By Waqas
Scammers are sending phishing links to the inboxes of Meta business owners and Facebook page administrators, aiming to obtain their login credentials.
This is a post from HackRead.com Read the original post: New Phishing Scam Hooks META Businesses with Trademark Threats

The phishing scam falsely asserts that the victim’s Facebook page will be permanently deleted due to a post allegedly infringing on trademark rights. However, there is no actual infringement; it’s all part of the scammer’s malicious plan.

In a recent wave of cybersecurity threats, scammers have unleashed a sophisticated **phishing scam** targeting META business owners on Facebook. Perpetrators are sending deceptive messages claiming trademark rights infringements, posing a severe risk to unsuspecting page owners.

Messages sent by scammers to Hackread.com and several other pages have also been reaching out to us. Users have noticed a sudden increase in receiving similar messages (Screenshot: Hackread.com).

A concerning phishing scam has emerged, specifically targeting business owners associated with Meta Platforms, Inc. Scammers are exploiting fears of trademark rights infringements, attempting to force page owners into clicking on malicious links under the guise of resolving alleged policy violations.

In reality, the scam is aimed at stealing the email address and password of the Facebook account further leading to the takeover of the page, profile and financial information.

The fraudulent message, seemingly originating from a supposed temporary support agent, warns recipients of an impending permanent **deletion of their Facebook page**. The scam leverages the authority of Meta Platforms, Inc., formerly Facebook, to create an atmosphere of urgency and legitimacy.

****The Deceptive Message:****

> _“Important Notification: Your Facebook page will be permanently deleted due to a post that infringes our trademark rights. We have made this decision after careful consideration and in compliance with our intellectual property protection policies. If you believe this is a misunderstanding, please submit a complaint requesting the restoration of this page before it is removed from Facebook._
> 
> _Request for Review: We understand that this may impact your current business objectives. If we do not receive a complaint from you, this will be our final decision._
> 
> _Thank You, This is a message from a temporary support agent with support ID 231778895, please visit the link above and follow the instructions. © Noreply Facebook. Meta Platforms, Inc., Attention: Community Support, 1 Facebook Way, Menlo Park, CA 94025.”_

****Sophistication of Phishing Page****

In normal circumstances, scammers and two-bit thieves **create phishing pages** which are full of coding errors, spelling and grammar mistakes. Additionally, their design lacks sophistication and often turns out to be broken pages.

However, the ongoing phishing scam is quite sophisticated only and only because of its flawless design. A look at the screenshot captured by Hackread.com shows scammers have become professional in coding and web design:

The UI of the phishing page looks as authentic as possible (Screenshot: Hackread.com).

**Modus Operandi**

The phishing scam involves collecting personal data, including full names, email addresses, phone numbers, and dates of birth. It deceives victims by prompting them to file an appeal, but before doing so, they are asked to sign in to their accounts. Once signed in, the scammers siphon off their email and password.

Your email and password are gone (Screenshot: Hackread.com)

In the next stage of the scam, victims are requested to provide additional Personally Identifiable Information (**PII**) for supposed verification, such as an ID card, passport, or driver’s license. However, uploading these documents leads nowhere; it is merely a gimmick to keep the victims busy. Meanwhile, behind the scenes, the scammers attempt to change the passwords of the victims’ email addresses and Facebook accounts.

We submitted McLOVIN’s ID but unfortunately, it did not go through (Screenshot: Hackread.com)

The scam relies on the victim’s anxiety about losing their Facebook page and business reputation. By including an official-looking Meta Platforms, Inc. copyright notice and a seemingly authentic support ID, scammers aim to lend credibility to their fraudulent message.

This isn’t the first instance of Meta business owners falling victim to a phishing scam. **In October 2023**, Vietnamese hackers were reported to have employed DarkGate malware targeting META accounts in India, the United Kingdom, and the United States.

****Protecting Against the Scam:****

To safeguard against falling victim to this phishing scam, business owners are urged to:

*   **Verify Official Communications:** Authentic notifications from Facebook or Meta Platforms, Inc. would typically appear directly in the platform, not via external links.
*   **Cross-Check Support IDs:** Legitimate support communications usually come from official channels within the platform, not from temporary support agents with ambiguous IDs.
*   **Exercise Caution with Links:** Avoid clicking on any suspicious links. Official communications and actions can typically be verified by accessing the platform directly.

As cybersecurity threats continue to evolve, caution is crucial. META business owners and Facebook page administrators are advised to stay informed about potential scams and report any suspicious activity to the platform’s official channels.

_Stay tuned for updates on cybersecurity measures and protect your online presence against emerging threats. Follow us on Twitter (X) **@Hackread** – Facebook @ **/Hackread**_.

****_RELATED ARTICLES_****

Microsoft, PayPal, Facebook most targeted brands in phishing scams

Facebook Phishing Scam: Crooks Using Messenger Chatbots to Steal Data

Facebook Phishing Scam Steals Login Data Using ‘Account Violation’ Policy

New Phishing Scam Hooks META Businesses with Trademark Threats

Wing Security announced today that it now offers free discovery and a paid tier for automated control over thousands of AI and AI-powered SaaS applications. This will allow companies to better protect their intellectual property (IP) and data against the growing and evolving risks of AI usage.

