Among the news, it stands out that researchers demonstrate how Android is vulnerable to brute force attacks.
Below are details on the most important news from the world of cybersecurity of the week:
- Meta has been fined $1.3 billion in the EU for sending user data to the US.
- Experts have figured out a way to hack Android through fingerprinting.
- The Inferno Drainer phishing service stole over $5.9 million worth of cryptocurrency.
- US government contractor attacked by ransomware.
Meta Fined $1.3B in the EU for Sending User Data to the US
The Irish Data Protection Commission has imposed a record $1.3 billion fine on a local subsidiary of Meta Corporation for breach of confidentiality. The Irish regulator, which is the lead privacy regulator in a 27-country bloc, launched an investigation in August 2020.
Now Meta is forced to stop transferring user data to the United States, adapt them to GDPR and within six months, delete all information stored and processed illegally. Representatives of the corporation described the imposed fine as unfair and intend to appeal against the authorities’ decision.
Experts Have Discovered a Way to Hack Android Through Fingerprints
Some Android smartphone models from Samsung, Xiaomi, OnePlus, Vivo, OPPO, and Huawei have been found to be vulnerable to fingerprint hacking. This is reported by researchers from Tencent Labs and Zhejiang University.
In an attack called BrutePrint, the attacker generates a large number of fingerprint samples and compares them against the device’s sensor until a suitable one is found. As a result, you can access the target device and all the information stored on it.
An attacker would need physical access to the device, a fingerprint database of academic data sets or biometric leaks, and about $15 worth of hardware. Android devices allow infinite fingerprinting, so given enough time, the attack will succeed.
The reason for the vulnerability is that many smartphone manufacturers use standard fingerprint recognition algorithms. More advanced devices equipped with ultrasonic sensors are better protected.
Inferno Drainer Phishing Service Stole over $5.9 Million in Cryptocurrency
Since March 27, the phishing service Inferno Drainer has stolen more than $5.9 million worth of cryptocurrency through at least 689 fake websites. This was reported by the company Scam Sniffer.
Inferno Drainer is advertised as a multi-chain scam. Its creators provide customers with an administration panel with the ability to set up phishing pages and even offer a trial version. Pages built with Inferno Draine mimic the sites of 229 popular brands, including Pepe, MetaMask, OpenSea, Sui, zkSync, and more.
According to the researchers, the attackers distribute the funds received from the attacks among five wallets.
US Government Contractor Hit by Ransomware
Swiss multinational technology and US government contractor ABB has confirmed a ransomware attack on some of its systems. The incident occurred on May 7. The attackers were able to steal an unidentified amount of data from the hacked devices, but the company revealed no signs of impact on customer systems.
ABB has located the service interruption and is taking additional security measures to protect the network. An investigation has been launched with the participation of law enforcement officers.
ABB develops industrial control, supervisory control, and data acquisition systems for industries and energy providers. His clients include the US Department of Defense and federal civilian agencies, including the Departments of the Interior, Transportation and Energy, as well as the US Coast Guard and Postal Service.
By Audy Castaneda
