By Habiba Rashid
Meet Chae$4 malware: the new and even harder-to-detect variant of the infamous Chaes malware.
This is a post from HackRead.com Read the original post: New Chae$4 Malware Steals Login, Financial Data from Businesses

**KEY FINDINGS**

*   **Chae$4 is a new and advanced malware variant that targets customers of financial and logistics companies in Latin America.**

*   **The malware is difficult to detect because it uses sophisticated encryption techniques and stealth mechanisms.**

*   **Chae$4 can steal login credentials, financial data, and other sensitive information.**

*   **The malware is spread through malicious MSI installers, often disguised as legitimate application installers.**

Morphisec, a leading cybersecurity firm, has discovered a new and advanced variant of the Chaes malware targeting customers of financial and logistics companies in Latin America. This article delves into the mechanics of this evolved malware, dubbed Chae$4 as well as its implications, and strategies for businesses to safeguard against it.

The Chaes malware first emerged in November 2020 primarily targeting e-commerce customers in Latin America, particularly Brazil. The malware had been active since at least mid-2020, making its presence known by targeting unsuspecting victims.

The latest variant, Chae$4, marks a significant evolution in its capabilities. Chae$4 malware features a more sophisticated code structure advanced encryption techniques and stealth mechanisms, making it even harder to detect.

According to a report shared by Morphisec to Hackread.com, Chae$4 malware predominantly uses Python, employing decryption and dynamic in-memory execution, therefore evading traditional defence systems. The malware has abandoned Puppeteer in favour of a bespoke approach to monitor and intercept Chromium browsers’ activities.

Chae$4 targets a broader range of services, including prominent platforms and banks such as Mercado Libre, Mercado Pago, WhatsApp Web, Itau Bank, Caixa Bank, and even MetaMask.

The new variant employs WebSockets for primary communication between its modules and the Command and Control (C2) server. In addition to this, Chae$4 uses a Domain Generation Algorithm (DGA) for the dynamic resolution of the C2 server’s address.

The Chae$4 malware comprises several modules, each serving a specific purpose. These modules include:

*   _**Init Module**_: This module initiates communication with the attacker, gathering extensive data about the infected system.

*   _**Online Module**_: It functions as a beacon, informing the attacker of the infected system’s activity status.

*   _**Chronod Module**_: Responsible for stealing credentials, this module targets browser activities, including login data and financial information including BTC, ETH and PIX transfers.

*   _**Appita Module**_: Similar to the Chronod module, this one specifically focuses on targeting Itau Bank’s application.

*   _**Chrautos Module**_: An advanced version of Chronod and Appita modules, it offers better code architecture and enhanced capabilities.

*   _**Stealer Module**_: This module specializes in stealing data from Chromium-based browsers, including login data, credit card details, cookies, and autofill information.

*   _**File Upload Module**_: This recent addition allows the malware to search for and upload specific files, such as those related to the MetaMask’s Chrome extension.

The infection typically starts with the execution of a malicious MSI installer, often disguised as a legitimate application installer. The malware then deploys and downloads necessary files to establish persistence on the infected system.

The core component, ChaesCore, is responsible for setting up persistence and migrating into legitimate processes. Once initialized, ChaesCore communicates with the C2 server and downloads additional modules as required. Communication is encrypted to hide its activities.

Components of Chae$4 malware

The MSI installer contains obfuscated JavaScript and PowerShell scripts that establish the malware’s working directory and downloads essential files. The Module Wrapper decrypts and dynamically loads modules, executing their malicious code.

Different modules focus on stealing various types of data, such as login credentials, personal information, and financial data. 

Chae$4 malware is a serious threat, but by taking steps to protect yourself, you can help to keep your data safe. In addition to the information above, here are some other things to keep in mind about Chae$4:

*   The malware is still under development, so new features or capabilities may be added in the future.

*   The malware is targeted at a specific region, but it is possible that it could be used to target other regions in the future.

*   The malware is constantly evolving, so it is important to stay up-to-date on the latest information about it.

New Chae$4 Malware Steals Login, Financial Data from Businesses

By Owais Sultan
Tel Aviv, Israel, Sep 05, 2023 — Reflectiz, a cybersecurity company specializing in continuous web threat management offers…
This is a post from HackRead.com Read the original post: Holiday Season Cyber Alert: Reflectiz Declares War on Magecart

_Tel Aviv, Israel, Sep 05, 2023_ — Reflectiz, a cybersecurity company specializing in continuous web threat management offers an exclusive, fully remote solution to battle Magecart web-skimming attacks, a popular type of cyberattack involving injecting malicious code into the checkout pages.

As the Holiday Season approaches, online retailers face the challenge of protecting their websites against the growing threat of malicious attacks, such as Magecart. However, they struggle to add new security layers due to restrictions on modifying their website code to avoid impacting website performance during the peak shopping season.

**Reflectiz, a unique web security tool,** **ensures 100% readiness** **for Magecart attacks before and during the Holiday Season.** This is made possible by Reflectiz’s external, non-intrusive solution, requiring no code implementation or IT resources. Your website(s) will be fully protected within days, and there will be no impact on your website performance whatsoever. 

