The Daily Decrypt The Digital Security Collective

In today's episode, we dive into the sophisticated DNS activities of the China-linked threat actor known as Muddling Meerkat, who manipulates internet traffic and abuse DNS open resolvers. This cyber espionage endeavor has global implications as explained by Infoblox in an article at The Hacker News (https://thehackernews.com/2024/04/china-linked-muddling-meerkat-hijacks.html). Also, we discuss the FBI's warning about fake verification schemes targeting dating app users, uncovering the scam processes and providing tips to safeguard against such fraudulent activities as detailed in the BleepingComputer article (https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-verification-schemes-targeting-dating-app-users/#google_vignette). Lastly, we explore Google's efforts to enhance mobile security by preventing over 2 million malicious apps from entering the Play Store, highlighting their proactive measures and collaborations to safeguard user privacy. Read more about this at The Hacker News (https://thehackernews.com/2024/04/google-prevented-228-million-malicious.html).



00:00 Introduction



02:36 Dating App Scams



04:12 Google's Security Enhancements



06:47 Muddling Meerkat's DNS Manipulation



Generate single use credit card numbers: https://app.privacy.com/join/GL3U7



Tags: Muddling Meerkat, DNS activities, reconnaissance, China, fake verification schemes, dating app users, FBI warning, fraudsters, Google, Play Store, security, review process



Search Phrases:




Muddling Meerkat DNS activities



China Muddling Meerkat reconnaissance



Fake verification schemes dating apps



FBI warning fraudsters



Protect from fake verification schemes



Unauthorized credit card charges prevention



Google Play Store security measures



Prevent sensitive data access



Google app review process



Infiltration prevention in Play Store




Apr30



The FBI is warning that dating app users are being targeted by fake verification scams that are leading to costly recurring subscription charges, as well as theft and misuse of personal information.



How can users protect themselves while using dating apps?



Google blocked over 2 million policy violating apps



from the Play Store in 2023. In a proactive security measure that also saw over 790,000 apps guarded against sensitive data access.



How has Google improved its security features and review process to prevent these malicious apps from infiltrating the Play Store?



And finally, a China linked threat named Muddling Meerkat has been caught manipulating DNS activities globally to evade security measures. They've been conducting reconnaissance since 2019. What are these unique DNS activities that Muddling Meerkat are undertaking, and what is their end goal?



You're listening to The Daily Decrypt.



So the FBI is warning of a new scam that's targeting dating app users,



which can lead to fraudulent recurring subscription charges and even identity theft.



So basically, the scammers will develop a romantic connection with you on the dating app of your choice, whether that's Tinder or Bumble or Hinge or whatever you choose, then they're going to ask to move this conversation to a safer platform to verify that you are in fact a human. Well, we're all on dating apps to try to find someone, so of course I'm going to verify that I'm human.



It's a valid request.



Well, the only way to verify that you're human now is to provide a credit card number and some information. Can't do anything without that.



And that's where they're going to get you. This is going to lead to maybe small, maybe large, but seemingly anonymous charges on your credit card bill. And if you're not paying close attention to that, you might miss them.



So this attack, at its core, is not very complex, but it is remarkably effective, because remember, there are a few different situations that



we put ourselves in where we're a little more desperate and a little le

Protect your website from a severe vulnerability in the WordPress Automatic plugin and prevent potential site takeovers. Discover a sneaky campaign using fake job interviews to distribute malware to software developers, and explore how Japanese police use fake payment cards to safeguard the elderly from online frauds.



