To Customer Support To Customer Support

Welcome

News, Announcements, Tech Discussions

40990 Topics

Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Phishing Campaign Delivering Three Fileless Malware: AveMariaRAT / BitRAT / PandoraHVNC – Part II

See Also  -  Phishing Campaign Delivering Three Fileless Malware: AveMariaRAT / BitRAT / PandoraHVNC – Part I By Xiaopeng Zhang | May 27, 2022 Fortinet’s FortiGuard Labs captured a phishing campaign that delivers three fileless malware onto a victim’s device. Once executed, they are able to control and steal sensitive information from that device to perform other actions according to the control commands from their server.In Part I of this analysis, I introduced how these three fileless malware are delivered to the victim’s device via a phishing campaign, and what mechanism it uses to load, deploy, and execute these fileless malware in the target process.In Part II, I will focus on the three malware payloads and elaborate on how they steal sensitive information from the victim’s device, how they submit data to their C2 server, details about the control commands, as well as what they can perform with those control commands. Affected platforms: Microsoft WindowsImpacted parties: Microsof

0
Jasper_The_Rasper
Moderator
1 year ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

New Chaos Malware Variant Ditches Wiper for Encryption

The Chaos ransomware-builder was known for creating destructor malware that overwrote files and made them unrecoverable -- but the new Yashma version finally generates binaries that can encrypt files of all sizes. May 27,  2022  By Tara Seals The Chaos malware-builder, which climbed up as a wiper from the underground murk nearly a year ago, has shape-shifted with a rebranded binary dubbed Yashma that incorporates fully fledged ransomware capabilities.That's according to researchers at BlackBerry, who say that Chaos is on track to become a significant threat to businesses of every size.Chaos began life last June purporting to be a builder for a .NET version of the Ryuk ransomware – a ruse its operators leaned into hard, even using Ryuk branding on its user interface. However, a Trend Micro analysis at the time showed that binaries created with this initial version shared very little heritage with the well-known ransomware baddie. Instead, the sample was “more akin to a destructive troja

0
Jasper_The_Rasper
Moderator
1 year ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

FBI warns of hackers selling credentials for U.S. college networks

May 27,  2022  By Ionut Ilascu Cybercriminals are offering to sell for thousands of U.S. dollars network access credentials for higher education institutions based in the United States.This type of advertisement is present on both publicly available cybercriminal online forums as well as marketplaces on the dark web.Thousands of creds for saleThe Federal Bureau of Investigation (FBI) has issued an alert about usernames and passwords giving access to colleges and universities based in the U.S. are available for sale on Russian cybercriminal forums. >> Full Article <<

0
Jasper_The_Rasper
Moderator
1 year ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Nearly 100,000 NPM Users' Credentials Stolen in GitHub OAuth Breach

May 27,  2022  By Ravie Lakshmanan Cloud-based repository hosting service GitHub on Friday shared additional details into the theft of GitHub integration OAuth tokens last month, noting that the attacker was able to access internal NPM data and its customer information."Using stolen OAuth user tokens originating from two third-party integrators, Heroku and Travis CI, the attacker was able to escalate access to NPM infrastructure," Greg Ose said, adding the attacker then managed to obtain a number of files - >> Full Article <<

0
Jasper_The_Rasper
Moderator
1 year ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

SideWinder carried out over 1,000 attacks since April 2020

May 31, 2022  By Pierluigi Paganini SideWinder, an aggressive APT group, is believed to have carried out over 1,000 attacks since April 2020, Kaspersky reported.Researchers from Kaspersky have analyzed the activity of an aggressive threat actor tracked as SideWinder (aka RattleSnake and T-APT-04). The group stands out for the high frequency and persistence of its attacks, researchers believe that the APT group has carried out over 1,000 attacks since April 2020.SideWinder has been active since at least 2012, the group main targeted Police, Military, Maritime, and the Naval forces of Central Asian countries. In most recent attacks, the threat actors also targeted departments of Foreign Affairs, Scientific and Defence organisations, Aviation, IT industry and Legal firms. >> Full Article <<

0
Jasper_The_Rasper
Moderator
11 months ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

ChromeLoader Browser Hijacker Provides Gateway to Bigger Threats

See Also - New ChromeLoader malware surge threatens browsers worldwide  May 31,  2022  By Elizabeth Montalbano The malvertiser’s use of PowerShell could push it beyond its basic capabilities to spread ransomware, spyware or steal data from browser sessions, researchers warn.ChromeLoader may seem on the surface like a run-of-the-mill browser hijacker that merely redirects victims to advertisement websites. However, its use of PowerShell could pose a greater risk by leading to further and advanced malicious activity, such as the propagation of ransomware or spyware or theft of browser-session data.Researchers are warning of the potential for ChromeLoader—which has seen a resurgence in activity recently—to pose a more sophisticated threat than typical malvertisers do, according to two separate blog posts by Malwarebytes Labs and Red Canary. >> Full Article <<

