Cyber Security Headlines: Google Translate malware, White House aviation briefing, book distributor ransomed

Google Translate app is actually Windows crypto-mining malware

Someone is spreading cryptocurrency-mining malware disguised as legitimate-looking applications such as Google Translate, on free software download sites and through Google searches. The cryptomining Trojan known as Nitrokod, is typically disguised as a clean Windows app and works as the user expects for days or weeks before its hidden Monero-crafting code is executed. It’s said that a Turkish-speaking group is behind Nitrokod – they has been active since 2019 and was detected by Check Point Research threat hunters at the end of July. “The malware is dropped from popular applications that don’t have an actual desktop version, such as Google Translate,” they wrote in a report Monday.

(The Register)

White House to give aviation executives classified cyberthreat briefing

The White House has been conducting classified cybersecurity briefings with executives from select critical infrastructure sectors as part of an ongoing effort to compel industry leaders to invest more in their digital defenses. The next meeting, scheduled for September, will be with executives from across the aviation industry, a senior White House cybersecurity official told CyberScoop. The Biden administration’s effort to increase industry support for upgrades to critical infrastructure formally launched last summer when the president signed a national security memorandum assigning federal agencies to develop cybersecurity performance goals for various critical infrastructure initiatives.

(Cyberscoop)

Book distributor Baker & Taylor hit by ransomware

The world’s largest distributor of books suffered a ransomware attack on August 23, which impacted the company’s phone systems, offices, and service centers. On August 24, the company announced that the attack caused disruptions to its business-critical systems, and its technical staff is working on restoring impacted servers. The company did not reveal the name of the ransomware family that infected its systems or if the threat actors have stolen its data.

(Security Affairs)

Akasa Air suffers data leak on first day of operation

India’s newest commercial airline, Akasa Air, accidentally exposed personal data belonging to its customers, an error that the company blamed on technical configuration errors. Security researcher Ashutosh Barot stated the issue originated in the account registration process, leading to the exposure of personal information such as gender, email addresses, names, and phone numbers. He found an HTTP request which gave [his] name, email, phone number, gender, etc. in JSON format, and by changing some parameters in the request, was able to see other user’s PII. Once the company received the report, they temporarily shut down parts of its system and reported the incident to the Indian Computer Emergency Response Team.

(ITSecurityGuru.org)

Thanks to our episode sponsor, Code42

Cybersecurity teams are facing unprecedented challenges when it comes to protecting sensitive corporate data from exposure, leak and theft.
In fact, the Code42 Annual Data Exposure Report revealed there’s a 1 in 3 chance that your company will lose IP when an employee quits. To learn more about stopping data leaks with Insider Risk Management visit Code42.com/showme.

 
Cybersecurity teams are facing unprecedented challenges when it comes to protecting sensitive corporate data from exposure, leak and theft.
In fact, the Code42 Annual Data Exposure Report revealed there’s a 1 in 3 chance that your company will lose IP when an employee quits. To learn more about stopping data leaks with Insider Risk Management visit Code42.com/showme.

Pirate sites ban in Austria took down Cloudflare CDNs by mistake

A legal case launched by an Austrian copyright organization convinced an Austrian court to block 14 websites for copyright law violations. Unfortunately, the ban also extends to specific IP addresses belonging to Cloudflare servers that support many other sites that do not violate copyright laws. A report on the matter identified the root of the problem being that the copyright organization provided a list of IP addresses that ISPs banned without checking who used them. This included nine IP addresses that Cloudflare uses for its CDN to provide services (security, reliability, performance) to legitimate websites.

(Bleeping Computer)

Chinese hackers zero in on Australian manufacturers, wind turbine operators

A Chinese-based cyberespionage group targeted Australian officials with reconnaissance malware to siphon off details to use in strikes against wind turbine manufacturers, researchers from Proofpoint and the PwC Threat Intelligence team said in joint research published Tuesday. The campaign  deployed phishing emails directing targets to a fake news outlet called “Australian Morning News” which contained images and stories lifted from legitimate news organizations. With subject lines such as “Sick Leave,” “User Research” and “Request Cooperation,” the phishing emails explained that the sender was starting a “humble news website” and wanted feedback. The attackers — referred to as both TA423, Red Landon and APT40 — designed the site to deliver malware known as ScanBox.

(Cyberscoop)

AI detects 20,000 hidden taxable swimming pools in France

AI software combined with aerial photography, helped French tax officials bag about €10 million ($10 million) in extra property levies. Home improvements, which boost the value of a property are supposed to be declared, but often are not. Nine departments working under France’s tax office tested out machine-learning software to automatically find undeclared swimming pools from overhead photos. The software scanned the images for the telltale shapes of swimming pools and then cross-matched these to home addresses and property tax records. The program is expected to generate €40 million overall.

(The Register)

Twitter’s VP of engineering jumps to Meta

According to a report by Insider, and confirmed by Twitter, Sandeep Pandey, the vice president of Engineering, is leaving Twitter after more than a decade to join Meta, formerly known as Facebook. Pandey joined Twitter in 2012 and worked his way up from staff engineer to the VP role. A Twitter spokesperson confirmed the departure and said this is natural given industry trends. 

(TechCrunch)