Siemplify veterans introduce Cloud Security Orchestration and Remediation platform, backed by high-profile investors including YL Ventures, Tiger Global, and CEOs of CrowdStrike and CyberArk

**TEL AVIV, Israel - September 13, 2022** -- Opus Security, a Cloud Security Orchestration and Remediation startup, today announced $10 million in seed funding led by YL Ventures with participation from Tiger Global and renowned security executives and serial entrepreneurs, including George Kurtz, co-founder, CEO and President of CrowdStrike; Udi Mokady, co-founder, Chairman and CEO of CyberArk; Dan Plastina, former Head of AWS Security Services; Oliver Friedrichs, co-founder and former CEO of Phantom Cyber, acquired by Splunk; and Alon Cohen, co-founder and former CTO of Siemplify, acquired by Google Cloud, among others.

Opus, the first holistic solution for managing and orchestrating cloud security response and remediation processes, was founded by experienced security professionals, Meny Har, CEO and Or Gabay, CTO, who were part of the founding team and leadership of SOAR pioneer Siemplify (acquired by Google). Customers expressed an acute need for a new security orchestration platform that can empower cloud security teams to reap the value of automation, gain control and lead remediation efforts across the entire organizational cloud environment using best practices and proven methodologies that can be implemented instantly, cutting down the time from detection to mitigation and conserving valuable resources.

“Organizations should not have to prioritize security over business continuity, and already strained SecOps teams are ill-equipped to handle the nuanced decisions demanded of them,” said Dan Plastina, former Head of Security Services at AWS. “Opus’ founders have built a platform that cloud-native security leadership demands — maximizing cloud security automation while retaining and enhancing business benefits.”

In recent years, revolutionary cloud security solutions created a higher level of visibility into potential threats. With more findings and more visibility, security operations had to expand from detection and response, and venture into risk reduction. This expansion and the shift-left mindset necessitated the involvement of a growing number of stakeholders across the organization, including security teams, DevOps/application teams and business owners.

Lacking comprehensive tools, built-in automation, or streamlined processes to remediate risk, security teams are left with manual, time-consuming processes and no clear understanding of who owns this risk, who can mitigate it, when automation is “safe” and how they should delegate tasks accordingly, leaving numerous gaps unresolved.

“When it comes to cloud response and remediation, we’re still stuck with ad-hoc techniques developed on the fly,” said Srinath Kuruvadi, Head of Cloud Security at Netflix. “There is a huge opportunity to bring context-aware standardization to cloud automation that appeals to SecOps and DevOps teams, with precise risk reduction metrics. Opus’ founders have the right skills and an extensive background in SOAR-like technologies to tackle this important space.”

Aware of the concerning challenges and skill gaps in cloud security, Opus is set to transform the way response and remediation are done in the cloud. Opus has built a singular, overarching platform that connects existing cloud and security tools and relevant stakeholders, and orchestrates the entire response and remediation process across all organizational environments based on tried-and-tested, easily deployed guidelines and playbooks. Leveraging automation to the highest degree, Opus knows when sensitive issues demand human involvement and allows automation to resolve the rest. With instant visibility and mapping of remediation metrics, Opus removes blind spots and provides security and business executives with immediate and tangible insights into the state of their risk.

“The massive transition to the cloud has created a need for a new and different type of security orchestration platform, one that minimizes organizational risk and excels at leveraging the countless automation opportunities in the cloud,” said Meny Har, co-founder and CEO of Opus. “The growing number of stakeholders that are now an inherent part of the security operations process should be connected and working together to reduce risk.”

“The proliferation of cloud-focused security solutions has dramatically raised organizational awareness to the scope of their risk surface,” said John Brennan, Senior Partner at YL Ventures. “While visibility in the cloud has greatly improved, customers now express the need for a dedicated solution to address the drastically increasing number of alerts. I cannot imagine a better convergence of an expert team solving a market-wide problem that they understand intimately. Meny and Or have leveraged their unique experience at Siemplify to build the industry’s first cloud-native remediation orchestration and automation platform.”

