By Deeba Ahmed
From Teen Prodigy to Cybercriminal: The Fall of a Lapsus$ Gang Member and the Dangers of the Online Underworld.
This is a post from HackRead.com Read the original post: GTA 6 Hacker from Lapsus$ Gang Sentenced to Hospital

Arion Kurtaj, a 17-year-old from the United Kingdom, faced accusations of being part of the Lapsus$ gang, hacking industry giants, including Uber, Rockstar Games, Nvidia, BT, Samsung, and others.

In July 2023, **Hackread.com reported** that two UK teenagers, 17-year-old Arion Kurtaj and an unnamed 18-year-old hacker, were facing trial for computer misuse, blackmail, and fraud against BT Group Plc and Nvidia.

The duo was accused of stealing sensitive data and demanding ransom money. Now, one of the accused, Kurtaj, has been sentenced, but due to his autism, he has received an indefinite hospital order for **leaking clips** of Grand Theft Auto 6 (GTA 6), an upcoming game from Rockstar Games.

GTA images and videos plus internal software (Image: Waqas – Hackread.com)

Kurtaj was identified as a key member of the infamous **Lapsus$ cybercrime gang**, known for launching devastating cyberattacks against tech giants such as Uber, Nvidia, and Rockstar Games. The gang executed cyberattacks between August 2020 and September 2022, targeting telecoms, computer parts manufacturers, and gaming companies.

According to Rockstar Games’ testimony during the trial, the hack orchestrated by Lapsus$ cost them $5 million to recover from, contributing to the overall financial impact of nearly $10 million on the targeted companies.

**Reportedly**, Kurtaj had been violent while in custody, with dozens of reports of injury or property damage. Doctors deemed him unfit to stand trial due to his severe autism, so the jury at a Southwark crown court was asked to determine whether he committed the alleged acts without criminal intent.

Considering Kurtaj’s skills and inclination to commit cybercrime, the judge deemed him a high risk to public safety. Consequently, he will be held at a secure hospital for life unless doctors determine he is no longer a danger. A mental health assessment was conducted as part of the sentencing process. Shockingly, it was revealed during the hearing that Kurtaj continued hacking while on bail, targeting major entities like Nvidia and BT/EE even under police protection at a Travelodge hotel.

Reportedly, he breached Rockstar, the company behind GTA, using an Amazon Firestick, hotel TV, and mobile phone to hack its internal Slack messaging system. He stole 90 unreleased clips and threatened to release the source code if Rockstar didn’t contact him on Telegram within 24 hours. Kurtaj posted the clips and source code on a forum under the username TeaPotUberHacker. **He was rearrested** and detained until his trial.

Uber hacker ”TeaPotUberHacker” on GTA forums announcing GTA 6 hack and leaking its data (Image: Waqas – Hackread.com)

Contrary to reports, cybersecurity researcher Robert Graham asserts that claims of Kurtaj using just an Amazon Firestick to breach the gaming giant are inaccurate and exaggerated. Graham contends that the hacker employed his phone for this purpose.

“Specifically, he connected his phone to the TV and its Bluetooth keyboard, through the FireTV stick. This made things more convenient when accessing the Internet from his phone, but was by no means such things were essential,” tweeted Graham.

> Cybersecurity expert here: no.
> 
> The stories of teenage hacking are sensationalized.
> 
> As far as we can tell, he didn't hack into the company using a FireTV stick. He accessed the company using his phone.
> 
> Specifically, he connected his phone to the TV and its bluetooth keyboard,… https://t.co/N2a5w8U369
> 
> — Robᵉʳᵗ Graham 𝕏 (@ErrataRob) December 22, 2023

In a separate development, a 17-year-old member of the Lapsus$ gang was found guilty of two counts of fraud, two Computer Misuse Act offences, and one count of blackmail by Guildford Crown Court in Surrey. He was sentenced to a youth rehabilitation order, which includes 18 months of supervision, six months of rehabilitation, and three months of intensive supervision and surveillance.

The cases highlight the dangers young people can face online and the serious consequences it can have on their future, stated DCS Amanda Horsburgh, from the City of London police.

“Unfortunately, the digital world can also be tempting to young people for the wrong reasons,” Horsburgh added.

Hackread.com has followed UK law enforcement’s crackdown against the Lapsu$ gang members and those behind high-profile security breaches. In September 2022, Hackread reported the arrest of a 17-year-old teen from Oxfordshire by the City of London Police for their suspected link with Uber and Rockstar Games’ breaches.

