What is digital ad fraud and how does it work? Ad fraud can help fraudsters to generate revenue for themselves through fake traffic, fake clicks and fake installs. It can also help the cybercriminals to deploy malware on users’ computers.Read More
PlugX RAT: The tale of the RAT that has been used in various cyber-espionage campaigns
PlugX RAT has been used in several attacks launched by Chinese cyber-espionage group APT10. Its capabilities include keystroke logging and performing port mapping, capturing screenshots and videos, creating, executing, renaming, modifying, and deleting files, and restarting or rebooting systems.Read More
What is SMB vulnerability and how it was exploited to launch the WannaCry ransomware attack?
The United States National Security Agency developed an exploit kit dubbed ‘EternalBlue’ to exploit the SMBv1 vulnerability.
In May 2017, the WannaCry ransomware attack infected over 200,000 Windows systems by exploiting the SMBv1 vulnerability via the EternalBlue exploit kit.Read More
Account takeover attack: Here’s a close view of one of the most favored attack technique of fraudsters
Organizations that offer more services on their websites such as customer loyalty rewards are more liable to such attacks. Account takeover attacks are usually performed to conduct financial fraud, spamming, phishing attacks and virtual currency fraud.Read More
Satan Ransomware: An overview of the ransomware’s variants and exploits
Satan ransomware is capable of self-spreading and it usually propagates via JBoss vulnerability, Weblogic vulnerability, and EternalBlue SMB exploit.
Satan ransomware resurfaced with a new variant named Lucky, exploiting almost 10 server-side application vulnerabilities that affect both Windows and Linux-based servers.Read More
Symantec exposes client data during its demonstration process. The company has called the data breach a ‘minor incident’. The hackers had targeted Symantec accounts belonging to several large Australian firms as well as major Australian government departments.Read More
These PuP families have evolved to add push notifications to their arsenal. PUP.Optional.Stream.All and Trojan.FBSpammer are distributed as browser extension plugins. Users must thoroughly review the extensions before installing them on their browser.Read More
Phishing attack at Union Labor Life Insurance impacts 87,400 patients. Ullico Inc. revealed that the breach took place on April 1, 2019. The incident occurred after an employee responded to a phishing email.Read More
The technological choices that nations make will be a key factor in shaping international conflict, particularly between the authoritarian regimes and the developed democracies, he said. "I think it's very much going to be driven by individual choices that democracies make about 5G, and the kind of technological bets that they're making about the future of technology both to their economies and their military systems." Another key factor, however, is that the development and control of digital technologies is still dominated by private-sector players rather than governments. Buchanan says we don't talk about this technological competition in Australia because we are not home to those key technology players. Buchanan said that with accelerating technology, what she referred to as "the global digital commons" is now an area for accelerated competition -- because control is everything there. There are no global negotiations going on about how we regulate the digital commons," nor standards for such things as data sovereignty, digital privacy, or the trade in digital assets.Read More
(Bloomberg) -- Argentina said it isn’t ruling out a cyberattack after what President Mauricio Macri called an “unprecedented” power blackout struck five South American countries on Sunday. Macri said Argentina is investigating the incident, which began with an as yet unexplained fault in its power grid that led to outages in Argentina, Uruguay, Brazil, Chile and Paraguay. “This morning, a fault in the coastal transmission system caused a power outage in the entire country, whose cause we cannot yet determine precisely,” Macri said in a series of comments on Twitter. Paraguay’s National Electricity Administration said the breakdown began with an as yet unexplained event in Argentina’s power network, which led to a fault that disconnected all generators at the Yacyreta hydroelectric dam from the regional grid on Sunday morning. Underscoring the vulnerability of cross-border grids to local glitches, the outage disrupted regional elections in Argentina and cut off power for millions in South America’s second-biggest economy.Read More
With Apple’s (admittedly ugly) iPhone 11 now coming together quickly and recent iOS 12 releases looking rock solid, the company has been on something of a roll. Apple Israeli forensics company Cellebrite has told users that it has found a way to break into any iPhone or iPad running any version of iOS - including the latest release. Apple In addition to this, the obvious point to make is that a backdoor to iPhones and iPads has clearly been found and - given its vulnerability across every version of iOS - it is not one Apple either knows about or knows how to prevent. Apple Delivers Important iOS 13 iPhone Upgrade NoticeRead More
A new European Union (EU)-funded project aims to disrupt criminals trafficking wildlife in or via the EU using the internet, postal or fast parcel services. Funded by the Internal Security Fund of the Directorate General for Migration and Home Affairs of the European Commission, the two-year “Disrupting and dismantling wildlife cybercriminals and their networks in the European Union” project will help train customs, police and other enforcement officers across the EU to detect and deter wildlife trafficking. “The increasing volume of parcel deliveries, linked to the growth of e-commerce, represents a significant challenge for those enforcing the EU Wildlife Trade Regulations, who will benefit from the support provided through this project,” said Emilie Van der Henst, the WWF/TRAFFIC Project Coordinator. The internet provides wildlife traffickers access to a vast international marketplace—one without borders that is open 24 hours a day, seven days a week, 365 days a year, where wildlife cybercriminals exploit the anonymity afforded to them online.Read More