0
Jasper_The_Rasper
Moderator
11 months ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Three Nigerian Users of Agent Tesla RAT Arrested

By Ionut Arghire on May 31, 2022 Interpol on Monday announced the arrest of three Nigerians accused on using the Agent Tesla remote access trojan (RAT) in financial scams.The scammers allegedly used the malware to reroute financial transactions and steal confidential data, including connection information from oil and gas organizations in South East Asia, the Middle East, and North Africa.One of the individuals, identified as Hendrix Omorume, has been indicted and convicted, and faces a 12-month prison sentence, Interpol said. The other two defendants are still on trial. >> Full Article <<

0
Jasper_The_Rasper
Moderator
11 months ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Phishing mail claims a 3D Secure upgrade is required

June 1,  2022  By Christopher Boyd Today we took a look at a phishing mail pinning its hopes on a QR code linking to a bogus website. Scammers claim that your mail address has “not been registered for the 3D Secure Security Update”.3D Secure phishing mailThe mail reads as follows: >> Full Article <<

0
Jasper_The_Rasper
Moderator
11 months ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Hundreds of Elasticsearch databases targeted in ransom attacks

June 1,  2022  By Bill Toulas Hackers have targeted poorly secured Elasticsearch databases and replaced 450 indexes with ransom notes asking for $620 to restore contents, amounting to a total demand of $279,000.The threat actors set a seven-day deadline for the payments and threaten to double the demand after that. If another week passes without getting paid, they say the victim would lose the indexes.Those who pay the amount are promised a download link to their database dump that will supposedly help restore the data structure to its original form quickly.This campaign was discovered by threat analysts at Secureworks, who identified more than 450 individual requests for ransom payment. >> Full Article <<

0
Jasper_The_Rasper
Moderator
11 months ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

New XLoader Botnet version uses new techniques to obscure its C2 servers

June 1, 2022  By Pierluigi Paganini A new version of the XLoader botnet is implementing a new technique to obscure the Command and Control infrastructure.Researchers from Check Point have discovered a new version of the XLoader botnet, which implements significant enhancements, such as a new technique to obscure the Command and Control infrastructureXLoader has been observed since 2020, it is a very cheap malware strain that is based on the popular Formbook Windows malware. Check Point experts now state that it is significantly harder to determine the real C2 servers among thousands of legitimate domains used by the operators as a smokescreen. >> Full Article <<

0
Jasper_The_Rasper
Moderator
11 months ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

LuoYu APT delivers WinDealer malware via man-on-the-side attacks

June 3, 2022  By Pierluigi Paganini An “extremely sophisticated” China-linked APT tracked as LuoYu was delivering malware called WinDealer via man-on-the-side attacks.Researchers from Kaspersky have uncovered an “extremely sophisticated” China-linked APT group, tracked as LuoYu, that has been observed using a malicious Windows tool called WinDealer.LuoYu has been active since at least 2008, it focuses on targets located in China, such as foreign diplomatic organizations established in the country, members of the academic community, or companies from the defense, logistics and telecommunications sectors. >> Full Article <<

0
Jasper_The_Rasper
Moderator
11 months ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

What Counts as “Good Faith Security Research?”

June 3,  2022  By Brian Krebs The U.S. Department of Justice (DOJ) recently revised its policy on charging violations of the Computer Fraud and Abuse Act (CFAA), a 1986 law that remains the primary statute by which federal prosecutors pursue cybercrime cases. The new guidelines state that prosecutors should avoid charging security researchers who operate in “good faith” when finding and reporting vulnerabilities. But legal experts continue to advise researchers to proceed with caution, noting the new guidelines can’t be used as a defense in court, nor are they any kind of shield against civil prosecution.In a statement about the changes, Deputy Attorney General Lisa O. Monaco said the DOJ “has never been interested in prosecuting good-faith computer security research as a crime,” and that the new guidelines “promote cybersecurity by providing clarity for good-faith security researchers who root out vulnerabilities for the common good.” >> Full Article <<