For more information on how to reimagine your remediation efforts in the cloud, go to opus.security.

**Additional Quotation**

“The shift-left trend has necessitated a revised approach to remediation,” said Gerhard Eschelbeck, former CISO at Google. “Organizations need to bridge skill and resource gaps and create an orchestrated, automated alignment process across all teams. Traditional manual tasks and friction between teams result in heightened risk and jeopardize business continuity.”

**About Opus Security**

Opus is a singular, overarching Cloud Security Orchestration and Remediation platform, transforming the way remediation is conducted in the cloud. Opus empowers cloud security teams to see beyond alerts and threats and gain control, knowledge, and capabilities to resolve them. Opus integrates with existing security tools and orchestrates the entire remediation process across all stakeholders and organizational environments, based on tried-and-tested, easily deployed guidelines and playbooks. Leveraging selective automation, Opus knows when sensitive issues demand human involvement and allows automation to resolve the rest, cutting down the time from detection to mitigation and conserving valuable resources. Finally, Opus provides security and business executives with immediate and tangible insights based on remediation metrics, with comprehensive visibility into the state of their risk. For more information on how to reimagine your remediation in the cloud, visit opus.security.

**About YL Ventures**

YL Ventures funds and supports brilliant Israeli cybersecurity entrepreneurs from seed to lead. Based in Silicon Valley and Tel Aviv, YL Ventures manages five funds with $800M in total assets under management. The firm accelerates the evolution of portfolio companies via a powerful network of Chief Information Security Officers, global industry leaders and a dedicated team of experts, providing tailored guidance and hands-on support on all critical company-building domains. The firm's track record includes investments in Israeli cybersecurity unicorns such as Axonius and Orca Security, as well as successful, high-profile portfolio company acquisitions by major corporations including Palo Alto Networks, Microsoft, CA and Proofpoint. For more information, visit ylventures.com.

Opus Security Emerges from Stealth with $10M in Funding for Cloud SecOps and Remediation Processes

An analysis of cloud services finds that known vulnerabilities typically open the door for attackers, while insecure cloud architectures allow them to gain access to the crown jewels.

Companies and their cloud providers often leave vulnerabilities open in their system and services, gifting attackers with an easy path to gain access to critical data.

According to an Orca Security analysis of data collected from major cloud services and released on Sept. 13, attackers only need, on average, three steps to gain access to sensitive data, the so-called "crown jewels," starting most often — in 78% of cases — with the exploitation of a known vulnerability.  

While much of the security discussion has focused on the misconfigurations of cloud resources by companies, cloud providers have often been slow to plug vulnerabilities, says Avi Shua, CEO and co-founder of Orca Security.

"The key is to fix the root causes, which is the initial vector, and to increase the number of steps that they attacker needs to take," he says. "Proper security controls can make sure that even if there is an initial attack vector, you are still not able to reach the crown jewels."

The report analyzed data from Orca's security research team using data from a "billions of cloud assets on AWS, Azure, and Google Cloud," which the company's customers regularly scan. The data included cloud workload and configuration data, environment data, and information on assets collected in the first half of 2022.

**Unpatched Vulnerabilities Cause Most Cloud Risk**

The analysis identified a few main problems with cloud-native architectures. On average, 11% of cloud providers' and their customers' cloud assets were considered "neglected," defined as not having been patched in the last 180 days. Containers and virtual machines, which make up the most common components of such infrastructure, accounted for more than 89% of neglected cloud assets.  

"There is room for improvement on both sides of the shared responsibility model," Shua says. "Critics have always focused on the customer side of the house \[for patching\], but in the past few years, there have been quite a few issues on the cloud-provider end that have not been fixed in a timely manner."  

In fact, fixing vulnerabilities may be the most critical problem, because the average container, image, and virtual machine had at least 50 known vulnerabilities. About three-quarters — 78% — of attacks start with the exploitation of a known vulnerability, Orca stated in the report. Moreover, a tenth of all companies have a cloud asset using software with a vulnerability at least 10 years old.