SaaS applications seem to be multiplying by the day, and so does their integration of AI

**Wing Security announced today that it now offers** **free discovery and a paid tier for automated control** over thousands of AI and AI-powered SaaS applications. This will allow companies to better protect their intellectual property (IP) and data against the growing and evolving risks of AI usage.

SaaS applications seem to be multiplying by the day, and so does their integration of AI capabilities. According to Wing Security, a SaaS security company that researched over 320 companies, a staggering 83.2% use GenAI applications. While this statistic might not come as a surprise, the research showed that 99.7% of organizations use SaaS applications that leverage AI capabilities to deliver their services. This usage of GenAI in SaaS applications that are not 'pure' AI often goes unnoticed by security teams and users alike.

> 70% of the most popular GenAI applications may use your data to train their models, and in many cases it's completely up to you to configure it differently.

**When e**xamining hundreds of AI-using SaaS applications, Wing Security was able to categorize the different ways in which these applications use organizational data, as well as offer a solution to this new threat:

**Data storing:** In some cases, data is stored by the AI for very long periods of time; in others, it can be stored for short periods only. Storing data allows AI learning models, and future models, to continually train on it. That said, the main concern is when considering the many different types of attacks seen on SaaS applications. When an application is compromised, the data it stores might be compromised too.

**Model training:** By processing vast amounts of information, AI systems can identify patterns, trends, and insights that may elude human analysis. Through machine learning algorithms, AI models learn from data and adapt over time, refining their performance and accuracy, resulting in better service to their end users. On the downside, allowing these models to learn your code, patents, sales, and marketing know-how provides AI-using applications with the potential means to commoditize your organization's competitive edge. To some, these knowledge leaks are considered more significant than data leaks

**The human element:** Certain AI applications leverage human validation to ensure the accuracy and reliability of the data they gather. This collaborative approach, often referred to as human-in-the-loop or human-assisted AI, involves integrating human expertise into the algorithmic decision-making process. This results in higher accuracy for the AI model, but also means a human, working for the GenAI application, is exposed to potentially sensitive data and know-how.

****Leveraging automation to combat AI-SaaS risks****

Wing's recently released AI solution guarantees security teams will better adapt to, and control, the ever-growing and practically unstoppable AI usage in their organizations. Their solution follows three basic steps - Know, Assess, Control.

**Know:** As with many security risks, the first step is to discover them all. In the case of AI, it is not enough to simply flag the "usual suspects" or the pure GenAI applications such as ChatGPT or Bard. With thousands of SaaS applications now using AI to improve their service, discovery must include any application leveraging customer data to improve their models. As with their previous solutions, Wing is offering this first and fundamental step as a free, self-service solution for users to self-onboard and start discovering the magnitude of AI-powered applications used by their employees.

**Assess**: Once AI-using SaaS has been uncovered, Wing automatically provides a security score and details the ways in which company data is used by the AI: How long is it stored for? Is there a human factor? And perhaps most importantly, is it configurable? Providing a detailed view of the application's users, permissions, and security information. This automatic analysis allows security teams to make better-informed decisions.

**Control:** Wing's discovery and analysis pin-points the most critical issues to address, allowing security teams to easily understand the level of risk and types of actions needed. For example, deciding whether or not they should permit a certain application's usage or simply configure the AI elements to better match their security policy.

****The Secret: Automating All Of The Above****

By automating Discovery, Assessment and Control, security teams save time on figuring out where to focus their efforts instead of spreading themselves thin trying to solve a huge and evolving attack surface. Subsequently, this significantly reduces risk.

Wing's automated workflows also allow for a unique cross-organizational solution: By allowing users to directly communicate with the application's admin or users, Wing prompts better-informed security solutions alongside a stronger security culture of inclusion rather than simple black or white listing.

In an era where SaaS applications are omnipresent, their integration with artificial intelligence raises a new type of challenge. On the one hand, AI usage has become a great tool for boosting productivity, and employees should be able to use it for its many benefits. On the other hand, as the reliance on AI in SaaS applications continues to surge, the potential risks associated with data usage become more pronounced.

Wing Security has responded to this challenge by introducing a new approach, aimed at empowering organizations to navigate and control the escalating use of AI within their operations, while involving the end users in the loop and ensuring they may use the AI-SaaS they need, safely. Their automated control platform provides a comprehensive understanding of how AI applications utilize organizational data and know-how, addressing issues such as data storing, model training, and the human element in the AI loop. Security teams can save precious time thanks to clear risk-prioritization and user involvement.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Combating IP Leaks into AI Applications with Free Discovery and Risk Reduction Automation

AI is being used by shock call spammers to emulate the voice of a loved one claiming to be involved in an accident.