****_RELATED ARTICLES_****

1.  Hackers remotely interrupting GTA Online PC Gameplay
2.  LAPSUS$ Hackers Leak Claim to Breach Microsoft and Okta
3.  Russian Hacker Exploits GTA 5 PC Mod to Install Crypto Miner
4.  Lapsus$ Hackers Stole T-Mobile’s Source Code, Systems Data
5.  Authorities seize properties of GTA V’s “Infamous” cheat developers
6.  Samsung confirms data breach as Lapsus$ hackers leak source code

GTA 6 Hacker from Lapsus$ Gang Sentenced to Hospital

Indian government entities and the defense sector have been targeted by a phishing campaign that's engineered to drop Rust-based malware for intelligence gathering.
The activity, first detected in October 2023, has been codenamed Operation RusticWeb by enterprise security firm SEQRITE.
"New Rust-based payloads and encrypted PowerShell commands have been utilized to exfiltrate

Indian government entities and the defense sector have been targeted by a phishing campaign that's engineered to drop Rust-based malware for intelligence gathering.

The activity, first detected in October 2023, has been codenamed **Operation RusticWeb** by enterprise security firm SEQRITE.

"New Rust-based payloads and encrypted PowerShell commands have been utilized to exfiltrate confidential documents to a web-based service engine, instead of a dedicated command-and-control (C2) server," security researcher Sathwik Ram Prakki said.

Tactical overlaps have been uncovered between the cluster and those widely tracked under the monikers Transparent Tribe and SideCopy, both of which are assessed to be linked to Pakistan.

SideCopy is also a suspected subordinate element within Transparent Tribe. Last month, SEQRITE detailed multiple campaigns undertaken by the threat actor targeting Indian government bodies to deliver numerous trojans such as AllaKore RAT, Ares RAT, and DRat.

UPCOMING WEBINAR

Beat AI-Powered Threats with Zero Trust - Webinar for Security Professionals

Traditional security measures won't cut it in today's world. It's time for Zero Trust Security. Secure your data like never before.

Join Now

Other recent attack chains documented by ThreatMon have employed decoy Microsoft PowerPoint files as well as specially crafted RAR archives susceptible to CVE-2023-38831 for malware delivery, enabling unbridled remote access and control.

"The SideCopy APT Group's infection chain involves multiple steps, each carefully orchestrated to ensure successful compromise," ThreatMon noted earlier this year.

The latest set of attacks commences with a phishing email, leveraging social engineering techniques to trick victims into interacting with malicious PDF files that drop Rust-based payloads for enumerating the file system in the background while displaying the decoy file to the victim.

Besides amassing files of interest, the malware is equipped to collect system information and transmit them to the C2 server but lacks the features of other advanced stealer malware available in the cybercrime underground.

A second infection chain identified by SEQRITE in December employs a similar multi-stage process but substitutes the Rust malware with a PowerShell script that takes care of the enumeration and exfiltration steps.

But in an interesting twist, the final-stage payload is launched via a Rust executable that goes by the name "Cisco AnyConnect Web Helper." The gathered information is ultimately uploaded to oshi\[.\]at domain, an anonymous public file-sharing engine called OshiUpload.

"Operation RusticWeb could be linked to an APT threat as it shares similarities with various Pakistan-linked groups," Ram Prakki said.

The disclosure comes nearly two months after Cyble uncovered a malicious Android app utilized by the DoNot Team targeting individuals in the Kashmir region of India.

The nation-state actor, also known by the names APT-C-35, Origami Elephant, and SECTOR02, is believed to be of Indian origin and has a history of utilizing Android malware to infiltrate devices belonging to people in Kashmir and Pakistan.

The variant examined by Cyble is a trojanized version of an open-source GitHub project called "QuranApp: Read and Explore" that comes fitted with a wide range of spyware features to record audio and VoIP calls, capture screenshots, gather data from various apps, download additional APK files, and track the victim's location.

"The DoNot group's relentless efforts to refine their tools and techniques underscore the ongoing threat they pose, particularly in their targeting of individuals in the sensitive Kashmir region of India," Cyble said.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Operation RusticWeb: Rust-Based Malware Targets Indian Government Entities

An issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) on AMF component via crafted NGAP message.

**free5GC AMF denial of service vulnerability**

High severity GitHub Reviewed Published Dec 22, 2023 to the GitHub Advisory Database • Updated Dec 22, 2023

GHSA-jcrr-rr6w-8c83: free5GC AMF denial of service vulnerability

Members of the US Congress touted improvements to children’s privacy protections as an urgent priority. So why didn’t they do anything about it?

It’s been 15 years since suicides overtook homicides as the second leading cause of death for children ages 10 to 14 years old. Two years since the first Meta whistleblower warned United States senators that America’s children are at risk from “disastrous” decisions being made in Silicon Valley. (And a little over a month since a second Meta whistleblower testified, “They knew and they were not acting on it.”) And it’s been roughly one year since a wave of new, younger lawmakers—many raising their own young children—were seated in the House of Representatives. “As a mom of two kids, you know, we want to make sure that their online experience is safe,” Representative Beth Van Duyne, a Texas Republican, tells WIRED.