URLs:




arstechnica.com/security/2024/04/hackers-make-millions-of-attempts-to-exploit-wordpress-plugin-vulnerability



bleepingcomputer.com/news/security/fake-job-interviews-target-developers-with-new-python-backdoor



bleepingcomputer.com/news/security/japanese-police-create-fake-support-scam-payment-cards-to-warn-victims




Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/



Logo Design by https://www.zackgraber.com/



Tags:
WordPress, Hackers, Vulnerability, Automatic, Dev Popper, Python RAT, Software Developers, Fukui Police Department, Fake Payment Cards, Online Fraud



Search Phrases:
WordPress Automatic vulnerability prevention, North Korean Dev Popper tactic explanation, Protect software developers from Python RAT, Fukui Police Department fake payment cards usage, Tech support scam prevention methods, WordPress security measures against hackers, Identify and avoid Python RAT installation, Elderly fraud prevention with fake payment cards, Preventing online fraud with dummy payment cards, Japanese police anti-scam tactics through payment cards



Transcript:



apr29



?



A police department in Japan is placing fake payment cards in convenience stores to help protect the elderly from Falling victim to tech support scams.



If you're a software developer and you're looking for a job, then congratulations, you're the target of a new North Korean scam called DevPopper. Which uses fake job interviews to deceive software engineers into installing a Python remote access trojan.



What are some signs you can look out for when applying for jobs?



There's a new vulnerability in a WordPress plugin called WordPress Automatic that could allow for complete site takeover.



How can WordPress admins make sure that their sites are safe?



You're listening to The Daily Decrypt



It is unfortunate, but the elderly are a huge target for scams online.



And we don't necessarily need to get into the reasons for this, but attackers know this, and they tend to target the elderly little bit more than the average user



and one of the ways attackers get money is by asking their victims to go buy iTunes gift cards or another type of gift card as a form of payment. Some of the most common scams involve scammers offering to remove Trojans from the victim's computer.



Or, they'd tell the victim that they have a late fee on one of their accounts and they need to pay it in the form of a gift card. So what this police department in Japan is doing is is they've created things that look like gift cards, but with the titles



" Virus or malware removal payment card" or



" Unpaid bill or late fee payment card" and they're sitting right next to Apple iTunes gift cards. You've got Home Depot, whatever that little gift card section in the convenience stores. It has these as well



In the hopes that if an elderly person is being targeted for one of these scams, they'll grab this gift card and go cash out with it. Now, convenience stores who have these gift cards, the



employees understand their purpose and have been instructed to have a conversation with whoever attempts to buy them, letting them know that they're probably being scammed.



And Bleeping Computer reports that there's been around 7. 5 million in financial losses in this town due to online scams such as these.



And in fact, there have been 14 complaints of investment scams in January alone with an estimated damage of 700, 000.



This is such a great example of a creative way to solve this problem, or at least attempt to solve this problem, by getting information in front of people. They could take it a st

Former athletic director Dazhon Darien arrested for using AI voice synthesis to impersonate Principal Eric Eiswert, sparking racism controversy at Pikesville High School. Police investigation and response discussed. Technology behind AI misuse and broader concerns for cybersecurity professionals explored. [Original article: https://arstechnica.com/information-technology/2024/04/alleged-ai-voice-imitation-leads-to-arrest-in-baltimore-school-racism-controversy/]



FCC restores net neutrality, reclassifying broadband service as Title II telecommunications for consumer protection and national security. Decision prohibits blocking, throttling, or paid prioritization of lawful content. Enhanced FCC authority to monitor service outages and regulate foreign-owned broadband entities addressed. [Original article: https://www.helpnetsecurity.com/2024/04/25/net-neutrality-restored/]



Researchers at Sekoia sinkhole PlugX malware server, intercepting 2.5 million unique IP connections in six months. Global impact, infection analysis, disinfection challenges, and historical context of PlugX malware outlined. Ongoing threat and control complexities discussed. [Original article: https://www.bleepingcomputer.com/news/security/researchers-sinkhole-plugx-malware-server-with-25-million-unique-ips/]




Tags: AI voice synthesis, controversy, manipulations, Dazhon Darien, racism, antisemitism, arrest, net neutrality, FCC, broadband service, Title II telecommunications service, internet access, regulations, PlugX malware, sinkholing, command and control server, IP addresses, computer security