The San Francisco Chronicle tells a story about a family that almost got scammed when they heard their son’s voice telling them he’d been in a car accident and hurt a pregnant woman.

Sadly, this is becoming more common. Scammers want to spread panic among their victims, and to do this, they feign an emergency situation. That may be a car accident, unexpected hospitalization, or any other scenarios which instantly cause concern and cause victims to act quickly.

Sometimes it’s a pregnant woman who is hurt, sometimes it’s a diplomat.

In earlier days of scams like these, success depended a great deal on the criminal’s skills at social engineering, but rapid advancements in Artificial Intelligence (AI) mean scammers can now easily and convincingly fake the “voice” of the relative that is the supposed victim of the accident.

What better way to make the victim believe that something bad has happened than hearing their loved one cry out for help in their own voice. With the help of various AI powered tools, criminals can easily compose fragments based on a short voice clip they found online.

FBI Special Agent Robert Tripp said:

> “Now criminals can fabricate a voice using AI tools that are available either in the public domain for free, or at a very low cost.”

The criminals will keep that part of the communication short, so the target is unable to ask the relative any questions about what happened. While it is possible to fake entire conversations with the help of AI, the tools that can do that are much harder to operate. The criminal would have to type out the responses very quickly and the target might get suspicious. In the story from the San Francisco Chronicle, the phone was “taken over” by the so-called police officer at the scene of the accident, who told the parents that their son would be taken into custody.

This was later followed a cold call by someone posing as legal representative for their son, asking for money to for bail. The intended victims got suspicious when the so-called lawyer said he’d send a courier to pick up the bail money.

The FBI says it has received more than 195 complaints about this type of scam that it refers to as “grandparent scams.” It reports nearly $1.9 million in losses, from January through September of 2023.

**How to avoid scams like this**

One of the main tools for the imposters is the amount of information they can round up about the target. Their main sources will include social media and phishing.

There are a few simple precautions to lessen the chances of falling victim to such scams:

*   Avoid letting third parties know too many personal details about you.
*   Do not answer telephone calls from numbers you do not recognize or calls from private numbers.
*   Ask for the caller’s telephone number and check it.
*   If necessary, try to reach your allegedly implicated family member by phone. If you can’t reach them directly, call someone else who might know where they are.
*   Hang up if in doubt and never give financial or personal information to the caller.
*   If you receive or have received such a call, please notify the police immediately and under no circumstances respond to the perpetrators’ demands.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using Malwarebytes Identity Theft Protection.

 AI used to fake voices of loved ones in “I’ve been in an accident” scam 

Once, drug dealers and money launderers saw cryptocurrency as perfectly untraceable. Then a grad student named Sarah Meiklejohn proved them all wrong—and set the stage for a decade-long crackdown.

How a 27-Year-Old Codebreaker Busted the Myth of Bitcoin’s Anonymity

Cybersecurity researchers have identified a "lightweight method" called iShutdown for reliably identifying signs of spyware on Apple iOS devices, including notorious threats like NSO Group's Pegasus, QuaDream's Reign, and Intellexa's Predator. 
Kaspersky, which analyzed a set of iPhones that were compromised with Pegasus, said the infections left traces in a file

Spyware / Forensic Analysis

Cybersecurity researchers have identified a "lightweight method" called **iShutdown** for reliably identifying signs of spyware on Apple iOS devices, including notorious threats like NSO Group's Pegasus, QuaDream's Reign, and Intellexa's Predator.

Kaspersky, which analyzed a set of iPhones that were compromised with Pegasus, said the infections left traces in a file named "Shutdown.log," a text-based system log file available on all iOS devices and which records every reboot event alongside its environment characteristics.

"Compared to more time-consuming acquisition methods like forensic device imaging or a full iOS backup, retrieving the Shutdown.log file is rather straightforward," security researcher Maher Yamout said. "The log file is stored in a sysdiagnose (sysdiag) archive."

The Russian cybersecurity firm said it identified entries in the log file that recorded instances where "sticky" processes, such as those associated with the spyware, caused a reboot delay, in some cases observing Pegasus-related processes in over four reboot delay notices.

What's more, the investigation revealed a the presence of a similar filesystem path that's used by all the three spyware families – "/private/var/db/" for Pegasus and Reign, and "/private/var/tmp/" for Predator – thereby acting as an indicator of compromise.

That said, the success of this approach hinges on a caveat that the target user reboots their device as often as possible, the frequency for which varies according to their threat profile.

Kaspersky has also published a collection of Python scripts to extract, analyze, and parse the Shutdown.log in order to extract the reboot stats.

"The lightweight nature of this method makes it readily available and accessible," Yamout said. "Moreover, this log file can store entries for several years, making it a valuable forensic artifact for analyzing and identifying anomalous log entries."

The disclosure comes as SentinelOne revealed information stealers targeting macOS such as KeySteal, Atomic, and JaskaGo (aka CherryPie or Gary Stealer) are quickly adapting to circumvent Apple's built-in antivirus technology called XProtect.