All those changes—including an alarming doubling of the adolescent suicide rate—and yet, one constant remains: congressional inaction. Amid a flurry of blockbuster whistleblower hearings, soaring campaign promises, tear-soaked press conferences with the families of teens lost to cyberbullying, and dozens of competing bills that members have introduced aimed at protecting kids in cyberspace—nothing.

Congressional inaction has left the door open for the Biden administration to lead on the issue. On Wednesday, the Federal Trade Commission unveiled its proposal for a new set of guidelines to govern social media firms. The FTC wants to prohibit social media companies from identifying children—like targeting their cell numbers—when they’re online, while also limiting which data is collected on students, including having apps not target children under 13 with ads by default. With House Republicans now taking steps to impeach Joe Biden, why would they want to cede their oversight authority over American tech firms to the White House? Most don’t.

With so much interest—and increased pressure from agencies like the FTC—why hasn’t Congress protected kids yet? “I’ve never been able to figure that out either,” Representative Dan Crenshaw, a Texas Republican who sits on the Energy and Commerce Committee, which has jurisdiction on the issue, tells WIRED. Of course, there are theories floating around the marble halls of the US Capitol.

“M–O–N–E–Y”

Teams of tech lobbyists on Capitol Hill have dropped upward of $75 million (not including Q4 totals, which aren’t due until January 22) in 2023. Of the 637 “internet” lobbyists, as money and politics nonprofit Open Secrets dubs the sector, a whopping 73.31 percent are former government employees. Many of these lobbyists are from the same congressional offices and committees now tasked with regulating the internet. They’re not very subtle.

One social media firm or another seems to always be blanketing Washington with a feel-good, policy-focused ad campaign. At the start of the year, TikTok—which, at $3.7 million, spent more in Q3 lobbying this year than it did throughout all of 2019 and 2020 combined—plastered DC’s metro system, historic Union Station, and _The Washington Post_ with ads. When its CEO was dragged in to testify to an angry Congress this spring, it even paid for travel, room, and board for dozens of sympathetic “influencers.” For the past month or so, Meta ads have blanketed the Beltway: “Instagram supports federal legislation that puts parents in charge of teen app downloads,” the ad reads, without saying which measures it’s actively trying to kill on Capitol Hill.

Lawmakers say the ad blitz shows what they’re up against from technology firms. “M–O–N–E–Y,” Senator Josh Hawley, a Missouri Republican, spells out to WIRED. “They’re only in favor of stuff if they can write it.”

In the last Congress and again this summer, two key kid-focused digital measures both sailed through the Senate Commerce Committee. The Children and Teens’ Online Privacy Protection Act (COPPA 2.0) outlaws targeting children with advertising while also banning data collection on teenage social media users, to name a few of its provisions. The controversial Kids Online Safety Act (KOSA) mandates annual minor-focused risk assessments within social media giants while also giving parents and regulators new tools to protect children.

The two measures enjoy broad support, which is why they get out of committee with ease. But they’ve never been brought to the Senate floor for a vote by all 100 US senators. Critics say many members are supportive in the relatively obscure confines of their committees, but some of that support withers away under the intense lobbying scrutiny that comes once bills make the queue for Senate consideration. So far, members have been shielded, but those days seem to be over. “That’s because, in committee, they know they’re not going to have to vote on it on the floor. I know that for a fact,” Hawley, who’s up for reelection in 2024, says. “I can tell you, I’m going to get much more aggressive come the new year about forcing votes. I think it’s time to start putting people on record.”

The thing is, no one really knows what would happen if COPPA 2.0 or KOSA were voted on. “I don’t have any predictions or any insights,” Senator Roger Wicker, the Mississippi Republican who chaired the Commerce Committee until Democrats reclaimed senatorial power in 2021, tells WIRED. The resistance remains hard to nail down. Republicans blame Democrats. Democrats blame Republicans. Everyone blames the tech industry. “In the legislative process where you’re not bringing something to the floor for debate—which is where you could have a lot of input—then one person can hold something up,” Senator Maria Cantwell, a Democrat who chairs the Senate Commerce Committee, tells WIRED.

Because a broader data privacy bill remains gridlocked to death on Capitol Hill, Congress now has these offshoot measures aimed specifically at children, according to Cantwell. “We want to get a privacy bill, overall,” she says. “That’s what we focused on, because we think that framework gives the biggest protections, including for kids. But we’ve allowed these \[children-focused measures\] to see if they can make it through so that they wouldn’t have to be part of a larger discussion.”

While Hawley’s convinced Big Money keeps derailing the effort, others disagree. These issues just take time, nuance, and compromise, congressional leaders in both chambers argue. “We keep trying. We need a bipartisan, bicameral consensus, and that’s what we’re trying to do,” Representative Frank Pallone, the top Democrat on the House Energy and Commerce Committee, tells WIRED. “I don’t think it’s any special interest. I think it’s just the fact that it’s hard to get the Senate and the House and the Democrats and Republicans to agree, but we’re trying. I think we’re making progress.”