Yet the security debt caused by vulnerabilities is not evenly distributed across all assets, the report found. More than two-thirds — 68% — of Log4j vulnerabilities were found in virtual machines. However, only 5% of workload assets still have at least one of the Log4j vulnerabilities, and only 10.5% of those could be targeted from the Internet.

**Customer-Side Issues**

Another major problem is that a third of companies have a root account with a cloud provider that is not protected by multifactor authentication (MFA). Fifty-eight percent of companies have disabled MFA for at least one privileged user account, according to Orca's data. Failing to provide the additional security of MFA leaves systems and services open to brute-force attacks and password spraying.

In addition to the 33% of firms lacking MFA protections for root accounts, 12% of companies have an Internet-accessible workload with at least one weak or leaked password, Orca stated in its report.

Companies should look to enforce MFA across their organization (especially for privileged accounts), assess and fix vulnerabilities faster, and find ways to slow down attackers, Shua says.

"The key is to fix the root causes, which is the initial vector, and to increase the number of steps that the attacker needs to take, " he says. "Proper security controls can make sure that even if the attacker has success with the initial attack vector, they are still not able to reach the crown jewels."

Overall, both cloud providers and their business clients have security issues that need to be identified and patched, and both need to find ways to more efficiently close those issues, he adds; visibility and consistent security controls across all aspects of cloud infrastructure is key.

"It is not that their walls are not high enough," Shua says. "It is that they are not covering the entire castle."

Attackers Can Compromise Most Cloud Data in Just 3 Steps

Categories: Exploits and vulnerabilities
Categories: News
Tags: Google

Tags:  Pixel

Tags:  critical

Tags:  CVE-2022-20364

Tags:  CVE-2022-20231

Tags:  Trusty

Tags:  Kernel

Google’s Pixel Update Bulletin for September included two security patches that are Pixel specific.



(Read more...)




The post Update now! Google patches vulnerabilities for Pixel mobile phones appeared first on Malwarebytes Labs.

Google’s Pixel Update Bulletin for September included two security patches that are Pixel specific.

Both underlying vulnerabilities are rated critical and could lead to privilege escalation and device takeover.

**The vulnerabilities**

Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). These are the CVEs that are Pixel specific:

CVE-2022-20231: a critical Elevation of Privileges vulnerability in Trusty. This buffer overflow vulnerability allows a local application to escalate privileges on the system.

Trusty is a secure Operating System (OS) that provides a Trusted Execution Environment (TEE) for Android. The Trusty OS runs on the same processor as the Android OS, but Trusty is isolated from the rest of the system by both hardware and software. Trusty and Android run parallel to each other. Trusty has access to the full power of a device’s main processor and memory but is completely isolated. Trusty's isolation is designed to protect it from malicious apps installed by the user and potential vulnerabilities that may be discovered in Android.

CVE-2022-20364: a critical Elevation of Privileges vulnerability in Kernel. The Android kernel is based on an upstream Linux Long Term Supported (LTS) kernel. At Google, LTS kernels are combined with Android-specific patches to form what are known as Android Common Kernels (ACKs). This buffer overflow vulnerability exists due to a boundary error within the kernel component. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

**Buffer overflow**

A buffer overflow occurs when a program or process attempts to write more data to a fixed-length block of memory, or buffer, than the buffer is allocated to hold. Buffers contain a defined amount of data. Any extra data could overwrite assigned data values in memory addresses adjacent to the destination buffer.

**Elevation of privileges**

Privilege escalation is the act of exploiting a bug, design flaw, or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions.

**Mitigation**

All supported Google devices will receive an update to the 2022-09-05 patch level. The update also includes patches for the 46 bugs that Google addressed in Android this month. We encourage all Pixel users to accept these updates to their devices.

To learn how to check a device's security patch level, read the instructions on the Google device update schedule.

Stay safe, everyone!

Update now! Google patches vulnerabilities for Pixel mobile phones

Categories: Apple
Categories: News
With the introduction of passkeys in iOS 16 and macOS Ventura, Apple is poised to sway a trend against the use of passwords.



