Author Archives: Joe Warminsky

Ukrainian gets US prison term in decade-old cybercrime, money-laundering case

Posted on by

In a case that stretches back to a much simpler era for cybercrime, a Ukrainian man was sentenced Thursday to more than seven years in prison after pleading guilty to helping launder money for Eastern Europeans who hacked into U.S. bank accounts. The U.S. Department of Justice said Aleksandr Musienko, 38, agreed to an 87-month prison term and $98,751.64 in restitution under the plea deal. From 2009 to 2012, Musienko, who sometimes used the alias Robert Davis, “partnered with Eastern European computer hackers to obtain over $3 million from U.S. victims’ bank accounts and launder the stolen funds from U.S. bank accounts overseas,” the department said Thursday in announcing the deal. Musienko ran a network of “money mules” as part of the scheme, prosecutors said. The FBI’s Charlotte, North Carolina, office took the lead in prosecuting Musienko, focusing on a specific fraud case in that state. According to a 2016 […]

The post Ukrainian gets US prison term in decade-old cybercrime, money-laundering case appeared first on CyberScoop.

Continue reading Ukrainian gets US prison term in decade-old cybercrime, money-laundering case

Romance scam victims reported $304 million in fraud in 2020, a new high

Posted on by

Deceptive online behavior prompted plenty of emotions last year. Anger, fear, anxiety, frustration — take your pick. Just don’t forget heartbreak. Exactly how much heartbreak? The Federal Trade Commission’s scam-tracking team doesn’t monitor emotions, but it does collect complaints from people who say they were victims of romance scams. In 2020, they were worth a record $304 million — an increase of about 50% over the previous year. Some of the fraud was initiated through dating apps, the FTC said, as people flocked to them during months of stay-at-home orders during the coronavirus pandemic. But social media was an even greater source, the agency said. “Scammers fabricate attractive online profiles to draw people in, often lifting pictures from the web and using made up names. Some go a step further and assume the identities of real people,” the FTC said. “Once they make online contact, they make up reasons not […]

The post Romance scam victims reported $304 million in fraud in 2020, a new high appeared first on CyberScoop.

Continue reading Romance scam victims reported $304 million in fraud in 2020, a new high

SIM-swapping gang busted for targeting ‘influencers, sports stars, musicians’

Posted on by

International police say 10 suspects have been arrested for fraudulently accessing the phones of celebrities to steal about $100 million cryptocurrency as well as personal data throughout 2020. The sting included eight arrests in the United Kingdom as well as one in Malta and another in Belgium, according to Europol. The U.S. Secret Service, Department of Homeland Security and FBI were all involved in the operation, the U.K.’s National Crime Agency (NCA) said. As of Wednesday morning, it was unclear who the victims were, but the NCA said they included “well-known influencers, sports stars, musicians, and their families.” Neither Europol nor the NCA named the suspects. Victims’ phones were targeted via SIM swapping, police said. Unlike a direct hack on a person’s device, SIM swapping — also known as SIM hijacking — typically involves a little help from other humans. Scammers often take over a person’s digital profile by deactivating […]

The post SIM-swapping gang busted for targeting ‘influencers, sports stars, musicians’ appeared first on CyberScoop.

Continue reading SIM-swapping gang busted for targeting ‘influencers, sports stars, musicians’

‘Cyberpunk 2077’ game studio says hackers exposed data

Posted on by

Video game company CD Projekt says a cyberattack exposed some of its data, and the intruders left a ransom note claiming they accessed the source code for “Cyberpunk 2077” and other games. The Poland-based studio said in a tweet Tuesday that “an unidentified actor gained unauthorized access to our internal network” and “collected certain data belonging to CD PROJEKT capital group.” The attackers encrypted some devices, but backups remained intact, CD Projekt said. The alleged ransom note — published in CD Projekt’s tweet about the incident — indirectly refers to recent troubles for the company, which was criticized for the bug-filled rollout of the much-ballyhooed “Cyberpunk 2077” in December. Sony removed it from its PlayStation Store about a week after the release. Some investors sued the company over the rollout. “Your public image will go down the shitter even more,” if the attackers’ demands aren’t met, the note says. It […]

The post ‘Cyberpunk 2077’ game studio says hackers exposed data appeared first on CyberScoop.

Continue reading ‘Cyberpunk 2077’ game studio says hackers exposed data

Barcode scanner in Google Play Store became malware after years of popularity, researchers say

Posted on by

An app with more than 10 million downloads from the Google Play Store recently took a hard turn to the dark side, according to antivirus company Malwarebytes. The Barcode Scanner app had appeared in the store for years, but in December it became clear that it “had gone from an innocent scanner to full on malware,” writes Nathan Collier, a researcher for the Silicon Valley company. Malwarebytes said Google Play removed the app in early December after users reported that it was opening the default web browsers on phones to serve up ad pages — without any direct action by the device owners themselves. The company is labeling the malicious code as a trojan. “It is frightening that with one update an app can turn malicious while going under the radar of Google Play Protect,” Collier writes. The researcher makes a clear distinction: There are many ways apps can go […]

The post Barcode scanner in Google Play Store became malware after years of popularity, researchers say appeared first on CyberScoop.

