To Customer Support To Customer Support

Welcome

News, Announcements, Tech Discussions

41019 Topics

Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

US Treasury sanctions four North Korean entities engaged in malicious cyber activities

May 24, 2023 By MARIA DEUTSCHER The U.S. Department of Treasury has sanctioned four North Korean organizations, as well as one individual, for engaging in malicious cyber activities.Officials announced the move on Tuesday. Additionally, the Treasury Department detailed that South Korea has also sanctioned the organizations and individual in question.The first organization to which the new sections apply is the Pyongyang University of Automation. It’s described as one of North Korea’s main hacker training institutions. It trains hackers who in many cases go on to work for cyber units of the RGB, North Korea’s primary intelligence bureau. >> Full Article <<

0
Jasper_The_Rasper
Moderator
7 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool

Security professionals warn that Google's new top-level domains, .zip and .mov, pose social engineering risks while providing little reason for their existence. May 24, 2023 By Robert Lemos Two new top-level domain names — .zip and .mov — have caused concern among security researchers, who say they allow for the construction of malicious URLs that even tech-savvy users are likely to miss.Google announced the domains in early May, kicking off a slow buildup of criticism from the security community as people became aware of the issues. In a widely circulated post on Medium, security researcher Bobby Rauch pointed to two seemingly identical URLs that appear to go to the same place — downloading a zip file from a GitHub repository — but by using unicode slashes, an "@" sign, and the .zip domain, a potentially malicious URL could instead redirect users to an attacker's website. >> Full Article <<

0
Jasper_The_Rasper
Moderator
7 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Barracuda Discloses Breach Of Some Email Security Customers Due To Zero-Day Vulnerability

May 24, 2023 By Kyle Alspach The cybersecurity vendor says that an unspecified number of customers of its Email Security Gateway appliance have been impacted.  Barracuda said that some Email Security Gateway customers were impacted by a breach last week that exploited a zero-day vulnerability in the appliance.The cybersecurity vendor didn’t specify how many customers were affected in its disclosure, and said in an email to CRN that it’s not sharing further details.In a post Tuesday, Barracuda said that the vulnerability was discovered on May 19, and the company deployed a patch “to all ESG appliances worldwide” the following day. A second patch was deployed on May 21 to all Email Security Gateway appliances.The investigation so far has found that the vulnerability “resulted in unauthorized access to a subset of email gateway appliances.” Affected customers have been notified, Barracuda said. >> Full Article <<

0
Jasper_The_Rasper
Moderator
7 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Ransomware tales: The MitM attack that really had a Man in the Middle

May 24, 2023 By Paul Ducklin It’s taken more than five years for justice to be served in this case, but the cops and the courts got there in the end.The UK law enforcement office SEROCU, short for South East Regional Organised Crime Unit, this week reported the peculiar tale of one Ashley Liles, the literal Man in the Middle whom we referred to in the headline.These days, we usually expand the jargon term MitM to mean Manipulator in the Middle, not merely to avoid the gendered term “man”, but also because many, if not most, MitM attacks these days are performed by machines.Some techies have even adopted the name Machine in the Middle, but we prefer “manipulator” because we think it usefully decribes how this sort of attack works, and because (as this story shows) sometimes it really is man, and not a machine, in the middle. >> Full Article <<

0
Jasper_The_Rasper
Moderator
7 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Legit app in Google Play turns malicious and sends mic recordings every 15 minutes

The malicious iRecorder app has come to light, but its purpose remains shrouded.DAN GOODIN - 5/24/2023 An app that had more than 50,000 downloads from Google Play surreptitiously recorded nearby audio every 15 minutes and sent it to the app developer, a researcher from security firm ESET said.The app, titled iRecorder Screen Recorder, started life on Google Play in September 2021 as a benign app that allowed users to record the screens of their Android devices, ESET researcher Lukas Stefanko said in a post published on Tuesday. Eleven months later, the legitimate app was updated to add entirely new functionality. It included the ability to remotely turn on the device mic and record sound, connect to an attacker-controlled server, and upload the audio and other sensitive files that were stored on the device. >> Full Article <<