"Despite solid efforts by Apple to update its XProtect signature database, these rapidly evolving malware strains continue to evade," security researcher Phil Stokes said. "Relying solely on signature-based detection is insufficient as threat actors have the means and motive to adapt at speed."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New iShutdown Method Exposes Hidden Spyware Like Pegasus on Your iPhone

By Deeba Ahmed
Another day, another zero-day flaw driving the cybersecurity world crazy.
This is a post from HackRead.com Read the original post: Ivanti VPN Zero-Day Flaws Fuel Widespread Cyber Attacks

The vulnerabilities in Ivanti VPN devices enable remote, unauthenticated hackers to compromise targeted devices, execute arbitrary commands, infiltrate internal networks, and steal sensitive data.

Threat intelligence firm Volexity has discovered a rise in attacks exploiting two Ivanti zero-day vulnerabilities discovered in the second week of December 2023.

According to Volexity, at least 20 organizations using Ivanti Connect Secure VPN appliances have been compromised in cyberattacks leveraging Ivanti zero-day flaws, CVE-2023-46805 and CVE-2024-21887. Volexity has confirmed with “medium confidence” that the number of compromised systems is likely higher than what it discovered. 

The flaws, discovered by Volexity researchers, impacted Ivanti Connect Secure VPN and Policy Secure NAS appliances and were disclosed last week by Avanti.

On January 10, Volexity warned that a group UTA0178, supposedly affiliated with China, exploited these vulnerabilities to gain access to internal networks and steal information. On January 11, the company observed a series of targeted attacks on Ivanti VPN appliances, causing widespread exploitation of these flaws.

For your information, CVE-2023-46805 is an authentication bypass flaw with a CVSS rating of 8.2), impacting Ivanti ICS 9.x, 22.x, and Ivanti Policy Secure. The second flaw, CVE-2024-21887, is a command injection vulnerability with a CVSS score of 9.1, impacting Ivanti Connect Secure 9.x, 22.x, and Ivanti Policy Secure.

If exploited, these allow remote, unauthenticated attackers to compromise targeted devices by executing arbitrary commands, infiltrating internal networks, and stealing sensitive data.

Volexity noted that an unknown APT group launched initial attacks on ICS VPN appliances in December 2023, downloading malware tool kits for espionage. Multiple threat actors have since attacked hundreds of appliances and backdoored targets’ systems using a GIFTEDVISITOR webshell variant.

As of January 14, 2023, over 1,700 ICS VPN appliances were compromised, researchers revealed after scanning 50,000 Ivanti VPN-linked IPs. The highest percentage of victims were found in the US and Europe, impacting small-scale businesses to Fortune 500 companies in government, military, telecom, defence, tech, banking, finance, accounting, aerospace, aviation, and engineering sectors.

Mandiant also observed that a suspected state-sponsored threat actor dubbed UNC5221 leveraged these flaws last month to deploy up to five custom malware families. These include the ZIPLINE backdoor, WARPWIRE credential harvester, THINSPOOL shell script dropper, and LIGHTWIRE web shell. 

Mandiant noted in its report that threat actors UNC5221 launched “opportunistic attacks” to maintain persistence on high-priority targets that it had compromised “after a patch was inevitably released.”

Ivanti plans to release patches to fix these flaws by January 22, 2024, with final patches expected on February 19, 2024. A workaround is available to prevent exploitation until the patches are released. Organizations using vulnerable products should implement it immediately.

****_RELATED ARTICLES_****

1.  **APTs Exploiting WinRAR 0day Flaw Despite Patch Availability**
2.  **CACTUS ransomware evades exploits VPN flaws to hack networks**
3.  **Windows Defender SmartScreen Flaw Exploited with Phemedrone Stealer**
4.  **Flashpoint Uncovers 100,000+ Hidden Vulnerabilities, Including Zero-Days**
5.  **UAC-0099 Hackers Using Old WinRAR Flaw in New Cyberattack on Ukraine**

Ivanti VPN Zero-Day Flaws Fuel Widespread Cyber Attacks

Patching every device affected by the LeftoverLocals vulnerability—which includes some iPhones, iPads, and Macs—may prove difficult.

As more companies ramp up development of artificial intelligence systems, they are increasingly turning to graphics processing unit (GPU) chips for the computing power they need to run large language models (LLMs) and to crunch data quickly at massive scale. Between video game processing and AI, demand for GPUs has never been higher, and chipmakers are rushing to bolster supply. In new findings released today, though, researchers are highlighting a vulnerability in multiple brands and models of mainstream GPUs—including Apple, Qualcomm, and AMD chips—that could allow an attacker to steal large quantities of data from a GPU’s memory.

The silicon industry has spent years refining the security of central processing units, or CPUs, so they don’t leak data in memory even when they are built to optimize for speed. However, since GPUs were designed for raw graphics processing power, they haven’t been architected to the same degree with data privacy as a priority. As generative AI and other machine learning applications expand the uses of these chips, though, researchers from New York–based security firm Trail of Bits say that vulnerabilities in GPUs are an increasingly urgent concern.