Continue reading Barcode scanner in Google Play Store became malware after years of popularity, researchers say

Signal issues workaround for Iran’s ban of messaging app

Posted on by

Signal says it is introducing a connection method for the Android version of its app that can allow users in Iran to dodge their government’s efforts to block message traffic. The announcement comes after users in Iran began reporting issues with connecting to the end-to-end encrypted chat application in January, following a crackdown by the government. In a blog post Thursday, Signal said users of the Android version will be able to download the update “in a few days.” Signal’s popularity in Iran spiked recently after the popular WhatsApp messenger announced an update to its privacy policy that allowed more data to be shared with Facebook, its parent company. Users in Iran and elsewhere flocked to other options, particularly Signal, given its reputation for privacy. Iranian government officials noticed the increase in Signal users and blocked the app. Signal, which is run by a U.S.-based nonprofit foundation, vowed to fight. It […]

The post Signal issues workaround for Iran’s ban of messaging app appeared first on CyberScoop.

Continue reading Signal issues workaround for Iran’s ban of messaging app

SonicWall issues patch for firmware zero-day used to attack the company and its customers

Posted on by

Network security company SonicWall is offering a patch for a serious bug in one of its product lines that had attracted public warnings from cybersecurity researchers over the past week. The patch fixes a flaw that had put the Silicon Valley firm in the headlines of late. SonicWall on Jan. 22 said attackers had exploited a zero-day vulnerability in its own products to gain access to its corporate network. Then, on Jan. 31, researchers from NCC Group then said the bug was being exploited elsewhere in the wild. The bug is in SonicWall’s line of SMA 100 mobile networking gear, which is designed to add a layer of security for companies that allow employees to use their own devices to access corporate networks. SonicWall said the vulnerability allowed hackers to gain administrator-level privileges and then subsequently use a remote-code execution (RCE) on networks. The patch, posted Wednesday, applies to the […]

The post SonicWall issues patch for firmware zero-day used to attack the company and its customers appeared first on CyberScoop.

Continue reading SonicWall issues patch for firmware zero-day used to attack the company and its customers

TikTok says it will do more to slow spread of misinformation videos

Posted on by

TikTok says it will do more to slow down the sharing of information that can’t be completely fact-checked but potentially could be “inauthentic, misleading, or false.” The video-sharing giant says in a blog post that it will put banners over content that “has been reviewed but cannot be conclusively validated.” The clip’s creator will be notified, and then users will get an “Are you sure you want to share this video?” message before being able to amplify it to their followers. The videos may also be rendered ineligible to be included on TikTok’s For You page, a section that drives a significant amount of traffic on the app. TikTok says that it has been partnering with fact-checkers at PolitiFact, Lead Stories, and SciVerify and removing videos with information that is demonstrably false. The plan to put badges on potentially problematic content is geared toward situations where “fact checks are inconclusive […]

The post TikTok says it will do more to slow spread of misinformation videos appeared first on CyberScoop.

Continue reading TikTok says it will do more to slow spread of misinformation videos

White House must act now to boost trust in elections, experts say

Posted on by

There’s a brief window for the Biden administration to boost Americans’ trust in the voting process, and the White House must take steps now, according to a new report from election-integrity experts. President Joe Biden should form a Presidential Commission on Election Resilience and Trust that would spend six months studying the issue and report back before the end of 2021, says the report from the Alliance for Securing Democracy and the Center for Democracy and Technology. “Despite the absence of widespread voter fraud or major cyber attacks in the 2020 elections, false information ran rampant in the pre- and post-election periods,” write David Levine, an elections integrity fellow for the ASD, and William T. Adler, a senior technologist in elections and democracy for the CDT. “The Commission should study and make recommendations about efforts to counter election-related mis- and disinformation, which undermine confidence in our democracy.” The Washington Post […]

The post White House must act now to boost trust in elections, experts say appeared first on CyberScoop.

Continue reading White House must act now to boost trust in elections, experts say

Spies target gamers with malware inserted into software updates, ESET says

Posted on by

Gamers are familiar targets for hackers, but those operations often are broadly aimed at stealing data, installing nuisances like adware or disrupting the games themselves. Sometimes, though, attackers have other things in mind. A malware operation in Asia appears to be “highly targeted” toward spying on only a handful of users of a popular piece of gaming software, according to cybersecurity researchers at Slovakia-based ESET. The attackers compromised the update mechanism for NoxPlayer, an emulator program that allows Android games to be played on PCs and Macs, ESET says. It’s a supply-chain attack, not unlike others with much bigger footprints and much larger geopolitical effects. The perpetrators appear to have broken into infrastructure at Hong Kong-based BigNox, which makes NoxPlayer, to add the malware to the updates that go to customers. The details get fuzzy from there. About 150 million people, mostly in Asia, use NoxPlayer. ESET says it discovered […]

The post Spies target gamers with malware inserted into software updates, ESET says appeared first on CyberScoop.

Continue reading Spies target gamers with malware inserted into software updates, ESET says