0
Jasper_The_Rasper
Moderator
11 months ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

IBM to Acquire Randori for Attack Surface Management Tech

By Ryan Naraine on June 07, 2022 Technology giant IBM has announced plans to acquire early-stage attack surface management startup Randori in a deal that signals a major expansion of Big Blue’s cybersecurity ambitions.Randori, a Boston area startup with a well-established reputation in the lucrative ASM (attack surface management) category, sells technology to help defenders conduct simulated hacking attacks on a continuous basis.Now, IBM said it plans to fit that technology into its own products and add Randori’s automation and skills to its IBM X-Force offensive cybersecurity team. >> Full Article <<

0
Jasper_The_Rasper
Moderator
11 months ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Previously undocumented Aoqin Dragon APT targets entities in Southeast Asia and Australia

June 9, 2022  By Pierluigi Paganini Researchers spotted a previously undocumented Chinese-speaking APT, tracked as Aoqin Dragon, targeting entities in Southeast Asia and Australia.SentinelOne documented a series of attacks aimed at government, education, and telecom entities in Southeast Asia and Australia carried out by a previously undocumented Chinese-speaking APT tracked as Aoqin Dragon. The APT primary focus on cyberespionage against targets in Australia, Cambodia, Hong Kong, Singapore, and Vietnam.  >> Full Article <<

0
Jasper_The_Rasper
Moderator
11 months ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Vulnerabilities in HID Mercury Access Controllers Allow Hackers to Unlock Doors

By Eduard Kovacs on June 10, 2022 Access control products using HID Mercury controllers are affected by critical vulnerabilities that can be exploited by hackers to remotely unlock doors.The vulnerabilities were discovered by researchers at XDR firm Trellix, which launched earlier this year following the merger of McAfee Enterprise and FireEye.The issues were found in products from LenelS2 — a subsidiary of HVAC giant Carrier that specializes in physical security solutions — but Trellix said it received confirmation from HID Global that all OEM partners that use certain hardware controllers are affected. >> Full Article <<

0
Jasper_The_Rasper
Moderator
11 months ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Adconion Execs Plead Guilty in Federal Anti-Spam Case

June 10,  2022  By Brian Krebs  At the outset of their federal criminal trial for hijacking vast swaths of Internet addresses for use in large-scale email spam campaigns, three current or former executives at online advertising firm Adconion Direct (now Amobee) have pleaded guilty to lesser misdemeanor charges of fraud and misrepresentation via email. In October 2018, prosecutors in the Southern District of California named four Adconion employees — Jacob Bychak, Mark Manoogian, Petr Pacas, and Mohammed Abdul Qayyum —  in a ten-count indictment (PDF) on felony charges of conspiracy, wire fraud, and electronic mail fraud. >> Full Article <<  

0
Jasper_The_Rasper
Moderator
11 months ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Drupal Patches 'High-Risk' Third-Party Library Flaws

By Ryan Naraine on June 13, 2022 The Drupal security team has released a "moderately critical" advisory to call attention to serious vulnerabilities in a third-party library and warned that hackers can exploit the bugs to remotely hijack Drupal-powered websites.The vulnerabilities, tracked as CVE-2022-31042 and CVE-2022-31043, were found and fixed in Guzzle, a third-party library that Drupal uses to handle HTTP requests and responses to external services."These do not affect Drupal core, but may affect some contributed projects or custom code on Drupal sites," according to a Drupal advisory. >> Full Article <<

0
Jasper_The_Rasper
Moderator
11 months ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Serious vulnerabilities found in ITarian software, patches available for SaaS products

 June 13,  2022  By Pieter Arntz  Dutch research group DIVD has identified multiple vulnerabilities in ITarian products. In cooperation with DIVD, ITarian has made patches available to deal with these vulnerabilities for its SaaS platform.Software as a service (SaaS) is a software distribution model in which a cloud provider hosts applications and makes them available to end users over the internet. >> Full Article <<

0
Jasper_The_Rasper
Moderator
11 months ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys

Hertzbleed attack targets power-conservation feature found on virtually all modern CPUs.DAN GOODIN - 6/14/2022 Microprocessors from Intel, AMD, and other companies contain a newly discovered weakness that remote attackers can exploit to obtain cryptographic keys and other secret data traveling through the hardware, researchers said on Tuesday.Hardware manufacturers have long known that hackers can extract secret cryptographic data from a chip by measuring the power it consumes while processing those values. Fortunately, the means for exploiting power-analysis attacks against microprocessors is limited because the threat actor has few viable ways to remotely measure power consumption while processing the secret material. Now, a team of researchers has figured out how to turn power-analysis attacks into a different class of side-channel exploit that's considerably less demanding. >> Full Article <<