Reflectiz automatically detects third-party code changes, keylogging, and communication with malicious domains to prevent Magecart web-skimming attacks. It overcomes the most sophisticated malware obfuscation techniques, lets you track changes, prioritize issues, and implement alerts according to their severity level, empowering you to act before the damage is done.

Despite being so powerful, Reflectiz does not affect website performance. It has zero impact on your IT resources, and it does not require any installation on the client. It begins protecting your web assets within days, ensuring continuous monitoring of all crucial and sensitive web pages, not just checkout pages. 

_“Reflectiz understands the challenges faced by online retailers during this busy time of the year. In fact, in 2023, Reflectiz detected Magecart attacks on more than 150 websites, and the count is still rising. Our advanced technology enables the automatic detection of sophisticated threats throughout your entire online environment, all with quick and easy external implementation. You will be up and running within days” – Ysrael Gurt, Co-founder & CTO, Reflectiz_

Sign up for our exclusive offer today, and get the ideal head start in the war on Magecart.

**Contact**

*   **Daniel Sharabi**
*   **Marketing Director**
*   **Reflectiz**
*   **daniel.s@reflectiz.com**

Holiday Season Cyber Alert: Reflectiz Declares War on Magecart

By Owais Sultan
Technology enhances our lives, but it also leaves us vulnerable to unprecedented cyber threats. 
This is a post from HackRead.com Read the original post: Gcore Thwarts 500 Million PPS DDoS Attack on Gaming Company

Enter Gcore, the unsung cybersecurity hero, recently thwarted a staggering 500 million packets per second (PPS) DDoS attack on a gaming company. 

As we delve into the heart of this article, prepare to uncover the fascinating world of Distributed Denial of Service attacks (DDoS attacks), witness the monumental scale of Gcore’s intervention, and grasp the critical importance of cybersecurity in preserving the integrity of our online experiences.

**Gcore’s Role in Cybersecurity: Mitigating DDoS Threats**

Gcore emerges as a leading player in cybersecurity, with a specialized focus on combating Distributed Denial of Service attacks. With cyber threats becoming more sophisticated, Gcore DDoS protection solutions have become crucial.

**ExpertBBise in Handling Large-Scale DDoS Attacks**

Gcore’s prowess lies in its ability to effectively tackle substantial and complex DDoS attacks. These attacks, designed to overwhelm online services, require intricate strategies and technologies for successful mitigation.

Gcore employs dedicated teams of cybersecurity experts with hands-on experience handling various DDoS attacks. Gcore’s experts utilize advanced analytics to identify attack patterns, anticipate potential threats, and implement countermeasures.

**Solutions and Technologies for DDoS Mitigation**

By employing sophisticated traffic analysis techniques, Gcore identifies and filters out malicious traffic, allowing legitimate users to access the services without disruption. Their Anycast network spreads incoming traffic across multiple geographically distributed data centers. This reduces the impact of DDoS attacks by distributing the load. Their cloud infrastructure distributes attack traffic across multiple points, preventing any single point of failure.

**The Attack on the Gaming Company**

The gaming company faced an unprecedented DDoS attack, unleashing 500 million packets per second. This surge overwhelmed the company’s network infrastructure, causing widespread disruption.

The attackers likely employed a botnet, harnessing thousands of compromised devices to flood the company’s servers with massive malicious traffic. The scale and intensity of the attack made it difficult to mitigate.

**Potential Risks and Consequences**

Let’s take a look at some more detrimental consequences and risks.

**Service Disruption**

The attack resulted in severe service disruption, causing widespread outages and rendering the gaming platform inaccessible to users. This undermined user trust and satisfaction, impacting the company’s reputation.

**Financial Loss**

Extended downtime translates to financial loss, including lost revenue, operational expenses related to recovery efforts, and potential legal costs if user data is compromised.

**Gcore’s Response and Mitigation: Countering the DDoS Onslaught**

Gcore’s swift response to the DDoS attack demonstrates their commitment to safeguarding their clients’ digital infrastructure. Their proactive involvement was instrumental in mitigating the attack’s impact.

**Strategies and Methodologies Employed**

Gcore’s team thoroughly analyzed the incoming traffic to identify malicious patterns and sources. This enabled them to differentiate legitimate traffic from attack traffic. Leveraging advanced filtering technologies, Gcore’s experts filtered out malicious traffic while allowing legitimate users to access the services seamlessly.

By intelligently distributing incoming traffic across multiple servers, Gcore minimized the risk of overload on any single server, ensuring smooth operations even during the attack.

**Effectiveness of Gcore’s Approach**

Gcore’s strategic approach to DDoS mitigation showcased its efficacy during the attack. By promptly analyzing, filtering, and distributing traffic intelligently, they could maintain service availability, prevent downtime, and minimize disruptions to client operations.

**Significance of the Successful Mitigation: Safeguarding the Digital Realm**

In this section, we will analyze Gcore’s success, how it helps businesses and the implications of using its services.

**Analysis of Gcore’s Success**

Gcore’s successful mitigation of the massive DDoS attack underscores its robust infrastructure and expertise in cybersecurity. Analyzing their approach reveals insights into effective cyber defence strategies. They can swiftly respond to the attack by redistributing traffic and neutralizing threats, showcasing their preparedness and agility in dealing with evolving cyber threats.

