Cybersecurity News Digest [December 2022]

The holidays are over. But cybersecurity news will never end.

Today, we will tell you about the most significant events that took place in the world of cybersecurity in December.

You can read the previous digest here.

Hackers have hacked iOS 16

The creators of the tool for installing the palera1n jailbreak have announced the hacking of iOS 16.

According to hackers, they added iOS 16.1.1 and the current version of iPadOS 16 to the list of compatible hacking OSs. Enthusiasts explained that the hack took place based on the checkm8 bootrom exploit. Jailbreak is an operation not confirmed by Apple that allows access to the iOS file system and hidden settings.

Despite the successful hacking of Apple’s operating systems, jailbreak can only be installed on some devices so far. These include smartphones iPhone 8, 8 Plus, and iPhone X and tablets iPad Pro 10.5 and iPad Pro 12.9 of the second generation. Experts have released a jailbreak for all interested users.

The description of the tool says that the jailbreak can be installed if certain conditions are met. First, the user must have an Apple smartphone or tablet based on an A10 processor or a newer chip.

Also, if a digital lock password has never been installed on the device, then the jailbreak setup procedure will be successful. Otherwise, the owner of the gadget will have to perform a complete reset of the device with data loss.

User data has been leaked from Level.Travel

Personal data of customers of the online tour search service Level.Travel leaked to the internet.

“The security service of the Level.Travel service recorded a leak of information, as a result of which some data about users were published on the Internet, including contact numbers and booking details,” the company said.

They stressed that the leak did not affect bank card numbers and passwords for entering personal accounts.

Level.Travel is conducting an internal investigation of the incident. The tourist service promised to take the necessary measures to eliminate the consequences. Users whose data was affected by the leak will be sent recommendations to improve the security of accounts, the company added.

On December 14, the Level.Travel user database was publicly available. Allegedly, it contains the data of registered customers and information about the tours they bought. In total, the database has 719,000 unique phone numbers and 1.2 million unique email addresses.

TikTok confirmed that it spied on Forbes and Financial Times journalists

The Chinese company ByteDance, which owns the TikTok application, confirmed that their employees used account data to monitor the movement of American journalists. ByteDance provided Forbes with internal letters about the results of the investigation.

We are talking about journalists who wrote about technology, TikTok, and other ByteDance applications. This includes Emily Baker-White, Katharine Schwab, and Richard Niva, who used to work at Buzzfeed and moved to Forbes, as well as Financial Times journalist Cristina Criddle.

In the summer, the company’s management began tracking IP addresses and other data of journalists in order to establish which of the ByteDance employees they were in the vicinity with and find out the sources of leaks. They never found out, the letters claim.

According to the documents, four employees who participated in the scheme were fired from the company. Two of them worked in the USA and two in China, and among them was TikTok’s head of internal audit Chris Lepitak.

Baker-White in June published an article in Buzzfeed claiming that TikTok employees from the parent company had access to American user data. TikTok began transferring their data to the servers of a third-party Oracle company in Texas after the administration of Donald Trump promised to block the application. The “US-based security service” is responsible for accessing Americans’ data, the company claimed.

Baker-White wrote that she received audio recordings of meetings at TikTok, where employees discussed the fact that developers in China “have access to everything.”

Criddle reported on the poor working conditions at TikTok’s London office. After her article, the head of the European direction of ByteDance, Joshua Ma, who had told subordinates that he “did not believe” in the need for maternity leave, was fired.

The database of 400 million Twitter users is put up for sale

The hacker announced the hacking of Twitter and demanded a ransom from Musk for the data of millions of users.

A hacker under the pseudonym Ryushi, claiming to have hacked Twitter, demanded a ransom from the owner and head of the social network Elon Musk for the personal data of users. The cybercriminal claimed to have gained access to the data of 400 million accounts, according to the Security Affairs portal.

According to the hacker, he managed to gain access to personal information using the vulnerabilities of the platform. The database he put up for sale on the darknet contains email, phone numbers, and other personal data.

At the same time, as proof, the seller-provided access to the data of one thousand users. In particular, the sample contains information about the accounts of entrepreneur Donald Trump Jr., cybersecurity specialist Brian Krebs, and other famous people.

The hacker offered Musk the chance to buy the database.

“Twitter or Elon Musk, if you’re reading this, you’re already at risk of getting a GDPR fine. Your best option to avoid a fine for violating GDPR is to buy this data on an exclusive basis,” the hacker said.

Read more about the strange purchase of Twitter here.

A dangerous spy virus with control via Telegram has been detected

An investigation by an information security company has discovered the TgRAT malware, which is controlled through the popular Telegram messenger.

It is noted that TgRAT uses the Telegram infrastructure as the control channel and can take screenshots, download files to the attacked node and upload data from the node to the control server.

TgRAT was created purposefully for specific computers from which attackers intend to steal confidential information. So, at the very beginning of the work, RAT checks the hostname, and if it does not match the desired one, the malware ceases its work.

To detect a spyware virus on your computer, experts recommend using special programs for traffic analysis and paying attention to outgoing data from internal corporate servers. Also, monitoring traffic within the network will allow you to identify network tunnels and non-standard communication between servers and protect nodes with an antivirus.

Is Telegram safe and secure for everyday usage? Learn more here.

Google has admitted that ChatGPT will be its replacement

The American corporation Google has paid close attention to the chatbot with artificial intelligence ChatGPT from the competitor company OpenAI, which is why the company is reshuffling departments to accelerate the development and release of its AI-based projects.

It is noted that ChatGPT is currently the most famous example of an Internet interlocutor with AI elements, which is able to directly answer a person’s questions and maintain a conversation similar to a conversation between two people.

According to the data, Google considered the competitor’s program a serious success and announced a “critical situation.” CEO Sundar Pichai has “restructured the work of numerous groups within the company to respond to the threat posed by ChatGPT.”

“From now until a major conference that Google plans to hold in May, teams from different departments have been reassigned to help develop and release a new project based on artificial intelligence.”

We are talking, among other things, about a program capable of creating works of art and images according to a description. The plans also include making the existing LaMDA chatbot technology available to more users.

Earlier it was reported that Google is working on a secret project using AI, which should help the company to abandon the services of numerous programmers.

Read more about Google’s security system here.