To Customer Support To Customer Support

Welcome

News, Announcements, Tech Discussions

40662 Topics

Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

A look at a Magecart skimmer using the Hunter obfuscator

 March 21, 2023 By Jérôme Segura Threat actors are notorious for trying to hide their code in various ways, from binary packers to obfuscators. On their own, these tools are not always malicious as they can also be be used by companies or individuals who wish to keep their work safe from piracy, but they tend to be largely abused.In the case of credit card skimmers used in client-side attacks, obfuscators are a common occurrence as they can make code identification more difficult. Defenders typically have the choice to either use the browser's debugger and step through the code, or can statically try to reverse it. The latter tends to be quite time consuming, but the former is often problematic if the threat actor added some anti-debugging routines.Today we look at a Magecart skimmer that uses Hunter, a PHP Javascript obfuscator. During our investigation, we were able to discover a number of domains all part of the same infrastructure with custom skimmers for several Magento store. &gt

0
S
New Member
3 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Journalist plugs in unknown USB drive mailed to him—it exploded in his face

Explosives replace malware as the scariest thing a USB stick may hide.SCHARON HARDING - 3/22/2023  It's no secret that USB flash drives, as small and unremarkable as they may look, can be turned into agents of chaos. Over the years, we've seen them used to infiltrate an Iranian nuclear facility, infect critical control systems in US power plants, morph into programmable, undetectable attack platforms, and destroy attached computers with a surprise 220-volt electrical surge. Although these are just a few examples, they should be enough to preclude one from inserting a mysterious, unsolicited USB drive mailed to them into a computer. Unfortunately, one Ecuadorian journalist didn't get the memos.As reported by the Agence France-Presse (via CBS News) on Tuesday, five Ecuadorian journalists have received USB drives in the mail from Quinsaloma. Each of the USB sticks was meant to explode when activated. >> Full Article <<

1
russell.harris
Popular Voice
3 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Chrome 111 Update Patches High-Severity Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers. March 22, 2023 By Ionut Arghire  Google this week announced a Chrome 111 update that brings patches for eight vulnerabilities, including seven flaws that were reported by external researchers.All seven of the externally reported issues are high-severity memory safety bugs, with four of them described as use-after-free vulnerabilities, a type of bug that could lead to arbitrary code execution, data corruption, or denial of service.Based on the bug bounty reward handed out ($10,000), the most important of these vulnerabilities is CVE-2023-1528, a use-after-free flaw in Chrome’s Passwords component. >> Full Article <<

1
russell.harris
Popular Voice
3 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

New Android Banking Trojan 'Nexus' Promoted As MaaS

March 22, 2023 By Alessandro Mascellino  A new Android banking Trojan has been discovered in several malicious campaigns worldwide. Dubbed ‘Nexus’ by Cleafy security researchers, the tool is promoted as part of a Malware-as-a-Service (MaaS) subscription and provides features to perform account takeover (ATO) attacks.“In January 2023, a new Android banking Trojan appeared on multiple hacking forums under the name of Nexus,” wrote the company in an advisory published on Tuesday. “However, [we] traced the first Nexus infections way before the public announcement in June 2022.” >> Full Article <<

0
Jasper_The_Rasper
Moderator
3 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Windows 11 also vulnerable to “aCropalypse” image data leakage

See Also - Acropalypse flaw in Google Pixel’s Markup tool allowed the recovery of edited images March 22, 2023 By Paul Ducklin Windows 11 affected tooWell, the deal is that this problem of files not being truncated when they are replaced with new version also applies on Windows 11, where the Snipping Tool, like the Google Pixel Markup app, will let you crop an image without correctly cropping the file it’s saved into.For example, here’s a PNG file we created with GIMP, and saved with a minimal set of headers and no compression:  >> Full Article <<

