• ​New variant of TrickBot banking trojan found being delivered via fake Lloyds bank email
    A new phishing campaign has been found delivering a variant of infamous TrickBot trojans to victims. The campaign spoofs the well-known bank, Lloyds, in order to trick its targeted users. My Online Security, a UK-based cybersecurity firm, has revealed a detailed analysis of the phishing campaign. It found that the TrickBot variant focuses on reading and grabbing the OS reliability database. In addition, the banking trojan is found gathering information from C:\ProgramData\Microsoft\RAC\.Read More
  • ​Popular Daniel’s Hosting gets hacked resulting in the deletion of 6500 plus dark web services
    Daniel’s Hosting, one of the largest providers of Dark Web hosting services, has been compromised and taken offline by hackers. The incident occurred on November 15, 2018, and has resulted in the loss of 6500 plus Dark Web services hosted on the platform. The news was confirmed by Daniel Winzen, the founder of Daniel’s Hosting. "On November 15th around 10-11 PM UTC, the hosting server got hacked. As per my analysis, it seems someone got access to the database and deleted all accounts" Winzen wrote on the DH website. Winzen also declared that hackers have deleted the root account of the server and that there is no way to recover from the loss. The service cannot be re-enabled unless the vulnerability is detected.Read More
  • ​CarsBlues vehicle flaw found affecting millions of vehicles worldwide
    Researchers at Privacy4Cars found that the hack can be performed by leveraging Bluetooth protocol and does not need any expensive hardware or software tool. “Privacy4Cars, the first and only mobile app designed to help erase Personally Identifiable Information (PII) from modern vehicles, publicly disclosed today the existence of a concerning vehicle hack, titled CarsBlues, that exploits infotainment systems of several makes via the Bluetooth protocol. The attack can be performed in a few minutes using inexpensive and readily available hardware and software and does not require significant technical knowledge” said Privacy4Cars in its analysis report. The hack came into limelight in February 2018 during the development of the Privacy4Cars app. It was discovered by Andrea Amico, founder of the firm.Read More
  • ​Vovox data leak: At least 26 million text messages and other sensitive data exposed
    Vovox, a San Diego-based communications company, has exposed around 26 million text messages including other crucial data belonging to its customers in a recent data leak incident. The leak occurred due to an unprotected database belonging to the firm. The communications giant reportedly did not protect its server with a password, as a result of which personal data of customers working in companies such as Microsoft, Amazon and Google was leaked. The compromised information includes phone numbers, messages, password reset links and codes, two-factor verification codes, temporary passwords, shipping notifications and other details of customers.Read More
  • Hackers could break into most ATMs in less than 20 minutes
    A recent extensive testing session has revealed that most ATMs can be hacked in under 20 minutes or even less, in certain type of attacks. Security experts at Positive Technologies have provided a detail report after conducting tests on ATMs from NCR, Diebold, Nixdorf and GRGBanking.Read More
  • Kars4Kids charity accidentally exposes over 21,000 customers’ and donors’ data
    New Jersey-based Kars4Kids charity inadvertently exposed the Personally Identifiable Information (PII) of 21,612 customers and donors. The breach was caused by an unprotected Mongo database.Read More
  • Holiday shoppers beware: Multiple malware families actively hunting for data ahead of Black Friday
    Holiday shopping can be extremely stressful, which is why a majority of people have begun shopping online. While online shopping can offer convenience and can be a time-saver, there are some risks involved. For consumers, online shopping can be a boon, but for cybercriminals, it offers an opportunity.Read More
  • TA505 APT group found delivering new tRAT malware in multiple new campaigns
    A new modular malware called tRAT has been discovered recently. The reconnaissance malware is being leveraged by the APT group TA505. tRAT is currently being used to target financial institutions and is being distributed via phishing campaigns.Read More
  • New set of Pakistani banks’ card dumps goes on sale on the dark web
