Cyber Security News

Cybersecurity experts have discovered a new hacker group ChamelGang, which attacks institutions in ten countries around the world, including Russia. Since March, Russian companies in the fuel and energy sector and the aviation industry have been targeted, at least two attacks have been successful. Experts believe that pro-government groups may be behind the attacks. According to Positive Technologies, the first attacks were recorded in March. Hackers are interested in stealing data from compromised networks. India, the United States, Taiwan and Germany were also victims of the attacks. Compromised government servers were discovered in those countries. The new group was named ChamelGang from the word chameleon, as hackers disguise malware and network infrastructure as legitimate services. The grouping tools include the new, previously undescribed ProxyT malware, BeaconLoader and the DoorMe backdoor, which allows a hacker to gain access to the system. In one of the attacks, the hack...

  Internet scammers are using Twitter bots to trick users into making PayPal and Venmo payments to accounts under their possession. Venmo and PayPal are the popular online payment services for users to pay for things such as charity donations or for goods such as the resale of event tickets. This latest campaign, however, is a stark warning against making or revealing any sort of transaction on a public platform. How fraudsters operate?   The fraud campaign begins when a well-meaning friend asks the person in need for a specific money transferring account — PayPal or Venmo. Then the Twitter bot springs into action, presumably identifying these tweets via a search for keywords such as ‘PayPal’ or ‘Venmo’. Twitter bot impersonates the original poster by scraping the profile picture and adopting a similar username within minutes in order to substitute their own payment account for that of the person who really deserves the money.  Twitter user ‘Skye’ (@stimmyskye) ...

  Within the last couple of days, Bandwidth.com has been the latest target of distributed denial of service attacks targeting VoIP companies.  Bandwidth, a firm providing Voice over Internet Protocol (VoIP), services to companies and resellers, revealed that it suffered a failure after reporting on the DDoS attack on the 27th of September, Monday night.  Bandwidth Chief Executive Officer David Morken confirmed the incident and also claimed that "a number of critical communications service providers have been targeted by a rolling DDoS attack." Bandwidth started reporting unintended voice and messaging services breakdown from September 25 at 3:31 p.m. EST.  Bandwidth has since provided periodic status updates describing voice disruptions, improved services 911 (E911), messaging, and portal access. As Bandwidth is among the world's major voicemail service providers for IP firms, several other VoIP suppliers, including Twilio, Accent, DialPad, Phone.com, and Rin...

  Researchers from Microsoft Threat Intelligence Center (MSTIC) identified FoggyWeb, a new custom malware utilized by the Nobelium APT group to distribute further payloads and steal critical information from Active Directory Federation Services (AD FS) servers.  FoggyWeb is a post-exploitation backdoor utilized by the APT group to remotely exfiltrate the setup databases of affected Active Directory Federation Services (AD FS) servers, as well as the decrypted token-signing and token-decryption certificates. It also enables threat actors to download and execute additional elements.  The analysis published by Microsoft stated, “Once NOBELIUM obtains credentials and successfully compromises a server, the actor relies on that access to maintain persistence and deepen its infiltration using sophisticated malware and tools. NOBELIUM uses FoggyWeb to remotely exfiltrate the configuration database of compromised AD FS servers, decrypted token-signing certificate, and token-...

  Just as the US was completing its withdrawal from Afghanistan, several China-linked cyberespionage groups were seen intensifying attacks on a major telecom corporation. Recorded Future, a threat intelligence firm, reported on Tuesday that it has witnessed four different Chinese threat groups target a mail server belonging to Roshan, a large telecom provider in Afghanistan with over 6.5 million subscribers.  According to Doug Madory, Director of Internet Analysis at Kentik and a veteran observer of worldwide traffic trends, “Roshan is one of the largest suppliers of Internet access to the people of Afghanistan” and a major source of online traffic in and out of the nation.  Calypso and RedFoxtrot, as well as two different Winnti and PlugX activity clusters that Recorded Future researchers were unable to link to other known actors, carried out the attacks. The researchers believe it's not unusual for Chinese hackers to target the same Roshan mail server because they...

