After a long time of inactivity, I decided to re-launch the weekly news recap. Without waiting, here’s the latest news on APTs, Cryptocurrencies, Darknet, Security and Privacy in less than 1,000 words.
APT#
China’s PLA Unit 61419 Purchasing Foreign Antivirus Products, Likely for Exploitation (Recorded Future)
Unit 61419 of China’s People Liberation Army is reportedly seeking to purchase English-language antivirus software from major security companies in America, Russia and Europe. Insikt Group assesses that there are high chances that these purchases aim to use these antiviruses during the development of malware, to test their ability to evade detection and/or to reverse engineer the antivirus software to find exploitable flaws.
Cryptocurrencies#
IRS secures order to serve Kraken with customer data request on cryptocurrency traders (ZDNet)
If you traded more than the equivalent of USD 200,000 through Kraken between 2016 and 2020, congratulations. You are now on the IRS’s crosshair. The federal court in the Northern District of California will issue a “John Doe” summons to Kraken to find US taxpayers who failed to declare their gains properly.
Coinbase to acquire leading institutional data analytics platform, skew (Coinbase Blog)
Coinbase announced the purchase of Skew, a company offering market analysis for various crypto-currencies assets. With this, Coinbase aims to provide real-time actionable data analytics to its customers to help them make more informed trading decisions.This is not the first time Coinbase purchases a data analytics company. Two years ago, it already purchased Neutrino, an AML provider for crypto-currencies.
Darknet#
4 arrested in takedown of dark web child abuse platform with some half a million users (Europol)
Boystown, one of the most prolific children sexual abuse platform was closed by the German police in collaboration with Europol, Netherlands, Sweden, Australia, Canada, and the US law enforcement agencies. 400,000 users were registered to the website, and four arrests were made (three in Germany, one in Paraguay).
Dark Dot Fail: Hacked, Then Back (The Cryptosphere) Interesting thread on the order of events (Twitter)
Last week, someone hijacked darknetlive.com, dark.fail, and onion.live’s domain names. The attacker(s) changed URLs to redirect to malicious URLs (interestingly, they even bothered to generate vanity ones). The domains were apparently taken over using fake court orders, but as of May 5th, it seems that all were able to regain their domain names.
Aurora Market Exit Scammed
Aurora Market exit scammed the 25 March after its experienced deposits/withdrawal issues, and Aurora, its administrator, stopped showing any sign of life. The market was six months old, and about 200,000 (USD probably) were stolen, according to Northernlight, an administrator.
General Security#
Apple fixes 2 iOS zero-day vulnerabilities actively used in attacks (Bleeping Computers)
On May 3rd, Apple released security updates related to the Webkit engine within all of its devices. The two vulnerabilities, CVE-2021-30663 and CVE-2021-30665 allow remote code execution, and were reportedly actively exploited.
Insurer AXA says it will no longer cover ransomware payments in France (Bitdefender - Hot for Security)
AXA, one of the most prominent French insurances, announced that they would no longer offer cyber-insurance policies that cover ransom payments. Estimations say ransomware led to more than USD 5.5 billion of losses last year in France.
Privacy#
Facebook bans Signal’s attempt to run transparent Instagram ad campaign (ZDNet)
Signal, the end to end encrypted app, purchased some advertisement on Instagram, which they used to show people the amount of very specific data advertisers can access. For example: “You got this ad because you’re a K-pop loving chemical engineer. This ad used your location to see you’re in Berlin. And you have a new baby. And you just moved. […]”. No need to say that Facebook wasn’t so fond of their initiative and promptly shut them down.
New safety section in Google Play will give transparency into how apps use data (Google Blog)
Google announced that they will make developers communicate how they use users data. The company will also highlight things such as the security practices implemented by the app (e.g., encryption), which data needs to be shared for the app to work, if the app enables users to request data deletion if they delete the app, and a couple of other things. This will be available starting Q1 2022, and developers will have up to the second quarter of the same year to update the required information.All of this is very good, but let’s not forget that Google enabled Android is a spyware itself.
Twitter Tip Jar may expose PayPal address, sparks privacy concerns (Bleeping Computers)
Twitter has recently begun tests of a new feature, ‘Tip Jar’, that aims to let users tip other Twitter accounts they want to support through Paypal, Bandcamp, Patreon, Cash App, and Venmo. For now, the feature is only rolling out to accounts having English set as their language, and only a limited group of users can receive tips. This feature is just a couple of days old that there are already problems, such as the sender’s PayPal shipping address being exposed.