Search phrases:



1. Dazhon Darien AI voice synthesis controversy



2. FCC broadband service reclassification impact



3. Net neutrality and FCC decision



4. PlugX malware sinkholing research



5. IP addresses capture by sinkholing



6. Cleaning computers infected with PlugX malware



7. Protecting devices from PlugX worm



8. AI voice synthesis manipulation prevention



9. Dazhon Darien arrest and implications



10. Internet regulations in the United States 



APR26



The former athletic director of Pikesville High School in Baltimore used AI voice synthesis to frame the school's principal using racist and anti semitic comments, which led to uproar in the community, and the principal had to take a leave of absence.



What technology did this former athletic director use, and what's going to happen to him?



Net neutrality has been restored as the FCC votes to reclassify broadband service in order to protect consumers and ensure a fast, open, fair and reliable Internet.



How will this decision impact Internet regulations and access across the United States and the world?



Security researchers were able to take control



of a variant of the PlugX By sinkholing one of its command and control servers that saw over 2. 5 million unique IP addresses in just the last 6 months.



What strategies are these security researchers proposing in order to get rid of this malware from end devices?



You're listening to The Daily Decrypt.



Researchers at Sequoia have successfully sinkholed a command and control server for a variant of the PlugX malware, intercepting over 2. 5 million connections from unique IP addresses in the last six months.



These security researchers at Sequoia were able to access the actual command and control server through a web shell,



which allowed them to not only shut it down, but to continue receiving the requests from the infected hosts,



and they've shown over 90, 000 daily requests across 170 countries. Now, some of those requests were through VPNs, and so the country might not be accurate.



But it's very interesting for them to be able to observe the malware's behavior as if it was still under control of this server.



Sequoia acquired control of this IP by working closely with the internet service provider who provides this IP and They just paid seven bucks to transfer ownership to them



A

Explore cybersecurity threats and solutions with experts analyzing critical vulnerabilities in keyboard apps, a $5.6 million privacy breach settlement for Ring users, and the latest trends in cyber attacker dwell times. Gain insights on global security measures and personal privacy protection.



Sources:




https://citizenlab.ca/2024/04/vulnerabilities-across-keyboard-apps-reveal-keystrokes-to-network-eavesdroppers/



https://www.bleepingcomputer.com/news/security/ring-customers-get-56-million-in-privacy-breach-settlement/



https://www.helpnetsecurity.com/2024/04/24/2023-attacker-dwell-time/




00:00 Intro



01:03 Deep Dive into Keyboard App Vulnerabilities and User Protection Tips



03:39 Ring's Privacy Breach: Details and Consumer Compensation



06:09 Cybersecurity Wins: Decreased Attacker Dwell Time and Enhanced Defenses



09:53 Conclusion: The Future of Cybersecurity and the Role of Large Language Models



Tags:
cybersecurity, privacy breach, keyboard apps, encryption, Ring settlement, attacker dwell time, data protection, smart home security



Search Phrases:




keyboard app security flaws



Ring privacy breach settlement details



reducing cyber attacker dwell time



encryption vulnerabilities in keyboard apps



FTC refund to Ring users



how to protect against cybersecurity threats



latest trends in cybersecurity attacks



privacy and security in smart home devices




Summarized Transcript:



Welcome to the Daily Decrypt, your essential guide to navigating the digital domain. In today's episode, we're uncovering critical vulnerabilities in popular Chinese pinyin keyboard apps, exploring a substantial privacy breach with Ring's camera system, and diving into the global improvements in cybersecurity detection times. Join us as we decode the digital world, keeping your data safe and your curiosity alive.



Our journey begins with a startling revelation from Citizen Lab. Over 1 billion users of popular Chinese pinyin keyboard apps are at a crossroads, facing the risk of having their keystrokes decrypted. Among the inspected vendors - Baidu, Honor, Huawei, iFlytec, Oppo, Samsung, Tencent, Vivo, and Xiaomi - most apps remain a breach waiting to happen, with network eavesdroppers able to exploit vulnerabilities passively. How can users shield themselves against such invasive threats? Turning off cloud-based services and opting for a more secure keyboard ecosystem are steps in the right direction.