(Read more...)




The post Apple puts the password on life support with passkey appeared first on Malwarebytes Labs.

Posted: September 13, 2022 by

The "passwordless future" is something many internet users—and a great majority of the cybersecurity industry—have hoped for. Now Apple is about to make those hopes a reality.

With the release of iOS 16 yesterday, and macOS Ventura next month, Apple fans will be able to use passkeys, its password replacement, for iPhones, iPads, and Macs. The word "passkey" is not unique to Apple, however. Microsoft and Google are using the term, too.

Apple's passkey works like a password in that it is built into entry boxes where you put your password. It also acts as a digital key that users create to access their apps or websites.

A video demonstrating passkey's use in Apple's WWDC 2022 event shows a prompt on the user's device before sign-in or during account creation, asking if they would like to "save a passkey" for the account in use. Once users say yes, they are prompted to authenticate the passkey creation using Face ID, Touch ID, or another method. The created passkey is stored in the user's iCloud Keychain and synced across all Apple devices and Safari web browsers.

Whenever a passkey is created, the device's system creates a pair of digital keys: public and secret keys. According to Garrett Davidson, an Apple engineer, in the demo video, these keys are created "securely and uniquely" for every account. The public key is stored on Apple's servers, while the secret key is kept on the device.

When signing in to an account protected by a passkey, the website or app looks for the secret key kept safe on the device to prove that the user is who the user claims they are. And because Apple's passkey is based on passwordless standards defined by the FIDO Alliance, it's likely the passkey can be stored anywhere, including some password managers with a provision for the passkey, such as Dashlane.

Those with other devices besides Apple can still take advantage of passkey. However, how things are done is slightly different because passkeys won't be stored on non-Apple devices. For example, accessing a browser account on a Windows machine would require a user to use a QR code containing a URL to a single-use encryption key and their iPhone. Once scanned, the machine and the device can communicate using end-to-end encryption via Bluetooth and share information.

"That means a QR code sent in an email or generated on a fake website won't work, because a remote attacker won't be able to receive the Bluetooth advertisement and complete the local exchange," Davidson said in the video.

"This has the potential to be _far_ superior to weak passwords and chosen by people who don't use a password manager or don't know how to choose a password," said Thomas Reed, Malwarebytes' Director for Mac & Mobile. "So even if this isn't 100% perfect, it's still going to be better than what most people are doing today."

**RELATED ARTICLES**

Apple puts the password on life support with passkey

Hackers tied to the Iranian government have been targeting individuals specializing in Middle Eastern affairs, nuclear security and genome research as part of a new social engineering campaign designed to hunt for sensitive information.
Enterprise security firm attributed the targeted attacks to a threat actor named TA453, which broadly overlaps with cyber activities monitored under the monikers

Hackers tied to the Iranian government have been targeting individuals specializing in Middle Eastern affairs, nuclear security and genome research as part of a new social engineering campaign designed to hunt for sensitive information.

Enterprise security firm attributed the targeted attacks to a threat actor named TA453, which broadly overlaps with cyber activities monitored under the monikers APT42, Charming Kitten, and Phosphorus.

It all starts with a phishing email impersonating legitimate individuals at Western foreign policy research organizations that's ultimately designed to gather intelligence on behalf of Iran's Islamic Revolutionary Guard Corps (IRGC).

Spoofed personas include people from Pew Research Center, the Foreign Policy Research Institute (FRPI), the U.K.'s Chatham House, and the scientific journal Nature. The technique is said to have been deployed in mid-June 2022.

What's different from other phishing attacks is the use of a tactic Proofpoint calls Multi-Persona Impersonation (MPI), wherein the threat actor employs not one but several actor-controlled personas in the same email conversation to bolster the chances of success.

The idea is to "leverage the psychology principle of social proof" and increase the authenticity of the threat actor's correspondence so as to make the target buy into the scheme, a tactic that demonstrates the adversary's continued ability to step up its game.

