Here's this week's recap – a brief summary of leaks, hacks, and threats Cybernews observed between December 19 – December 23, 2022.
Will Maksim Yakubets face justice?
Yakubets, the suspected leader of Evil Corp, is the FBI’s most wanted cybercriminal. His whereabouts are no secret, yet there’s little to no chance we’ll see him in handcuffs. This week, Cybernews analyzed why the famous Russian hacker is still out of law enforcement’s reach.
Yakubets is wanted for his role in a computer malware campaign that infected tens of thousands of devices in North America and Europe, resulting in financial losses amounting to tens of millions of dollars.
In 2019, the US Treasury sanctioned 17 individuals, including Maksim Yakubets, in an attempt to disrupt the massive phishing campaigns orchestrated by the Russian-based hacker group. US authorities are offering a reward of up to $5 million for information leading to the arrest and conviction of Yakubets.
However, he’s careful not to leave the safety of Russia and even enjoys a lavish lifestyle – drives a Lamborghini, splashes out on pet tigers and lion cubs, and flies off to expensive SPA vacations.
"He's roaming free in Russia, and he's not in prison, and Russia is taking no steps to arrest him," Irina Tsukerman, a geopolitical analyst specializing in information security and cybersecurity, told Cybernews. Both Tsukerman and the US agencies believe Yakubets is closely connected to and protected by all three major Russian intelligence agencies.
Skin-whitening product app exposes customers
Meanwhile, Mosbeau, a shopping app specializing in beauty products, has exposed the data of its customers, leaving their names, IDs, and chats with support agents for anyone to access, research by Cybernews has discovered.
The company’s Android app, which currently has a 3.9 (out of 5) star rating based on over 700 reviews, was leaking customer data.
Cybernews research of over 33,000 Android apps earlier this year led to the discovery of more than 14,000 Firebase URLs on the front end of an Android app. Over 600 were links to open Firebase instances.
This means that by analyzing the app's public information, a threat actor could gain access to its open database and, therefore, user data. Moesbeau was one of the apps that left an open database, exposing user data in this way.
"Since the Firebase was left open to public access without any authorization, a threat actor could have either completely wiped it out or used it for phishing or other malicious purposes," the Cybernews research team said.
Is LastPass out of last chances?
LastPass, a password manager with over 25 million users, is in a much bigger hole, though. It gave more details about the latest breach into the company’s systems and claims users’ personal data or master passwords were not affected – yet researchers are massively worried.
That’s because it turns out that the attackers who hit LastPass in August 2022 were able to copy a backup of customer vault data from the encrypted storage container. It means that the threat actor theoretically now has access to all those passwords. Of course, if the attacker can crack the stolen vaults.
Besides, LastPass admits that some unencrypted data was stolen, including website URLs (Uniform Resource Locators). This is important as hackers would actually know which websites users have accounts with and target them with phishing or other types of attacks.
The company, now attacked by angry customers online, claims that users are safe as long as their master passwords are strong and updated. But if not, it’s recommended to change passwords for every website entrusted to LastPass – and that’s a lot of fuss.
More from Cybernews:
Subscribe to our newsletter