0
Jasper_The_Rasper
Moderator
3 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

North Korean hackers using Chrome extensions to steal Gmail emails

March 22, 2023 By Bill Toulas A joint cybersecurity advisory from the German Federal Office for the Protection of the Constitution (BfV) and the National Intelligence Service of the Republic of Korea (NIS) warn about Kimsuky's use of Chrome extensions to steal target's Gmail emails.Kimsuky (aka Thallium, Velvet Chollima) is a North Korean threat group that uses spear phishing to conduct cyber-espionage against diplomats, journalists, government agencies, university professors, and politicians. Initially focused on targets in South Korea, the threat actors expanded operations over time to target entities in the USA and Europe.The joint security advisory was released to warn of two attack methods used by the hacking group — a malicious Chrome extension and Android applications.While the current campaign targets people in South Korea, the techniques used by Kimsuky can be applied globally, so raising awareness is vital. >> Full Article <<

0
Jasper_The_Rasper
Moderator
3 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Attackers Are Probing for Zero-Day Vulns in Edge Infrastructure Products

Nearly 20% of the zero-day flaws that attackers exploited in 2022 were in network, security, and IT management products, Mandiant says. March 22, 2023 By Jai Vijayan An analysis of data associated with zero-day attacks in 2022 suggests that threat actors are increasingly probing for security weaknesses in edge-infrastructure technologies, including VPNs, firewalls, and IT management products.Researchers from Mandiant tracked a total of 55 zero-day vulnerabilities that adversaries exploited in various malicious campaigns last year and found that 10 of them involved an Internet-facing edge device.Among them were CVE-2022-1040 and CVE-2022-3236 in Sophos firewalls, CVE-2022-20821 in Cisco IOS, CVE-2022-42474 and CVE-2022-41226 in Fortinet's FortiOS, CVE-2022-288810 in Zoho ManageEngine, and CVE-2022-35247 in SolarWinds Serv-u. >> Full Article <<

0
Jasper_The_Rasper
Moderator
3 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Experts released PoC exploits for severe flaws in Netgear Orbi routers

March 22, 2023  By Pierluigi Paganini Cisco Talos researchers published PoC exploits for vulnerabilities in Netgear Orbi 750 series router and extender satellites.Netgear Orbi is a line of mesh Wi-Fi systems designed to provide high-speed, reliable Wi-Fi coverage throughout a home or business. The Orbi system consists of a main router and one or more satellite units that work together to create a seamless Wi-Fi network that can cover a large area with consistent, high-speed Wi-Fi. >> Full Article <<

0
Jasper_The_Rasper
Moderator
3 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Facebook accounts hijacked by new malicious ChatGPT Chrome extension

March 22, 2023 By Bill Toulas A trojanized version of the legitimate ChatGPT extension for Chrome is gaining popularity on the Chrome Web Store, accumulating over 9,000 downloads while stealing Facebook accounts.The extension is a copy of the legitimate popular add-on for Chrome named "ChatGPT for Google" that offers ChatGPT integration on search results. However, this malicious version includes additional code that attempts to steal Facebook session cookies.The publisher of the extension uploaded it to the Chrome Web Store on February 14, 2023, but only started promoting it using Google Search advertisements on March 14, 2023. Since then, it has had an average of a thousand installations per day. >> Full Article <<

0
Jasper_The_Rasper
Moderator
3 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian

Cisco Talos researchers found two high-severity vulnerabilities in WellinTech’s KingHistorian industrial data historian software. March 22, 2023 By Eduard Kovacs Cisco’s Talos threat intelligence and research unit this week disclosed the details of two high-severity vulnerabilities discovered last year in WellinTech’s KingHistorian industrial data historian software.China-based industrial automation software company WellinTech designed KingHistorian for collecting and processing a ‘massive amount’ of industrial control system (ICS) data. Talos researchers discovered that the historian is impacted by two flaws. One of them, tracked as CVE-2022-45124, can allow an attacker who can intercept an authentication packet to obtain the username and password of the legitimate user who logged in to the system.  >> Full Article <<

0
Jasper_The_Rasper
Moderator
3 days ago
TylerM
Administrator
TylerMSr. Security Analyst & Community Manager
published in Cybersecurity Standpoint

