CyberSecurity news

FlagThis - #string

@pcmag.com //
A recent Windows 11 update has inadvertently uninstalled the Copilot AI assistant from some users' PCs, causing frustration. The bug, affecting updates KB5053598, KB5053602, and KB5053606 across Windows 11 and Windows 10, removes the Copilot app and unpins it from the taskbar. Microsoft has acknowledged the issue and updated the release notes, confirming that Copilot for Microsoft 365 is not affected.

Users affected by this bug can manually reinstall the Copilot app from the Microsoft Store and repin it to their taskbar as a temporary solution. It's worth noting that some users on Reddit have expressed that they appreciate this accidental "feature," stating they would prefer the option to install Copilot rather than having it forced upon them. Microsoft is currently working on a permanent solution and likely to issue an update soon.

Recommended read:
References :
  • futurism.com: Users Cheer as Microsoft Accidentally Removes Hated AI Feature From Windows 11
  • www.techrepublic.com: The Case of the Vanishing Copilot: Is Microsoft’s Update a Feature or a Bug?
  • www.zdnet.com: Windows 11 update accidentally erases Copilot for some users - here's how to get it back
  • PCMag Middle East ai: Oops: Microsoft Update Accidentally Removes Copilot From Windows
  • MSPoweruser: If you install KB5053598, you’ll delete all traces of Copilot in Windows 11
  • www.windowscentral.com: Is this Windows 11 'bug' the feature we've been waiting for? Say goodbye to Copilot (for now)
  • www.techradar.com: Windows 11 bug deletes Copilot from the OS – is this the first glitch ever some users will be happy to encounter?
  • PCWorld: Microsoft shot itself in the foot with its latest Windows update
  • Ars OpenForum: Report that a bug in the Windows 11 update caused Copilot to be removed from some devices.
  • How-To Geek: Explanation and guidance for reinstalling the Copilot app after a recent Windows update.
  • www.pcmag.com: Discussion of the Copilot uninstall issue and possible resolutions.
  • PCWorld: Article discussing the inadvertent uninstallation of the Copilot app in some Windows 11 installations due to a bug in the recent update.

Ojukwu Emmanuel@Tekedia //
On February 21, 2025, the cryptocurrency exchange Bybit suffered a massive security breach resulting in the theft of approximately $1.46 billion in crypto assets. Investigations have pointed towards the Lazarus Group, a North Korean state-sponsored hacking collective, as the perpetrators behind the audacious heist. The FBI has officially accused the Lazarus Group of stealing $1.5 billion in Ethereum and has requested assistance in tracking down the stolen funds.

Bybit has declared war on the Lazarus Group following the incident and is offering a $140 million bounty for information leading to the recovery of the stolen cryptocurrency. CEO Ben Zhou has launched Lazarusbounty.com, a bounty site aiming for transparency on the Lazarus Group's money laundering activities. The attack involved exploiting vulnerabilities in a multisig wallet platform, Safe{Wallet}, by compromising a developer’s machine, enabling the transfer of over 400,000 ETH and stETH (worth over $1.5 billion) to an address under their control.