KOSA Complications

In the last Congress, KOSA—the Kids Online Safety Act—was formally endorsed by 13 Senate cosponsors. That number has more than tripled to 46 cosponsors in this Congress. KOSA cosponsors—Senators Marsha Blackburn, a Republican from Tennessee, and Richard Blumenthal, a Connecticut Democrat—say their personal lobbying of their colleagues is paying off, even if the measure remains stalled. “We’re pushing forward,” Blumenthal tells WIRED. “I’m very hopeful we’ll see a vote early next year. I think we’re feeling it.” Still, while the measure is broadly bipartisan, there’s been a recent wave of opposition to it on the civil libertarian left.

In our post-_Roe_ reality, digital rights and reproductive freedom are now intertwined, and highly suspect. KOSA is now in the crosshairs of groups like the American Civil Liberties Union (ACLU) over free speech and expression concerns. This fall, upward of 100 parents of trans and gender-expansive children penned an open letter opposing KOSA, saying it would “make our kids less safe, not more safe.”

“It would grant extraordinary new power to right-wing state attorneys general to dictate what content younger users can see on social media, cutting our kids off from lifesaving online resources and community,” the letter, released by digital rights group Fight for The Future, reads. “These are the same attorneys general that are actively working to ban gender-affirming health care that saves kids’ lives, criminalize drag performances, and label families that accept our children as ‘groomers’ and ‘child abusers.’”

The outcry from the progressive end of the spectrum has given those groups new, powerful advocates in Congress. In the end of the year legislative-twister at the Capitol, some KOSA supporters were itching for the proposal to be “fast-tracked,” a unanimous consent agreement where all 100 senators surrender their right to filibuster. But opponents got word and put an end to those efforts. “Until the bill is amended to foreclose the ability of state attorneys general to wage war on important reproductive and LGBTQ content, I will object to any unanimous consent request in relation to this legislation,” Senator Ron Wyden, an Oregon Democrat, told his Senate colleagues in a speech on the Senate floor last month.

KOSA’s sponsors know they still haven’t secured the 60 votes needed for passage, so one alerted party leaders they would oppose their own measure if it were brought up before the New Year. Senate Majority Leader Chuck Schumer’s office didn’t respond to a request for comment on whether he had—or has—plans to bring it to the floor. But Schumer says that before Congress can effectively regulate generative AI—one of his top priorities—America needs a federal data privacy law. “There was pretty much consensus that we need some kind of privacy law,” Schumer told reporters last month. “There are lots of disagreements, but it’s important to try and get that done.”

One Thing After Another

Over in the House, most eyes are on whether freshman speaker Mike Johnson can avert a government shutdown in the New Year. With such a green leader at the helm, House committees are, seemingly, more powerful than before, as members report trying to be the first person to get Johnson’s ear on an array of issues. While there’s no companion measure to KOSA in the House, children’s data privacy remains a top priority for the GOP majority in that chamber. The issue came up as a top priority in the last weekly in-person meeting of the Republican majority on the powerful House Energy and Commerce Committee.

“It’s not dead. It’s a priority for us,” Representative Richard Hudson, a North Carolina Republican, tells WIRED. He’s the current chair of the National Republican Congressional Campaign Committee where he’s tasked with helping the GOP expand its House majority—or, at least, not lose its majority—in 2024. Hudson knows many of his newer members ran on protecting the nation’s children from online predators, legal and illegal ones alike. Now comes the hard work of threading the proverbial needle. “It’s a very difficult question,” Hudson says. “You’re trying to balance rights versus protecting kids, and that’s tough. But our chairwoman is very focused on getting it done.”

If these children’s data measures are ever debated and voted on, dozens of other more niche privacy protection measures will likely be offered by both party’s rank-and-file lawmakers. Some ideas focus on protecting reproductive and geolocation data from law enforcement, especially in states that have outlawed most abortions. Other measures would strip Section 230 liability protections from sites that, say, host child sexual abuse material or promote the sexual abuse of minors. Another proposal would incentivize, through drastically increased federal fines, tech firms to proactively report any child exploitation efforts they uncover.

There’s more. This year in the Senate, a new bipartisan measure was introduced to outright ban social media for children under 13, while also requiring parental consent until those minors turn 18. Its sponsors include some of the Senate’s most conservative lawmakers—Tom Cotton, an Arkansas Republican, and Katie Britt, an Alabama Republican—and some of the chamber’s most progressive members—Chris Murphy, a Connecticut Democrat, and Brian Schatz, a Hawaii Democrat. Just bringing a measure to protect minors to the floor without ensuring its passage isn’t good enough for Schatz.

“If we can enact it, that would be great, but there’s no sense bringing something to the floor just to make a point,” Schatz, a father of two, tells WIRED.

