(Credit: PCMag/Getty Images)
The thing about security conferences like Black Hat, which took Las Vegas by storm this week, is that you end up seeing some nuanced, technical things that seem like they don’t matter but actually do, and then you see other things that are just terrifying beyond belief. Thankfully, the PCMag security team was there to see it all, so you didn’t have to risk your devices just by being there.
For example, this week we reported on VexTrio, the criminal syndicate that’s responsible for those scary pop-up ads you’ve seen around the web. You know, the ones that say “Virus detected! Scan now!” or “You need a VPN now! Click here to download.” The brazen nature of the campaign and its widespread reach reveal that cybercrime isn’t just dudes in black hoodies at a laptop anymore. It’s big money, which means cybercriminals are probably more well-dressed than you might think.
Also at the show, we covered how security researchers discovered that hackers could potentially mask malicious activity as a Zoom or Microsoft Teams video call. There's still plenty more to come out of Black Hat, so stay tuned for more coverage.
Microsoft also announced this week that it's developed a tool that can detect and reverse engineer malware without human intervention, even though The Register reported that it also let through 74% of the malware it was told to examine. Speaking of AI, scientist and author Gary Marcus made an interesting point during his panel at the conference: That instead of helping people get smarter, AI is actually dumbing people down to its own level. That tracks.
Following up on last week’s coverage of the UK’s new age verification laws, we examined the rise of this new industry and noted that, from a security perspective, it’s just not worth it. Your personal data, like driver's licenses, selfies, and other identifying government documents, is just too valuable, and the companies asking you to trust them are either brand new or haven’t demonstrated a commitment to security.
Speaking of your data, this week, a court determined that Meta illegally harvested data from the period tracking app Flo. Allow us to suggest deleting those apps entirely and tracking your cycle privately? After all, data-hungry companies aren’t going to stop scooping up anything they can find, legally or otherwise. For example, we reported that a ChatGPT flaw could have exposed all of your Google Docs data, just by connecting the two services together. Then there’s the massive AI-generated phishing campaign all over TikTok right now, designed to fool you into handing over your TikTok and Google credentials at fake TikTok shops, and to spend money on products or services that, predictably, will never arrive.
This is just what we covered this week. Security news never stops, so each week we collect the biggest cybersecurity stories we didn’t get a chance to cover ourselves and link them here, so you can stay informed and safe.
Mozilla Flags Phishing Wave Aimed at Hijacking Trusted Firefox Add-Ons
The Register reports that Mozilla has warned Firefox users of a wave of phishing attacks claiming to be from Mozilla, or from the Firefox add-ons site directly, telling users to click through and update their accounts. Predictably, any user who clicks the links in the email goes to a convincing-looking login page for their Mozilla account, and once they type in their credentials, they’ve handed over the keys to their account. While Mozilla didn’t tie its warning to The Register’s reporting, the outlet says the phishing attack has been going on since at least April, and Mozilla developer accounts are the likely target.
Phishing attacks are nothing new, but if they didn’t work, hackers wouldn’t keep doing it. Beyond the usual “don’t click links in emails you’re not expecting” advice, we have some great tips to help you avoid phishing scams and never get fooled by them in the first place.
Citizen Lab Director Warns Cyber Industry About Us Authoritarian Descent
Ron Deibert is the director of Citizen Lab, an organization founded to monitor and investigate the ways that governments use spyware for intelligence. At Black Hat, he got on stage to warn attendees about the rise of authoritarianism in the United States, and to call on the cybersecurity community to speak up and do something about it. TechCrunch has the full story, including how he points out that one of the pillars of getting people to accept authoritarianism is to convince them collectively that they’re not safe—something that cybersecurity professionals are uniquely positioned to push back against.
Deibert noted that the security community doesn’t normally claim to get involved in politics, but it may not have a choice. Politics and tech policy, especially when it comes to data-hungry big tech companies, are colliding, and it's up to threat intelligence teams and security pros to advocate for strong data protections and privacy regulations. After all, who knows better about the importance of protecting sensitive information than the people on the front lines of that fight every day?
Akira Ransomware Abuses CPU Tuning Tool To Disable Microsoft Defender
From the “you really need a better antivirus than Microsoft Defender” files, Bleeping Computer reports that a common strain of ransomware has been detected using valid Intel CPU drivers to essentially turn off Microsoft Defender, the antimalware tool that’s baked into Windows (and usually enabled if you don’t have other antivirus software present). Researchers at Guidepoint Security have noticed the Akira ransomware doing this in the wild since at least mid-July.
Now, before you panic, the threat here is fairly isoteric and not the easiest to execute, so Defender’s days aren’t exactly numbered. However, it’s still a good example of why it’s important to install a robust antivirus tool on your computer, ideally one with ransomware protection.