The Interpol-led law enforcement operation codenamed “HAECHI III” took place between 28 June – 23 November, 2022, and targeted voice phishing, romance scams, sextortion, investment fraud and money laundering associated with illegal online gambling.

The arrest of 975 suspects allowed investigators to resolve over 1,600 cases. Additionally, the police have blocked more than 2,000 bank and virtual-asset accounts involved in cyber crime activities.

In related news, the US Department of Justice has seized seven domains linked to the so-called “pig butchering” scams, a scheme where fraudsters fool victims of romance scams into making a business investment using cryptocurrency via a fake investment app.

More than 1,000 mobile apps leak Algolia API keys

Over 1,000 mobile applications were found to be leaking the Algolia API key & Application ID, potentially exposing sensitive data of millions of users.

Out of 1,550 leaky apps discovered 32 contained hardcoded Admin secrets, providing threat actors access to pre-defined Algolia API keys, including search-only API key, monitoring API key, usage API key, and analytics API keys. This access could be used by malicious actors to read, modify and delete users’ information; access users’ IP addresses, or view app usage and other analytics.

CISA updates the infrastructure resilience planning framework

The US Cybersecurity and Infrastructure Security Agency (CISA) has updated its Infrastructure Resilience Planning Framework, first released in 2021.

The updated version includes new tools and guidances and is designed to help organizations bolster critical infrastructure resiliency amid an evolving threat landscape.

Europol dismantles 'iSpoof' online spoofing service

142 users and administrators of the 'iSpoof' online spoofing service, which allowed cyber criminals to make spoofed calls, send recorded messages, and intercept one-time passwords, have been arrested as part of a joint effort carried out by the law enforcement agencies from 10 countries.

As per Europol, in the past 16 months iSpoof has made over €3.7 million and caused estimated €115 million in losses. In the 12 months until August 2022 nearly 10 million fraudulent calls were made worldwide through the spoofing service, the Metropolitan Police said.

Meta fires employees for hijacking user accounts

Meta Platforms, the owner of the Facebook and Instagram social networks, has reportedly fired or disciplined over two dozen employees and contractors who used the company’s internal tool called “Oops” to breach and take over user accounts, to help users regain access to their accounts.

In some cases thousands of dollars of bribes were involved.

Among those fired were security guards who worked on Meta’s premises and had access to the internal system. These guards were not actual Meta employees, but worked for a contractor, Allied Universal. Following Meta’s internal investigation the company has limited its employees’ use of internal systems, warning that they “DO NOT use the Meta OOPS platform.”

What’s next:

Follow ImmuniWeb on Twitter and LinkedIn
Explore 20 use cases how ImmuniWeb can help
Browse open positions to join our great Team
See the benefits of our partner program
Request a demo, quote or special price
Subscribe to our newsletter

Application Security Weekly

Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law.

Recent Blog Posts:

Top 10 Exploited Vulnerabilities in 2022

Google To Pay Largest Multi-State Data Privacy Settlement in US History