"This is an intriguing technique because it requires more resources to be used per target – potentially burning more personas – and a coordinated approach among the various personalities in use by TA453," Sherrod DeGrippo, vice president of threat research and detection at Proofpoint, said in a statement.

Once the initial email elicits a response from the target, the persona then sends a follow-up message containing a malicious OneDrive link that downloads a Microsoft Office document, one of which purportedly alludes to a clash between Russia and the U.S.

This document subsequently uses a technique called remote template injection to download Korg, a template consisting of three macros that are capable of gathering usernames, a list of running processes, and the victims' public IP addresses.

Besides the exfiltration of the beaconing information, no other post-exploitation actions have been observed. The "abnormal" lack of code execution and command-and-control behavior has led to an assessment that the compromised users may be subjected to further attacks based on the installed software.

This is not the first time the threat actor has undertaken impersonation campaigns. In July 2021, Proofpoint revealed a phishing operation dubbed SpoofedScholars that targeted individuals focused on Middle East affairs in the U.S. and the U.K. under the guise of scholars with the University of London's School of Oriental and African Studies (SOAS).

Then in July 2022, the cybersecurity company uncovered attempts on the part of TA453 to masquerade as journalists to lure academics and policy experts into clicking on malicious links that redirect the targets to credential harvesting domains.

The disclosure comes amid a flurry of Iranian-linked cyber activity. Last week, Microsoft took the wraps off a string of ransomware attacks mounted by a Phosphorus subgroup dubbed DEV-0270 using living-off-the-land binaries such as BitLocker.

Additionally, cybersecurity firm Mandiant, which is now officially part of Google Cloud, detailed the activities of an Iranian espionage actor codenamed APT42 that has been linked to over 30 operations since 2015.

To top it all, the Treasury Department announced sanctions against Iran's Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence, Esmaeil Khatib, in response to "cyber-enabled activities against the United States and its allies."

Albania, which has severed diplomatic relations with Iran after blaming it for a series of cyber offensives since July, pointed fingers at the "same aggressors" over the weekend for conducting another attack on a government system used to track border crossings.

"State-aligned threat actors are some of the best at crafting well thought-out social engineering campaigns to reach their intended victims," DeGrippo said.

"Researchers involved in international security, particularly those specializing in Middle Eastern studies or nuclear security, should maintain a heightened sense of awareness when receiving unsolicited emails."

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Iranian Hackers Target High-Value Targets in Nuclear Security and Genomic Research

By Waqas
Mandiant will be integrated into the Google Cloud unit. 
This is a post from HackRead.com Read the original post: Google Buys Cyber Security Firm Mandiant for $5.4 Billion

The search engine and technology giant Google has announced acquiring Mandiant, Inc. for $5.4 billion. For your information, Mandiant is a United States-based leading provider of cybersecurity and threat intelligence.

According to a joint press release issued by Mandiant and Google, Mandiant will be integrated into the Google Cloud unit.

Founded in 2004 by Kevin Mandia, a former United States Air Force officer; Mandiant rose to fame after it published a report that accused the Chinese government and People’s Liberation Army’s Shanghai-based hacking unit of carrying out large-scale cyber espionage against companies in the United States. The 76 pages report can be accessed here .

Mandiant’s dashboard

In December 2013, Mandiant was acquired by FireEye for $1 billion, which sold it to Symphony Technology Group for $1 billion in June 2021. As of now, Mandiant has cyber security professionals in 22 countries, who serve customers located in 80 countries.

> **“The completion of this acquisition will enable us to deliver a comprehensive and best-in-class cybersecurity solution,” said Thomas Kurian, CEO of Google Cloud. “We believe this acquisition creates incredible value for our customers and the security industry at large. Together, Google Cloud and Mandiant will help reinvent how organizations protect themselves, as well as detect and respond to threats.”**

“The power of stronger partnerships across the cybersecurity ecosystem is critical to driving value for clients and protecting industries around the globe. The combination of Google Cloud and Mandiant and their commitment to multi-cloud will further support increased collaboration, driving innovation across the cybersecurity industry and augmenting threat research capabilities. We look forward to working with them on this mission.” – Paolo Dal Cin, Global Lead, Accenture Security.