    The new set of dumps, unauthorized digital copies of the information contained in magnetic stripe of a bank card, came with the payment details of 177,878 cards from Pakistani and the other international banks. On November 13, Group-IB Threat Intelligence system detected an abnormal spike in Pakistani banks’ data offered for sale on one of the card shops: a new set of dumps was uploaded to Joker’s Stash. The total amount of dumps that went on sale on Nov. 13 was amounted to 177,878:  there were 150,632dumps of Pakistani banks, 16,227 cards of other regions’ banks and 11,019 dumps of undefined banks. However, it is very rare, that Pakistani banks’ cards come on sale on the dark net card shops. In the past six months it was the only big sale of Pakistani banks’ data.” Prior to this data leak, Group-IB experts detected two consecutive Pakistani banks’ compromised cards uploads to Joker’s Stash.Read More
  • Russian APT comes back to life with new US spear-phishing campaign
    A Russian state-sponsored cyber-espionage group has come back to life after a one-year period of inactivity with a relative large spear-phishing campaign that has targeted both the US government and private sector. The hacking group is known in infosec circles as Cozy Bear, APT29, The Dukes, or PowerDuke, and is infamous because it's one of the two Russian state hacking crews that hacked the Democratic National Committee before the 2016 US Presidential Elections. FireEye, in particular, confirmed that 20 of its customers had received Cozy Bear's spear-phishing emails --customers across "Defense, Imagery, Law Enforcement, Local Government, Media, Military, Pharmaceutical, Think Tank, Transportation, & US Public Sector industries in multiple geographic regions." The last time cyber-security firms detected a Cozy Bear campaign, the hackers targeted members of the Norwegian and Dutch governments in 2017, and US think tanks and NGOs in late 2016.Read More
  • Cryptojacking Attack Targets Make-A-Wish Foundation Website
    Hackers took advantage of an unpatched Drupal vulnerability in the organization’s website to launch a cryptojacking attack. Researchers said they found the CoinIMP mining script embedded in the non-profit’s website, and that it was taking advantage of the Drupalgeddon 2 vulnerability. “Embedded in the site was a script using the computing power of visitors to the site to mine cryptocurrency into the cybercriminals’ pockets, making their ‘wish’ to be rich, come ‘true,'” said Simon Kenin, security researcher with Trustwave in a Monday post outlining the discovery. That’s low.” The CoinIMP miner is JavaScript based and is often used by unsavory individuals who secretly embed the code into websites and use it to mine Monero currency on a site visitor’s phone, tablet or computer. “The cryptojacking phenomenon is so widely spread that it is sometimes hard to tell whether a website is infected with malware or the mining code was genuinely added by the site owner.Read More
  • Cyber force looks to grow with boost to electronic warfare
    Isaias Laureano, right, both cyber operations specialists from the Expeditionary Cyber Support Detachment, 782nd Military Intelligence Battalion (Cyber), from Fort Gordon, Ga., provide offensive cyber operations during training at the National Training Center, Fort Irwin, Calif., Jan. 18-24, 2018. The Army's cyber force plans to incorporate more electronic warfare and information operations assets in its future mission. Camille Coffey, a cyber operations specialist from the Expeditionary Cyber Support Detachment, 782nd Military Intelligence Battalion (Cyber), from Fort Gordon, Ga., provides offensive cyber operations as part of the Cyber Electromagnetic Activities Support to Corps and Below program at the National Training Center, Fort Irwin, Calif., Jan. 18-24, 2018. The Army's cyber force plans to incorporate more electronic warfare and information operations assets in its future mission.Read More
  • Outlaw Group Distributes Botnet for Cryptocurrency-Mining, Scanning, and Brute-Force
    It then scans various targets, as set by commanding PHP script, and sends results to the botnet administrator via email, hardcoded in one of the PHP scripts. It sends out “the introduction” of the compromised host (see figure below) into another PHP script, hosted in the URL hxxp://www[.]karaibe[.]us/[.]foo/remote/info[. The script on the figure below was used to run a Perl script psc2 (detected by Trend Micro as ELF_PORTSCAN.TNK), which searched for RDP-related open ports. First variant of the script running Perl script psc2 and rdp tool Second variant of the script running Perl script psc2 and rdp tool, with embedded wordlist Results are output to the target list called “bios,” which is then fed to known brute tool (detected by Trend Micro as HKTL_PORTSCAN) used for brute force, in a wrapper bash script called “go.” The toolkit allows attackers to target certain countries using the “class” files.Read More
