A new phishing campaign has been found delivering a variant of infamous TrickBot trojans to victims. The campaign spoofs the well-known bank, Lloyds, in order to trick its targeted users.
My Online Security, a UK-based cybersecurity firm, has revealed a detailed analysis of the phishing campaign. It found that the TrickBot variant focuses on reading and grabbing the OS reliability database. In addition, the banking trojan is found gathering information from C:\ProgramData\Microsoft\RAC\.Read More
Daniel’s Hosting, one of the largest providers of Dark Web hosting services, has been compromised and taken offline by hackers. The incident occurred on November 15, 2018, and has resulted in the loss of 6500 plus Dark Web services hosted on the platform.
The news was confirmed by Daniel Winzen, the founder of Daniel’s Hosting.
"On November 15th around 10-11 PM UTC, the hosting server got hacked. As per my analysis, it seems someone got access to the database and deleted all accounts" Winzen wrote on the DH website.
Winzen also declared that hackers have deleted the root account of the server and that there is no way to recover from the loss. The service cannot be re-enabled unless the vulnerability is detected.Read More
Researchers at Privacy4Cars found that the hack can be performed by leveraging Bluetooth protocol and does not need any expensive hardware or software tool. “Privacy4Cars, the first and only mobile app designed to help erase Personally Identifiable Information (PII) from modern vehicles, publicly disclosed today the existence of a concerning vehicle hack, titled CarsBlues, that exploits infotainment systems of several makes via the Bluetooth protocol. The attack can be performed in a few minutes using inexpensive and readily available hardware and software and does not require significant technical knowledge” said Privacy4Cars in its analysis report. The hack came into limelight in February 2018 during the development of the Privacy4Cars app. It was discovered by Andrea Amico, founder of the firm.Read More
Vovox, a San Diego-based communications company, has exposed around 26 million text messages including other crucial data belonging to its customers in a recent data leak incident. The leak occurred due to an unprotected database belonging to the firm. The communications giant reportedly did not protect its server with a password, as a result of which personal data of customers working in companies such as Microsoft, Amazon and Google was leaked. The compromised information includes phone numbers, messages, password reset links and codes, two-factor verification codes, temporary passwords, shipping notifications and other details of customers.Read More
A recent extensive testing session has revealed that most ATMs can be hacked in under 20 minutes or even less, in certain type of attacks. Security experts at Positive Technologies have provided a detail report after conducting tests on ATMs from NCR, Diebold, Nixdorf and GRGBanking.Read More
Holiday shopping can be extremely stressful, which is why a majority of people have begun shopping online. While online shopping can offer convenience and can be a time-saver, there are some risks involved. For consumers, online shopping can be a boon, but for cybercriminals, it offers an opportunity.Read More
A new modular malware called tRAT has been discovered recently. The reconnaissance malware is being leveraged by the APT group TA505. tRAT is currently being used to target financial institutions and is being distributed via phishing campaigns.Read More
The new set of dumps, unauthorized digital copies of the information contained in magnetic stripe of a bank card, came with the payment details of 177,878 cards from Pakistani and the other international banks. On November 13, Group-IB Threat Intelligence system detected an abnormal spike in Pakistani banks’ data offered for sale on one of the card shops: a new set of dumps was uploaded to Joker’s Stash. The total amount of dumps that went on sale on Nov. 13 was amounted to 177,878: there were 150,632dumps of Pakistani banks, 16,227 cards of other regions’ banks and 11,019 dumps of undefined banks. However, it is very rare, that Pakistani banks’ cards come on sale on the dark net card shops. In the past six months it was the only big sale of Pakistani banks’ data.” Prior to this data leak, Group-IB experts detected two consecutive Pakistani banks’ compromised cards uploads to Joker’s Stash.Read More
A Russian state-sponsored cyber-espionage group has come back to life after a one-year period of inactivity with a relative large spear-phishing campaign that has targeted both the US government and private sector. The hacking group is known in infosec circles as Cozy Bear, APT29, The Dukes, or PowerDuke, and is infamous because it's one of the two Russian state hacking crews that hacked the Democratic National Committee before the 2016 US Presidential Elections. FireEye, in particular, confirmed that 20 of its customers had received Cozy Bear's spear-phishing emails --customers across "Defense, Imagery, Law Enforcement, Local Government, Media, Military, Pharmaceutical, Think Tank, Transportation, & US Public Sector industries in multiple geographic regions." The last time cyber-security firms detected a Cozy Bear campaign, the hackers targeted members of the Norwegian and Dutch governments in 2017, and US think tanks and NGOs in late 2016.Read More