A security breach at American Medical Collection Agency (AMCA), a provider of billing services for the US healthcare sector, has now exposed the personal and financial information of over 20 million Americans, possibly more. The exposed data belongs to Americans who paid laboratory work at various clinical and blood testing labs across the US and used AMCA's billing portal. Since officially confirming the breach, several of AMCA's corporate clients (testing labs) have now also started notifying their own customers of their billing partner's security snafu. AMCA initially claimed that only 200,000 patients had their data stolen by hackers, but subsequent SEC filings by testing laboratories contradicted its initial statements. In Washington, US Sen. Mark Warner (D-VA) also sent a letter to Quest Laboratories demanding the company explain its vetting process for selecting AMCA as a billing vendor, and what requirements a third-party vendor has to pass. Cory Booker and Bob Menendez also sent letters to AMCA, Quest, and LabCorp, seeking official answers on how a breach of this severity went undetected for eight months.Read More
Officials described the move into Russia’s grid and other targets as a classified companion to more publicly discussed action directed at Moscow’s disinformation and hacking units around the 2018 midterm elections.CreditCreditMaxim Shemetov/ReutersBy David E. Sanger and Nicole PerlrothWASHINGTON — The United States is stepping up digital incursions into Russia’s electric power grid in a warning to President Vladimir V. Putin and a demonstration of how the Trump administration is using new authorities to deploy cybertools more aggressively, current and former government officials said.In interviews over the past three months, the officials described the previously unreported deployment of American computer code inside Russia’s grid and other targets as a classified companion to more publicly discussed action directed at Moscow’s disinformation and hacking units around the 2018 midterm elections.Advocates of the more aggressive strategy said it was long overdue, after years of public warnings from the Department of Homeland Security and the F.B.I.Read More
On Friday afternoon, the Israeli forensics firm and law enforcement contractor Cellebrite publicly announced a new version of its product known as a Universal Forensic Extraction Device or UFED, one that it's calling UFED Premium. Cellebrite calls the UFED Premium "the only on-premise solution for law enforcement agencies to unlock and extract crucial mobile phone evidence from all iOS and high-end Android devices." But it's only recently started working on a tool that can unlock Android devices too, according to a report from Forbes earlier this week, while Cellebrite says its new tool can unlock encrypted phones running either Apple or Google's operating systems. Cellebrite too has likely possessed the ability to unlock iOS 12.3 devices prior to this announcement, says Dan Guido, the founder of the New York-based security firm Trail of Bits and a longtime iOS-focused security researcher.Read More
Zeus, Redaman, BackSwap, Emotet, Gozi, and Ramnit are only some of the Trojan families which have gained prominence in the cybercriminal world, however, the operators of campaigns using banking Trojans are constantly cajoling for space and territory. According to IBM's Global Executive Security Advisor Limor Kessem and the IBM X-Force cybersecurity team, the top banking malware operators are now working together to distribute their malware. Trickbot, Gozi, Ramnit, and IcedID were the most active banking Trojans in 2018, and while other forms of malware have grown in popularity, it is the most active -- and prevalent -- forms of financial malware which are now being spread through cybercriminal partnerships. The Russian cybercriminals behind the malware, who target banks and wealth firms managing high-value accounts, have recently diversified into ransomware as part of a wider botnet strategy and are now working with gang members from IcedID. While this malware isn't particularly memorable as a banking Trojan, a recent shift in its deployment is.Read More
In this blog post, we will detail an attack type where an API misconfiguration in the open-source version of the popular DevOps tool Docker Engine-Community allows attackers to infiltrate containers and run a variant (detected by Trend Micro as Backdoor.Linux.DOFLOO.AA) of the Linux botnet malware AESDDoS caught by our honeypots. Docker APIs that run on container hosts allow the hosts to receive all container-related commands that the daemon, which runs with root permission, will execute. When a running container is spotted, the AESDDoS bot is then deployed using the docker exec command, which allows shell access to all applicable running containers within the exposed host. Docker explicitly warns against setting the Docker daemon to listen on port 2375 as this will give anyone the ability to gain root access to the host where the daemon is running, hence access to the API and address must be heavily restricted. Access to critical components like the daemon service that helps run containers should be restricted. Access to critical components like the daemon service that helps run containers should be restricted.Read More
Mirai – the software that has hijacked hundreds of thousands of internet-connected devices to launch massive DDoS attacks – now goes beyond recruiting just IoT products; it also includes code that seeks to exploit a vulnerability in corporate SD-WAN gear. That specific equipment – VMware’s SDX line of SD-WAN appliances – now has an updated software version that fixes the vulnerability, but by targeting it Mirai’s authors show that they now look beyond enlisting security cameras and set-top boxes and seek out any vulnerable connected devices, including enterprise networking gear. “I assume we’re going to see Mirai just collecting as many devices as it can,” said Jen Miller-Osborn, deputy director of threat research at Palo Alto Networks’ Unit 42, which recently issued a report about Mirai. The fact that SD-WAN devices were targeted is more about those particular devices having a vulnerability than anything to do with their SD-WAN capabilities. But the means to exploit the weakness nevertheless is included in a recently discovered new variant of Mirai, according to the Unit 42 report.Read More