Latest news with #LorenzoFranceschi-Bicchierai
Yahoo
4 days ago
- Business
- Yahoo
US government sanctions tech company involved in cyber scams
The U.S. government imposed sanctions on Funnull, a company accused of providing infrastructure for cybercriminals running "pig butchering" crypto scams that have led to $200 million in losses for American victims. On Thursday, the Treasury's Office of Foreign Assets Control announced the sanctions, saying Funnull is "linked to the majority of virtual currency investment scam websites reported to the FBI.' The press release said that the $200 million in losses results in an average loss of $150,000 per victim, but that the numbers "likely underestimate the total losses, as many victims of scams do not report the crime.' Pig butchering scams involve criminals approaching victims online, often pretending to be interested in a romantic relationship, with the goal of tricking the victims into sending them money to invest in nonexistent crypto projects. According to the Treasury, Funnull is based in the Philippines and run by Chinese-national Liu Lizhi, who was also sanctioned on Thursday. Funnull, according to the Treasury, generated domain names for websites on IP addresses it owns, and provided 'web design templates to cybercriminals.' 'These services not only make it easier for cybercriminals to impersonate trusted brands when creating scam websites, but also allow them to quickly change to different domain names and IP addresses when legitimate providers attempt to take the websites down,' the Treasury said. The FBI released an alert that included more information about these activities. The Treasury referred to the Polyfill supply chain attack in its press release, saying Funnell 'purchased a repository of code used by web developers and maliciously altered the code to redirect visitors of legitimate websites to scam websites and online gambling sites, some of which are linked to Chinese criminal money laundering operations.' Those activities are exactly what researchers from cybersecurity firm Silent Push accused FUNNULL of carrying out last year. Researchers found that Funnull was responsible for the Polyfill supply chain attack, which was launched to push malware to whoever visited websites that used Polyfill's code. The goal was to redirect users to a malicious network of casino and online gambling sites, the researchers found. Do you have more information FUNNULL, or other companies facilitating scams? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. Zach Edwards, a researcher at Silent Push who worked on the Funnull report last year, told TechCrunch that he was 'really glad to see the facts aligned with our suspicions.' 'It's encouraging that the Treasury has taken actions against the largest pig butchering and money laundering network that exists targeting people in the U.S., but we know that more needs to be done,' said Edwards. 'This effort from Funnull is the tip of the iceberg for what is actually going on right now out of China with financial schemes targeting Americans.' 'Global threat actors that are targeting Americans with financial scams need to be held accountable, and doxing the companies they work with and the individuals who run those companies, is an important first step,' he added.
Yahoo
08-04-2025
- Yahoo
Google fixes two Android zero-day bugs actively exploited by hackers
On Monday, Google released an update for Android that fixes two zero-day flaws that 'may be under limited, targeted exploitation,' as the company put it. That means Google is aware that hackers have been and may still be using the bugs to compromise Android devices in real-world scenarios. One of the two now-fixed zero-days, tracked as CVE-2024-53197, was identified by Amnesty International in collaboration with Benoît Sevens of Google's Threat Analysis Group, the tech giant's security team that tracks government-backed cyberattacks. In February, Amnesty said it had found that Cellebrite, a company that sells devices to law enforcement for unlocking and forensically analyzing phones, was taking advantage of a chain of three zero-day vulnerabilities to hack into Android phones. Do you have more information about Android zero-days? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You also can contact TechCrunch via SecureDrop. In this case, Amnesty found the vulnerabilities, including the one patched on Monday, being used against a Serbian student activist by local authorities armed with Cellebrite. There isn't a lot of information, however, on the second vulnerability, CVE-2024-53150, patched on Monday, other than the fact that its discovery was also credited to Google's Sevens and that the flaw was found in the kernel, the core of an operating system. Google did not immediately respond to a request for comment. Amnesty spokesperson Hajira Maryam said the non-profit did not have anything to share at this point. The tech giant said in its advisory that 'the most severe of these issues is a critical security vulnerability in the System component that could lead to remote escalation of privilege with no additional execution privileges needed," and that, "user interaction is not needed for exploitation.' Google said that it would push source code patches for the two fixed zero-days within 48 hours of the advisory, while also noting that Android partners are "notified of all issues at least a month before publication.' Given Android's open source nature, every phone manufacturer now has to push patches out to their own users. This story was updated to include Amnesty's response. Sign in to access your portfolio
Yahoo
13-03-2025
- Yahoo
Apple fixes new security flaw used in 'extremely sophisticated attack'
Apple released patches for a bug that it says 'may have been exploited in an extremely sophisticated attack against specific targeted individuals,' citing a report. The zero-day bug was found in WebKit, the browser engine powering Safari and other apps, and allowed hackers to break out of WebKit's protective sandbox with 'maliciously crafted web content,' per Apple. A sandbox is part of the operating system that, even if compromised, can keep hackers from accessing data in other parts of the system. The patch was released on Tuesday for Macs, iPhones and iPad, Safari, and its Vision Pro headset. Do you have more information about Apple vulnerabilities, or cyberattacks against Apple users? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You also can contact TechCrunch via SecureDrop. Apple noted that the attack was exploited against devices running software 'before iOS 17.2.' Neither the hackers nor their targets were disclosed. Apple did not respond to a request for comment. In February, Apple used the same language — 'an extremely sophisticated attack against specific targeted individuals' — for another bug, but there is no evidence the two attacks are connected. Before that February patch, Apple had never used this wording before. Sign in to access your portfolio
Yahoo
11-02-2025
- Yahoo
Apple fixes iPhone and iPad bug used in an 'extremely sophisticated attack'
On Monday, Apple released updates for its mobile operating systems for iOS and iPadOS, which fixed a flaw that the company said 'may have been exploited in an extremely sophisticated attack against specific targeted individuals.' In the release notes for iOS 18.3.1 and iPadOS 18.3.1, the company said the vulnerability allowed the disabling of USB Restricted Mode 'on a locked device.' Introduced in 2018, USB Restricted Mode is a security feature that blocks the ability for an iPhone or iPad to send data over a USB connection if the device isn't unlocked for seven days. Last year, Apple released another security feature that reboots devices if they are not unlocked for 72 hours, making it harder for law enforcement or criminals using forensic tools to access data on those devices. Based on its language used in its security update, Apple hints that the attacks were most likely carried out with physical control of a person's device, meaning whoever was abusing this flaw had to connect to the person's Apple devices with a forensics device like Cellebrite or Graykey, two systems that allow law enforcement to unlock and access data stored on iPhones and other devices. The vulnerability was discovered by Bill Marczak, a senior researcher at the Citizen Lab, a University of Toronto group that investigates cyberattacks against civil society. Do you have more information about this flaw, or other iPhone zero-days and cyberattacks? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You also can contact TechCrunch via SecureDrop. Apple did not respond to a request for comment by press time. Marczak told TechCrunch that he couldn't comment on the record at this point. It's unclear at the moment who was responsible for abusing this flaw, and against whom it was used. But there have been documented cases in the past where law enforcement agencies have used forensic tools, which usually abuse zero-day flaws in devices like the iPhone, to unlock the devices and access the data inside. In December 2024, Amnesty International released a report documenting a series of attacks by Serbian authorities where they used Cellebrite to unlock the phones of activists and journalists in the country, and then install malware on them. Security researchers said that the Cellebrite forensic devices were likely used "widely" on individuals in civil society, according to Amnesty. Sign in to access your portfolio