**Implications for the Gaming Industry and Beyond**

The mitigation’s success highlights the need for collaboration among gaming companies, cybersecurity experts, and law enforcement agencies to combat cyber threats collectively.

Conversely, Gcore’s success sets a precedent for the gaming industry and other potential targets. It emphasizes the critical importance of investing in advanced cybersecurity measures to thwart large-scale attacks.

**Gcore’s Role in Safeguarding Businesses**

Emphasize Gcore’s role as a cybersecurity expert, specializing in protecting businesses against evolving cyber threats, including DDoS attacks. Highlight Gcore’s cybersecurity solutions, including advanced DDoS protection, security audits, and ongoing monitoring. Discuss how these services contribute to overall cyber resilience.

**Conclusion**

Gcore’s triumph in thwarting a massive DDoS attack on a gaming company showcases the power of expert cybersecurity. As we traverse the complexities of online safety, Gcore’s ability to safeguard digital landscapes becomes more than just a service—it becomes a necessity. 

Their strategic response protected the gaming realm and set a powerful example for industries at risk. With Gcore at the helm, businesses can stride confidently into the digital future, knowing their defences are fortified against the unseen.

Gcore Thwarts 500 Million PPS DDoS Attack on Gaming Company

By Waqas
The Freecycle data breach is the latest in a string of high-profile security incidents affecting online platforms in the United Kingdom.
This is a post from HackRead.com Read the original post: Freecycle Data Breach Impacts 7 Million Users

Freecycle is yet another UK-based platform to experience a data breach. Recently, several notable names, including the UK Air Traffic Control System, the Met Police IT Contractor, and the IT Firm Swan Retail, have also fallen victim to data breaches.

Freecycle, an online forum for giving and receiving unwanted items, has confirmed that it suffered a data breach on August 30, 2023. The breach exposed the personal information of over 7 million users, including usernames, User IDs, email addresses, and MD5-hashed passwords.

The organization says that it has notified the “appropriate US authorities” of the incident, as well as the Information Commissioner’s Office (ICO) in the UK. Few details of what happened have been revealed, but Freecycle is advising all members to change their account passwords as a security measure.

“On August 30th we became aware of a data breach on Freecycle.org,” said Deron Beal, executive director of Freecycle. “As a result, we are advising all members to change their passwords as soon as possible. We apologize for the inconvenience and would ask that you watch this space for further pending background.”

Freecycle is yet another UK-based platform to experience a data breach. Recently, several notable names, including the UK Air Traffic Control System, the Met Police IT Contractor, and the IT Firm Swan Retail, have also fallen victim to data breaches.

The Freecycle data breach is a reminder of the importance of online security. Users should always use strong passwords and enable two-factor authentication whenever possible. They should also be careful about what information they share online.

If you are a Freecycle user, you should change your password immediately. You can also monitor your credit report for any signs of fraudulent activity.

*   Here are some additional tips for protecting your online security:
*   Use a different password for each online account.
*   Enable two-factor authentication whenever possible.
*   Be careful about what information you share online.
*   Keep your software up to date.
*   Be suspicious of any emails or messages that ask for personal information.

By following these tips, you can help to protect yourself from further attacks and embarrassment.

Freecycle Data Breach Impacts 7 Million Users

By Deeba Ahmed
Ethereum Network Stake Loses $41 Million Worth of Crypto After Private Key Leak.
This is a post from HackRead.com Read the original post: World’s Largest Cryptocurrency Casino Stake Hacked for $41 Million

Cryptocurrency casino Stake experienced suspicious funds outflow with $15.7m drained on Ethereum and $25.6 m collectively lost in Binance Smart Chain and Polygon.

**Key Findings**

*   **On September 4, 2023, the world’s largest Australian cryptocurrency casino and sportsbook platform Stake became a target of a financially motivated cyberattack, losing over $41 million worth of cryptocurrencies.**

*   **The hackers exploited a leaked private key to gain access to Stake’s hot wallets, which contain the platform’s most liquid funds.**

*   **The hackers stole a total of $16 million worth of Ethereum, $17.8 million across the Binance Smart Chain, and $7.8 million in Polygon.**

*   **The hackers converted the stolen funds to Ether and transferred them to multiple externally owned wallets.**

*   **Stake has suspended all deposits and withdrawals and is currently investigating the attack.**

According to reports from on-chain analyst Cyvers and blockchain researcher ZachXBT, on September 4, 2023, the world’s largest Australian cryptocurrency casino and sportsbook platform Stake became a target of a financially motivated cyberattack, losing over $41 million worth of cryptocurrencies.

Cyves has dubbed it a suspicious outflow of funds, most of which were sent to an account labelled ‘Stake.com Hacker.’ Further probing revealed that the withdrawals resulted from a leaked private key. The casino apparently was targeted by an exploit.

Etherscan reported that the first transaction to the alleged hacker’s wallet took place at 12:48 pm in which $3.9m worth of Tether was transferred followed by two more transactions draining out 6,001 Ether. Hackers kept removing tokens for the next few minutes, stealing $1m in USD coins. Altogether $16m worth of Ethereum, $17.8 across the Binance Smart Chain, and $7.8m in Polygon were stolen.