“There is a broader security concern about these GPUs not being as secure as they should be and leaking a significant amount of data,” Heidy Khlaaf, Trail of Bits’ engineering director for AI and machine learning assurance, tells WIRED. “We’re looking at anywhere from 5 megabytes to 180 megabytes. In the CPU world, even a bit is too much to reveal.”

To exploit the vulnerability, which the researchers call LeftoverLocals, attackers would need to already have established some amount of operating system access on a target’s device. Modern computers and servers are specifically designed to silo data so multiple users can share the same processing resources without being able to access each others’ data. But a LeftoverLocals attack breaks down these walls. Exploiting the vulnerability would allow a hacker to exfiltrate data they shouldn’t be able to access from the local memory of vulnerable GPUs, exposing whatever data happens to be there for the taking, which could include queries and responses generated by LLMs as well as the weights driving the response.

In their proof of concept, as seen in the GIF below, the researchers demonstrate an attack where a target—shown on the left—asks the open source LLM Llama.cpp to provide details about WIRED magazine. Within seconds, the attacker’s device—shown on the right—collects the majority of the response provided by the LLM by carrying out a LeftoverLocals attack on vulnerable GPU memory. The attack program the researchers created uses less than 10 lines of code.

An attacker (right) exploits the LeftoverLocals vulnerability to listen to LLM conversationsVideo: Trail of Bits

Last summer, the researchers tested 11 chips from seven GPU makers and multiple corresponding programming frameworks. They found the LeftoverLocals vulnerability in GPUs from Apple, AMD, and Qualcomm, and launched a far-reaching coordinated disclosure of the vulnerability in September in collaboration with the US-CERT Coordination Center and the Khronos Group, a standards body focused on 3D graphics, machine learning, and virtual and augmented reality.

The researchers did not find evidence that Nvidia, Intel, or Arm GPUs contain the LeftoverLocals vulnerability, but Apple, Qualcomm, and AMD all confirmed to WIRED that they are impacted. This means that well-known chips like the AMD Radeon RX 7900 XT and devices like Apple’s iPhone 12 Pro and M2 MacBook Air are vulnerable. The researchers did not find the flaw in the Imagination GPUs they tested, but others may be vulnerable.

An Apple spokesperson acknowledged LeftoverLocals and noted that the company shipped fixes with its latest M3 and A17 processors, which it unveiled at the end of 2023. This means that the vulnerability is seemingly still present in millions of existing iPhones, iPads, and MacBooks that depend on previous generations of Apple silicon. On January 10, the Trail of Bits researchers retested the vulnerability on a number of Apple devices. They found that Apple’s M2 MacBook Air was still vulnerable, but the iPad Air 3rd generation A12 appeared to have been patched.

A Flaw in Millions of Apple, AMD, and Qualcomm GPUs Could Expose AI Data

The FTC forced a data broker to stop selling “sensitive location data.” But most companies can avoid such scrutiny by doing the bare minimum, exposing the lack of protections Americans truly have.

The US Federal Trade Commission (FTC) reached a settlement last week with an American data broker known to sell location data gathered from hundreds of phone apps to the US government, among others. According to the agency, the company ignored in some cases the requests of consumers not to do so, and more broadly failed to ensure that users were notified of how their harvested data would be used.

News that the settlement requires the company, formerly known as X-Mode, to stop selling people's “sensitive location data” was met with praise from politicians calling the outcome “historic” and reporters who deemed the settlement a “landmark” win for the American consumer. This “major privacy win,” as one outlet put it, will further require the company, rebranded as Outlogic after its activities were exposed, to delete all of the data it has illicitly gathered so far.

Outlogic, for its part, offered a drastically different take, denying any wrongdoing and vowing that the FTC order would “not require any significant changes” to its practices or products. While the company is potentially downplaying the cost to its business, it is certainly true that any ripples from the settlement will be imperceptible to consumers and Outlogic's industry at large—one which profits by selling Americans' secrets to spy agencies, police, and the US military, helping the government to dodge the supervision of the courts and all its pesky warrant requirements.

The FTC's crackdown on X-Mode's activities may indeed be historic, but from a consumer standpoint, it’s for all the wrong reasons. First, it's important to understand that the order concerns what the FTC is calling “sensitive location data,” a term of art impressively deluding and redundant at the same time. Any data that exhaustively chronicles a person’s physical presence—every moment of every day—is inherently sensitive.

There is no question that persistently tracking people’s whereabouts reveals political, religious, and even sexual associations. The act of collecting this data is a sweeping form of surveillance no matter the target. While it is easier, perhaps, to imagine how guests of “medical and reproductive health clinics, places of religious worship and domestic abuse shelters” are especially vulnerable to commercial forms of stalking, there are myriad ways in which people's whereabouts, once exposed, can endanger or ruin their lives.

Location data is inherently sensitive—so says society, an overwhelming consensus of privacy experts, and the highest court in the land.