Artificial intelligence and machine learning in cybersecurityBlog

Artificial intelligence (AI) and machine learning (ML) are going to revolutionize the field of cybersecurity. These technologies can be used to improve the detection and prevention of cyber threats, making it easier for organizations to protect their networks and data. However, as with any new technology, there are also potential risks and challenges that must be considered.One of the biggest benefits of AI and ML in cybersecurity is their ability to automatically detect and respond to cyber threats. These technologies can be used to analyze large amounts of data, such as network traffic logs and characteristics of files to identify patterns and anomalies that may indicate a cyber attack or malicious nature. They can also be used to automatically respond to threats, such as by shutting down a compromised system or blocking a malicious IP address. Additionally, the benefits of AI and ML in cybersecurity is their ability to improve the efficiency and effectiveness of incident response. T

44418
TylerM
Administrator
3 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Ferrari confirms data breach after receiving a ransom demand from an unnamed extortion group

March 21, 2023  By Pierluigi Paganini Ferrari disclosed a data breach after receiving a ransom demand from an unnamed extortion group that gained access to some of its IT systems.Ferrari disclosed a data breach after it received a ransom demand from an unnamed extortion group that breached its IT systems. The threat actor claims to have stolen certain client details. The company immediately launched an investigation into the incident with the support of a third-party cybersecurity firm and informed relevant authorities.  “Ferrari N.V. (NYSE/EXM: RACE) (“Ferrari”) announces that Ferrari S.p.A., its wholly-owned Italian subsidiary, was recently contacted by a threat actor with a ransom demand related to certain client contact details.” reads the noticed published by the luxury car maker. “Upon receipt of the ransom demand, we immediately started an investigation in collaboration with a leading global third-party cybersecurity firm. In addition, we informed the relevant authorities and ar

0
S
New Member
4 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

PayPal Phishing Scam Uses Invoices Sent Via PayPal

August 18, 2022  By Brian Krebs Scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge. The missives — which come from Paypal.com and include a link at Paypal.com that displays an invoice for the supposed transaction — state that the user’s account is about to be charged hundreds of dollars. Recipients who call the supplied toll-free number to contest the transaction are soon asked to download software that lets the scammers assume remote control over their computer.KrebsOnSecurity recently heard from a reader who received an email from paypal.com that he immediately suspected was phony. The message’s subject read, “Billing Department of PayPal updated your invoice.” A copy of the phishing message included in the PayPal.com invoice. >> Full Article <<

7
russell.harris
Popular Voice
4 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Acropalypse flaw in Google Pixel’s Markup tool allowed the recovery of edited images

March 20, 2023  By Pierluigi Paganini The Acropalypse flaw in the Markup tool of Google Pixel allowed the partial recovery of edited or redacted screenshots and images.Security researchers Simon Aarons and David Buchanan have discovered a vulnerability, named ‘Acropalypse,’ in the Markup tool of Google Pixel. The Markup tool is a built-in Markup utility, released with Android 9 Pie that allows Google Pixel users to edit (crop, add text, draw, and highlight) screenshots.The vulnerability allowed the partial recovery of the original, unedited image data of a cropped and/or redacted screenshot. >> Full Article <<

0
Jasper_The_Rasper
Moderator
4 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Breached hacking forum shuts down, fears it's not 'safe' from FBI

March 21, 2023 By Bill Toulas The notorious Breached hacking forum has shut down after the remaining administrator, Baphomet, disclosed that they believe law enforcement has access to the site's servers.Breached was a popular hacking and data leak forum notorious for hosting, leaking, and selling data obtained from breached companies, governments, and various organizations. It was a community that attracted people from all realms of cybercrime, including ransomware gangs, data extortionists, security researchers, and those simply interested in the darker side of cybersecurity.The site, and its members, have been responsible for a wide range of breaches, extortion attempts, and ransomware attacks, leaking the data for many high-profile attacks. These breaches include DC Health Link, Twitter, RobinHood, Acer, Activision, and many more.  >> Full Article <<