On X (former Twitter), Cyves shared news of the incident to alert Stake users about the unauthorized draining of funds:

“ALERT🚨Our AI-powered system has detected multiple suspicious transactions with @Stake. (https://etherscan.io/address/0x3130662aece32f05753d00a7b95c0444150bcd3c) address received about $16M in $ETH $USDC $USDT and $DAI. All the stablecoins are converted to $ETH and distributed to different EOAs.”

The hackers converted the stolen funds to Ether. They transferred the amount to multiple externally owned wallets before the withdrawals stopped, leaving the casino with $340,000 worth of Ether and $2.1m in other altcoins.

The casino suspended all deposits/withdrawals, due to which most users cannot access their funds as of now. The platform also confirmed the breach, stating that unauthorized transactions were made from its hot wallets.

“Three hours ago, unauthorized tx’s were made from Stake’s ETH/BSC hot wallets. We are investigating and will get the wallets up as soon as they’re completely re-secured. User funds are safe. BTC, LTC, XRP, EOS, TRX + all other wallets remain fully operational,” Stake’s statement on X read.

Stake is a popular betting platform known for its affiliation with rapper Drake and the Formula One fame Alfa Romeo, recording $2.6 bn in revenues in 2022. It allows users to deposit/play with cryptocurrencies. As per its co-founder Ed Craven, Stake accounted for 6% of all Bitcoin transactions, 15% of all Litecoin transactions, and 12% of all Dogecoin transactions last year.

The draining of such a hefty amount is a big blow for the casino and the cryptocurrency industry as in July 2023, another platform Alphapo lost $31m in suspicious withdrawals. In 2022, over $3.7bn worth of crypto was lost in different exploits and hacks, and this incident highlights that the industry continues to be vulnerable to cybercrime.

**RELATED ARTICLES**

1.  Hackers drain $25 million in assets from dForce
2.  Hacker Returns $200 Million Stolen from Euler Finance
3.  Crypto ATM Manufacturer General Bytes Suffers $1.5m Bitcoin Theft
4.  Researcher Exposes Cryptocurrency Scam Network of 300 Domains
5.  Kroll SIM-Swapping Attack Causes Data Breach at 3 Top Crypto Firms

World’s Largest Cryptocurrency Casino Stake Hacked for $41 Million

By Owais Sultan
In this article, we will discuss cybersecurity for startups and how implementing effective measures can contribute to their overall success and growth
This is a post from HackRead.com Read the original post: Cybersecurity for Startups: Best Tips and Strategies

  
In the modern business landscape, cybersecurity is of paramount importance for startups. It serves as a protective barrier against digital threats that can compromise sensitive data, disrupt operations, and negatively impact the reputation of a young business. In this article, we will discuss cybersecurity for startups and how implementing effective measures can contribute to their overall success and growth

**Why Cybersecurity for Startups is Important**

Cybersecurity is important not only for large corporations but also for startups. New ventures often possess valuable intellectual property, customer data, and proprietary information, rendering them appealing to cyberattacks. Hackers may leverage system vulnerabilities to gain unauthorized access, leading to data breaches or theft.

Secondly, startups might lack the financial resilience to recover from cyber incidents. The costs associated with data breaches, legal consequences, and reputational damage can be overwhelming for startups, potentially leading to financial ruin.

Additionally, startups rely heavily on their reputation and customer trust to succeed. A cybersecurity breach can erode this trust and tarnish their brand, deterring customers and investors alike.

Lastly, emerging businesses are increasingly interconnected with partners, clients, and suppliers through digital platforms. A breach within the startup’s ecosystem can spread to affect others, causing cascading consequences. 

**Assessing Your Startup’s Cybersecurity Needs**

When thinking about cybersecurity for startups, it’s crucial to start by looking at the risks you might face. This involves identifying potential threats like data breaches, hacking attempts, and malware infections. Consider the probability of these risks occurring and the potential consequences they might bring to your business. To do this effectively:

*   **Research Threats**: Stay informed about the latest cybersecurity threats relevant to startups.
*   **Prioritize Risks**: Evaluate the risks based on their likelihood and potential damage.
*   **Analyze Impact**: Understand how each risk could affect your business operations, reputation, and financial stability.

It’s also important to protect valuable assets and data. Identify the most critical assets, such as customer data, intellectual property, and financial documents. Then, follow these steps:

*   **Data Mapping:** Know where your data resides and how it flows within your organization.
*   **Access Control:** Restrict access to sensitive data to only those who need it.
*   **Data Classification:** Classify data based on its sensitivity level in order to implement suitable security measures.

**Essential Cybersecurity Measures for Startups**

Safeguarding your startup requires a proactive approach. Consider these fundamental cybersecurity actions:

**Implement Strong Password Policies**

Establish stringent rules for password creation. Ensure passwords are unique, combining letters, numbers, and symbols. Regularly prompt employees to update passwords and avoid using easily guessable information.

**Multi-factor Authentication for Critical Accounts**

Enhance security for critical accounts by adding an extra layer of protection. Multi-factor authentication requires an extra verification step beyond passwords, which lowers the likelihood of unauthorized access.

