Security News > 2023

LastPass finally admits: Those crooks who got in? They did steal your password vaults, after all. Actually your passwords were encrypted, but the websites and the web services and an unstated list of other stuff that you stored, well, that *wasn't* encrypted.

To address these challenges, Google, Microsoft and Proton, whose Proton Mail service was a first-mover in secure email, both moved to expand end-to-end encryption offerings. Google's announcement followed that of Proton, an encrypted cloud storage platform launched in 2013 in Geneva, Switzerland by CEO Andy Yen.

Starting today, WhatsApp allows users to connect via proxy servers due to Internet shutdowns or if their governments block the service in their country. The new proxy support option is available to all users running the latest WhatsApp iOS and Android applications.

The Android malware family tracked as SpyNote has had a sudden increase in detections in the final quarter of 2022, which is attributed to a source code leak of one of its latest, known as 'CypherRat. Threat actors quickly snatched the malware's source code and launched their own campaigns.

A financially motivated threat actor tracked as Blind Eagle has resurfaced with a refined toolset and an elaborate infection chain as part of its attacks targeting organizations in Colombia and Ecuador. Also tracked under the name APT-C-36, Blind Eagle is notable for its narrow geographical focus and launching indiscriminate attacks against South American nations since at least 2018.

According to Palo Alto Networks Unit 42, the threat actors use a new CAPTCHA solving system, follow a more aggressive use of CPU resources for mining, and mixe 'freejacking' with the "Play and Run" technique to abuse free cloud resources. Whereas Sysdig identified 3,200 malicious accounts belonging to 'PurpleUrchin,' Unit 42 now reports that the threat actor has created and used over 130,000 accounts on the platforms since August 2019, when the first signs of its activities can be traced.

A cybercrime group dubbed Bluebottle has been linked to a set of targeted attacks against the financial sector in Francophone countries located in Africa from at least July 2022 to September 2022. "The group makes extensive use of living-off-the-land, dual use tools, and commodity malware, with no custom malware deployed in this campaign," Symantec, a division of Broadcom Software, said in a report shared with The Hacker News.

Updated Former Twitter security chief and whistleblower Peiter "Mudge" Zatko has landed his first official role since he left the company, a part-time job as "Executive in residence" with cybersecurity firm Rapid7. Zatko has a reputation for both bluntness and skill that only solidified after he was fired from Twitter.

A signed Windows driver has been used in attacks on banks in French-speaking countries, likely from a threat actor that stole more than $11 million from various banks. Symantec's report adds some technical details, such as the use of the GuLoader tool for loading malware and a signed driver that helps the attacker kill processes for security products running on the victim network.

Financial institutions are being targeted by a new version of Android malware called SpyNote at least since October 2022. "This has helped other actors [in] developing and distributing the spyware, often also targeting banking institutions."