One need only look to Congress to understand the level of fear that this precise form of surveillance inspires in those who’ve never been battered, stalked, or unhoused. Members of the House Intelligence Committee—most of whom lack an internal reproductive system—are vying at this very moment to shield federal lawmakers alone from this invasive and omnipresent tracking.

Given the current political climate, it’s not hard to imagine why politicians are afraid of surrendering their location data, leaving it accessible to virtually anyone on the cheap. But they are relatively few in number, and hardly any of them fall into the category of “most at-risk” for violence or discrimination. Unlike those who do, members of Congress have the unique power to change the law and protect themselves. Given the opportunity, that’s precisely what many have opted to do—just as they did a year earlier for federal judges.

Protection against persistent tracking is something we can definitively say is being sought after by a privileged few. But citing law enforcement needs and nebulous national security concerns, protecting anyone other than themselves is a matter that apparently demands more discussion, more caution, and more delay.

If America is creating a new protected class to shield federal lawmakers alone from surveillance, then it must accept that, unlike the vast majority of citizens who’ve never been accused of a crime, this class would be historically replete with criminals. US lawmakers have faced charges and convictions for bribery, perjury, and felony theft, not to mention obstruction of justice, withholding evidence of secret arms sales, and the possession of child sexual abuse material.

The FTC's victory in the Outlogic case is even more piddling in light of the commission today being led by one of the most vocal privacy protection advocates it has ever had, chairperson Lina Khan. That the company is still in business and touting how little the settlement matters underscores how truly underpowered and ill-equipped the FTC is for the job it's been asked to perform. It is not actually armed to protect Americans from being relentlessly surveilled, nor is that even technically its mission. Under the current regime, the agency is permitted at best to hold surveillants to a standard of “notice and choice,” one both illusory and enabling corporations (and the US government by proxy) to right now track Americans’ whereabouts at any time, all of the time, with no real legal concern.

The FTC’s principle regulatory weapon in privacy cases is known as Section Five, and it largely targets companies in privacy cases for lying. The case against Outlogic, for example, is based in part on its failure to disclose how people’s location data would ultimately be used. It did not, the FTC says, notify users that their data might be sold to government agencies for “national security purposes.” Here, the FTC's job is to ensure consumers receive “notice” of how their data is being used. But the job is a sham, and everyone who's ever clicked “I agree” on a privacy policy knows it.

Before the Outlogic case, only a small number of Americans even knew the company existed. An even smaller number had ever glanced at its terms of service, and even fewer—we’re now approaching zero—could be said to have actually read and understood what it said. Commissioners at the agency have long acknowledged as much.

“It is no wonder,” Commissioner Rebecca Slaughter said in 2019, that “98 percent” of people in one study clicked “I agree” to privacy policies that “disclosed sharing with the NSA and paying for the service by signing away your first-born child.”

The same study, out of York University, labeled the “notice” aspect of privacy regulation “the biggest lie on the internet,” detailing how research showed over 75 percent of users opted to skip reading privacy policies altogether. Those who didn’t, on average, spent roughly a minute skimming policies that would’ve taken an ordinary person 15-17 minutes to actually read, let alone comprehend.

Famously, a decade ago, researchers out of Carnegie Mellon determined that it would take an average person roughly 76 working days to consume all of the privacy policies they encounter in a year. The use of “gotcha clauses” has also been repeatedly used to demonstrate that people _do not read_ the terms of service. To wit, in July 2010, it was reported that more than 7,500 people had unknowingly sold their souls to a video game company.

These facts demonstrate unequivocally that the crime for which Outlogic is accused—failing to give consumers notice of how their data would be used—is not one of greed or opportunity, but sheer stupidity. The law is all but performative, so companies have nothing to lose by complying. Users can be counted on to agree to basically anything (up to and including being enslaved for all eternity).

People cannot “consent” to something they do not understand, just as consent cannot really be called “consent” when it involves a metaphorical gun to the head.

The truth is that even if users were strapped to a chair and forced to spend the 600 hours a year it would take to devour all of the purposely dense legal terms they agree to, many of those agreements are patently coerced, as the Supreme Court has said. So ubiquitous now is the technology tracking our movements, in “no meaningful sense” are people voluntarily accepting the risks of allowing companies to access and share that information. It is a matter of participating in society or not; of being employed or not.

It is also the FTC’s job to protect consumers from harm. But the definition of “harm”—like “notify” and “consent”—is watered down to the point of creating a serious gap between what it means and how most people actually use it. Companies are effectively free to harm people anyway, so long as it’s deemed "reasonably" avoidable by the agency and beneficial to competition on the whole.

Should the FTC fail to act, consumers have little recourse but to sit and suffer. It is nearly impossible for an individual to obtain standing in federal court to sue a corporation after their privacy is violated, assuming they can even afford to try. Merely exposing personal information is not enough. A test created by two recent Supreme Court rulings requires victims to demonstrate “concrete harm” to bring a case, even if tying any one company to an act of identity theft, harassment, or financial loss is, in nearly every instance, a fantastical objective.

