Total Tests:

Massive Interpol Crackdown Nabs 2,000 Alleged Scammers, Intercepts $50M

Read also: security flaw in Travis CI API exposes user access tokens, small botnet launched a record-breaking DDoS attack and more.

Thursday, June 16, 2022

Views: 6.7k Read Time: 3 min.

Massive Interpol Crackdown Nabs 2,000 Alleged Scammers, Intercepts $50M

Massive Interpol crackdown nabs 2,000 alleged scammers, intercepts $50M

A large-scale Interpol investigation into social engineering fraud has resulted in the seizure of $50 million in illicit funds and arrest of 2,000 alleged scammers, as well as the freezing of some 4,000 bank accounts.

The two-month operation, codenamed ‘First Light 2022’, spanned 1,770 locations in 76 countries and took place between March 8 and May 8, 2022. As part of the probe, police agencies from various countries raided a number of call centers allegedly linked to romance scams, e-mail deception, and related financial crimes.

Successful cases highlighted by Interpol include a Chinese national involved a Ponzi scheme who defrauded nearly 24,000 victims out of EUR 34 million, and a kidnapping hoax that demanded a EUR 1.5 million ransom from the victim’s parents.

A security flaw in Travis CI API exposes thousands of secret user access tokens

Tens of thousands of developers' user tokens and other sensitive information were found to be exposed via the Travis CI API due to an unpatched data disclosure issue.

According to a recent research, there are more than 770 million logs from free-tier Travis CI users accessible via API calls. From these logs threat actors can extract tokens, secrets, and credentials used for interacting with cloud services such as AWS, GitHub, and Docker Hub, and use the credentials to launch massive cyber-attacks.

Although the security vulnerability was first reported as far back as 2015, it has never been fully addressed. The research team has informed Travis CI about their findings, to which the company responded that the issue was “by design”, so all the secrets are currently available. In this regard, all Travis CI free tier users are recommended to immediately rotate their keys.

A small botnet launched a record-breaking DDoS attack peaking at 26M RPS

Web-infrastructure company CloudFlare said it mitigated a 26 million request per second distributed denial-of-service (DDoS) attack, making it the largest HTTPS DDoS attack recorded to date.

What’s interesting is that the attack was launched by a tiny but powerful botnet of just 5,067 devices (possibly virtual machines and servers), each capable of generating approximately 5,200 rps at peak. Also noteworthy that the attack was carried out over HTTPS, which is more expensive in terms of required computational resources.

Within less than 30 seconds, the botnet generated more than 212 million HTTPS requests from over 1,500 networks in 121 countries, including Indonesia, the US, Brazil and Russia. About 3% of the attack came through Tor nodes.

Microsoft releases June 2022 Patch Tuesday security updates

Microsoft rolled out June 2022 Patch Tuesday security updates that contain fixes for over 50 vulnerabilities in the Windows operating system, Microsoft Office, Hyper-V Server, Azure, Windows Defender, and other software products.

More importantly, this month’s Patch Tuesday addresses the actively exploited Remote Code Execution vulnerability (CVE-2022-30190) in the Microsoft Windows Support Diagnostic Tool (MSDT).

Codenamed ‘Follina,’ the issue was publicly disclosed last month along with proof-of-concept exploits for this vulnerability. Shortly after, multiple threat actors were seen exploiting the Follina flaw in their attacks, including widespread phishing attacks that delivered the QBot malware, as well as malicious campaigns that targeted government entities in Europe, the United States, and Ukraine.

New Hertzbleed side-channel attack allows to steal cryptographic keys from remote servers

A group of security researchers disclosed a new side-channel attack that can be used to steal secret cryptographic keys from remote servers deemed to be secure via a CPU timing attack.

Dubbed “Hertzbleed’, the new attack method takes advantage of a feature called dynamic frequency scaling (DVFS), which modern processors use to reduce power consumption. Hertzbleed works by monitoring the power signature of any cryptographic workload. Through observing power information generated by the CPU the attacker can convert this information into timing data and thus steal cryptographic keys.

According to the researchers, the issue affects Intel (CVE-2022-24436) and AMD (CVE-2022-23823) CPUs. Both vendors have acknowledged the issue and released separate security advisories. While both companies provided guidance to mitigate Hertzbleed, they currently don’t intend to release microcode patches to address the problem.

What’s next:

Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law.
Book a Call Ask a Question
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
Your data will stay private and confidential