With the exponential growth in technological innovation over the last few decades, businesses need to… Security Measures to Take Before Donating Your Old Office Computers on Latest Hacking News . from Latest Hacking News https://ift.tt/3AZtBQr

Everything, including our computers, mobile devices, and online accounts, is secured by passwords these days.… Best Ways to Store Passwords Safely on Latest Hacking News . from Latest Hacking News https://ift.tt/3ATu5rb

The Japanese government on Tuesday officially approved a new three-year cybersecurity strategy, where Russia, China and North Korea are mentioned for the first time as potential sources of hacker attacks. The document is published on the website of the Cyber Strategic Headquarters of Japan. Japanese Foreign Minister Toshimitsu Motegi said at a press conference in Tokyo that the sphere related to security guarantees is expanding. The importance of such areas such as cyberspace and space security is growing. According to him, the security situation around Japan is becoming increasingly severe. It is believed that China, Russia and North Korea are strengthening their potential in cyberspace, and the instability of the world order is also increasing. He added that Japan, based on the adopted strategy, will increase its capabilities to counter attacks by foreign hackers. The document claims that China conducts cyber attacks in order to obtain military and other advanced technologies, a...

When a disaster strikes and the server is down, the first thing that comes to… Stellar Repair for Exchange — Is It the Best Tool to Recover Exchange Databases? on Latest Hacking News . from Latest Hacking News https://ift.tt/3F62w0C

The latest iOS 15 from Apple has gained much attention due to numerous privacy enhancements.… Apple iCloud Private Relay Service Glitch Exposes Users’ Real IP Addresses on Latest Hacking News . from Latest Hacking News https://ift.tt/3oib12p

  Cybersecurity researcher at Comparitech has identified a misconfigured MongoDB database containing a treasure trove of data left uncovered to the public without any password or security authentication. The exposed data belongs to FarFaria, a San Francisco, CA-based company that offers fairytales for kid’s service through Android and iOS apps.  According to Bob Diachenko, the head of security research at Comparitech, the exposed database contained 38 GB worth of data with contact information and login credentials of 2.9 million users such as email addresses, authentication tokens, encrypted passwords, number and timeline of logins, and social media tokens (if logged in from social media accounts). After spotting the data leak on August 9th, 2021, the researcher immediately reported the incident to FarFaria. However, the firm did not respond to the researcher but secured the database the very next day. The main concern for FarFaria users is 'targeted phishing attacks.'...

Short answer – Yes. Normally people confuse using a virtual private network for accessing Netflix… Is Using a VPN for Netflix Legal? on Latest Hacking News . from Latest Hacking News https://ift.tt/3EYZKtP

As browsers continue to reinforce the “HTTPS-only” policy, EFF has decided to deprecate the popular… HTTPS Everywhere Browser Extension Will Be No More – Announces EFF on Latest Hacking News . from Latest Hacking News https://ift.tt/39MAOHx

The world of cyber security is a dangerous one – and it’s only getting more… Ways To Make Sure Your Mobile Apps Are Safe From Cyber Attacks on Latest Hacking News . from Latest Hacking News https://ift.tt/3zSkIXJ

  A fully working exploit for the remote code execution vulnerability in VMware vCenter labelled as CVE-2021-22005 is now publicly accessible, and is being exploited in the wild. In contrast to the version that began to circulate at the end of last week, this variation can be used to open a reverse shell on a vulnerable system, permitting remote attackers to launch code of their preference. The flaw requires no authentication and permits intruders to upload a file to the vCenter Server analytics service.  On Monday, exploit writer wvu published a declassified exploit for CVE-2021-22005 which targets endpoints that have the Customer Experience Improvement Program (CEIP) component activated, which is the default setting.  Moreover, VMware defines the vulnerability as exploitable "by anyone who can reach vCenter Server over the network to gain access, regardless of vCenter Server's configuration settings." wvu describes what their code does at every level in a techni...

  One of the prominent targets for hackers is Microsoft Exchange, and the attack vector typically involves a popular vulnerability which the organization hasn't recently patched. A new solution by Microsoft aims at providing urgent protection after several attacks over the last year that used zero-days against on-site versions of Microsoft Exchange servers.  Microsoft has implemented a new Exchange Server capability that automatically implements interim mitigations to protect on-site systems against incoming cyberattacks, against high-risk (and probably regularly exploited) security vulnerabilities, and allows administrators to deploy security upgrades.  This update comes following a series of zero-day vulnerabilities detected in Microsoft Exchange, which was used to infiltrate servers by state-supported hacker organizations with no patch or mitigation information accessible for administrators.  Built on the Microsoft Emergency Exchange Mitigation (EM), which...

  Hackers have used a credential phishing attack to steal data from Office 365, Google Workspace, and Microsoft Exchange by spoofing an encrypted mail notification from Zix. According to Armorblox security researchers, the assault impacted around 75,000 users, with small groups of cross-departmental staff being targeted in each customer environment.  Social engineering, brand impersonation, replicating existing workflows, drive-by downloads, and accessing valid domains were among the methods employed by the hackers to obtain data. “Secure Zix message” emails were sent to victims. In the body of the email, there was a header that repeated the email subject and claimed the victim had received a secure communication from Zix, a security technology company that provides email encryption and data loss prevention services. The victim is invited to view the secure message by clicking on the "Message" button in the email. While the phoney email is not a facsimile, it is similar...