**Choose Software that Prioritizes Security**

Extend your cybersecurity diligence to the tools you use. When incorporating additional software, such as HR management systems or project management platforms, prioritize security as a non-negotiable criterion.

For instance, if you use time tracking software, consider apps that blur screenshots and offer data encryption for the captured information.

**Keep Software and Systems Updated**

Regularly update operating systems, applications, and software. Updates often contain security patches that shield your systems from known vulnerabilities.

**Install Firewalls and Antivirus Software**

Firewalls function as virtual barriers, managing the movement of data in and out of your network. They effectively prevent unauthorized entry. On a different note, antivirus software acts as a shield against harmful programs that could damage your systems. Setting up and adjusting both of these tools contributes a strong protective shield to your cybersecurity strategy.

**Encrypt Sensitive Data and Communications**

Implement encryption to scramble sensitive information. Encryption is a technique that transforms sensitive information into a coded format. This coding ensures that if someone without the proper authorization intercepts the data, they won’t be able to understand its contents.

**Regular Data Backups and Recovery Planning**

Create a routine of backing up data and critical information. In the event of data loss or a breach, having backups ensures you can restore your information and continue operations smoothly.

**Building a Strong Cybersecurity Culture**

To create a robust cybersecurity culture in your startup, consider the following actions:

**Engage managers to promote cybersecurity**: Start by having your leaders actively support and advocate for cybersecurity. When managers prioritize security, it sets a strong example for everyone else. They should allocate resources, make security decisions, and communicate the importance of cybersecurity to the whole team.

**Cultivate security awareness among employees:** Every team member plays a role in cybersecurity. Make sure that everyone understands their responsibility in keeping the digital environment secure. This involves following security policies, reporting suspicious activities, and being cautious with emails and links.  

**Execute regular security training and workshops:** Educate your employees by arranging regular training sessions and workshops. This keeps everyone updated about the latest threats and helps employees understand how to handle security incidents and maintain a secure work environment.

**Managing Incidents and Ensuring Disaster Recovery**

In the event of a breach or other security incident, having a well-structured plan is your first line of defense. Here’s how to manage incidents and ensure a swift recovery:

**Develop an incident response plan:** Create a plan outlining steps to take when a cybersecurity incident occurs. This plan should cover roles, responsibilities, and immediate actions to mitigate the impact of the incident.  

**Establish communication protocols in case of a breach:** Have a clear communication strategy that specifies who needs to be informed both within your organization and externally – customers, partners, regulatory authorities, etc. Open and timely communication assists in effectively managing the situation and maintaining trust.

**Regularly test and update disaster recovery procedures:** Simulate different types of incidents to assess the effectiveness of your response plan. This testing process can unveil gaps or weaknesses in your procedures, allowing you to refine and improve them.

Moreover, keep your disaster recovery procedures up-to-date. Technology and threats evolve, and your response strategies need to keep pace. Regularly review and update your plan to align with the changing threat landscape and technological advancements.

**Compliance and Legal Considerations**

Meeting legal requirements is a crucial aspect of cybersecurity. Here’s how to navigate compliance and protect both your startup and customer interests:

**Navigating Relevant Data Protection Regulations**

Different regions have different data protection regulations, like the General Data Protection Regulation (GDPR) in Europe or the California Consumer Privacy Act (CCPA) in the United States. Understand the specific regulations that apply to your startup’s operations and ensure your cybersecurity practices align with these requirements.

**Protecting Customer Data and Privacy Rights**

Customers trust you with their data; protecting it is not only ethical but often legally mandated. Implement robust security measures to safeguard customer information. Offer clarity regarding the collection, utilization, and storage of their data, and give them the option to control their privacy preferences.

**Understanding Legal Implications of a Data Breach**

In the unfortunate event of a data breach, there are legal ramifications to consider. Different jurisdictions have varying reporting requirements and potential penalties for breaches. Familiarize yourself with these implications to ensure you respond appropriately and fulfil your legal obligations.  

**Budgeting for Cybersecurity**

Effective cybersecurity requires the prudent allocation of resources. Just as you allocate funds for marketing or product development, earmark a portion of your budget specifically for cybersecurity. This financial commitment reflects the importance of protecting your digital assets and maintaining operational continuity.

While cybersecurity investments come with costs, weigh them against the potential risks and consequences of a breach. A cyber incident can result in financial losses, reputation damage, and legal repercussions that far outweigh the initial investment in security measures.

By allocating a realistic budget for cybersecurity and making informed decisions that balance costs and risks, your startup positions itself to effectively mitigate threats and maintain the trust of customers and partners. This proactive approach safeguards your operations and bolsters your overall business resilience.

**Looking Ahead: Future Cybersecurity Trends for Startups**

The world of cybersecurity is dynamic. Consider these trends that could impact startups in the near future:

**Emerging Threats and Attack Vectors**

As technology evolves, so do the tactics of cyber attackers. Stay vigilant against emerging threats like advanced phishing techniques, AI-driven attacks, and threats targeting IoT (Internet of Things) devices.

To counter these threats, ongoing education and awareness among your team are paramount. Regularly update your cybersecurity protocols to incorporate the latest threat intelligence and consider working with cybersecurity experts who can provide insights into emerging attack vectors.

