{"id":20431,"date":"2025-01-18T07:00:00","date_gmt":"2025-01-18T05:00:00","guid":{"rendered":"https:\/\/forklog.com\/en\/us-supreme-court-backs-tiktok-law-wazirx-freezes-3m-in-usdt-and-other-cybersecurity-developments\/"},"modified":"2025-01-18T07:00:00","modified_gmt":"2025-01-18T05:00:00","slug":"us-supreme-court-backs-tiktok-law-wazirx-freezes-3m-in-usdt-and-other-cybersecurity-developments","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/us-supreme-court-backs-tiktok-law-wazirx-freezes-3m-in-usdt-and-other-cybersecurity-developments\/","title":{"rendered":"US Supreme Court backs TikTok law, WazirX freezes $3m in USDT, and other cybersecurity developments"},"content":{"rendered":"<p>We gathered the week\u2019s most important cybersecurity news.<\/p>\n<div class=\"wp-block-text-wrappers-keypoints article_keypoints\">\n<ul class=\"wp-block-list\">\n<li>Crypto exchange WazirX froze $3 million in stolen funds.<\/li>\n<li>The US Supreme Court upheld a law that could ban TikTok.<\/li>\n<li>Bugs in tunnelling protocols were deemed a threat to 4.2 million internet hosts.<\/li>\n<li>A Google OAuth vulnerability exposed access to abandoned accounts.<\/li>\n<\/ul>\n<\/div>\n<h2 class=\"wp-block-heading\"><strong>Crypto exchange WazirX freezes $3 million in stolen funds<\/strong><\/h2>\n<p>Indian cryptocurrency exchange WazirX traced and froze $3 million in USDT from funds stolen in a July 2024 hack, <a href=\"https:\/\/decrypt.co\/301538\/wazirx-freezes-3-million-hack\">Decrypt<\/a> reports.<\/p>\n<p>The asset freeze comes amid an ongoing restructuring and restitution effort. The exchange plans to resume trading by February.<\/p>\n<p>In a joint <a href=\"https:\/\/www.mofa.go.jp\/files\/100779661.pdf\">statement<\/a>, the US, Japan and South Korea blamed North Korea\u2019s Lazarus Group for the breach. Earlier, Elliptic analysts <a href=\"https:\/\/u1f987.com\/en\/news\/north-korean-hackers-implicated-in-wazirx-breach-says-elliptic\">pointed<\/a> to North Korea.<\/p>\n<h2 class=\"wp-block-heading\"><strong>US Supreme Court upholds law enabling possible TikTok ban<\/strong><\/h2>\n<p>TikTok failed to persuade the US Supreme Court to block a law that could ban the app in the country if Chinese owner ByteDance remains in control, <a href=\"https:\/\/us.cnn.com\/2025\/01\/17\/politics\/tiktok-ban-supreme-court\/index.html\">CNN<\/a> reports.<\/p>\n<p>The House of Representatives passed the bill in spring 2024. Authorities deemed TikTok a national-security risk over potential transfers of Americans\u2019 data to the Chinese government.<\/p>\n<p>The law takes effect on January 19, but it does not mandate an immediate shutdown. ByteDance can still sell the app to a US or other foreign company. President-elect Donald Trump can also pause the ban for 90 days.<\/p>\n<p>Meanwhile in the EU, privacy-rights nonprofit None of Your Business <a href=\"https:\/\/noyb.eu\/en\/tiktok-aliexpress-shein-co-surrender-europeans-data-authoritarian-china\">filed<\/a> six complaints against TikTok, AliExpress, SHEIN, Temu, WeChat and Xiaomi over unlawful transfers of Europeans\u2019 data to China and violations of the <span data-descr=\"General Data Protection Regulation\" class=\"old_tooltip\">GDPR<\/span>. The complaints were submitted to authorities in Greece, Italy, Belgium, the Netherlands and Austria.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Tunnelling-protocol bugs threaten 4.2 million internet hosts<\/strong><\/h2>\n<p>More than 4.2 million internet hosts, including VPN servers and private home routers, are exposed to compromise due to vulnerabilities in tunnelling protocols IPIP\/IP6IP6, GRE\/GRE6, 4in6 and 6in4. The <a href=\"https:\/\/papers.mathyvanhoef.com\/usenix2025-tunnels.pdf\">findings<\/a> were presented by researchers at KU Leuven in Belgium together with Top10VPN.<\/p>\n<p><iframe loading=\"lazy\" width=\"560\" height=\"315\" src=\"https:\/\/www.youtube.com\/embed\/eFZsM3khrSk?si=W9dLI0jAtqnxg5Os\" title=\"YouTube video player\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n<p>Misconfigured systems accept tunnelled packets without verifying the sender\u2019s identity. This lets attackers intercept them for <span data-descr=\"denial of service\" class=\"old_tooltip\">DoS<\/span> attacks and <span data-descr=\"Domain Name System\" class=\"old_tooltip\">DNS<\/span> spoofing, and to gain access to internal networks and <span data-descr=\"Internet of Things\" class=\"old_tooltip\">IoT<\/span> devices. Vulnerable hosts can also be abused as one-way proxies for anonymous cybercrime.<\/p>\n<p>Most potential victims are concentrated in China, France, India, Australia, the US and Russia.