0
Jasper_The_Rasper
Moderator
4 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Custom 'Naplistener' Malware a Nightmare for Network-Based Detection

Threat actors are using legitimate network assets and open source code to fly under the radar in data-stealing attacks using a set of custom malware bent on evasion. March 21, 2023 By Elizabeth Montalbano A group monitored as REF2924 by Elastic Security Labs is wielding novel data-stealing malware — an HTTP listener written in C# dubbed Naplistener by the researchers — in attacks against victims operating in southern and southeast Asia.According to a blog post by Elastic senior security research engineer Remco Sprooten, in that region of the world, network-based detection and prevention technologies are the de facto method for securing many environments. But Naplistener — along with other new types of malware used by the group —appear "designed to evade network-based forms of detection," says Jake King, Elastic Security's director of engineering.So, don't sleep on that defense-in-depth strategy. >> Full Article <<

0
Jasper_The_Rasper
Moderator
4 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

NEW THREAT ACTOR HITS UKRAINIAN AGENCIES

March 21, 2023 By Dennis Fisher The number of APT groups targeting organizations in Ukraine as part of the war with Russia continues to grow, as researchers have identified a new threat actor that has compromised agricultural, government, and transportation organizations in the country with a previously unseen attack framework and backdoor known as PowerMagic.The group, which researchers at Kaspersky discovered and is as-yet unnamed, likely uses spear phishing as its initial access vector, luring victims to an attacker-controlled URL that directs them to a ZIP archive. That archive contains an LNK file and a PDF decoy document that in some cases is named in a similar way to the LNK file to add legitimacy. If the victim opens the LNK file, it will download and execute an MSI file hosted on a remote server. That eventually leads to the installation of the PowerMagic backdoor, which is written in PowerShell and uses OneDrive and Dropbox folders to transport files. >> Full Article &l

0
Jasper_The_Rasper
Moderator
4 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Android phones can be hacked just by someone knowing your phone number

March 17, 2023 By Graham Cluley Well, this isn’t good.Google has issued a warning that some Android phones can be hacked remotely, without the intended victim having to click on anything.If an attack is successful, the hacker could access data going through the Samsung Exynos chipsets used in many devices, scooping up call information and text messages.And what does a hacker need to know about you to target your phone?Your phone number. >> Full Article <<

7
russell.harris
Popular Voice
5 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Why You Should Opt Out of Sharing Data With Your Mobile Provider

March 20, 2023 By Brian Krebs A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection. Here’s a primer on why you might want to do that, and how. Image: Shutterstock Telecommunications giant AT&T disclosed this month that a breach at a marketing vendor exposed certain account information for nine million customers. AT&T said the data exposed did not include sensitive information, such as credit card or Social Security numbers, or account passwords, but was limited to “Customer Proprietary Network Information” (CPNI), such as the number of lines on an account. >> Full Article <<

1
russell.harris
Popular Voice
5 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Threat actors abuse Adobe Acrobat Sign to distribute RedLine info-stealer

March 20, 2023  By Pierluigi Paganini Threat actors are abusing the legitimate Adobe Acrobat Sign service to distribute the RedLine information stealer.Avast researchers reported that threat actors are abusing the legitimate Adobe Acrobat Sign service to distribute the RedLine information stealer.Adobe Acrobat Sign allows registered users to sign documents online and send a document signature request to anyone. This latter process consists of generating an email that is sent to the intended recipients. The message includes a link to the document that that will be hosted on Adobe itself. The experts pointed out that the users can also add a text to the email, this option can be abused by the attackers. >> Full Article <<

1
russell.harris
Popular Voice
5 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Hackers target .NET developers with malicious NuGet packages

March 20, 2023 By Sergiu Gatlan Threat actors are targeting and infecting .NET developers with cryptocurrency stealers delivered through the NuGet repository and impersonating multiple legitimate packages via typosquatting.Three of them have been downloaded over 150,000 times within a month, according to JFrog security researchers Natan Nehorai and Brian Moussalli, who spotted this ongoing campaign.While the massive number of downloads could point to a large number of .NET developers who had their systems compromised, it could also be explained by the attackers' efforts to legitimize their malicious NuGet packages. >> Full Article <<