0
Jasper_The_Rasper
Moderator
7 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Operation "Total Exchange": New PowerExchange Backdoor Discovered in the UAE

By Asaf Rubinfeld, John Simmons, Luca Pugliese and Rotem Sde-Or | May 24, 2023 Affected Platforms: WindowsImpacted Users: Government agenciesImpact: Stealing domain credentials and code executionSeverity Level: High Last year, the FortiEDR research lab identified several simultaneous attacks targeting a government entity in the United Arab Emirates. Some were classified as known threats, such as JS_POWMET and AdKoob, while one remained unidentified.This isolated case was a custom, targeted PowerShell-based backdoor we named PowerExchange. This backdoor’s C2 protocol is email-based, with the C2 server being the victim’s Microsoft Exchange server. Forensics investigation of the network revealed the backdoor on additional endpoints and multiple other implants on various servers. One implant discovered on Microsoft Exchange servers was a novel web shell, dubbed ExchangeLeech, due to its unique ability to harvest credentials.We see indicators of an Iranian threat actor operating these tools

0
Jasper_The_Rasper
Moderator
7 days ago
D
New Member
deepak.chowNew Member
asked in Community 101

Can Webroot protect the USB , CD/DVD drives when the endpoint is offline ?

Can Webroot protect the endpoint if any new malware has been in to the system through USB, CD/DVD drives or any new suspicious file or program been added to the system while the system is offline and cannot be connected to the Internet for a long time.

4
russell.harris
Popular Voice
6 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

A deeper insight into the CloudWizard APT’s activity revealed a long-running activity

May 23, 2023  By Pierluigi Paganini Experts warn of a threat actor, tracked as CloudWizard APT, that is targeting organizations involved in the region of the Russo-Ukrainian conflict.On March 2023, researchers from Kaspersky spotted a previously unknown APT group, tracked as Bad Magic (aka Red Stinger), that targeted organizations in the region of the Russo-Ukrainian conflict. The attackers were observed using PowerMagic and CommonMagic implants.Looking for other implants with similarities with PowerMagic and CommonMagic, the researchers identified a different cluster of even more sophisticated malicious activities associated with the same threat actor. >> Full Article <<

0
Jasper_The_Rasper
Moderator
7 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Twitter's History of Security Lapses and How They Affected Users

Twitter's suffered many data breaches in the past, affecting millions of users. Only by knowing of these breaches can you protect yourself in future. May 23, 2023 By KATIE REES Like most social media sites, Twitter is no stranger to security breaches. Over the years, Twitter has fallen victim to numerous malicious attacks, some worse than others. So, when was Twitter's first security breach, and what does the timeline look like up to today? >> Full Article <<

1
russell.harris
Popular Voice
7 days ago
E
Fresh Face
Edmund44Fresh Face
asked in Community 101

Webroot oddity on startup

I’ve recently come back to Webroot after a few months away. Since installing Webroot, when starting up or restarting, I get a prompt from Windows asking if I want Webroot to make changes. I always click yes, and startup continues. It’s the same prompt one gets when installing or updating a new app. It never did this before. I don’t know if it’s a new protocol from Webroot or yet another oddity from Microsoft. I would like it to stop, but have no clue what to do. Any suggestion is appreciated.Ed LeRoy

3
TripleHelix
Moderator
6 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Threat Actor Abuses SuperMailer for Large-scale Phishing Campaign

A credential phishing campaign using the legitimate SuperMailer newsletter distribution app has doubled in size each month since January 2023. May 23, 2023 By Kevin Townsend A credential phishing campaign using the legitimate SuperMailer newsletter distribution app has doubled in size each month since January 2023.“In January this campaign was limited to only a handful of emails, but in May we have seen thousands reaching inboxes,” Brad Haas, cyber threat intelligence analyst at Cofense, told SecurityWeek. The campaign was discovered courtesy of a unique string included by SuperMailer in an embedded URL within the phishing email. This string is only visible to the email recipient by hovering the cursor over the link – but it shouldn’t have been there. It is the result of a coding error made by the threat actor, but its presence links multiple different phishes to the same campaign. >> Full Article <<