Congress's last big push to pass a comprehensive privacy bill—the American Data Privacy and Protection Act of 2022—ironically would have exempted Outlogic’s activities altogether. Fearful of fighting a war on two fronts, its authors choose to purposefully avoid going after companies contracting with intelligence and law enforcement agencies. But there is one bill floating in Congress right now aimed at ending the government’s ongoing practice of buying location data from Outlogic-like companies and circumventing the courts.

The Fourth Amendment Is Not For Sale Act was introduced and passed by the House Judiciary Committee last month as part of a bigger package aiming to reauthorize and reform the problematic US intelligence program known as Section 702. The bill is slated to be taken up again this year, likely in February, sparking one of the fiercest fights over US privacy law Americans have seen in years.

Outlawing a pervasive practice that helped transform domestic surveillance into a windfall industry is a move that would be actually historic—for all the right reasons.

The Sad Truth of the FTC's Location Data Privacy Settlement

By Deeba Ahmed
Anonymous Sudan is a pro-Russia hacktivist group, and their emergence aligns with the rise of other pro-Russian cyber actors since the beginning of the Ukraine war.
This is a post from HackRead.com Read the original post: Anonymous Sudan Claims London Internet Exchange Attack Over Yemen Strikes

Anonymous Sudan claimed responsibility for the cyber attacks on the London Internet Exchange (LINX) on Telegram.

Anonymous Sudan, a Russia-affiliated hacktivist group comprising members from various backgrounds, has claimed responsibility for a cyberattack on the London Internet Exchange (LINX). It is one of the world’s largest exchange points.

The London Internet Exchange (LINX) is a mutually governed Internet exchange point (IXP) based in London, UK. It provides peering services and public policy representation to network operators within the UK and beyond.

The group claims its cyber attack to be a response to Britain’s support to Israel and the launching of air attacks on Yemen. Anonymous Sudan has also threatened to cause a major setback to the UK with a big cyberattack in the coming days.

On January 12, 2023, on its Telegram channel, the group posted about the attack on LINX, but this claim is yet to be confirmed. However, according to a tweet from OSINT specialists at CyberKnow, LINX’s website remained online amid the group’s claims, leaving questions about the authenticity of the claims or if they are merely speculation.

Screenshot: Sergey Shykevich, cyber threat intelligence manager at Check Point

For your information, the UK and the USA launched air strikes against Houthi military targets in Yemen. The UK targeted 30 Houthi military sites using 150 precision-guided munitions, killing five militants. UK Prime Minister Rishi Sunak approved the military action.

Britain’s move was a response to Houthi attacks on international maritime vessels in the Red Sea. US officials reportedly fired over 80 Tomahawk cruise missiles from three destroyers and a submarine. The action also involved 22 jets from the USS Eisenhower aircraft carrier.

Anonymous Sudan is known for using massive DDoS attacks, targeting both anti-Russian and anti-Muslim groups/entities. Lately, they have been launching attacks almost weekly, targeting airlines, governments, banks, large enterprises, airports, and telcos.

In November 2023, the same group also claimed responsibility for DDoS attacks on ChatGPT and caused service disruptions. They were previously involved in cyber attacks on Microsoft’s flagship office suite, including popular applications like Outlook and OneDrive, as well as its Azure cloud computing platform back in June 2023.

Since its inception, Anonymous Sudan has been active on Telegram, warning about potential attacks and updating them live. Its key targets include Israeli Prime Minister Benjamin Netanyahu’s websites, Mossad, and also collaborated with Killnet.

****_RELATED ARTICLES_****

1.  **Russian Killnet Hackers Claim Data Theft of FBI Agents**
2.  **KillNet Claims Creating Gay Dating Profiles with NATO Logins**
3.  **Pro-Russian Killnet group hits UK organizations with DDoS attacks**
4.  **Russian Hackers Employ Telekopye Toolkit in Broad Phishing Attacks**
5.  **Russian APT29 Hacked US Biomedical Giant in TeamCity-Linked Breach**

Anonymous Sudan Claims London Internet Exchange Attack Over Yemen Strikes

By Deeba Ahmed
The attacks, potentially linked to Russian APT Sandworm, exploited vulnerabilities in Zyxel firewalls.
This is a post from HackRead.com Read the original post: Forescout Report Uncovers New Details in Danish Energy Hack

The potential involvement of Sandworm, the wider threat beyond attribution, the vulnerability of Zyxel firewalls and the focus on European energy firms call for improved cybersecurity posture and threat intelligence.

Forescout, a global cybersecurity leader, has provided new evidence about two attacks on the Danish energy sector in May 2023 (PDF). Their report, ‘Clearing the Fog of War,’ highlights the need for better network monitoring and incident response plans and analyzes the potential involvement of an advanced persistent threat (APT) group called Sandworm.

