Below the most important news from the world of cybersecurity this week are listed.
Murat Celiktepe, a web and blockchain developer from Antalya, lost his savings in Ethereum after applying for a job at Upwork.
A person who introduced himself as a recruiter sent him a test task: debug the code in two npm packages, hosted in the GitHub repository. Celiktepe downloaded them and completed the job, but after completing the “technical interview” he found out that his MetaMask wallet was completely empty. The attacker withdrew 0.225 ETH (~$538).
The developer does not understand how the theft occurred. Experts speculate that the attack gave the attacker access to the victim’s device and intercepted network traffic, or copied passwords from a browser with autofill enabled.
Amnesty International Confirmed that Indian Journalists’ iPhones Were Infected with Spyware
Non-profit human rights group Amnesty International has discovered invasive Pegasus spyware on the iPhones of prominent Indian journalists.
“Despite repeated revelations, there is a shameful lack of accountability for the use of Pegasus, which only reinforces the sense of impunity for human rights violations in the country,” the organization said in a statement.
The human rights activists’ findings support Apple’s warnings in October that journalists and opposition activists in India could be victims of government-sponsored attacks. Then officials doubted the company’s words.
Amnesty International has called on all countries to ban the use and export of spyware whose functionality cannot be independently verified or whose functionality is limited. The organization also demanded the immediate publication of the findings of the Supreme Court Technical Committee report on the use of Pegasus in India.
Linux SSH Servers Have Become Targets for Installing Hidden Miners
Security-deficient Linux SSH servers are being targeted by malicious individuals seeking to install port scanning tools and dictionary-based attack applications. Its goal is to compromise other vulnerable servers and add them to a network, all in order to carry out cryptocurrency mining activities and launch distributed denial of service (DDoS) attacks.
The AhnLab Security Emergency Response Center (ASEC) mentioned in a recent report that “criminals could also simply choose to install scanning tools and then trade the IP addresses and access credentials on the deep web black market.”.
To reduce the risks associated with such attacks, users are advised to set strong passwords and keep systems up to date.
Kroll Revealed Details of FTX Client Data Leak
Restructuring agent Kroll has provided additional details about an August cyber incident that exposed the personal information of petitioners in the FTX bankruptcy case.
Kroll representatives emphasized that the breach did not affect FTX systems, particularly account passwords and digital assets.
However, users were warned about a possible phishing campaign to gain access to their cryptocurrency accounts.
Latvia Has Blocked Access to All Yandex Sites
The National Electronic Media Council of Latvia (NEPLP) has closed access to all sites associated with Yandex. This was announced by the president of the organization, Ivars Abolins.
The decision to restrict access to the Yandex.ru website and its mirror sites was made on April 7 last year. Yandex representatives filed an appeal with the District Administrative Court, which will consider the application on February 29, 2024.
Prior to this, in March 2022, Latvia had canceled the Yandex Taxi BV license and blocked the Yandex Go application to prevent the transfer of citizens’ data from Latvia to the Russian Federation.
By Leonardo Perez
