Security News > 2022 > August

Named "Torrents of Truth," the initiative is similar to "Call Russia," a project to help break through Russian propaganda and open people's eyes to what's happening in Ukraine. The initiative creates torrents that contain a text file with a list of credible news sources that Russians can trust and instructions on downloading and installing a VPN to secure anonymity from ISPs.

A team of Ukrainian cyber-activists has thought of a simple yet potentially effective way to spread uncensored information in Russia: bundling torrents with text and video files pretending to include installation instructions. The initiative creates torrents that contain a text file with a list of credible news sources that Russians can trust and instructions on downloading and installing a VPN to secure anonymity from ISPs.

Cybersecurity researchers have uncovered a set of 3,207 mobile apps that are exposing Twitter API keys to the public, potentially enabling a threat actor to take over users' Twitter accounts that are associated with the app. The discovery belongs to cybersecurity firm CloudSEK, which scrutinized large app sets for potential data leaks and found 3,207 leaking a valid Consumer Key and Consumer Secret for the Twitter API. When integrating mobile apps with Twitter, developers will be given special authentication keys, or tokens, that allow their mobile apps to interact with the Twitter API. When a user associates their Twitter account with this mobile app, the keys also will enable the app to act on behalf of the user, such as logging them in via Twitter, creating tweets, sending DMs, etc.

Dark Web credit card fraud less pervasive but still an ongoing problem. Stolen credit card data is always a hot item for sale on the Dark Web, particularly if the package includes not just the card number but the expiration date and CVV code.

Winamp has released its first release candidate after four years in development, officially bringing the popular media player out of beta. Winamp ceased development after version 5.666 was released in 2013.

Microsoft Defender Experts for Hunting, a new managed security service for Microsoft 365 Defender customers, is now generally available. Microsoft's security experts will use Defender data for threat investigation and to provide customers with remediation instructions, as well as help deploy threat hunting across all Microsoft 365 Defender products within hours, according to Redmond.

The Indonesian Ministry of Communication and Information Technology, Kominfo, is now blocking access to internet service and content providers who had not registered on the country's new licensing platform by July 27th, 2022, as the country begins to restrict access to online content providers and services. The first blocks began Friday, a day before the June 26th deadline, and according to internet access monitoring org NetBlocks, some of the service providers include Yahoo, Steam, and PayPal.

Ideally, the memory allocation software will detect that the block no longer belongs to the part of the program that's "Returning" it, will figure out that the offending block has already been recycled, and won't deallocate it a second time, thus sidestepping the risks of "Freeing" it again. Notably, the memory manager might inadvertently and unexpectedly "Confiscate" the double-freed block from the code that's now legitimately using it, and reassign it to yet another part of the program, perhaps even malicious code that an attacker has timed carefully to take advantage of the mismanagement.

Cyber-crime never takes a holiday and according to Rubrik, Ransomware alone jumped by 700% in 2021. Cyber security is, of necessity, an absolute priority for many organizations.

A 24-year-old Australian national has been charged for his purported role in the creation and sale of spyware for use by domestic violence perpetrators and child sex offenders. "The Frankston man engaged with a network of individuals and sold the spyware, named Imminent Monitor, to more than 14,500 individuals across 128 countries," the Australian Federal Police alleged in a press release over the weekend.