0
Jasper_The_Rasper
Moderator
8 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Here’s how long it takes new BrutePrint attack to unlock 10 different smartphones

BrutePrint requires just $15 of equipment and a little amount of time with a phone.DAN GOODIN - 5/22/2023 Researchers have devised a low-cost smartphone attack that cracks the authentication fingerprint used to unlock the screen and perform other sensitive actions on a range of Android devices in as little as 45 minutes.Dubbed BrutePrint by its creators, the attack requires an adversary to have physical control of a device when it is lost, stolen, temporarily surrendered, or unattended, for instance, while the owner is asleep. The objective: to gain the ability to perform a brute-force attack that tries huge numbers of fingerprint guesses until one is found that will unlock the device. The attack exploits vulnerabilities and weaknesses in the device SFA (smartphone fingerprint authentication). The workflow of a smartphone fingerprint authentication system. >> Full Article <<

2
TripleHelix
Moderator
7 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

YouTube Pirated Software Videos Deliver Triple Threat: Vidar Stealer, Laplas Clipper, XMRig Miner

By Artem Semenchenko, Joie Salvio, and Roy Tay | May 23, 2023 Affected Platforms: WindowsImpacted Users: Any organizationImpact: Remote attackers steal credentials, sensitive information, and cryptocurrency and perform cryptojacking on systemsSeverity Level: Critical FortiGuard Labs came across an ongoing threat campaign targeting YouTube viewers searching for pirated software earlier this month. Videos advertising downloads of “cracked” (aka pirated) software are uploaded by verified YouTube channels with a large number of subscribers. Victims are led to execute malicious binaries that install multiple malware into their systems focused on harvesting credentials, cryptojacking, and stealing cryptocurrency funds from wallets.While investigating this campaign, other researchers published a report about it. And although there are overlaps with our findings, this report provides additional observations, such as the deployment of a third malware family being distributed to the victims.This

0
Jasper_The_Rasper
Moderator
8 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

The previously undocumented GoldenJackal APT targets Middle East, South Asia entities

May 23, 2023  By Pierluigi Paganini A previously undocumented APT group tracked as GoldenJackal has been targeting government and diplomatic entities in the Middle East and South Asia since 2019.Kaspersky researchers shared details about the activity of a previously undocumented APT group, tracked as GoldenJackal, which has been active since 2019. The primary motivation of the group appears to be the espionage.The group focuses on government and diplomatic entities in the Middle East and South Asia. Kaspersky started monitoring the operations of the group in mid-2020, the researchers explained that it showed a constant level of activity that demonstrates the capability of the group to fly under the radar.The APT group employed a specific toolset of .NET malware, composed of JackalControl, JackalWorm, JackalSteal, JackalPerInfo and JackalScreenWatcher. The malware allows the group to: >> Full Article <<

0
Jasper_The_Rasper
Moderator
8 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Mikrotik Belatedly Patches RouterOS Flaw Exploited at Pwn2Own

MikroTik patches a major security defect in its RouterOS product a full five months after it was exploited at Pwn2Own Toronto. May 23, 2023 By Ryan Naraine Latvian network equipment manufacturer MikroTik has shipped a patch for a major security defect in its RouterOS product and confirmed the vulnerability was exploited five months ago at the Pwn2Own Toronto hacking contest.In a barebones advisory documenting the CVE-2023-32154 flaw, Mikrotik confirmed the issue affects devices running MikroTik RouterOS versions v6.xx and v7.xx with enabled IPv6 advertisement receiver functionality. According to ZDI, organizers of the Pwn2Own software exploitation event, the vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Mikrotik RouterOS.  >> Full Article <<

0
Jasper_The_Rasper
Moderator
8 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Interview With a Crypto Scam Investment Spammer

May 22, 2023 By Brian Krebs Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. What follows is an interview with a Russian hacker responsible for a series of aggressive crypto spam campaigns that recently prompted several large Mastodon communities to temporarily halt new registrations. According to the hacker, their spam software has been in private use until the last few weeks, when it was released as open source code.Renaud Chaput is a freelance programmer working on modernizing and scaling the Mastodon project infrastructure — including joinmastodon.org, mastodon.online, and mastodon.social. Chaput said that on May 4, 2023, someone unleashed a spam torrent targeting users on these Mastodon communities via “private mentions,” a kind of direct messaging on the platform.The messages said recipients had earned an investment credit at a cryptocurrency trading platform called moonxtrade[.