If party leaders don’t put one or all of these bills on the floor for votes, Hawley, the Republican senator, vows to use all the instruments in his senatorial toolkit to force the issue in 2024.

“I think it’s time to start putting people on record,” Hawley, who authored a measure prohibiting social media accounts for children under age 16, tells WIRED. “Clearly, the leadership’s not going to bring this to the floor. I think that’s pretty clear. So I think we’ve got to get much more aggressive about forcing votes. What I’d really love to do is start trying to attach this to bills where we have roll call votes, because members hate roll call votes. So expect me to get very aggressive about this.”

Hot Air

Congress knows how to grab headlines—making laws is another conversation. This 118th Congress, with a mere 22 bills signed into law, is currently the least productive session witnessed in decades.

While no data privacy votes are scheduled in the new year, a fireworks display is already on the books. Fresh into the start of 2024, senators on the judiciary committee are dragging in five tech CEOs for a made-for-campaign-fodder hearing on children’s privacy issues. Law enforcement was already called in. See, while TikTok CEO Shou Zi Chew and Meta’s Mark Zuckerberg agreed to testify, subpoenas—some hand-delivered by US marshals after Discord and X “refused to cooperate”—were issued for the other three tech titans: X CEO Linda Yaccarino, Snap’s Evan Spiegel, and Discord’s Jason Citron.

“We’ve known from the beginning that our efforts to protect children online would be met with hesitation from Big Tech. They finally are being forced to acknowledge their failures when it comes to protecting kids. Now that all five companies are cooperating, we look forward to hearing from their CEOs,” Senators Dick Durbin, the committee’s Democratic chair, and Lindsey Graham, the committee’s top Republican, released in a joint statement the Monday before Thanksgiving. “Parents and kids demand action.”

Parents and kids are still wondering whether they can count on this Congress for that action. As of now, Congress has shown they can’t.

Congress Sure Made a Lot of Noise About Kids’ Privacy in 2023—and Not Much Else

I tried to sell a futon on Facebook Marketplace and nearly all I got were scammers.

This year, I decided to get rid of my Amazon starter couch and buy a real one. So I listed the generic, velvet-green futon on Facebook Marketplace, thinking some college students or recent New York transplants would happily scoop it up at a discounted price.

Since September, I have received many inquiries about this couch—nearly all from people who are likely scammers. They respond to the listing and offer me full price in Facebook Messenger from the jump (maybe my first clue, a real Facebook Marketplace veteran knows to haggle). Then, they ask some basic questions that are already in the item’s description: “Where are you located?” “What’s the condition?” Once I’ve repeated myself and given the cross streets closest to my home, there comes another refrain: The buyer either says they must pay now, so that I would take the item off the listing, or so that their husband/brother/son/mover, you name it, can come pick up the futon later that day.

Because it seems no real person would offer to send payment over Zelle _before_ ever seeing that the futon is real, I didn’t accept any of these offers. If I did, it’s likely these people would have sent a phishing link—either as a text to my phone number or in an email—disguised as communication from Zelle, looking to drain me of more money than the couch is worth. For now, I’m stuck with this futon, folded up in the corner of my tiny apartment. So far I’ve been unable to use Facebook Marketplace for its intended purpose: buying and selling useful things among my neighbors.

What happened to me is just one example of the many ways experts say people are getting scammed on Facebook Marketplace. Some scams come from what looks like a seller listing big-ticket items that don’t exist, like a car, and asking for prepaid debit cards purporting to be for eBay and Amazon payments as down payments before vanishing. Peer-to-peer online shopping has always been a buyer-beware endeavor, but sellers themselves are being scammed too. A freelance writer from Australia recounted her own embarrassing story in _The Guardian_ just last month, when she lost $1,000 while trying to sell a pair of boots after plugging sensitive information into a phishing link sent by a scammer.

Facebook is far from the only place scams happen—they’re common across many online selling platforms. But as its Marketplace has soared in popularity since its debut in 2016, scammers have sought to exploit the tool, experts say. Marketplace’s design supplied a layer of transparency and trust for person-to-person transactions; rather than interacting anonymously through a Craigslist ad, people were using profiles that typically included full names and photos. And with an existing Facebook profile, users could upload photos, write descriptions, and seamlessly post a listing with just a few clicks. By 2021, Facebook Marketplace had 1 billion monthly users, growing as ecommerce flourished during the height of the Covid-19 pandemic.

Now, bad actors are relying on that built-in trust to manipulate people out of far more money than their second-hand items may be worth. The scams have become a common feature of the app, and Meta, the $800 billion parent company of Facebook, hasn’t been able to shut them down.

“What happens offline often makes its way into online environments, and that unfortunately includes scams," Ryan Daniels, a Meta spokesperson, tells me. Daniels says the company works “aggressively to quickly identify, disable, and ban scams and accounts associated with them.” The company is also working on a new notification system to “help people better identify potential scams around payment apps" that should begin rolling out over the next few months. Daniels did not share more information about how those notifications will work.