Next, we delve into the breach that shook trust to its core - Ring's privacy debacle. A staggering 5.6 million in refunds are being distributed to affected customers, a move prompted by the Federal Trade Commission after unauthorized access of private video feeds came to light. The case brings to the forefront the critical need for robust security measures in IoT devices, especially those designed for security like cameras. How did Ring respond to the breach, and what can consumers learn from this incident to protect their own digital footprints?



On a brighter note, global security saw an inspiring leap forward in 2023. Organizations now detect intrusions in a median of 10 days, a significant improvement from the previous 16 days in 2022. This progress indicates a strengthening in defense mechanisms against cyber threats. But with ransomware and zero-day exploits on the rise, how can organizations maintain this momentum and ensure the safety of our digital realms?



Additionally, the emergence of large language models like OpenAI introduces new dynamics in both defense and offense within cybersecurity. These powerful tools aid in the development of new technologies and the fast analysis of vast datasets. However, the unrestricted usage by attackers versus the ethical constraints on defenders presents unique challenges. How will this play out in the evolving cybersecurity landscape?



This has been the Daily Decrypt. If today's episode unlocked new perspectives for you, show your sup

Join us for a crucial discussion on AI's impact on U.S. elections and cybersecurity with insights from New York City Mayor Eric Adams and experts from Cloudflare and the Center for Internet Security. Discover how AI both threatens and protects our electoral integrity and what measures are being taken to combat misinformation and enhance security.



In another essential segment, explore the recent ransom payment by UnitedHealth following a cyberattack on Change Healthcare. Learn about the challenges in protecting sensitive patient data and the implications of the breach on healthcare operations and cybersecurity policies.



Finally, delve into the vulnerability of Apache Cordova App Harness in a dependency confusion attack as reported by Orca and Legit Security. Understand the risks of using outdated third-party projects in software development and the steps taken by the Apache security team to address these vulnerabilities.



For more detailed information:




https://www.helpnetsecurity.com/2024/04/23/ai-election-misinformation/



https://www.cybersecuritydive.com/news/unitedhealth-paid-ransom-change-cyberattack/714008/



https://thehackernews.com/2024/04/apache-cordova-app-harness-targeted-in.html




Follow us on Instagram: https://www.instagram.com/the_daily_decrypt/



Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/



Logo Design by https://www.zackgraber.com/



Tags for the Episode



AI, U.S. elections, cybersecurity, misinformation, Eric Adams, Cloudflare, Center for Internet Security, ransomware, UnitedHealth, Change Healthcare, data breach, Apache Cordova, dependency confusion attack, software security, open-source vulnerabilities



Search Phrases for the Episode




AI influence on US elections



cybersecurity threats in 2024 elections



Eric Adams on social media as environmental toxin



UnitedHealth ransomware attack details



handling sensitive patient data in healthcare cyberattacks



Change Healthcare cyberattack impact



dependency confusion attacks in software



vulnerabilities in Apache Cordova App Harness



combating misinformation with AI in elections



protecting elections from cyber threats




Transcript:



Apr24 AI in Elections: Guarding Against Misinformation, UnitedHealth's Ransomware Dilemma, and The Peril of Dependency Confusion in Apache Cordova



It's official. UnitedHealthcare has confirmed that it paid a ransom to the cybercriminals that breached its subsidiary ChangeHealthcare. What additional measures are UnitedHealth taking to monitor and mitigate the fallout from this breach?



AI is swiftly becoming a double edged sword in U. S. elections, with over 60, 000 daily cyber threats being mitigated against election bodies as we approach the critical 2024 election cycle.



How can we balance the advancement of AI technology with the security and fairness of upcoming elections?



