June 12, 2023

305

0

Author: Matthew Turner

Cybersecurity News Digest [May 2023 Version]

Summer has come, which means a new batch of news from the world of cybersecurity is ready. This time we will tell you about important events over the past May.

The previous cybersecurity news digest is here.

Cybersecurity news digest

#1 360 million VPN users’ data leaked

Obviously, you shouldn’t expect much from a free VPN service, but this one exceeded all expectations. The popular SuperVPN turned out to be not so super, but a real data farm.

The merged database contains 360 million records, with a total volume of 133 GB. In the records, you can find users’ email addresses, source IP addresses, and geolocation data. In addition, as a result of the leak, secret keys, unique application user numbers, and UUID numbers were revealed, which can be used to identify additional useful information.

The database also contains models of phones or devices, operating systems, types of internet connections, and versions of VPN applications. By the way, this is not the first time SuperVPN has been accused of leaking the personal data of its unsuspecting users — almost a year ago it was on the list of free VPN services, from which the data of more than 21 million users leaked.

The best VPNs with a free trial period are here.

#2 The popular CapCut video editor is used to distribute stiller

Cybersecurity specialists from the company Cyble found 2 malicious campaigns at once, in which the popular video editor for TikTok is involved. Attackers create phishing sites and distribute through them a fake version of CapCut with a styler inside.

The ByteDance video editor is very popular, but it is banned in several countries, for example, India, Taiwan, and others. Because of this, users have to look for alternative download options, which attracted the attention of cybercriminals. They create fake websites and use search results promotion, as well as social networks to deliver malware disguised as CapCut to devices.

In the first campaign, Offx Stealer is used as a malicious load, which, after downloading, runs in the background and can steal passwords from browsers, data from desktop folders, cryptocurrency wallet accounts, as well as data from Discord and Telegram messengers, and information for remote access to a PC.

In the second case, a Redline Stealer is loaded onto the device, which is capable of stealing passwords, payment data, and crypto wallet accounts. At the same time, the styler successfully bypasses the Windows security features and remains unnoticed.

#3 Google has warned some users about deleting their accounts

Google will delete user accounts that their owners have not used for at least two years. The vice president of the company, Ruth Kricheli, warned about this in the blog of the service.

“If a Google account has not been used for at least two years or has not been logged in during this period, we can delete this account and its contents — including content within Google Workspace (Gmail, Docs, Drive, Meet, Calendar), YouTube and Google Photos,” the message says.

The new measure will affect some users: it is only about personal accounts and does not apply to the profiles of organizations, such as schools or companies. It is clarified that although the innovation has already entered into force, Google will begin deleting inactive accounts in December 2023. In addition, the company assured that before deleting the account, numerous notifications will be sent to its owner.

Kricheli explained the innovation with security measures: according to her, accounts that have not been used for a long time are more susceptible to being hacked. It is emphasized that such accounts are often protected by old or previously used passwords that could get into open access. In addition, they often do not have two-factor authentication connected, and the owners check them less often for security.

#4 Discord announced a data leak after hacking the account of a support agent

Discord has notified users about a data leak that occurred after hacking the account of a third-party support agent. They contained users’ email addresses, messages exchanged with Discord support, and attachments sent in requests.

Discord claims to have immediately fixed the problem with the hacked account by disabling it. The platform works with a customer service partner to take effective measures to prevent similar incidents in the future.

Anyone who could have suffered from a data leak in Discord was advised to monitor for any suspicious activity and be prepared for phishing attacks.

All you should know about phishing attacks is here.

Earlier, Discord announced the abandonment of four-digit numeric suffixes, which are usually added after user names. Now most users of the site will have to change their nicknames so that they do not repeat themselves. Many users were not satisfied with this innovation. They noted that priority will be given to older, rather than the most popular accounts.

#5 Facebook secretly collected personal data of British hospital patients

According to the investigation, a hidden tool for tracking user actions, known as Meta Pixel, was discovered on the websites of the National Health Service of Britain. For several years, this tool has been collecting and transmitting to Facebook information about pages visited, buttons clicked, and keywords entered. The collected data was linked to the IP addresses of users and their Facebook accounts.

The information extracted from Meta Pixel could have been used by Meta for its business purposes, including improving targeted advertising, the investigation says.

Data were collected from patients who visited the pages of the National Health Service of Britain related to HIV, domestic violence, sex change services, sexual health, cancer, treatment of children, and others. The information also included details about the time when users pressed the buttons to make an appointment, order a repeat prescription, request a referral, or go through an online consultation. Millions of patients could be at risk.

17 of the 20 hospitals of the National Health Service of Britain using Meta Pixel have confirmed the removal of the tracking tool from their websites. 8 hospitals apologized to patients. Some hospitals said they initially installed Meta Pixel to monitor recruitment campaigns or charity and did not know that patient data was being sent to Facebook. The Information Commissioner is conducting an investigation.

A Meta representative contacted hospitals to remind them of policies prohibiting the transfer of health data to companies. The representative added that the responsibility for compliance with data protection laws and obtaining consent lies with the owner of the site.

#6 China became the first country where a person was arrested for using ChatGPT

Chinese police have arrested a man for what he did and posted a deep fake on social networks about a fatal train crash using AI.

The fake article said that 9 people died in an accident on April 25. This is the first case in China and in the world when a person is accused of “creating false information using AI technology.”

In other countries, including the USA, deepfakes are not prohibited by law, unless they have malicious intent. For example, porn with the substitution of a person without permission or with children, violation of intellectual property rights, or defamation.

The fake story has attracted more than 15,000 views and has been posted on more than 20 blogs on the Baidu platform. The police searched the suspect’s house and seized his computer. He admitted that he used ChatGPT to create different versions of a fake story, adding pieces of other popular articles from the past.

In China, for spreading false news or rumors on the internet, you can get up to 5 years in prison, but if the case is considered particularly serious (as in this case), then up to 10 years.