  • Russian Cozy Bear APT 29 hackers may be impersonating State Department
    Windows 10 update creates network and security issues Microsoft confirmed that Windows 10 October 2018 Update, aka version 1809, has caused issues that involve losing network access. The same re-released Windows 10 update has compatibility issues with some Trend Micro security products. Some Windows Insiders were outraged after an update to the Windows 10 Mail app enabled ads for non-Office 365 subscribers. Trump signs bill that creates new cybersecurity agency The Cybersecurity and Infrastructure Security Agency Act names the Department of Homeland Security's National Protection and Program Directorate as the head of this new cybersecurity agency.Read More
  • Russian hacker arrested in Bulgaria for ad fraud of over $7 million
    The supposed hacker is named Alexander Zhukov, a Saint Petersburg native who's been living in Varna, Bulgaria, since 2010, according to Russian newspaper Kommersant, which first reported the arrest. Details about Zhukov's alleged crimes are still under seal, pending his extradition and arraignment in a US court. A Crime Russia report claims Zhukov might have been involved in an ad fraud scheme that Google shut down at the end of October, exposed thanks to a BuzzFeed investigation, although there is no public statement or evidence to support this theory, at the moment. Kommersant reporters, who spoke to Zhukov's friends, said he operated a network of 50 servers that he rented to other people, who'd later use them to could inflate video ad views. Based on this detail, it appears that Zhukov might not be connected to the BuzzFeed report, which Google later said it relied on the TechSnab malware to perform the fraudulent ad clicks.Read More
  • Chinese spies responsible for surge in cyber hacking
    by Angus Grigg Nick McKenzie China's peak security agency has directed a surge in cyber attacks on Australian companies over the past year, breaching an agreement struck between Premier Li Keqiang and former Prime Minister Malcolm Turnbull to not steal each other's commercial secrets.An investigation by The Australian Financial Review and Nine News has confirmed China's Ministry of State Security (MSS), is responsible for what is known in cyber circles as "Operation Cloud Hopper", a wave of attacks detected by Australia and its partners in the Five Eyes intelligence sharing alliance.A senior Australian government source described China's activity as "a constant, significant effort to steal our intellectual property".The cyber theft places intense pressure on the Morrison government to respond either via law enforcement, diplomatic channels or public advocacy, in order to uphold the cyber security pact signed between the two countries only last year.Read More
  • Multiple remote vulnerabilities in TP-Link TL-R600VPN
    Vulnerability Spotlight: Multiple remote vulnerabilities in TP-Link TL-R600VPN Cisco Talos is disclosing multiple vulnerabilities in the TP-Link TL-R600VPN router. There are two root causes of the vulnerabilities: a lack of input sanitisation and parsing errors. The lack of proper input sanitisation leads the vulnerabilities TALOS-2018-0617/18, which can be exploited without authentication. Parsing errors are responsible for the vulnerabilities TALOS-2018-0619/20. All vulnerabilities were found on HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3, except for TALOS 2018-0620, which was found only on HWv3 FRNv1.3.0.Read More
  • Hackers Earn $1 Million for Zero-Day Exploits at Chinese Competition
    White hat hackers earned more than $1 million for exploits disclosed at the Tianfu Cup PWN hacking competition that took place on November 16-17 in Chengdu, the capital of China's Sichuan province. At the Tianfu Cup PWN competition, participants earned a total of $120,000 for two Microsoft Edge exploits that allowed remote code execution. Two Chrome exploit chains earned hackers a total of $150,000. Researchers also earned $120,000 for two Oracle VirtualBox exploit chains, and $100,000 for hacking VMware Workstation and Fusion. A Microsoft Office exploit chain involving a logical bug and a memory corruption flaw earned researchers $80,000. According to organizers, participants earned $1,024,000 for disclosing 30 vulnerabilities.Read More