Recommended read:
References :
  • The Register - Security: The FBI has officially accused North Korea's Lazarus Group of stealing $1.5 billion in Ethereum from crypto-exchange Bybit earlier this month, and asked for help tracking down the stolen funds.
  • Secure Bulletin: The Lazarus Group, a notorious North Korean state-sponsored hacking collective, has once again demonstrated its sophistication and audacity with a staggering $1.5 billion cryptocurrency heist targeting Bybit, a major crypto exchange.
  • SecureWorld News: On February 21, 2025, the cryptocurrency world was rocked by the largest crypto heist in history. Dubai-based exchange Bybit was targeted in a malware-driven attack that resulted in the theft of approximately $1.46 billion in crypto assets.
  • Tekedia: Bybit, a leading crypto exchange, has declared war on “notoriousâ€� Lazarus group, a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. This is coming after the crypto exchange experienced a security breach resulting in the unauthorized transfer of over $1.4 billion in liquid-staked crypto assets.
  • ChinaTechNews.com: North Korea was behind the theft of approximately $1.5bn in virtual assets from a cryptocurrency exchange, the FBI has said, in what is being described as the biggest heist in history.
  • iHLS: Largest-Ever Crypto Heist steals $1.4 Billion
  • techcrunch.com: The FBI said the North Korean government is ‘responsible’ for the hack at crypto exchange Bybit, which resulted in the theft of more than $1.4 billion in Ethereum cryptocurrency.
  • PCMag UK security: The FBI is urging the cryptocurrency industry to freeze any transactions tied to the Bybit heist. The FBI has the $1.4 billion cryptocurrency at Bybit to North Korean state-sponsored hackers after security researchers reached the same conclusion.
  • Talkback Resources: FBI Says North Korea Hacked Bybit as Details of $1.5B Heist Emerge [net] [mal]
  • thehackernews.com: Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers
  • PCMag UK security: FBI Blames North Korea for Massive $1.4 Billion Cryptocurrency Heist
  • www.pcmag.com: FBI Blames North Korea for Massive $1.4 Billion Cryptocurrency Heist
  • SecureWorld News: FBI Attributes Bybit Hack: FBI Attributes to North Korea, Urges Crypto Sector to Act
  • Dan Goodin: InfoSec Exchange Post on the FBI attribution to the Lazarus group and Bybit hack
  • bsky.app: Forensic investigators have discovered that North Korean Lazarus hackers stole $1.5 billion from Bybit after first breaching a Safe{Wallet} developer machine. The multisig wallet platform has also confirmed these findings in a statement issued today.
  • Wallarm: Lab Wallarm discusses how Bybit’s Real-Time Blacklisting Is Thwarting a $1.5B Crypto Heist
  • infosec.exchange: NEW: Hacked crypto exchange Bybit is offering $140 million in bounties to anyone who can help locate and freeze the stolen ethereum. Bybit also disclosed preliminary results of investigations, which reveal hackers breached a developer’s device at a wallet platform Safe Wallet.
  • securityaffairs.com: FBI: North Korea-linked TraderTraitor is responsible for $1.5 Billion Bybit hack
  • Cybercrime Magazine: Bybit Suffers Largest Crypto Hack In History
  • www.cnbc.com: Details on the attack in a news article
  • The Register - Security: Bybit declares war on North Korea's Lazarus crime-ring to regain $1.5B stolen from wallet
  • Sergiu Gatlan: Forensic investigators have discovered that North Korean Lazarus hackers stole $1.5 billion from Bybit after first breaching a Safe{Wallet} developer machine. The multisig wallet platform has also confirmed these findings in a statement issued today.
  • gbhackers.com: Researchers Uncover $1.4B in Sensitive Data Tied to ByBit Hack by Lazarus Group
  • infosec.exchange: NEW: After security researchers and firms accused North Korea of the massive Bybit hack, the FBI follows suit. North Korean government hackers allegedly stoled more than $1.4 billion in Ethereum from the crypto exchange.
  • www.cysecurity.news: Bybit Suffers Historic $1.5 Billion Crypto Hack, Lazarus Group Implicated
  • infosec.exchange: Bybit, that major cryptocurrency exchange, has been hacked to the tune of $1.5 billion in digital assets stolen, in what’s estimated to be the largest crypto heist in history.
  • BleepingComputer: Bybit, a major cryptocurrency exchange, has fallen victim to a massive cyberattack, with approximately $1.5 billion in cryptocurrency stolen. The breach is believed to be the largest single theft in crypto history.
  • Taggart :donor:: Cryptocurrency exchange Bybit suffered a massive security breach, resulting in the loss of $1.5 billion in digital assets. The hack compromised the exchange's cold wallet and involved sophisticated techniques to steal the funds.
  • www.cysecurity.news: CySecurity News report on the Bybit hack, its implications, and the potential Lazarus Group connection.
  • The420.in: The 420 report on Bybit theft
  • infosec.exchange: Details of the Bybit hack and Lazarus Group's involvement.
  • Talkback Resources: Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers
  • securityaffairs.com: The FBI confirmed that North Korea is responsible for the record-breaking cyber heist at the crypto exchange Bybit.
  • Zack Whittaker: Grab some coffee — your weekly ~ this week in security ~ is out: • North Korea's record-breaking $1.4B crypto heist
  • infosec.exchange: Infosec Exchange post about Bybit crypto heist.
  • The Record: Experts from multiple blockchain security companies said that North Korean hackers were able to move all of the ETH coins stolen from Bybit to new addresses — the first step taken before the funds can be laundered further
  • infosec.exchange: The (allegedly North Korean) hackers behind the Bybit crypto heist have already laundered all the stolen Ethereum, which was worth $1.4 billion.
  • Metacurity: Lazarus Group hackers have laundered 100% of the $1.4 billion they stole from Bybit

@www.forbes.com //
References: citizenlab.ca , Deeplinks , Deeplinks ...
A new report by Citizen Lab and the EFF Threat Lab has uncovered critical security vulnerabilities within the popular Chinese social media application, RedNote. The analysis, conducted on version 8.59.5 of the app, revealed that RedNote transmits user content, including viewed images and videos, over unencrypted HTTP connections. This exposes sensitive user data to potential network eavesdroppers, who can readily access the content being browsed.

Additionally, the report highlights that the Android version of RedNote contains a vulnerability that could allow attackers to access the contents of files on a user's device. The app also transmits device metadata without adequate encryption, sometimes even when using TLS, potentially enabling attackers to learn about a user's device screen size and mobile network carrier. Despite responsible disclosures to RedNote and its vendors NEXTDATA and MobTech in late 2024 and early 2025, no response has been received regarding these critical security flaws.