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Configs for 15,000 FortiGate devices leaked on the dark web<\/strong><\/h2>\n<p>A new hacker group, Belsen Group, published FortiGate firewall configurations for more than 15,000 unique devices. Cybersecurity expert Kevin Beaumont <a href=\"https:\/\/doublepulsar.com\/2022-zero-day-was-used-to-raid-fortigate-firewall-configs-somebody-just-released-them-a7a74e0b0c7f?gi=17c75df5ac98\">flagged<\/a> the release.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-qw.googleusercontent.com\/docsz\/AD_4nXcGIsKnaRz2CkT2hpVz_ifiUxJSfB1Ne1tP9UAOTK_JVg_7SE2n5uxlOj8z-li7fcq6GBg_fGbwHcS6kIKkcAE0un2R_F3xtZLu55_9x8WZkscuZoWT_lFzcm__19KjNoUtu5Zp6A?key=tuNTP-6T8oZ4ny_xfMgzwOJ7\" alt=\"US versus TikTok, $3m USDT freeze and other cybersecurity events\"\/><figcaption class=\"wp-element-caption\">Post on a hacking forum. Source: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-leak-configs-and-vpn-credentials-for-15-000-fortigate-devices\/\">Bleeping Computer<\/a>.<\/figcaption><\/figure>\n<p>The 1.6GB archive is organised by country and IP address. It contains VPN credentials with passwords, some stored in clear text, as well as FortiGate configurations with private keys and firewall rules.<\/p>\n<p>The leak is likely linked to a 2022 zero-day. It still exposes a large volume of sensitive information about network defences.<\/p>\n<p>Separately, Fortinet <a href=\"https:\/\/fortiguard.fortinet.com\/psirt\/FG-IR-24-535\">reported<\/a> that a recently discovered firewall vulnerability is being used to breach corporate networks. Organisations are advised to disable management access on public interfaces.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Biden signs order to bolster US cybersecurity<\/strong><\/h2>\n<p>US President Joe Biden <a href=\"https:\/\/www.whitehouse.gov\/briefing-room\/presidential-actions\/2025\/01\/16\/executive-order-on-strengthening-and-promoting-innovation-in-the-nations-cybersecurity\/\">signed an executive order<\/a> to strengthen the country\u2019s cybersecurity, streamlining sanctions against hacking groups targeting federal agencies and critical infrastructure.<\/p>\n<p>The order also foresees acceptance of digital IDs to combat cybercrime and fraud, the use of AI, and additional investment to harden internal systems.<\/p>\n<p>Days earlier, the <span data-descr=\"US Treasury\u2019s Office of Foreign Assets Control\" class=\"old_tooltip\">OFAC<\/span> <a href=\"https:\/\/home.treasury.gov\/news\/press-releases\/jy2790\">imposed sanctions<\/a> on North Korean front companies Korea Osong Shipping Co and Chonsurim Trading Corporation, as well as their presidents Chong In Chol and Son Kyong Sik, for revenue from illicit remote IT work schemes. The list also included:<\/p>\n<ul class=\"wp-block-list\">\n<li>the Chinese company Liaoning China Trade, which supplied electronic equipment to Department 53 of North Korea\u2019s Ministry of National Defense;<\/li>\n<li><a href=\"https:\/\/home.treasury.gov\/news\/press-releases\/jy2792\">hacker Yin Kechen<\/a>, linked to the Salt Typhoon group, and Chinese cybersecurity firm Sichuan Juxinhe Network Technology Co.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\"><strong>Chinese PlugX backdoor removed from thousands of US computers<\/strong><\/h2>\n<p>The FBI <a href=\"https:\/\/www.justice.gov\/opa\/pr\/justice-department-and-fbi-conduct-international-operation-delete-malware-used-china-backed\">removed<\/a> the Chinese PlugX malware from 4,258 computers and networks across the country. It has been used for cyber-espionage and remote access since at least 2008.<\/p>\n<p>Initially, several hacker groups used PlugX to target government, defence, technology and political organisations in Asia, before spreading it worldwide.<\/p>\n<p>The malware offers extensive capabilities, including system reconnaissance, file upload\/download, keylogging and command execution.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Google OAuth flaw opened access to abandoned accounts<\/strong><\/h2>\n<p>Truffle Security CEO Dylan Ayrey found that if attackers purchase a domain previously owned by a startup, Google\u2019s OAuth login can be used to recreate the email accounts of former employees.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">? Today we are announcing a new Oauth bug that affects millions of accounts<\/p>\n<p>TLDR: Google\u2019s OAuth login doesn\u2019t protect against someone purchasing a failed startup\u2019s domain and using it to re-create email accounts for former employees<\/p>\n<p>? full blog ??