Many scams and attempted scams go unreported, so it’s impossible to understand the scale of the problem. In a 2022 survey of 1,000 people in England, one in six said they were scammed on the marketplace. Another 2022 survey of 1,000 people in the US found that 62 percent had encountered a scam on Facebook. From January 2022 to November 2023, the Better Business Bureau’s scam tracker logged more than 1,200 reports that mentioned Facebook Marketplace in the US and Canada.

The scammers targeting me followed the same script: two messages from different accounts even included the same odd spacing format and just changed a word or two from each other, asking: “Alright I hope this is a legit post because I will be paying the $100 now so you can mark the item as sold my sister will come pick it up but I’ll send the money?” As more of these messages flowed into my DMs, I insisted on being paid in person, and the potential buyers vanished after one or two more wild excuses as to why that wouldn’t be possible. When I wrote “bye, scammer” to one, they replied with “lmao” just before I reported the profile to Facebook.

The scams follow similar patterns, because fraudsters conduct business like multilevel marketers, says Adrianus Warmenhoven, a member of the security advisory board for network security company NordVPN. Someone may develop a scam, then sell it as a toolkit with scripts and phishing links. People also can buy orphaned and hacked Facebook accounts, giving them access to profiles that look like real people with long account histories. Many of the messages I received came from accounts that were created a decade ago or more, showing that these aren’t new accounts created for the sole purpose of scamming people on Marketplace. “A lot of criminal stuff is not being executed by computer-savvy or even criminal-savvy people,” Warmenhoven says. Some of these tools, experts say, are sold on the dark web. But there are also chats on Telegram advertising hundreds of bundled bunches of Facebook accounts from specific countries for sale in bulk. Telegram did not respond to a request for comment.

Some scams encourage people to upgrade their Zelle accounts to a business tier to receive money from a buyer, according to the Better Business Bureau, and come from emails mimicking Zelle, but with different domains. That upgrade appears to cost $300, and the buyer promises to send it if the seller will then refund it. The catch: the $300 was never sent and appeared only in faked screenshots or emails. So, when the seller sends $300, they're really just losing the money.

Zelle’s website notes that it will send emails only from domains ending in @zelle.com and @zellepay.com, and any others could be scams. The company did not answer more specific questions about Facebook Marketplace scams, citing an effort to keep intel from fraudsters.

Other scammers use Google Voice, asking people for their verification code—all under the guise of verifying that the person isn’t a scammer. But with that code, a scammer can then create a Google Voice number using the victim’s phone number, which helps them to conceal their identity for future scams. Additionally, it can help them impersonate someone and get access to their accounts, according to the US Federal Trade Commission. When asked for comment on Facebook Marketplace scams, Google pointed to guidance it posts for people to not share their verification codes, and the company has ways for people to reclaim stolen Google Voice numbers.

Experts say the constant evolving nature of scams makes them tricky for companies to defeat. “It’s a giant game of whack-a-mole,” says Zulfikar Ramzan, chief scientist with digital security company Aura. “They change something about the way they’ve done a scam. It’s really difficult for any organization to keep up with that volume at scale.”

Meta has continued to grow Facebook Marketplace even as scams linger. A 2022 ProPublica investigation found that Facebook Marketplace scams had run rampant and that the company was potentially understaffed to a degree that impeded its ability to stop scammers. In addition to in-house workers, Meta had contracted 400 Accenture workers around the world and gave each person more than 600 complaints or requests for help to process each day. Even worse, ProPublica found a number of alleged armed robberies and murders had occurred in relation to Facebook Marketplace meetups. Meta, Facebook’s parent company, did not answer questions about how it monitors scams now and the information in the ProPublica investigation.

Facebook Marketplace has evolved to more than just selling in the neighborhood. There are options to ship products after a sale, and some small shops have used the platform to grow their business. All of these different types of transactions bring different concerns about scams. Marketplace offers purchase protection, but it doesn’t cover payments made through third-party sites like Zelle, items picked up locally, or transactions conducted through Facebook Messenger.

I lost track of the number of people who seemed eager to scam me—I reported lots of scammers and then left chats, which disappeared. A few people may have been legitimately interested but dropped off early in the conversation. In the end, the frustration wasn’t worth the cash. I’m stuck with this couch, and there’s only one solution left. I’m heading over to another side of Facebook entirely: Buy Nothing.

Facebook Marketplace Is Being Ruined by Zelle Scammers

Affected versions of this crate did not validate the size of buffers when attempting to decode messages.

This allows an attacker to trigger a panic by sending a UDP datagram with a 1 byte payload over network.

This flaw was corrected by validating the size of the buffers before attempting to decode the message.


Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  GHSA-6ggr-cwv4-g7qg

**Remotely exploitable denial of service in Rosenpass**

High severity GitHub Reviewed Published Dec 21, 2023 to the GitHub Advisory Database • Updated Dec 21, 2023

**Package**

cargo rosenpass (Rust)

**Affected versions**

< 0.2.1

**Description**

Affected versions of this crate did not validate the size of buffers when attempting to decode messages.

This allows an attacker to trigger a panic by sending a UDP datagram with a 1 byte payload over network.

This flaw was corrected by validating the size of the buffers before attempting to decode the message.

**References**

*   rosenpass/rosenpass@9343985
*   https://rustsec.org/advisories/RUSTSEC-2023-0077.html

Published to the GitHub Advisory Database

Dec 21, 2023

Last updated

Dec 21, 2023

GHSA-6ggr-cwv4-g7qg: Remotely exploitable denial of service in Rosenpass

Xfinity has notified customers that due to exploitation of the Citrix Bleed vulnerability, attackers were able to access personal data of almost 36 million customers.

In a notice for its customers, Xfinity acknowledges it recently fell victim to a data security incident. Xfinity is Comcast’s brand for TV, internet, and home phone services, sometimes referred to as Comcast Cable Communications.

During the data breach the attackers were able to access 35.8 million customers’ usernames and hashed passwords. For some customers, other personal information may have been exposed, such as names, contact information, the last four digits of social security numbers, dates of birth, and secret questions combined with answers.

On October 25, 2023, Xfinity discovered suspicious activity and subsequently determined that between October 16 and 19 unauthorized access to its internal systems occured.

Xfinity says it notified federal law enforcement and started an investigation, which revealed the attackers had used the Citrix Bleed vulnerability. Affiliates of at least two ransomware groups, LockBit and Medusa, have been observed exploiting Citrix Bleed as part of attacks against organizations. Whether one of those affiliates was behind this attack is not known.

On October 10, 2023, Citrix released security updates to address Citrix Bleed, but many organizations struggle to patch in a timely manner. Although you would expect a large company like Comcast to have some type of vulnerability and patch management deployed.

The company is notifying customers through a variety of channels, including through the Xfinity website, email, and news media.

Xfinity has required customers to reset their passwords to protect affected accounts. In addition, Xfinity strongly recommends that customers enable two-factor or multi-factor authentication to secure their Xfinity account.

It is not advisable to use the same password for multiple accounts, but if you did, Xfinity recommends that you change the passwords for any accounts that share your Xfinity password.

Customers with questions can contact Xfinity’s dedicated call center at 888-799-2560 toll-free 24 hours a day, seven days a week. More information is available on the Xfinity website.

**Data breach**

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

**Data breach**

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

*   **Check the vendor’s advice.** Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
*   **Change your password.** You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
*   **Enable two-factor authentication (2FA).** If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
*   **Watch out for fake vendors.** The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel.
*   **Take your time.** Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
*   **Set up identity monitoring.** Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using Malwarebytes Identity Theft Protection.

 Comcast’s Xfinity breached by Citrix Bleed; 36 million customer’s data accessed 

Learn how RaaS gangs use LOTL tactics in their attacks on organizations.

Discover the intersection of **Ransomware-as-a-Service (RaaS)** gangs and **Living Off The Land (LOTL)** attacks in our latest webinar, now available on-demand, led by cybersecurity experts Ian Thomas, Mark Stockley, and Bill Cozens.

The webinar revealed how RaaS gangs use LOTL tactics, leveraging legitimate IT tools like Powershell and WMI to blend malicious activities within normal network operations, significantly challenging detection efforts.

Attendees gained an in-depth understanding of LOTL attacks, tools exploited by RaaS gangs, and strategies for IT teams to identify and block these advanced threats.

Some highlights from the webinar include:

*   **Expert analysis**: Insights from seasoned cybersecurity professionals on the critical need for multi-layered defense strategies.
*   **Practical advice**: Real-world, actionable tips for IT teams to detect and counter covert LOTL operations.
*   **Case studies**: Detailed scenarios demonstrating the impact and complexity of LOTL attacks.

Understanding the relationship between LOTL and RaaS is vital for evolving cybersecurity strategies. The webinar emphasizes the importance of blending technology and human expertise to detect and combat these sophisticated threats effectively.

Enhance your ransomware knowledge and preparedness by watching this essential webinar on-demand. Alternatively, download the report that the webinar is based on here.

**Watch the webinar on-demand**

 Webinar recap: Ransomware gangs and Living Off The Land attacks (LOTL) 

By Waqas
Peach Sandstorm, also recognized as HOLMIUM, has recently focused on global Defense Industrial Base (DIB) targets.
This is a post from HackRead.com Read the original post: Iran’s Peach Sandstorm Deploy FalseFont Backdoor in Defense Sector

In its latest campaign, Iranian state-backed hackers, Peach Sandstorm, employs FalseFont backdoor for intelligence gathering on behalf of the Iranian government.