“Google’s acquisition of Mandiant, a leader in security advisory, consulting and incident response services will allow Google Cloud to deliver an end-to-end security operations suite with even greater capabilities and services to support customers in their security transformation across cloud and on-premise environments.” – Craig Robinson, Research VP, Security Services, IDC.

“Bringing together Mandiant and Google Cloud, two long-time cybersecurity leaders, will advance how companies identify and defend against threats. We look forward to the impact of this acquisition, both for the security industry and the protection of our customers.” – Andy Schworer, Director, Cyber Defense Engineering, Uber.

In conclusion, Google’s acquisition of Mandiant is a strong move that will bolster the company’s position in the cyber security and cloud computing market. With Mandiant’s expertise in security and incident response, Google will be able to offer even more comprehensive and secure solutions to its customers. This is good news for businesses and consumers alike who rely on Google for their needs.

1.  Microsoft to buy GitHub for $7.5 billion
2.  Despite DDoS attack, Dyn Clinches Acquisition Deal with Oracle
3.  Israeli firm Kape Technologies buys ExpressVPN raising privacy concerns
4.  Israeli firm buys Private Internet Access (PIA) VPN raising privacy concerns

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Google Buys Cyber Security Firm Mandiant for $5.4 Billion

SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php.

**The bug**  
A Server Side Request Forgery exists in admin/modules/bibliography/marcsru.php and admin/modules/bibliography/z3950sru.php due to the class in lib/marc/XMLParser.inc.php

**Reproduce**  
Steps to reproduce the behavior:

1.  Go to http://127.0.0.1:8008/slims9_bulian-9.4.2/admin/index.php?mod=bibliography then go to copy cataloguing
2.  choose between marc sru or 23950sru
3.  type in something what you want in the search bar
4.  set burpsuite intercept on
5.  change the z3950_SRU_source or marc_SRU_source parameter value to some url that grab the traffic
6.  forward the request
7.  or just visit http://127.0.0.1:8008/slims9_bulian-9.4.2/admin/modules/bibliography/marcsru.php?keywords=aaaaaaaa&index=0&marc_SRU_source=URL_ENCODED_ENDPOINT_THAT_CAPTURE_HTTP_LIKE_HOOKBIN

**Screenshots**  
Normal requests

Tampered and SSRF trigger(netcat)

Tampered and SSRF trigger(toptal.com)

**Versions**

*   OS: MacOS Mojave 10.14.6
*   Browser: Google Chrome | 103.0.5060.134 (Official Build) (x86\_64)
*   Slims Version: slims9\_bulian-9.4.2

CVE-2022-38292: [Security Bugs]  Server Side Request Forgery · Issue #158 · slims/slims9_bulian

Unpatched Pixel devices are at risk for escalation of privileges, Google warns.

A pair of critical security vulnerabilities in Google's Pixel mobile phone line could lead to privilege escalation and device takeover.

The Pixel bugs, tracked as CVE-2022-20231 and CVE-2022-20364, are in the Trust and Kernel components, respectively, according to Google's Android security advisory.

"For Google devices, security patch levels of 2022-09-05 or later address all issues in this bulletin and all issues in the September 2022 Android Security Bulletin," Google said in its Pixel patch advisory. "All supported Google devices will receive an update to the 2022-09-05 patch level. We encourage all customers to accept these updates to their devices."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Google Releases Pixel Patches for Critical Bugs

Analysis shows attackers breached employee credentials with voice phishing and were preparing a ransomware attack against Cisco Systems.

A month after confirming its systems were breached, networking giant Cisco reported that the attack was a failed ransomware attempt conducted on behalf of the Lapsus$ group.