0
Jasper_The_Rasper
Moderator
5 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

CYBERCRIMEMillions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes

Cryptocurrency ATM maker General Bytes discloses a security incident resulting in the theft of millions of dollars’ worth of crypto-coins. March 20, 2023 By Ionut Arghire Cryptocurrency ATM manufacturer General Bytes over the weekend disclosed a security incident that resulted in the theft of millions of dollars’ worth of funds.The attackers, the company says, exploited a vulnerability in the master service interface that Bitcoin ATMs use to upload videos, which allowed them to upload a JavaScript script and execute it with batm user privileges.“The attacker scanned the Digital Ocean cloud hosting IP address space and identified running CAS services on ports 7741, including the General Bytes Cloud service and other GB ATM operators running their servers on Digital Ocean (our recommended cloud hosting provider),” the company says. >> Full Article <<

0
Jasper_The_Rasper
Moderator
5 days ago
acooldozen
Bronze VIP
acooldozenBronze VIP
asked in Community 101

Allstate Identity Protection

Several of my friends that I have turned on to Webroot, are questioning  the  nag screen on the Application, regarding Allstate. Is this being offered to all Webroot customers or in the United States only? Also there are different costs being advertised. One at $19.95, another at $23.99?Thanx much,

8
TylerM
Administrator
5 days ago
C
Administrator
ConnorMThreat Research Analyst
published in Security Industry News

Cyber News Rundown: Phishing attacks capitalizing on SVB collapse on the riseNews

Phishing campaigns taking advantage of the uncertainty following the collapse of Silicon Valley Bank (SVB) have been using phishing sites to try to steal SVB users’ crypto wallet information. In other cybersecurity news, insurer DC Health Link – the main insurer for many U.S. House of Representatives’ members and staff – suffered a data breach potentially exposing patient information.LockBit leaks data on LA Housing AuthorityFollowing an investigation into a security incident at the Housing Authority of the City of Los Angeles (HACLA), officials have confirmed that the LockBit ransomware group had unauthorized access to their systems for nearly a year and were able to exfiltrate a significant amount of sensitive data. LockBit posted the stolen data to their leak site at the end of January, but after a month of negotiations, no ransom appears to have been paid and the download link on their leak site is no longer active.DC Health Link breach exposes House of Representatives’ dataThe mai

14510
Jamesharris85
New Voice
6 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Feds arrest and charge exiled Chinese billionaire over massive crypto fraud

This one has it all: Donald Trump’s inner circle, a Beijing bot backlash, conspiracy theories, and more March 17, 2023 By Simon Sharwood Meet the newest member of the crypto rogues' gallery: Ho Wan Kwok, aka Guo Wengui, aka Miles Guo, whom the US Department of Justice on Wednesday arrested over what investigators have described as a "sprawling and complex scheme … to solicit investments in various entities and programs through false statements and representations to hundreds of thousands of Kwok's online followers."Kwok/Guo has a fascinating back story. Born in China, he became a property entrepreneur and was rated as a billionaire. He left China in 2014 as multiple controversies swirled around his interests and actions, and by 2017 he was resident in New York and became a strident critic of the Chinese government, circulating vivid theories about his troubles and Beijing's role in them. >> Full Article <<

1
U
Fresh Face
7 days ago

Badges

  • Most Wanted
    jhartnerd123has earned the badge Most Wanted
  • Broadcast Boss
    ConnorMhas earned the badge Broadcast Boss
  • Hot Topic Hero
    ConnorMhas earned the badge Hot Topic Hero
  • News: Posted 50 topics!
    ConnorMhas earned the badge News: Posted 50 topics!
  • News: Posted 100 comments!
    TylerMhas earned the badge News: Posted 100 comments!
Show all badges

Join the Conversation

Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.