**Integration of AI and Automation in Cybersecurity**

Artificial Intelligence (AI) and automation are becoming essential tools in the fight against cyber threats. These technologies can detect anomalies, provide real-time responses to incidents, and improve the overall efficiency of cybersecurity operations.

Consider investing in AI-driven cybersecurity tools that can augment your defense mechanisms. Collaborate with AI experts to fine-tune these solutions according to your startup’s unique needs.

**Conclusion**

Cybersecurity for startups is among the most critical factors to consider. Embrace cybersecurity not as a one-time task, but as an ongoing commitment. Implement a comprehensive approach that involves training, monitoring, and continuous improvement. By staying informed about emerging threats and embracing a proactive mindset, your startup positions itself to navigate the future cybersecurity landscape with resilience and confidence.

Cybersecurity for Startups: Best Tips and Strategies

By Habiba Rashid
Key Findings Cybersecurity researchers have warned of fake Signal and Telegram apps that have been distributed through the…
This is a post from HackRead.com Read the original post: Chinese APT Slid Fake Signal and Telegram Apps onto Official App Stores

**Key Findings**

*   Fake Signal and Telegram apps have been distributed through the Google Play Store and Samsung Galaxy Store.

*   The apps are designed to steal user data, including contact lists, call logs, and device information.

*   The apps were created by a Chinese APT known as GREF, while malicious code found in these apps is attributed to the BadBazaar malware.

*   The apps were initially targeted at users in China, but have since expanded to other countries.

*   If you have installed Signal Plus Messenger or FlyGram, you should remove them from your phone.

*   Before uninstalling the apps, make sure to unlink your Signal and Telegram accounts to prevent further data exposure.

Cybersecurity researchers have warned of fake Signal and Telegram apps that have been distributed through the Google Play Store and Samsung Galaxy Store. The apps, which are called Signal Plus Messenger and FlyGram, are designed to steal user data, including contact lists, call logs, and device information.

Signal Plus Messenger, a bogus version of the popular Signal app, managed to slip under the radar for nine months in the Google Play Store. It garnered over 100 downloads before Google finally removed it from the app storefront.

FlyGram, developed by the same threat actor, followed a similar trajectory but was removed in 2021. The Slovak cybersecurity firm ESET has identified these apps as malicious versions of Signal and Telegram, designed to deliver malware to unsuspecting users.

Fake Singnal and Telegram apps on Google Play Store and Samsung Galaxy Store (Image: ESET)

These fake apps were more than just imitations; they were sophisticated tools for cyber espionage. In a blog post, ESET researchers mentioned that the counterfeit Telegram app could harvest basic device information, sensitive data, Google accounts, and call logs. Additionally, it had a feature enabling it to back up data to a remote server controlled by the attacker.

The malicious Signal Plus app, on the other hand, could monitor both incoming and outgoing messages, transmitting them to a remote server for unauthorized access. To appear legitimate, dedicated websites were created for both apps, complete with links for direct installation from the Google Play Store.

The apps were created by a China-based hacking group known as GREF. GREF, also know as APT15, Ke3chang, Mirage, Vixen Panda and Playful Dragon, was also pointed out in July 2020 over the China’s insidious surveillance against Uyghurs with Android malware

Back in March 2018, these same threat actors were also found targeting a UK Government Contractor to steal military technology secrets. GREF is know the BadBazaar malware and in this campaign, the malicious code found in these apps is also attributed to the BadBazaar malware.

This should not be surprising, as another Chinese APT group, Smishing Triad, was recently reported to be carrying out a large-scale smishing campaign against users in the United States. This attack involved impersonating leading mail and delivery services.

Initially, users in China were the primary targets of these fake apps. However, the threat has since expanded to include users in Ukraine, Poland, the Netherlands, Spain, Portugal, Germany, Hong Kong, and the United States. 

If you’ve unwittingly installed Signal Plus Messenger or FlyGram, removing them from your phone is crucial. However, exercise caution when doing so. Before uninstalling these apps, make sure to unlink your Signal and Telegram accounts to prevent further data exposure. Google has labeled these apps as malicious and capable of stealing personal information.

**Some quick tips for staying safe from fake apps**

*   Only download apps from official app stores, such as the Google Play Store and the Apple App Store.
*   Be wary of apps that ask for more permissions than they need.
*   Read the reviews of an app before you download it.
*   Keep your apps updated.
*   Regularly scan your device for malware using a security app.

1.  Phishers Now Actively Automating Scams with Telegram
2.  Telegram and Discord Bots Delivering Infostealing Malware
3.  New MMRat Android Trojan Uses Fake App Stores for Bank Fraud
4.  Researcher Identifies Popular Swing VPN Android App as DDoS Botnet

Chinese APT Slid Fake Signal and Telegram Apps onto Official App Stores

By Deeba Ahmed
China's reply to OpenAI's ChatGPT is here, and it's called Baidu's Ernie Bot.
This is a post from HackRead.com Read the original post: China’s Baidu Introduces ChatGPT Rival Ernie Bot

Ernie Bot (full name: Enhanced Representation through Knowledge Integration) is the first generative AI chatbot publicly released in China. Although it is available globally, users need a Chinese phone number to register and log in.