0
Jasper_The_Rasper
Moderator
11 months ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Don’t panic! “Unpatchable” Mac vulnerability discovered

 June 14,  2022  By Pieter Arntz Researchers at MIT’s Computer Science & Artificial Intelligence Lab (CSAIL) found an attack surface in a hardware-level security mechanism utilized in Apple M1 chips. The flaw is unpatchable, but attackers would need to chain it with other vulnerabilities to make use of the attack method.The hardware attack can bypass Pointer Authentication (PAC) on the Apple M1 CPU. The researchers gave a brief description on a dedicated site and will present full details on June 18, 2022 at the International Symposium on Computer Architecture. >> Full Article <<

0
Jasper_The_Rasper
Moderator
11 months ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Guidance On an Ongoing Hacktivist Operation #Opspatuk Conducted by The Malaysian Hacktivist Threat Group 'DragonForce' Against Indian Organizations

By Carl Windsor, Simran Kothari, Ankita Dasgupta, and FortiRecon Team | June 15, 2022 The 'OpsPatuk' operation began on June 6, 2022. That’s when the Malaysian hacktivist group known as DragonForce began targeting India in retaliation for comments made by BJP spokesperson Nupur Sharma (now suspended) about the Prophet Muhammad that incensed Indian Muslims and outraged more than a dozen Islamic nations. The Bharatiya Janata Party (BJP) is the current ruling political party of the Republic of India and one of two major political parties in the country, along with the Indian National Congress.At the time of writing, this operation has compromised over 102 websites and continues to list new targets on various social media platforms, including Telegram, Twitter, and their own DragonForce website.Widely targeted sectors include financial organizations, government entities, and educational institutions. FortiGuard Threat Research Team has also observed hosting providers being one of their mai

0
Jasper_The_Rasper
Moderator
11 months ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Interpol busts 2000 suspects in phone scamming takedown

June 20,  2022  By Paul Ducklin Sick of the unending stream of email and phone calls you receive from scammers claiming to represent your bank? Amazon? Microsoft? The tax office? The police?We sympathise – we’re sick of them too, especially landline calls that could be a loved one calling for help or advice, and thus need to be answered……but that rarely, if ever, turn out to have a familiar voice at the other end. >> Full Article <<

0
Jasper_The_Rasper
Moderator
11 months ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

New ToddyCat APT targets high-profile entities in Europe and Asia

June 21, 2022  By Pierluigi Paganini Researchers linked a new APT group, tracked as ToddyCat, to a series of attacks targeting entities in Europe and Asia since at least December 2020.Researchers from Kaspersky have linked a new APT group, tracked as ToddyCat, to a series of attacks aimed at high-profile entities in Europe and Asia since at least December 2020.The threat actors initially launched a cyber espionage campaign against entities in Taiwan and Vietnam, the APT was observed targeting Microsoft Exchange servers with a zero-day exploit. >> Full Article <<

0
Jasper_The_Rasper
Moderator
11 months ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Flagstar Bank Data Breach Affects 1.5 Million Customers

By Eduard Kovacs on June 21, 2022 Michigan-based Flagstar Bank, which has more than 150 branches across several US states, has disclosed a data breach that involved threat actors accessing files containing the personal information of 1.5 million individuals.According to a data breach notification posted on Flagstar’s website and information provided by the company to authorities, the breach occurred in early December 2021. An investigation finalized on June 2 showed that the attackers had accessed files storing personal information. >> Full Article <<

0
Jasper_The_Rasper
Moderator
11 months ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

DFSCoerce, a new NTLM relay attack, can take control over a Windows domain

 June 21,  2022  By Pieter Arntz A researcher has published a Proof-of-Concept (PoC) for an NTLM relay attack dubbed DFSCoerce. The method leverages the Distributed File System: Namespace Management Protocol (MS-DFSNM) to seize control of a Windows domain. >> Full Article <<

0
Jasper_The_Rasper
Moderator
11 months ago

Badges

  • Beta To The Max
    Petrovichas earned the badge Beta To The Max
  • Have 50 answers marked as "solved"!
    TylerMhas earned the badge Have 50 answers marked as "solved"!
  • Posted 100 comments!
    tasystemshas earned the badge Posted 100 comments!
  • Beta To The Max
    Tarnakhas earned the badge Beta To The Max
  • News: Posted 10 comments!
    andrea.raniolohas earned the badge News: Posted 10 comments!
Show all badges

Join the Conversation

Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.