0
Jasper_The_Rasper
Moderator
8 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Android phones are vulnerable to fingerprint brute-force attacks

May 21, 2023 By Bill Toulas Researchers at Tencent Labs and Zhejiang University have presented a new attack called 'BrutePrint,' which brute-forces fingerprints on modern smartphones to bypass user authentication and take control of the device.Brute-force attacks rely on many trial-and-error attempts to crack a code, key, or password and gain unauthorized access to accounts, systems, or networks.The Chinese researchers managed to overcome existing safeguards on smartphones, like attempt limits and liveness detection that protect against brute-force attacks, by exploiting what they claim are two zero-day vulnerabilities, namely Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL). >> Full Article <<

11
MajorHavoc
Community Expert Advisor
7 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Exposed: Understanding the threat of digital spying & stalkerware

May 22, 2023 By Camellia Chan The global market for commercial spyware is currently estimated at around $12 billion, which over the last 10 years has seen 80 countries purchase the technology. Spyware is used for a range of purposes, allowing operators to gain remote access to devices from across the world. Once a device becomes infected, the perpetrator gains complete control of the device, which can mean unfettered access to messages, audio calls, photos, and remote access to cameras and microphones.What’s worrying is spyware is becoming accessible even to users lacking advanced tech skills. Cheaper, more rudimentary forms of spyware like stalkerware exist. Stalkerware can be particularly intrusive and abusive as it must be physically installed, meaning attackers need direct access to which ever device they try to infiltrate. In this article, we will expose the threat from digital spying and stalking, and how to maximize protection. >> Full Article <<

2
russell.harris
Popular Voice
8 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Malicious Windows kernel drivers used in BlackCat ransomware attacks

May 22, 2023 By Bill Toulas The ALPHV ransomware group (aka BlackCat) was observed employing signed malicious Windows kernel drivers to evade detection by security software during attacks.The driver seen by Trend Micro is an improved version of the malware known as 'POORTRY' that Microsoft, Mandiant, Sophos, and SentinelOne spotted in ransomware attacks late last year. The POORTRY malware is a Windows kernel driver signed using stolen keys belonging to legitimate accounts in Microsoft's Windows Hardware Developer Program.This malicious driver was used by the UNC3944 hacking group, also known as 0ktapus and Scattered Spider, to terminate security software running on a Windows device to evade detection. >> Full Article <<

1
MajorHavoc
Community Expert Advisor
8 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Crypto phishing service Inferno Drainer defrauds thousands of victims

May 22, 2023 By Bill Toulas A cryptocurrency phishing and scam service called 'Inferno Drainer' has reportedly stolen over $5.9 million worth of crypto from 4,888 victims.According to a report by the Web3Anti-Scam firm 'Scam Sniffer,' the phishing service has created at least 689 fake websites since March 27, 2023.Most of the phishing sites came online after May 14, 2023, with the analysts reporting a spike in site-building activity around that time.The malicious websites created with Inferno Drainer target 229 popular brands, including Pepe, Bob, MetaMask, OpenSea, Collab.Land, LayerZero, and others. >> Full Article <<

0
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

ChatGPT: Cybersecurity friend or foe?

