Pete Recommends – Weekly highlights on cyber security issues, March 9, 2024

Subject: News farm impersonates 60+ major outlets: BBC, CNN, CNBC, Guardian…
Source: BleepingComputer

BleepingComputer has discovered a content farm operating some 60+ domains named after popular media outlets, including the BBC, CNBC, CNN, Forbes, Huffington Post, Reuters, The Guardian, and Washington Post, among others.

These “news” websites, which we were able to trace to their proprietor in India, repost articles from credible media and research organizations without attribution.

Beyond that though, their intentions seem multifaceted—from building SEO for their online gambling ventures to deceptively selling “press release” and “product review” ad slots at hefty prices to unsuspecting users looking to market their products online.

Content farm operates 60+ ‘news’ websites. BleepingComputer has identified a network of more than five dozen “news” websites that impersonate leading media outlets like the BBC, Bloomberg, CNBC, CNN, Crunchbase, Forbes, Huffington Post, The Guardian, The Metro (UK), The Mirror, The Telegraph, Reuters, Washington Times, and Washington Post.

We have released the complete list of these domains in this article below.

As an example, notice the following article published on, which is not associated with the widely circulated newspaper, The Guardian.

BleepingComputer identified that the article, along with its headline and body, was copied word-to-word from a legitimate source,, which is a legal news and commentary website.



Subject: More than inconvenient: Preparing for a cellular outage on Election Day
Source: The Hill

On an ordinary day, living without smartphones will delay, disrupt or cancel many daily activities. Feb. 22 was such a day. Yet there are days we could anticipate when outage effects might have extraordinary impact, such as travel over the Thanksgiving holiday, or maintaining contact with children on Halloween. Outages on those days might result in significant delays or anxious parents, but the effects would likely be personal and limited.

There are other days, however, when loss of connectivity could have devastating effects on democracy and national security. Were such an outage to happen in the United States this November on Election Day, it could disenfranchise millions and have long-lasting and destabilizing political, social and strategic effects.

It is difficult to forecast all the effects a mass cellular service outage would have on a U.S. election, but it is an exercise that government officials and voters should undertake immediately. Regarding local and personal effects, many voters might not be able to find their polling places, rides for elderly and infirm voters would be more difficult to organize and communications between election workers, law enforcement and other government officials might not be coordinated in time to handle problems or report results as expected.

Michael McLaughlin co-leads the Cybersecurity and Data Privacy Practice Group at the law firm of Buchanan Ingersoll & Rooney, PC. He previously served as senior counterintelligence advisor for United States Cyber Command and chief of counterintelligence and human intelligence for the Cyber National Mission Force. Kurt Sanger is founder and director of Integrated Cybersecurity Partners, LLC. For 23 years he served as a judge advocate in the U.S. Marine Corps. His final post on active duty was deputy general counsel for United States Cyber Command.

Tags cell outage Cyberattack election day

Subject: Android banking trojans: How they steal passwords and drain bank accounts
Source: Malwarebytes

[infomercial]For the most popular operating system in the world—which is Android and it isn’t even a contest—there’s a sneaky cyberthreat that can empty out a person’s bank accounts to fill the illicit coffers of cybercriminals.

These are “Android banking trojans,” and, according to our 2024 ThreatDown State of Malware report, Malwarebytes detected an astonishing 88,500 of them last year alone.

While the 2024 ThreatDown State of Malware report focuses heavily on the corporate security landscape today, make no mistake: Android banking trojans pose a serious threat to everyday users. They are well-disguised, hard to detect in regular use, and are a favorite hacking tool for cybercriminals who want to automate the theft of online funds for themselves.

What are Android banking trojans?

By masquerading as everyday mobile apps for things like QR code readers, fitness trackers, and productivity or photography tools, Android banking trojans intercept a person’s online interest in one app, and instead deliver a malicious tool that cybercriminals can abuse later on.

Instead, what makes Android banking trojans so tricky is that, once installed, they present legitimate-looking permissions screens that ask users to grant the new app all sorts of access to their device, under the guise of improving functionality.

As we wrote in the 2024 ThreatDown State of Malware report:

“Once it has accessibility permissions, the malware initializes its Automated TransferSystem (ATS) framework, a complex set of scripts and commands designed to perform automated banking transactions without user intervention. The ATS framework uses the harvested credentials to initiate unauthorized money transfers to accounts held by the attacker. This mimics real user behavior to bypass fraud detection systems.”

Staying safe from Android banking trojans

[commercial msg … ]

Subject: Whistleblower Accuses Aledade, Largest US Independent Primary Care Network, of Medicare Fraud
Source: Fortune via KFF Health News

A Maryland firm that oversees the nation’s largest independent network of primary care medical practices is facing a whistleblower lawsuit alleging it cheated Medicare out of millions of dollars using billing software “rigged” to make patients appear sicker than they were.

The civil suit alleges that Aledade Inc.’s billing apps and other software and guidance provided to doctors improperly boosted revenues by adding overstated medical diagnoses to patients’ electronic medical records.

“Aledade did whatever it took to make patients appear sicker than they were,” according to the suit.

Based in Bethesda, Maryland, Aledade helps manage independent primary care clinics and medical offices in more than 40 states, serving some 2 million people.