And finally, researchers have discovered a vulnerability in the discontinued Apache Cordova App Harness project, allowing attackers to inject malicious code into the software supply chain, impacting unsuspecting users worldwide.



So you may have heard that Change Healthcare was breached, it caused a lot of problems, well it just came out that the UnitedHealth Group who owns Change Healthcare has admitted to paying a ransom



during the cyber attack that occurred in February. Their aim was to prevent further exposure of sensitive patient data. A spokesperson for UnitedHealth revealed to Healthcare Dive that the breach involved protected health information and personally identifiable information which could potentially impact a vast number of Americans.



Further complicating the situation, it was discovered that 22 screenshots of what appear to be stolen files were posted on the dark web. These images, some containing detailed patient health information, were accessible online for approximately one week.



And anything that goes online, it's really h

From malware developers targeting child exploiters with ransomware, to major cloud services exposing credentials, learn how digital vigilantes and technological oversights shape online security. Featuring insights on the United Nations' latest ransomware dilemma, uncover the intricate web of cybersecurity challenges faced globally.



URLs for Reference:




Malware Dev lures child exploiters into honeytrap to extort them



AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs



United Nations agency investigates ransomware attack, data theft




Follow us on Instagram: https://www.instagram.com/the_daily_decrypt/



Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/



Logo Design by https://www.zackgraber.com/



Tags: cybersecurity, ransomware, malware, cloud security, digital threats, cyber vigilantes, tech giants, United Nations, cyber attack, data theft, CryptVPN, AWS, Google Cloud, Azure, CLI tools, BleepingComputer, The Hacker News



Search Phrases:




Cyber vigilante justice malware extortion



Cloud CLI tools security vulnerabilities



United Nations cyberattack investigation



CryptVPN ransomware against child exploiters



AWS, Google, and Azure CLI tools leaking credentials



Impact of ransomware on global organizations



Cybersecurity threats in cloud computing



Cybersecurity tactics against illegal online activities



Data breach at United Nations agency



New trends in cyber threats and digital security




Transcript:



Apr22



Malware developers are now targeting individuals seeking child exploitation material, employing cryptVPN ransomware to extort them by locking their systems and demanding payment, as revealed by Bleeping Computer. What methods are these developers using, and why do I want them to succeed?



Leaky CLI, a vulnerability discovered by Orca in AWS, Google, and Azure CLI tools, is exposing sensitive credentials in build logs, putting countless organizations at risk of cyber attacks. What measures can organizations take to prevent sensitive credentials from being exposed by build logs?



Finally, hackers have infiltrated the United Nations Development Program's IT systems, stealing sensitive human resources data from its global network dedicated to fighting poverty and inequality.



You're listening to the Daily Decrypt.



Malware developers are now turning their tactics against individuals seeking child exploitation material, specifically targeting them with ransomware designed to extort money by feigning legal action. This new strain of malware, dubbed CryptVPN, was recently analyzed by Bleeping Computer after a sample was shared with the cybersecurity researcher MalwareHunterTeam.



CryptVPN tricks users into downloading a seemingly harmless software, which then locks the user's desktop and changes their wallpaper to a menacing ransom note.



The ploy begins with a decoy website that impersonates. Usenet Club, a purported subscription service offering uncensored access to downloadable content from Usenet, which is an established network used for various discussions, which unfortunately also includes illegal content. The site offers several subscription tiers, but the trap is set with the free tier, which requires the installation of the CryptVPN software to access the supposed free content.



Now to be honest, I feel like I don't even want to give away these clues to any child predators that may be listening. So



I'm going to stop there as far as how the attack works, but



I'm really glad that attackers have found this vector because people who are partaking in illegal activities have a lot to lose and are often pretty scared, you know, unless they're complete psychopaths. And and so if someone's able to get



the information or lure people into these websites You know, this reminds me of something that happened to me back in my single days.



And those of you who know me personally can validate the authe