For your information, SektorCERT, Denmark’s critical infrastructure CERT, reported a significant cyber-related attack on 22 Danish energy sector companies between May 11-30, 2023. The attacks, linked to Russian APT Sandworm, exploited vulnerabilities in Zyxel firewalls. Despite SektorCERT’s swift response, some companies were forced into island mode, allowing attackers to access industrial control systems.

Forescout Research-Vedere Labs report shed light on this incident. Reportedly, the first wave of attacks started on May 11, 2023, exploiting CVE-2023-28771, a pre-authentication OS command injection vulnerability in unpatched Zyxel firewalls.

A second wave occurred on May 22, 2023, where attackers downloaded MIPS binaries from 45.89.106147 to Zyxel firewalls in an energy sector organization containing Mirai variants with Moobot flavour indicators. The firewalls participated in DDoS and SSH brute-force attacks against targets in Hong Kong, the U.S., and Canada.

Zyxel firewalls at other SektorCERT member organizations were also observed downloading Mirai variants from staging servers, historically associated with malware distribution, adware, ransomware, and Log4j exploitation attempts.

 “After the second incident, further attacks targeted exposed devices within critical infrastructure worldwide in the ensuing months,” the report read.

Researchers couldn’t fully attribute the attacks to Sandworm given the difference between the two waves. The first wave targeted a limited number of targets using a PoC-less n-day while the second wave involved Zyxel firewalls infected by staging servers with a history of mass exploitation and crimeware, explained Elisa Costante, VP of Research at Forescout Research–Vedere Labs.

The study found numerous IP addresses exploiting the Zyxel vulnerability CVE-2023-28771, first reported by TRAPA Security in June 2023 and added to the CISA KEV catalogue in May 2023 with a 9.8 severity rating.

In April 2023, Zyxel announced patches for impacted firewalls, including USG Flex, ATP, ZyWALL/USG, and VPN. However, FortiGuard Labs reported a rise in DDoS botnets exploiting the Zyxel vulnerability, which persisted as late as October 2023 and spread across various devices, including Zyxel firewalls.

In May 2023, Hackread reported how a variant of the Mirai botnet, IZ1H9, successfully hacked Zyxel Firewalls using a patched command injection vulnerability, potentially leading to DDoS attacks. Researchers from Palo Alto Networks’ Unit 42 identified it as the most active Mirai variant.

Europe faces high exploitation attempts, with 80% of publicly identifiable and potentially vulnerable firewalls located there. Six European power companies are at risk of exploitation by malicious actors due to their use of Zyxel firewalls, highlighting the need for prioritizing threat intelligence in the energy sector.

Living off the land (LotL) attacks offer stealth benefits, allowing attackers to abstract away from legacy/proprietary protocols. Energy firms and critical infrastructure organizations must remain alert to attacks on unpatched network infrastructure devices.

Exposed Zyxel firewalls

**Expert Opinions**

For insight into the new development, we reached out to John Gallagher, Vice President of Viakoo Labs at Viakoo who praised Forescout for “digging deeper into exploits against critical infrastructure, and getting closer to the truth of what is behind these attacks.”

“Getting a more accurate assessment of these attack vectors, and getting to that truth more quickly as Forescout has provided, is crucial in protecting these critical assets. Disrupting cyber adversaries in their efforts is one form of defence; that’s why getting specific as to who is the threat actor is critical to defending ICS infrastructure,” he said.

“Forescout’s analysis points to the spillover from nation-state-directed cyber exploits to mass exploitation campaigns, which is an alarming trend. As “mass market” threat actors become more skilled at working within the unique languages and protocols of ICS systems it dramatically increases the risk of non-affiliated threat actors providing “as a service” ICS exploitation,” John added.

“In addition, this means organizations who depend on IoT/OT/ISC systems will be direct targets at some point to the same threats being launched against national critical infrastructure.”

Jose Seara, CEO and founder at DeNexus emphasizes the need for companies to “strengthen their cybersecurity posture” by understanding their cyber risks, identifying them, and quantifying them in monetary terms.

“Critical infrastructure and industrial sites have been increasingly targeted by threat actors and they all need to strengthen their cybersecurity posture. It is imperative for these companies to better understand their cyber risks, identify them and quantify them in monetary terms to drive data-driven decisions on cybersecurity investments,” said Jose.

“Additionally, new SEC regulations on cybersecurity reporting in the U.S. and the NIS2 in Europe are mandating the reporting cyber risk management, expanding the associated consequences of attacks beyond standard security concerns and putting organizations who do not comply at risk of potential legal and financial implications,” he added.

****_RELATED ARTICLES_****

1.  **Mirai botnet exploiting Azure OMIGOD vulnerabilities**
2.  **DDoS Attacks Hit Denmark Central Bank and 7 Private Banks**
3.  **Attacker builds malware variant with leaked Mirai source code**
4.  **Denmark’s largest train operator hit by service crippling DDoS attack**
5.  **Mirai-based NoaBot Botnet Targeting Linux Systems with Cryptominer**

Tag

#intel