 May 22, 2023 By Marcin Kleczynski If you haven’t heard about ChatGPT yet, perhaps you’ve just been thawed from cryogenic slumber or returned from six months off the grid. ChatGPT—the much-hyped, artificial intelligence (AI) chatbot that provides human-like responses from an enormous knowledge base—has been embraced practically everywhere, from private sector businesses to K–12 classrooms.Upon its launch in November 2022, tech enthusiasts quickly jumped at the shiny new disruptor, and for good reason: ChatGPT has the potential to democratize AI, personalize and simplify digital research, and assist in both creative problem-solving and tackling “busywork.” But the security community and other technology leaders have started raising the alarm, worried about the program’s potential to write malware and spread mis- and disinformation.Do you think your organization should embrace ChatGPT? Or do you believe implementing the platform will compromise your company’s cybersecurity posture? Read

0
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

WINTAPIX: A New Kernel Driver Targeting Countries in The Middle East

By Geri Revay and Hossein Jazi | May 22, 2023 Affected platforms: WindowsImpacted parties: Windows UsersImpact: Allows remote code execution and persistent access to the host (backdoor) and the rest of the network (proxy)Severity level: Medium At Fortinet, we monitor suspicious executables that make use of open-source tools and frameworks. One of the things that we keep an eye out for is tools that use the Donut project. Donut is a position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters. During our daily threat-hunting process in early February, we encountered a kernel driver that used the Donut tool and caught our attention for further analysis.  The sample that triggered our rule was a driver called WinTapix.sys (which is why we named it WINTAPIX). Since it uses Donut, we decided to analyze it further. It turned out to be a very interesting sample that we believe is being used in targeted attacks agains

0
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Microsoft: BEC Scammers Use Residential IPs to Evade Detection

BEC scammers use residential IP addresses in attacks to make them seem locally generated and evade detection. May 22, 2023 By Ionut Arghire Cybercriminals are using residential IP addresses in business email compromise (BEC) attacks to make them seem locally generated and evade detection, Microsoft says.The number of reported BEC attacks is constantly increasing, with the Federal Bureau of Investigation (FBI) receiving close to 22,000 BEC complaints in 2022 (PDF), with losses totaling over $2.7 billion.As part of a BEC attack, cybercriminals use compromised or spoofed email addresses to send fraudulent requests for wire transfers to employees in charge of making or authorizing payments. The fraudsters request payments to be made to bank accounts they control. >> Full Article <<

0
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

EU hits Meta with $1.3 billion fine for transferring European user data to the US

May 22, 2023  By Pierluigi Paganini The European Union condemned Meta with a record $1.3 billion fine for transferring European user data to the US.The European Union fined Meta $1.3 billion for transferring user data to the US. This is the biggest fine since the adoption of the General Data Protection Regulation (GDPR) by the European Union (EU) on May 25, 2018.In the past, the social media giant Meta threatened to block its services for users in Europe without a legal basis for data transfers. Now the company was disappointed by the decision of Ireland’s Data Protection Commission and said that it sets a dangerous precedent for a large number of companies transferring data between the EU and U.S.. >> Full Article <<

0
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News

Cloned CapCut websites push information stealing malware

May 20, 2023 By Bill Toulas A new malware distribution campaign is underway impersonating the CapCut video editing tool to push various malware strains to unsuspecting victims.CapCut is ByteDance's official video editor and maker for TikTok, supporting music mixing, color filters, animation, slow-mo effects, picture-in-picture, stabilization, and more.It has over 500 million downloads on Google Play alone, and its website receives over 30 million hits monthly.The application's popularity, combined with nationwide bans in Taiwan, India, and other places, has pushed users to seek alternative ways of downloading the program.However, threat actors exploit this by creating websites that distribute malware disguised as CapCut installers. >> Full Article <<

0
Jasper_The_Rasper
Moderator
11 days ago

Badges

  • Beta To The Max
    Petrovichas earned the badge Beta To The Max
  • Have 50 answers marked as "solved"!
    TylerMhas earned the badge Have 50 answers marked as "solved"!
  • Posted 100 comments!
    tasystemshas earned the badge Posted 100 comments!
  • Beta To The Max
    Tarnakhas earned the badge Beta To The Max
  • News: Posted 10 comments!
    andrea.raniolohas earned the badge News: Posted 10 comments!
Show all badges

Join the Conversation

Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.