Subject: FTC Cracks Down on Mass Data Collectors: A Closer Look at Avast, X-Mode, InMarket
Source: FTC blog

Three recent FTC enforcement actions reflect a heightened focus on pervasive extraction and mishandling of consumers’ sensitive personal data. Proposed Settlements with Avast X-Mode and InMarket. In mid February, the FTC announced a proposed settlement to resolve allegations that Avast, a security software company, unfairly sold consumers’ granular and re-identifiable browsing information—information that Avast amassed through its antivirus software and browser extensions after telling consumers that Avast’s software would protect their privacy, and that any disclosure of their browsing information would only be in aggregate and anonymous form. In January of this year, the FTC announced …[from the FTC Tech blog … ]

Abstracted from beSpacific
Copyright © 2024 beSpacific, All rights reserved.

Subject: U.S. blacklists two people, three companies linked to commercial spyware

March 5 (UPI) — The United States has announced sanctions against two people and five entities linked to a commercial spyware consortium, as the Biden administration continues to target the misuse of this growing security threat.On Tuesday, the U.S. Treasury blacklisted two executives and three companies associated with Intellexa Consortium, which the federal agency described as “a marketing label for a variety of offensive cyber companies that offer commercial spyware and surveillance tools to enable targeted and mass surveillance campaigns.”

The Treasury blamed the consortium for enabling the proliferation of commercial spyware around the world, including to authoritarian regimes, specifically its Predator spyware, which has been used by foreign actors to surveil U.S. government officials, journalists and policy experts, it said.

“Today’s actions represent a tangible step forward in discouraging the misuse of commercial surveillance tools, which increasingly present a security risk to the United States and our citizens,” Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian Nelson said in a statement.



Subject: Co-working spaces might actually be a security nightmare
Source: techradar

techradar: “A new study of more than 1,000 remote workers by Beyond Identity has revealed that co-working spaces could actually be costing businesses their cybersecurity despite being cheaper in terms of rent. According to the report, co-working spaces are the most likely place for data to be stolen, with 18% having previously chosen to locate themselves in a co-working office and had their data stolen…

Abstracted from beSpacific
Copyright © 2024 beSpacific, All rights reserved.

Subject: AG Henry in Letter to Meta: Investigate Causes of Spike in “Account Takeovers,” Increase Protection for Consumers
Source: PA Office of the AG

HARRISBURG — Attorney General Michelle Henry announced that she and forty other Attorneys General have sent a letter to social media giant, Meta, asking for an investigation into the increase of “account takeover” incidents — when hackers lock consumers out of accounts, steal personal information, and post harmful content.In the letter, the Attorneys General present data to show the activity has increased dramatically in recent years — in Pennsylvania, takeovers increased 270 percent from 2022 to 2023 — while asking Meta what it is doing to prevent the takeovers and field complaints from victims.

State Attorneys General have often served as the responsive agency for consumer reports, while Meta customer service has been silent or slow to react.

The increase in account takeovers may be, in part, due to Meta’s recent layoffs of around 11,000 employees, many reportedly from the “security, privacy, and integrity sector.”

Subject: Video Doorbells Sold By Big Retailers Have Major Security Flaws
Source: Consumer Reports

The devices are also sold by Walmart, Sears, and other retailers—and big platforms have faced few consequences for shipping flawed products

Previously, regulators have asserted that thousands of unsafe products, including potentially dangerous children’s sleepwear, carbon monoxide detectors, and dietary supplements, have been widely available on Amazon.

“Big e-commerce platforms like Amazon need to take more responsibility for the harms generated by the products they sell,” says Justin Brookman, director of technology policy for CR. “There is more they could be doing to vet sellers and respond to complaints. Instead, it seems like they’re coasting on their reputation and saddling unknowing consumers with broken products.”

The security issues are serious. People who face threats from a stalker or estranged abusive partner are sometimes spied on through their phones, online platforms, and connected smartphone devices. The vulnerabilities CR found could allow a dangerous person to take control of the video doorbell on their target’s home, watching when they and their family members come and go.

More on Home Security

CR Security Planner


Subject: CISA and NSA Release Cybersecurity Information Sheets on Cloud Security Best Practices
Source: CISA

Today, CISA and the National Security Agency (NSA) released five joint Cybersecurity Information Sheets (CSIs) to provide organizations with recommended best practices and/or mitigations to improve the security of their cloud environment(s).

CISA and NSA encourage all organizations to review the practices and implement the mitigations provided in the joint CSIs to help strengthen their cloud security. For more information on cloud security best practices, see CISA’s Secure Cloud Business Applications (SCuBA) Project and Trusted Internet Connections (TIC) pages.


Subject: Flaws in public records management tool could let hackers nab sensitive data linked to requests
Source: Nextgov/FCW

The GovQA platform, created by IT company Granicus, contained vulnerabilities that could have let cybercriminals retrieve tranches of sensitive files tied to public records requests, a security researcher revealed to Nextgov/FCW.A popular tool used by numerous state and local governments to manage public records requests contained defects that could have allowed hackers to download troves of unsecured files tethered to records inquiries, including highly sensitive personal information like IDs, fingerprints, child welfare documentation and medical reports, Nextgov/FCW has learned.

The flaws, which have been remedied, could have also enabled hackers to trick the system into letting individuals edit or change the metadata of records requests without administrators knowing.

The platform, called GovQA, is a public records querying system designed by IT services provider Granicus, and is used by hundreds of government management centers across the U.S. to help offices sort records delivered to requesters through official public access channels.

The vulnerabilities were discovered by independent cybersecurity researcher Jason Parker, who relayed the findings to Nextgov/FCW.



Posted in: Cybercrime, Cybersecurity, Healthcare, Privacy