• DarkHydrus adds Google Drive support to its RogueRobin Trojan
    According to the analysis made by malware researchers from Palo Alto Networks, the text file includes parts of a Windows Script Component (.SCT) file that once concatenated delivers a version of the RogueRobin trojan. The function builds the contents of a second file by concatenating several strings together, but this second file is a .sct file that the function will write to a file %TEMP%\12-B-366.txt.” reads the analysis published by PaloAlto Networks. The function then uses the built-in Shell function to run the following command, which effectively executes the .sct file stored in 12-B-366.txt“ The samples of the RogueRobin Trojan analyzed by Palo Alto Networks implement additional functionality, they include the use of Google Drive API. This command is particularly interesting as it enables an alternative command and control channel that uses the Google Drive API.” continues Palo Alto Networks.Read More
  • Cyber Heist: BB to file case with NY court in 10 days
    Bangladesh Bank is all set to file a case with a New York court within the next 10 days over the central bank reserve heist, said Finance Minister AHM Mustafa Kamal. “I can assure you that a case will be filed with the given timeframe,” Kamal told journalists at his secretariat office yesterday after attending a meeting with Bangladesh Financial Intelligence Unit (BFIU). When asked against whom the case would be filed, the minister said lawyers of Bangladesh and the United States would decide. Read More: BB Heist: First conviction, after 3 years According to ministry sources, Bangladesh will sue Rizal Commercial Banking Corp (RCBC) as the prime accused in the case. For filing the case with a NY court it has to be processed through a law firm there. For the last one year, the BFIU held discussions with some US law firms and selected one for lodging the case.Read More
  • Newcastle school targeted in fees phishing scam
    Image copyright Google Image caption Royal Grammar School in Newcastle was one of a number of schools targeted in the cyber attack Fee-paying schools were targeted in a cyber attack which accessed parents' email addresses, it has emerged. Newcastle's Royal Grammar School warned parents of the "sophisticated attack". In an email to parents, the grammar school's headmaster, John Fern, said it had reported the attack to police. The school told parents it was working with the company that provides its email systems, iSAMS, to "establish exactly what happened". The ICO did not provide details of how many schools were affected but said: "[We are] aware of other phishing type attacks that have been targeted towards schools.Read More
  • Malicious websites could exploit Extension APIs to grab browser data
    Malicious websites could exploit Extension APIs to grab browser data. APIs for 197 browser extensions are under the scanner for security issues, said a researcher. Along with making browser data vulnerable, attackers can even get into user accounts such as their social media profiles or work accounts.Read More
  • Corporate Best Practices in Security Awareness and Training Programs
    In fact, I was so impressed with the security awareness efforts happening at Lear, I asked Earl Duby if he was willing to be interviewed for a blog on their global best practices in security awareness. Mr. Duby has an impressive security career that started at Federal-Mogul as an information security analyst, moved to Lear as the manager over network operations, moved on to Affinia Group for multiple director roles in security and compliance, moved to GE Capital as Vice President of Information Security Architecture and finally moved back to Lear as a senior security manage and now CISO. Exclusive Interview on Security Awareness and Training Programs between Earl Duby, CISO at Lear Corporation and Dan Lohrmann And probably most noticeably, we redesigned our security awareness and training program and put a much bigger focus on training our employees to be extensions of our security team – reengaging our workforce and essentially crowdsourcing security. ED: The focus on our Lear Security Awareness and Training (LSAT) program was driven by mission and necessity.Read More
  • Hacked Customer Data From World Leading Cryptocurrency Exchanges For Sale On The Dark Web?
    On a darknet market called “Dread,” a vendor going by “ExploitDOT” is attempting to sell user data from the know-your-customer (KYC) data top cryptocurrency exchanges ask for, required by most jurisdictions. According to data shared with CCN, the hacker has an ad that has been online since July 2018, in which he claims to have hacked documents used in KYC checks – including identity cards and drivers’ licenses – from users of top exchanges like Bittrex, Poloniex, Bitfinex, and Binance. A cybersecurity expert who contacted CCN and chose to remain anonymous has detailed that after contacting the individual posing as a buyer, he was able to get three free samples out of him as proof that the leaked documents are legitimate. Although the sample was small, the vendor selling the hacked data claims it has documents from people in every country cryptocurrency exchanges serve. An exchange the security expert allegedly had with Binance via email, which couldn’t be independently verified, seems to show the latter found “some inconsistencies” between the data it was presented with and the “samples provided” – presumably the KYC images.Read More
  • Arrested Portuguese hacker is Football Leaks 'whistleblower' - lawyers
    LISBON (Reuters) - A Portuguese man arrested in Hungary on suspicion of extortion and secrecy violations hacked football bodies' documents - which later appeared on the Football Leaks website - because he was "outraged" by criminality in the sport, his lawyers said. The man, named by his lawyers as 30-year-old Rui Pinto, was detained in Hungary on Wednesday on a European arrest warrant filed by Portuguese police who want to extradite him. Asked by Reuters if the arrested man was Rui Pinto, Carlos Cabreiro, the Portuguese police's head of cyber crime, said he could not comment. Pinto, they said, became an "important European whistleblower for Football Leaks" and his revelations have "enabled numerous European judicial authorities to gain knowledge of criminal practices in the world of football". According to Pinto's lawyers, Doyen Sports, a Malta-based investment company providing funds to football clubs, filed a criminal complaint against Pinto in Portugal in 2015. The spokesperson said the case had been on hold until emails from Portugal's biggest football team, Benfica, were leaked in 2017, prompting Portuguese police to act.Read More
  • Popular WordPress plugin hacked by angry former employee
    A very popular WordPress plugin was hacked over the weekend after a hacker defaced its website and sent a mass message to all its customers revealing the existence of supposed unpatched security holes. According to its website, WPML has over 600,000 paying customers and is one of the very few WordPress plugins that is so reputable that it doesn't need to advertise itself with a free version on the official WordPress.org plugins repository. The attacker, which the WPML team claims is a former employee, sent out a mass email to all the plugin's customers. Both on Twitter[1, 2] and in a follow-up mass email, the WPML team said the hacker is a former employee who left a backdoor on its official website and used it to gain access to its server and its customer database. WPML claims the hacker used the email addresses and customer names he took from the website's database to send the mass email, but he also used the backdoor to deface its website, leaving the email's text as a blog post on its site [archived version here]. The WPML team also said the hacker didn't gain access to the source code of its official plugin and did not push a malicious version to customers' sites.Read More
  • Ryuk Ransomware: A brief look into the ransomware’s origin and its high-profile attacks
    Ryuk Ransomware: A brief look into the ransomware’s origin and its high-profile attacks. The group operating Ryuk ransomware has earned over 705.80 BTC across 52 transactions for a total current value of $3,701,893.98 USD. Code similarities between Ryuk and Hermes reveal that Ryuk was derived from the Hermes source code.Read More
  • Mimikatz: An offensive tool that is widely used by cybercriminals
    Mimikatz, an offensive tool that is widely used by cybercriminals. It provides a wide range of functions, thus enabling both organized criminals and state-sponsored groups to obtain credentials from memory. Mimikatz exploitation tool was developed in 2017 to target Windows systems.Read More