*   Baidu’s AI chat service Ernie Bot is the first Chinese rival to ChatGPT.

*   Ernie Bot is powered by Baidu’s Ernie language model, which is trained on a massive dataset of text and code.

*   Ernie Bot can be used for a variety of tasks, including generating text, translating languages, writing different kinds of creative content, and answering your questions in an informative way.

*   The Chinese government is still in the process of regulating the generative AI industry, so there are some restrictions on how Ernie Bot can be used.

*   Despite these restrictions, Ernie Bot is a significant development in the field of AI and has the potential to be a powerful tool for businesses and individuals.

After the stupendous success of OpenAI’s ChatGPT, every company wants to integrate AI technology, and many want to develop customized AI language models, such as Baidu. The Chinese multinational AI tech firm Baidu has officially received the go-ahead for its own AI-based chatbot Ernie Bot, regarded as the rival of ChatGPT.

Ernie Bot, similar to its primary competitor ChatGPT, offers users the ability to inquire about various topics or request assistance in creating market analysis, generating marketing slogans, and summarizing documents.

**Chinese Public Received the Country’s First AI Chatbot:**

Baidu’s AI chat service Ernie Bot was initially launched on March 16 2023 as the first-ever Chinese rival to ChatGPT and made available to the public on August 30 after the government released regulations in July. Within 24 hours of its official release, the chatbot attracted 1 million users and over 33.4 million user queries.

The same day Baidu announced the release of another batch of AI applications and initiated the registration process for its chatbot. However, it is worth noting that when it was released in mid-March, MIT Technology Review’s Zeyi Yang dubbed its performance mediocre compared to ChatGPT.

**Chinese Tech Sector Eyeing Generative AI Industry**

According to Chinese media outlets, at least eight Chinese generative AI chatbots are part of the first batch of approved apps for the public. This includes ByteDance’s chatbot Doubao released on August 18 and Zidong Taichu 2.0 from the Institute of Automation at the Chinese Academy of Sciences. However, AI bots from Alibaba, JD, iFLYTEK, and 360 weren’t part of the first batch.

So far, over a dozen Chinese chatbots have been released, and most offer similar features as ChatGPT and other Western AI bots as all can converse in text, answer queries, solve math problems, compose poems, and write programming code.

**China Not Ready to Allow Free Access to AI Tech**

Ernie Bot and all other Chinese chatbots will be released with certain restrictions, which makes it difficult for the Chinese public to use these tools. In July 2023, the Chinese government released regulations before allowing the public access to generative AI models, which included a condition that companies would need to obtain relevant administrative licenses but didn’t specify what it meant.

To use Ernie Bot, users must create an account on Baidu and obtain a use license, which may take up to three months. That’s why many early members are now selling secondhand Baidu accounts on e-comm platforms for up to $100.

China’s Baidu Introduces ChatGPT Rival Ernie Bot

By Deeba Ahmed
Smishing Triad Impersonating Leading Mail/Delivery Services in New Attack
This is a post from HackRead.com Read the original post: Chinese Smishing Triad Gang Hits US Users in Extensive Cybercrime Attack

Triad cleverly impersonates postal/delivery services like Royal Mail or USPS to trap unsuspecting US citizens in its newly detected smishing campaign.

Cybersecurity rsearcgers at Resecurity have published an advisory about the newly discovered large-scale smishing campaign from the Chinese-speaking cybercrime group Smishing Triad targeting US-based users through impersonating popular mail and delivery services.

According to Resecurity, Smishing Triad originates from China and uses smishing attacks as its primary attack vector. Researchers found that Smishing Triad has affiliations with several different cybercrime groups and that the group offers cybercrime-as-a-service infrastructure with its Smishing kit subscription starting at $200/month. Subscribers receive activation codes and deployment scripts with different frameworks.

“It is complicated to disrupt cyber-criminal activity committed by actors located in foreign jurisdictions like China without proper regulatory harmonization and mutual legal assistance abroad. Resecurity is thus sharing information about the ‘Smishing Triad’ with the cybersecurity community and general public to raise awareness to help organizations better safeguard their customers,” the advisory read.

**What is a Smishing Attack?**

Smishing (aka SMS Phishing), scammers exploit SMS or text message features and services to trap unsuspecting users into revealing sensitive personal and financial details, including passwords, banking credentials, and debit/credit card numbers, and lure them into downloading malicious software.

Threat actors mimic some credible government or private entity for instance, postal services, government institutions, or banks for creating a sense of legitimacy around these messages. 

**How Does the Attack Occur?**

The group generally exploits iMessage service for sending package-tracking scams, and steals PII (personally identifiable information) and financial data (such as payment card details or banking credentials) to conduct credit card fraud and identity theft.

This time, Smishing Triad has changed its strategy slightly and exploits messages from compromised Apple iCloud accounts to trick users. Its smishing kit is also up for sale on Telegram IM groups to create an extensive and well-organized fraud-as-a-service network.

Resecurity threat intelligence team accessed and reverse-engineered one such kit and discovered an SQL injection vulnerability through which they could retrieve sensitive data of more than 108,000 victims and warned them about the likelihood of identity theft.