<a href=\"https:\/\/t.co\/PqIe6Gqkn9\">https:\/\/t.co\/PqIe6Gqkn9<\/a> <a href=\"https:\/\/t.co\/2ARayVDDV5\">pic.twitter.com\/2ARayVDDV5<\/a><\/p>\n<p>\u2014 Truffle Security (@trufflesec) <a href=\"https:\/\/twitter.com\/trufflesec\/status\/1878932090366153159?ref_src=twsrc%5Etfw\">January 13, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The recreated identities do not give new owners access to past messages on communications platforms, but they do allow sign-ins to services such as Slack, Notion, Zoom, ChatGPT and various HR tools.<\/p>\n<p>According to Ayrey, OAuth issues a unique, persistent identifier for each user at login, despite changes in domain ownership or email address.<\/p>\n<p>He first reported the flaw to Google on September 30, 2024. As of January 14, 2025, it remained unpatched.<\/p>\n<p>Also on ForkLog:<\/p>\n<ul class=\"wp-block-list\">\n<li>Apple disabled AI notification summaries <a href=\"https:\/\/u1f987.com\/en\/news\/apple-suspends-ai-notification-summaries-after-false-alerts\">after fakes<\/a>.<\/li>\n<li>A crypto-project founder sued the US Attorney General.<\/li>\n<li>A <a href=\"https:\/\/u1f987.com\/en\/news\/burwick-law-readies-suit-against-pump-fun-on-behalf-of-investors-who-lost-significant-sums\">lawsuit<\/a> will be filed against Pump.fun on behalf of investors who lost \u201csignificant sums\u201d.<\/li>\n<li>Malware attacks via Telegram grew <a href=\"https:\/\/u1f987.com\/en\/news\/telegram-malware-scams-targeting-crypto-investors-surge-2000-in-two-months\">by 2,000%<\/a> in two months.<\/li>\n<li>Cryptocurrencies worth <a href=\"https:\/\/u1f987.com\/en\/news\/illicit-crypto-activity-totaled-40-9-billion-in-2024\">$40.9bn<\/a> were involved in illicit activity.<\/li>\n<li>US authorities will <a href=\"https:\/\/u1f987.com\/en\/news\/us-authorities-to-return-94643-btc-stolen-from-bitfinex\">return to Bitfinex<\/a> the stolen 94,643 BTC.<\/li>\n<li>Prosecutors sought up to <a href=\"https:\/\/u1f987.com\/en\/news\/bitmama-faces-up-to-10-years-in-prison\">10 years in prison<\/a> for Bitmama.<\/li>\n<li>The fraudulent online market Huione Guarantee\u2019s turnover exceeded <a href=\"https:\/\/u1f987.com\/en\/news\/huione-guarantees-illicit-marketplace-turnover-exceeds-24bn\">$24bn<\/a>.<\/li>\n<li>Sony\u2019s Soneium project was <a href=\"https:\/\/u1f987.com\/en\/news\/sonys-soneium-accused-of-blacklisting-undesirable-tokens\">accused of blocking<\/a> \u201cundesirable\u201d assets.<\/li>\n<li>Russia opened a case over <a href=\"https:\/\/u1f987.com\/en\/news\/russia-opens-case-over-illicit-crypto-exchange-via-rapidpay\">illegal crypto exchange<\/a> via the Rapidpay payment system.<\/li>\n<li>Hackers stole 143 ETH via a <a href=\"https:\/\/u1f987.com\/en\/news\/hackers-steal-143-eth-via-transaction%e2%80%91simulation-spoofing\">transaction simulation<\/a>.<\/li>\n<li>New York\u2019s Attorney General will <a href=\"https:\/\/u1f987.com\/en\/news\/new-york-attorney-general-to-serve-suspected-crypto-fraudsters-with-nfts\">issue NFTs<\/a> for crypto fraudsters.<\/li>\n<li>Data of 7 million OpenSea users was <a href=\"https:\/\/u1f987.com\/en\/news\/email-addresses-of-over-7m-opensea-users-published-online\">posted<\/a> online.<\/li>\n<li>The Litecoin X account <a href=\"https:\/\/u1f987.com\/en\/news\/litecoins-x-account-promoted-a-fake-memecoin\">promoted<\/a> a fake memecoin.<\/li>\n<li>Wolf Capital\u2019s head <a href=\"https:\/\/u1f987.com\/en\/news\/wolf-capital-co-founder-pleads-guilty-to-9-4m-crypto-scam\">pleaded guilty<\/a> to a $9.4m crypto scam.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\"><strong>What to read this weekend?<\/strong><\/h2>\n<p>A round-up of cybercriminal schemes to watch in 2025.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We gathered the week\u2019s most important cybersecurity news. Crypto exchange WazirX froze $3 million in stolen funds. The US Supreme Court upheld a law that could ban TikTok. Bugs in tunnelling protocols were deemed a threat to 4.2 million internet hosts. A Google OAuth vulnerability exposed access to abandoned accounts. Crypto exchange WazirX freezes $3 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":20430,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1238,1233],"class_list":["post-20431","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity-digest","tag-industry-digests"],"aioseo_notices":[],"amp_enabled":true,"views":"23","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/20431","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=20431"}],"version-history":[{"count":0,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/20431\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/20430"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=20431"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=20431"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=20431"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}