Positive Technologies is developing a new concept of cyber security standard. The document should become an open knowledge base, which will be exchanged between specialists to improve their qualification. Today, each company sets up its own information security parameters; when a single standard appears, organizations will be able to develop the most effective solutions together. Experts noted that the document will also help solve the problem of personnel shortage in the IT industry: specialists from other fields interested in information security will be able to get additional skills in this database and retrain to work in this field. Oleg Gubka, Development Director of the Avanpost company, agrees that the initiative is relevant, but, in his opinion, the standard will be effective if it is developed well. He believes that it is necessary to create an expert council of representatives of companies who would carefully study all sections of the standard according to their successf...

  At least five French ministers and President Emmanuel Macron's diplomatic advisor mobile phones have been infected by Israel-made Pegasus spyware, whistle-blowers confirmed on Friday 24th of September.  As per a Mediapart report on Friday, French security agencies have discovered software during the phone inspection, with breaches reported in 2019 and 2020.  In July Pegasus produced by NSO Group, the Israeli company, was already in the middle of a hurricane following a list of around 50,000 possible surveillance targets worldwide leaking to the media, and was capable of switching the camera or microphone and harbor their data.  The insinuation was made about two months after the Pegasus Project, the media consortium which included the Guardian, found that a leaked database at the core of the investigatory project included contact information of top France officials, including French President Emmanuel Macron and most of its 20-strong cabinet.  There ...

  Covid-19 pandemic has turned the world upside down in the last year and a half, leaving us with no option but to rely more on digital solutions – from using food delivery to online banking. Needless to say, the more one relies on the digital world, the more vulnerable one becomes to online scams.  Now, scammers are targeting cryptocurrency users via a Firefox add-on named after SafePal. Dozens of Firefox users have fallen prey to an add-on masquerading as a valid extension of the SafePal cryptocurrency hardware wallet. What’s surprising is that this malicious add-on has lived on Mozilla’s Firefox web browser for almost seven months.  SafePal is a cryptocurrency wallet application capable of safely holding over 10,000 asset types, including Bitcoin, Ethereum, and Litecoin. It is backed by Binance and it is now being used by over 2 million users in over 146 countries across the globe. While Safepal has official smartphone apps available on both the Apple AppStore an...

  Bitcoin.org, the authentic website of the Bitcoin project was hacked by criminals who advertised a double your money scam and unfortunately, many people fell into the trap.   On September 23, visitors to bitcoin.org were welcomed with a popup instructing them to send cryptocurrency to a Bitcoin wallet using a QR code and earn twice the amount in exchange.  The message stated, "The Bitcoin Foundation is giving back to the community! We want to support our users who have helped us along the years," encouraging users to send Bitcoins to the attacker's displayed wallet address.  "Send Bitcoin to this address, and we will send double the amount in return!"  To add credibility to the claim, the false notice informed visitors that the deal was confined to the first 10,000 users. Users were unable to go beyond the bogus popup message, leaving the rest of the website unreachable for the timeframe of the fraud.  Soon after the hack, Bitcoin.org's s...

Researchers have presented a dedicated browser extension, “TruffleHog,” that can facilitate bug bounty hunters. The… TruffleHog – Now a Browser Extension That Detects Secret Keys In JavaScript on Latest Hacking News . from Latest Hacking News https://ift.tt/3zRz8XU

  From the beginning of the year to the end of August, losses due to cryptocurrency investment scams accounted for over a quarter of all scams reported to the Australian Competition and Consumer Commission (ACCC). The ACCC said that it received 3,007 reports totaling losses of AU$53.2 million in response to a notice from the Senate Select Committee on Australia as a Technology and Financial Centre. This accounted for 55% of all investment fraud losses and 48% of all investment fraud reports.  New South Wales had 860 reports for losses of AU$20.6 million, Victoria had 563 reports for losses of AU$12.6 million, Queenslanders lost AU$8.2 million and submitted 485 reports, and Western Australia had 268 reports for losses of AU$3.8 million.  People in the 55-64 age group lost over AU$12.6 million and submitted 365 complaints, while those over 65 lost AU$10.7 million and filed 356 reports, and those in the 44-54 age group filed 352 reports and lost AU$8.7 million. The los...