**Who are the Targets?**

In this campaign, Smishing Triad is targeting US citizens. The group impersonates most leading postal and delivery services to trick users, including the following:

*   USPS
*   Correos (Spain)
*   New Zealand Post
*   The Royal Mail (UK)
*   Postnord (Sweden)
*   Poczta Polska (Poland)
*   J&T Express (Indonesia)
*   New Zealand Postal Service (NZPOST)
*   Poste Italiane and the Italian Revenue Service (Agenzia delle Entrate)

The victim receives a message from any of these services requesting additional information or payment of delivery fees through a credit card. After obtaining the desired information, the attackers can commit financial fraud.

Phished text – What happens when the phishing link is clicked (Rsecurity)

In its earlier campaigns, the group targeted users from diverse regions such as the UK, Poland, Japan, Indonesia, Sweden, and Italy.

**Protection from Smishing Attacks**

Protecting yourself from smishing (SMS phishing) is important for safeguarding your personal information and financial security. Here are five points to help you stay safe from smishing:

*   **Verify the Sender**: Always verify the sender’s identity before responding to any SMS messages, especially those that ask for personal or financial information. Legitimate organizations usually include their name and contact information in their messages.
*   **Don’t Click on Links**: Avoid clicking on links or downloading attachments in text messages, especially if you didn’t expect to receive such a message. These links may lead to malicious websites or install malware on your device.
*   **Be Cautious with Personal Information**: Never share personal or financial information via text messages, such as Social Security numbers, credit card details, or login credentials. Legitimate organizations will not ask for such sensitive data through SMS.
*   **Use Trusted Sources**: If you receive an SMS claiming to be from a bank, government agency, or other official institution, don’t trust it blindly. Instead, contact the organization directly using a trusted phone number or website to verify the message’s authenticity.
*   **Install Security Software**: Use reputable antivirus and anti-malware software on your mobile device. These tools can help detect and block malicious SMS messages and links.

Additionally, keeping your phone’s operating system and apps up-to-date, using strong and unique passwords for your accounts, and enabling two-factor authentication wherever possible can further enhance your protection against smishing and other cyber threats.

Chinese Smishing Triad Gang Hits US Users in Extensive Cybercrime Attack

By Habiba Rashid
The database contained over 17 billion records, which is equivalent to about 6.35 terabytes of data.
This is a post from HackRead.com Read the original post: Cigna Health Data Leak: 17 Billion Records Exposed

**Key Findings**

*   **A non-password-protected database containing over 17 billion records was exposed.**

*   **The leaked records included healthcare provider information, such as names, addresses, and contact numbers.**

*   **The leaked records also included negotiated rates for medical procedures.**

*   **The data leak was caused by a security lapse at Cigna Health.**

*   **Cigna Health has taken steps to secure the database and is investigating the incident.**

Cybersecurity researcher Jeremiah Fowler has unearthed a concerning incident involving a non-password-protected database containing over a staggering 17 billion records. The extensive records were traced back to Cigna Health, a major player in the health insurance industry. The company’s effort to bolster transparency inadvertently led to this massive data leak, as disclosed by Fowler.

The leaked records, amounting to a colossal 6.35 terabytes, primarily consisted of healthcare provider information. Details included the names of hospitals and doctors, location addresses, contact numbers, and various identification numbers such as the National Provider Identifier (NPI). Importantly, these records also disclosed negotiated rates for medical procedures. However, it is essential to clarify that the exposed data did not encompass customer or patient information.

Screenshot from the leaked records (Jeremiah Fowler)

Fowler’s discovery prompted a swift response from Cigna, acknowledging the security lapse and taking immediate measures to secure the vulnerable database from public access. Cigna defended its stance by citing its Transparency in Coverage program, which adheres to federal regulations in place since 2022.

Notably, the information contained within the database was intended for public access due to regulatory requirements. However, the lack of proper security measures posed potential risks to Cigna’s broader internal storage network.

The exposed database, which offered an unprecedented behind-the-scenes look into Cigna Health, detailed the company’s operations spanning all 50 states in the United States. Cigna Health offers an array of health insurance plans, catering to individuals, families, employers, and various government programs. 

The database’s structure was logically organized and easily searchable, revealing provider records alongside Current Procedural Terminology (CPT) codes. Under the Affordable Care Act, health insurers are mandated to disclose negotiated rates publicly, emphasizing transparency. Despite the potential benefits of this disclosure, the size and complexity of these data files could prove challenging for non-technical individuals to navigate effectively.

Security concerns regarding the leaked data revolve around the potential misuse of National Provider Identifier (NPI) numbers, which serve as unique identifications for healthcare providers. While the leaked data did not indicate any misconduct by Cigna, NPIs have been exploited in the past for fraudulent activities such as Medicare and Medicaid scams and non-password-protected databases could expose companies to ransomware attacks.

**RELATED ARTICLES**

1.  Cybersecurity firm exposes 5 billion data breach records
2.  DreamHost hosting firm exposed almost a billion sensitive records
3.  9,517 unsecured databases identified with 10 billion records globally
4.  Online trading broker FBS exposes 20TB of data with 16 billion records
5.  Brazilian marketplace integrator Hariexpress exposed 1.75 billion records