Isaias Laureano, right, both cyber operations specialists from the Expeditionary Cyber Support Detachment, 782nd Military Intelligence Battalion (Cyber), from Fort Gordon, Ga., provide offensive cyber operations during training at the National Training Center, Fort Irwin, Calif., Jan. 18-24, 2018. The Army's cyber force plans to incorporate more electronic warfare and information operations assets in its future mission. Camille Coffey, a cyber operations specialist from the Expeditionary Cyber Support Detachment, 782nd Military Intelligence Battalion (Cyber), from Fort Gordon, Ga., provides offensive cyber operations as part of the Cyber Electromagnetic Activities Support to Corps and Below program at the National Training Center, Fort Irwin, Calif., Jan. 18-24, 2018. The Army's cyber force plans to incorporate more electronic warfare and information operations assets in its future mission.Read More
It then scans various targets, as set by commanding PHP script, and sends results to the botnet administrator via email, hardcoded in one of the PHP scripts. It sends out “the introduction” of the compromised host (see figure below) into another PHP script, hosted in the URL hxxp://www[.]karaibe[.]us/[.]foo/remote/info[. The script on the figure below was used to run a Perl script psc2 (detected by Trend Micro as ELF_PORTSCAN.TNK), which searched for RDP-related open ports. First variant of the script running Perl script psc2 and rdp tool Second variant of the script running Perl script psc2 and rdp tool, with embedded wordlist Results are output to the target list called “bios,” which is then fed to known brute tool (detected by Trend Micro as HKTL_PORTSCAN) used for brute force, in a wrapper bash script called “go.” The toolkit allows attackers to target certain countries using the “class” files.Read More
Windows 10 update creates network and security issues Microsoft confirmed that Windows 10 October 2018 Update, aka version 1809, has caused issues that involve losing network access. The same re-released Windows 10 update has compatibility issues with some Trend Micro security products. Some Windows Insiders were outraged after an update to the Windows 10 Mail app enabled ads for non-Office 365 subscribers. Trump signs bill that creates new cybersecurity agency The Cybersecurity and Infrastructure Security Agency Act names the Department of Homeland Security's National Protection and Program Directorate as the head of this new cybersecurity agency.Read More
The supposed hacker is named Alexander Zhukov, a Saint Petersburg native who's been living in Varna, Bulgaria, since 2010, according to Russian newspaper Kommersant, which first reported the arrest. Details about Zhukov's alleged crimes are still under seal, pending his extradition and arraignment in a US court. A Crime Russia report claims Zhukov might have been involved in an ad fraud scheme that Google shut down at the end of October, exposed thanks to a BuzzFeed investigation, although there is no public statement or evidence to support this theory, at the moment. Kommersant reporters, who spoke to Zhukov's friends, said he operated a network of 50 servers that he rented to other people, who'd later use them to could inflate video ad views. Based on this detail, it appears that Zhukov might not be connected to the BuzzFeed report, which Google later said it relied on the TechSnab malware to perform the fraudulent ad clicks.Read More
by Angus Grigg Nick McKenzie China's peak security agency has directed a surge in cyber attacks on Australian companies over the past year, breaching an agreement struck between Premier Li Keqiang and former Prime Minister Malcolm Turnbull to not steal each other's commercial secrets.An investigation by The Australian Financial Review and Nine News has confirmed China's Ministry of State Security (MSS), is responsible for what is known in cyber circles as "Operation Cloud Hopper", a wave of attacks detected by Australia and its partners in the Five Eyes intelligence sharing alliance.A senior Australian government source described China's activity as "a constant, significant effort to steal our intellectual property".The cyber theft places intense pressure on the Morrison government to respond either via law enforcement, diplomatic channels or public advocacy, in order to uphold the cyber security pact signed between the two countries only last year.Read More
Vulnerability Spotlight: Multiple remote vulnerabilities in TP-Link TL-R600VPN Cisco Talos is disclosing multiple vulnerabilities in the TP-Link TL-R600VPN router. There are two root causes of the vulnerabilities: a lack of input sanitisation and parsing errors. The lack of proper input sanitisation leads the vulnerabilities TALOS-2018-0617/18, which can be exploited without authentication. Parsing errors are responsible for the vulnerabilities TALOS-2018-0619/20. All vulnerabilities were found on HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3, except for TALOS 2018-0620, which was found only on HWv3 FRNv1.3.0.Read More
White hat hackers earned more than $1 million for exploits disclosed at the Tianfu Cup PWN hacking competition that took place on November 16-17 in Chengdu, the capital of China's Sichuan province. At the Tianfu Cup PWN competition, participants earned a total of $120,000 for two Microsoft Edge exploits that allowed remote code execution. Two Chrome exploit chains earned hackers a total of $150,000. Researchers also earned $120,000 for two Oracle VirtualBox exploit chains, and $100,000 for hacking VMware Workstation and Fusion. A Microsoft Office exploit chain involving a logical bug and a memory corruption flaw earned researchers $80,000. According to organizers, participants earned $1,024,000 for disclosing 30 vulnerabilities.Read More