, and swiftly disseminating crucial findings throughout the security community.

As cloud technologies continue to shape the modern business landscape, organizations must grasp the depth of emerging cloud threats. Cado’s report arms the security community with the knowledge required to counter these latest threats effectively.

According to Cado’s press release, key findings from the report are as follows:

1.  Botnet agents dominate the malware landscape, comprising 40.3% of all traffic, playing a significant role in the Russia-Ukraine war’s hacktivist-driven DDoS attacks.
2.  SSH (Secure Shell Protocol) remains the most targeted service, representing 68.2% of observed samples. Redis follows at 27.6%, while the exploitation of Log4Shell vulnerability declines to a mere 4.3%.
3.  A staggering 97.5% of opportunistic threat actors target vulnerabilities in a single specific service, suggesting attackers focus on exploiting known weaknesses.

It is worth noting that last month, Nokia also released its Threat Intelligence Report for 2023. In this report, the company issued a warning about the increasing threat of DDoS attacks powered by IoT botnets, specifically targeting global Telecom networks.

Moreover, the report highlighted a concerning surge in malicious activity that was initially observed during the Russia-Ukraine conflict but has now spread to various regions worldwide.

Looking ahead, Cado Security Labs predicts an increase in serverless function attacks, non-Windows ransomware developments by ransomware groups, and the continuous exploitation of cloud services for phishing and spam campaigns.

To mitigate these impending threats, Cado Security experts advise organizations to comprehend the AWS shared responsibility model, restrict access to critical evidence, minimize exposure of services like Docker and Redis, scrutinize public repositories for cloud credentials, and implement the principle of least privilege.

Nevertheless, in an ever-evolving cyber threat landscape, the insights from the Cado Security Labs 2023 Cloud Threat Report are crucial for organizations seeking to strengthen their defences against constantly advancing cloud-focused threats.

1.  Microsoft the Most Phished Brand in Q2 2023 Report
2.  US, India China Most Targeted in DDoS Attacks, Report
3.  VirusTotal: Apps Most Exploited by Hackers to Spread Malware
4.  Russian Dark Net Markets Dominate Global Drug Trade: Report
5.  Submarine Cables Face Massive Cybersecurity Threats, Report
6.  MS Office Most Exploited Software in Malware Attacks – Report
7.  Google, Microsoft, Oracle generated most vulnerabilities in 2021

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Source

HackRead