Cybersecurity researchers at Microsoft Threat Intelligence Unit have uncovered the latest activities of the Iranian nation-state actor Peach Sandstorm, also known as HOLMIUM. The group has been making efforts to deploy a newly developed backdoor called FalseFont, specifically targeting individuals within the Defense Industrial Base (DIB).

This disclosure follows Microsoft’s earlier findings, outlined in a September 2023 blog post, where Peach Sandstorm was identified as targeting sectors such as satellites and pharmaceuticals on a global scale.

Identity attack lifecycle of Peach Sandstorm as of September 2023 (Microsoft)

Microsoft’s investigative team believes that Peach Sandstorm is actively pursuing intelligence gathering for the Iranian government, aligning their actions with state interests.

According to Microsoft’s tweets shared today, FalseFont stands out as a custom backdoor equipped with a diverse set of functionalities. These capabilities enable operators to gain remote access to compromised systems, execute additional files, and transmit information to its Command and Control (C2) servers. The first instances of FalseFont in action were detected against targets in early November 2023.

The development and deployment of FalseFont showcase a consistent evolution in Peach Sandstorm’s tactics, a trend observed by Microsoft over the past year. This suggests a continuous effort by Peach Sandstorm to enhance their tradecraft.

It’s worth noting that Microsoft Defender Antivirus already detects FalseFont as Backdoor:MSIL/FalseFont.A!dha. Although Microsoft is monitoring Peach Sandstorm’s activities, unsuspecting users should be on the lookout for phishing and social engineering attacks that may be employed by Peach Sandstorm to spread the FalseFont backdoor.

Here are some key points to follow for protection against phishing and social engineering attacks that may deliver the FalseFont backdoor to your device:

*   **Be Skeptical of Emails:** Exercise caution when receiving unexpected emails, especially those containing suspicious attachments or links. Verify the sender’s legitimacy before interacting with any content, as FalseFont often infiltrates systems through phishing emails.
*   **Update Security Software:** Ensure that your antivirus and anti-malware software are up-to-date. Regularly install security patches and updates to safeguard against vulnerabilities that attackers might exploit to deliver the FalseFont backdoor.
*   **Verify Email Addresses:** Double-check email addresses, particularly in communication related to sensitive information or financial transactions. FalseFont attackers often use deceptive email addresses to mimic legitimate entities.
*   **Use Multi-Factor Authentication (MFA):** Implement MFA for all relevant accounts to add an extra layer of security. Even if credentials are compromised, MFA can prevent unauthorized access, reducing the risk of FalseFont infiltration.
*   **Employee Training:** Conduct regular phishing awareness training for employees to recognize and report suspicious emails. Educate them about the tactics used by attackers to deploy FalseFont and emphasize the importance of staying alert.

**Guarding Against Social Engineering Attacks Delivering FalseFont:**

*   **Verify Caller Identity:** Be cautious when receiving unexpected calls or messages, especially those requesting sensitive information. Verify the identity of the caller independently before sharing any personal or confidential details.
*   **Beware of Urgency:** Social engineering attacks often create a sense of urgency or emergency. Be sceptical of requests demanding immediate action, and take time to independently verify the legitimacy of such communications to avoid falling victim to FalseFont.
*   **Limit Information Sharing on Social Media:** Minimize the amount of personal and professional information shared on social media platforms. Attackers may use publicly available details for targeted social engineering attacks, leading to the deployment of the FalseFont backdoor.
*   **Educate on Social Engineering Tactics:** Provide training on social engineering tactics and red flags associated with deceptive communication. Awareness about manipulation techniques helps users identify and thwart attempts to deliver FalseFont through social engineering.
*   **Regularly Review Privacy Settings:** Periodically review and adjust privacy settings on online accounts and social media platforms. Restricting access to personal information reduces the chances of attackers gathering details for crafting convincing social engineering attacks and deploying FalseFont.

****_RELATED ARTICLES_****

1.  **Iran’s Scarred Manticore Targets Middle East with LIONTAIL Malware**
2.  **Some social engineering & Facebook will gift your account to hackers**
3.  **Iranian Hackers Posed as Israelis in Targeted LinkedIn Phishing Attack**
4.  **Iranian Stalkerware ‘Spyhide’ Steals Data from 60,000 Android Devices**
5.  **Iran’s MuddyWater Group Hits Israelis with Fake Memo Spear-Phishing**

Iran’s Peach Sandstorm Deploy FalseFont Backdoor in Defense Sector

automad up to 1.10.9 is vulnerable to an authenticated blind server-side request forgery in `importUrl` as the `import` function on the `FileController.php` file was not properly validating the value of the `importUrl` argument. This issue may allow attackers to perform a port scan against the local environment or abuse some service.

**Authenticated Blind SSRF in automad/automad**

Moderate severity GitHub Reviewed Published Dec 21, 2023 to the GitHub Advisory Database • Updated Dec 29, 2023

Tag

#git