Recommended read:
References :
  • citizenlab.ca: The report highlights three serious security issues in the RedNote app.
  • Deeplinks: The EFF Threat Lab confirmed the Citizen Lab findings about Red Note.
  • www.forbes.com: Is RedNote Safe? Here's What Millions of TikTok Users Need to Know
  • Deeplinks: Crimson Memo: Analyzing the Privacy Impact of Xiaohongshu AKA Red Note

@www.bleepingcomputer.com //
A sophisticated cyberattack has successfully targeted low-skilled hackers, often referred to as "script kiddies," by using a modified version of the XWorm RAT builder. This fake builder, disguised as a tool for penetration testing, secretly infects the user's systems with a backdoor. This allowed the attacker to compromise over 18,000 devices worldwide. The malware was distributed via various channels including file-sharing services, Github repositories, Telegram channels, and even Youtube. Once installed, the malicious software exfiltrated sensitive data such as browser credentials, Discord tokens, Telegram data, and system information.

The campaign highlights the risks faced even by those attempting to engage in hacking activities. Threat actors, using aliases such as “@shinyenigma” and “@milleniumrat", have taken advantage of the eagerness of these individuals to download and utilize tools from online tutorials. The infected machines are located in Russia, the United States, India, Ukraine, and Turkey. The malicious tool utilizes Telegram for its command and control, using bot tokens and Telegram API calls. Security researchers have identified a kill switch to disrupt operations on active devices, though this is limited by offline machines and rate limiting mechanisms.

Recommended read:
References :
  • www.bleepingcomputer.com: A threat actor targeted low-skilled hackers, known as "script kiddies," with a fake malware builder that secretly infected them with a backdoor to steal data and take over computers
  • bsky.app: Over 18,000 users infected themselves with a backdoor after they downloaded a cracked malware builder
  • hackread.com: Hackers Use XWorm RAT to Exploit Script Kiddies, Pwning 18,000 Devices
  • www.cloudsek.com: Over 18,000 users infected themselves with a backdoor after they downloaded a cracked malware builder
  • Cyber Security News: Weaponized XWorm RAT Builder Targeting Script Kiddies to Extract Sensitive Data
  • gbhackers.com: Weaponised XWorm RAT Builder Attacking Script Kiddies To Hack 18,000 Devices
  • cyberpress.org: Weaponized XWorm RAT Builder Targeting Script Kiddies to Extract Sensitive Data
  • gbhackers.com: Weaponised XWorm RAT Builder Attacking Script Kiddies To Hack 18,000 Devices
  • www.scworld.com: XWorm RAT builder leveraged for widespread device compromise

@ciso2ciso.com //
UK telecommunications provider, TalkTalk, is currently investigating a potential data breach following claims made on a cybercrime forum. A threat actor, using the handle "b0nd," has alleged to possess the data of nearly 19 million current and former TalkTalk customers. The investigation is in its early stages and involves a third-party supplier whose platform is believed to manage a small part of the company’s customer base. This platform, however, does not store billing details or other sensitive financial information. TalkTalk has confirmed that they are aware of the posts and that an investigation is underway with the supplier, and that immediate protective measures have been taken.

The threat actor has claimed that the data includes subscriber PINs, names, email addresses, last account access information, IP addresses, and phone numbers. However, TalkTalk believes that the reported scale of the data breach is significantly overstated. They highlight that they have never had close to 19 million customers and that the platform involved only manages a subset of their total of around 2.4 million. The company is working with the third-party supplier to determine the validity of the claims but have stated no billing or financial data was held on the third party system. TalkTalk continues to prioritize the protection of customer data and is actively addressing this matter.

Recommended read:
References :
  • Pyrzout :vm:: UK telco TalkTalk confirms probe into alleged data grab underway – Source: go.theregister.com
  • ciso2ciso.com: UK telco TalkTalk confirms probe into alleged data grab underway – Source: go.theregister.com
  • The Register: UK telco TalkTalk confirms probe into alleged data grab underway Spinner says crim's claims 'very significantly overstated' UK broadband and TV provider TalkTalk says it's currently investigating claims made on cybercrime forums alleging data from the company was up for grabs.…
  • ciso2ciso.com: UK telco TalkTalk confirms probe into alleged data grab underway – Source: go.theregister.com
  • BleepingComputer: UK telecommunications company TalkTalk is investigating a third-party supplier data breach after a threat actor began selling alleged customer data on a hacking forum.
  • go.theregister.com: UK telco TalkTalk confirms probe into alleged data grab underway
  • Pyrzout :vm:: UK broadband and TV provider TalkTalk says it’s currently investigating claims made on cybercrime forums alleging data from the company was up for grabs.
  • www.bleepingcomputer.com: UK telecommunications company TalkTalk is investigating a third-party supplier data breach after a threat actor began selling alleged customer data on a hacking forum.
  • techcrunch.com: TalkTalk has confirmed it’s investigating a data breach after a hacker claimed to have stolen the personal information of millions of subscribers. However, the telecoms giant says the number of customers allegedly impacted is “wholly inaccurate and very significantly overstated"
  • ciso2ciso.com: TalkTalk Confirms Data Breach, Downplays Impact – Source: www.securityweek.com
  • Carly Page: TalkTalk has confirmed it’s investigating a data breach after a hacker claimed to have stolen the personal information of millions of subscribers. However, the telecoms giant says the number of customers allegedly impacted is “wholly inaccurate and very significantly overstated"
  • ciso2ciso.com: TalkTalk Confirms Data Breach, Downplays Impact