Plus, TeaBot returns to steep you in malware and Google explores the potential of radar.
Shortly after South American hacking group LAPSU$ took credit for the cyberattack that stole 1 TB of data from microchip company Nvidia, a LAPSU$ member claimed on the group’s Telegram channel that Nvidia had struck back with ransomware. A spokesperson for Nvidia told ZDNet that the hackers had begun leaking the stolen data online, publicly sharing the company’s proprietary information as well as employee credentials. The Nvidia spokesperson did not comment on the alleged ransomware counterattack, but a LAPSU$ member referred to it online, posting, “They were able to connect to a [virtual machine] we use. Yes, they successfully encrypted the data. However, we have a backup and it’s safe from scum!”
While a counterattack in this kind of situation feels justified, Avast Security Evangelist Luis Corrons reminds us that this is a slippery slope. “Hacking back is a delicate subject,” he said. “We have to remember that most hacking actions are illegal, which here means that Nvidia would have committed a potential crime. Handing all evidence to law enforcement is better in the long term to help identify and arrest the criminals behind the original attack.”
Primarily affecting locally stored files synced with Microsoft OneDrive, a bug in the system reset option of the newer versions of Windows 10 and 11 prevents the reset from wiping 100% of the data on the system. Researcher Rudy Ooms posted on his Call4Cloud blog that the bug affects Windows 10 20H2, 21H1, and 21H2, as well as Windows 11 21H2. The problem concerns any files which have been downloaded or synced locally from OneDrive. While the system is being wiped, the bug causes those files to remain intact. Microsoft is working on a permanent fix, but in the meantime it advises users to sign out of OneDrive before resetting their PCs. For more, see Ars Technica.
After being swept out of the Google Play Store two months ago, the TeaBot malware has returned where it’s been spotted yet again attacking users through a malicious app called “QR Code & Barcode - Scanner.” Online fraud management and protection company Cleafy reported that the malicious apps sneak through Google’s security screening because they are only droppers. Plus, they actually perform the function advertised – reading QR codes. Once the app is installed on a device, it requests permissions to control the device and install new services. If granted those permissions, the app then pulls in the TeaBot malware from an external website. Read more at Bleeping Computer.
Google ATAP (Advanced Technology & Projects) released a video this week that documents its latest Soli Radar project, which focuses on nonverbal interactions. A mesh network of Soli Radar sensors combined with machine learning can be used to capture submillimeter motion, such as the tilt of a head or the flick of a finger. Possible applications of the new tech include being nested in smart speakers or other devices in order to detect users around them, perhaps activating or waking as the user approaches, or giving reminders as the user leaves. For more on this story, see TechRadar.
After security firm JFrog disclosed five memory corruption vulnerabilities in popular multimedia library PJSIP, an open-source embedded SIP protocol suite that supports audio, video, and instant messaging services, the company released a patch (version 2.12). PJSIP supplies the API used by popular communication platforms like WhatsApp and BlueJeans. The vulnerabilities, when exploited, could allow arbitrary code execution and denial-of-service (DoS) in applications that use the protocol stack. Read more on this story at The Hacker News.
A member of the Conti cybergang decided to go against the rest of the group by leaking all of TrickBot's IoCs , source codes, and chats. Read more in our recent threat coverage.
The promise of a free movie download led thousands of people into unintended malware.
Avast recently discovered a series of malicious browser extensions on the Chrome Web Store that are spreading adware and hijacked search results.