The cybercriminals obtained access to Cisco's systems with a social engineering attack that began with an attacker taking control of an employee's personal Google account, where credentials saved in the victim’s browser were being synchronized. Then, in a series of sophisticated voice phishing attacks, the gang convinced the victim to accept multifactor authentication (MFA) push notifications, giving crooks the ability to log in to the corporate VPN as if they were the victim.

From there, the attackers were able to compromise Cisco systems, elevate privileges, drop remote access tools, deploy Cobalt Strike and other offensive malware, and add their own backdoors into the system.

"Based upon artifacts obtained, tactics, techniques, and procedures (TTPs) identified, infrastructure used, and a thorough analysis of the backdoor utilized in this attack, we assess with moderate to high confidence that this attack was conducted by an adversary that has been previously identified as an initial access broker (IAB) with ties to both UNC2447 and Lapsus$," the Cisco Talos team explained in a Sept. 11 update on the August breach. "While we did not observe ransomware deployment in this attack, the TTPs used were consistent with 'pre-ransomware activity,' activity commonly observed leading up to the deployment of ransomware in victim environments."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Cisco Data Breach Attributed to Lapsus$ Ransomware Group

By Waqas
Scuba Jake, whose real name is Jake Koehler, had his YouTube channel "DALLMYD" with 13 million subscribers hacked to steal 1.01 BTC.
This is a post from HackRead.com Read the original post: Popular YouTuber Scuba Jake’s channel hacked to run crypto scam

YouTube is frequently targeted in hacks especially to carry out **crypto scams**. The severity of crypto scams on YouTube can be quantified by the fact that in July 2020, Apple co-founder **Steve Wozniak ended up suing** Google and YouTube over Bitcoin giveaway scams being carried out in his name.

Now, another viral YouTuber Jake Koehler (aka Scuba Jake) has suffered a similar hack in which his channel “**DALLMYD**” was compromised to run a crypto scam and steal funds from his subscribers.

It is worth noting that Jake’s channel has more than 13 million subscribers and boasts 1.75 billion views since its creation in 2011. The American YouTuber is known for uploading scuba-diving videos where he goes underwater on treasure hunts and finds/returns lost items including smartphones, gadgets, and jewelry.

Archive video of Scuba Jake’s YouTube channel

According to the financial news and crypto analysis blog **Finbold**, the hacking occurred on September 9th, 2022. Reportedly, crypto scammers hijacked the channel and tried to defraud innocent followers of Scuba Jake in a **fake giveaway scheme** involving cryptocurrencies Bitcoin and Ethereum.

What’s worse, apparently scammers managed to steal 1.01 BTC (around $21,000). This analysis was based on the QR codes scammers shared with users to scan before sending crypto.

On the other hand, a look at Blockchain.com confirms that the **scammers’ Bitcoin wallet** shared with users received four transactions, and since its creation, it has received around 1.0107 BTC. That’s the same amount the scammers stole from Jake’s subscribers, but it may be higher because the scammers might have used multiple wallets during the live stream. It is worth noting that no transaction was made in the **Ethereum** wallet.

Scammers also changed Jake’s channel name to MicroStrategy US to replicate the firm MicroStrategy, a USA’s crypto-friendly business intelligence firm. Scammers hosted two live streams of an old video showcasing ex-CEO of the company and Bitcoin enthusiast Michael Saylor.

The scammers deceived unsuspecting subscribers of Jake into sending cryptocurrency and receiving a prize or higher reward from Saylor. They targeted the channel because of Jake’s massive following.

Although Jake has already confirmed the hack on his Instagram story but at the time of writing his channel was unavailable to viewers. A search for his YouTube channel shows video collaboration with other YouTubers while his channel is nowhere to be found on YouTube.

1.  **Botnet found using YouTube to illegally mine cryptocurrency**
2.  **Popular YouTube gaming channel hacked to run crypto scam**
3.  **YouTube deletes 2 million channels and 51 million videos over scams**
4.  **YouTube scammers impersonated Elon Musk, SpaceX; stole $150k in BTC**
5.  **British Military’s Twitter and YouTube Accounts Hacked to Scam Crypto Users**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Tag

#google