While Apple has already deprecated the insecure TLS 1.0 and 1.1 protocols in the latest… Apple To Remove Insecure TLS Protocols In Future macOS, iOS Releases on Latest Hacking News . from Latest Hacking News https://ift.tt/3m157QI

Recently, Google has released another major update for Chrome users. The new update addresses a… Google Chrome Patched Another Zero-Day Bug Within A Month on Latest Hacking News . from Latest Hacking News https://ift.tt/39KVboF

One of Elon Musk’s top concerns is about a fleet-wide hack of Tesla cars. Connected… Yes, Car Hacking Is a Reality. Here’s How Can You Protect Your Fleet on Latest Hacking News . from Latest Hacking News https://ift.tt/3AOvmjh

Mobile money transfer apps and online banks let you transfer and receive funds with just… What Can You Do To Ensure That Hackers Are Unable to Access Your Mobile Banking Apps?  on Latest Hacking News . from Latest Hacking News https://ift.tt/2ZBJTBj

The need for WordPress redirects often arises, especially if you’ve made changes to your permalink… 6 Types of WordPress Redirection We Keep Seeing on Latest Hacking News . from Latest Hacking News https://ift.tt/3ode4Js

According to experts, the share of malicious bots has been growing for a long time, but the pandemic has accelerated this process. Russia is among the top five countries in terms of the volume of generated unwanted traffic. According to data from Barracuda Networks, 64% of Internet traffic in January-June 2021 was generated by automated tools. So, 39% of traffic was generated by malicious bots, 25% were generated by useful bots, 36% were generated by humans. Attackers use bots for DDoS attacks, brute-force passwords from personal accounts, and create phishing sites. Malicious automated programs primarily threaten online stores and marketplaces. The overwhelming majority of malicious traffic - 67% - is generated in North America. Europe is in second place with an indicator of 22%, Asia is in third place with 8%. The remaining 3% are in Oceania, South America and Africa. According to Group-IB, Russia is among the top 5 countries in terms of the number of IP addresses from which unwa...

  Authorities in Spain have issued a warning about a phishing campaign that impersonates WhatsApp to deceive consumers into installing a trojan. The recipients are advised to get copies of their chats and call records from a website that only sells the NoPiques virus.  The NoPiques (“Do not chop”) malware is packaged in an a.zip archive that infects vulnerable devices on execution. The Spanish language subject line for dangerous emails is often ‘Copia de seguridad de mensajes de WhatsApp *913071605 No (xxxxx)', however, this may not be the case always as it can vary. Unlike many malware-peddling phishing messages in English and other languages, the emails are written in grammatically correct Spanish, or at least with few faults.  The Spanish National Cybersecurity Institute's (INCIBE) Oficina de Seguridad del Internauta (OSI) has issued a warning regarding the malware campaign. “If you haven't run the downloaded file, your device may not have been infected. All you...

  IBM Security researchers have discovered a new form of overlay malware targeting online banking users. Dubbed ZE Loader, is a malicious Windows application that attempts to obtain financial data from victims by establishing a back door connection. However, unlike the typical banking Trojans, the ZE loader employs multiple stealth tactics to remain hidden, and stores permanent assets on infected devices. The malware is targeting banks, online payment processors, and cryptocurrency exchanges and is able to interact with the victim's device in real-time, thereby greatly enhancing the finesse of the whole operation. Once the victim falls into the trap, the attacker is notified in real-time and can take over the system remotely. Upon installation, the malware performs the steps listed below:  • It ensures that the Trojan is running with administrator permissions.  • It establishes a Remote Desktop Protocol (RDP) connection to the command-and-control server.  • Z...

A remote code execution vulnerability riddled numerous Netgear routers posing a security threat to users.… Netgear Addressed Serious Vulnerability Affecting Multiple Routers on Latest Hacking News . from Latest Hacking News https://ift.tt/3AH6N7U

  An MSHTML vulnerability listed under CVE-2021-40444 is being used to target Russian entities, as per Malwarebytes.  Malwarebytes Intelligence has detected email attachments directed especially against Russian enterprises. The first template they discovered is structured to resemble an internal communication within JSC GREC Makeyev.  The Joint Stock Company State Rocket Center named after Academician V.P. Makeyev is a strategic asset of the country's defence and industrial complex for both the rocket and space industries. It is also the primary manufacturer of liquid and solid-fuel strategic missile systems with ballistic missiles, making it one of Russia's largest research and development centres for developing rocket and space technology.  The email purports to be from the organization's Human Resources (HR) department. It stated that HR is conducting a check of the personal information given by workers. Employees are asked to fill out a form and send it t...

  With the rise of ransomware and as-a-service offers, malware has become an ever-growing concern in the cyber realm. The developers of the Raccoon Stealer which is an information stealer have shifted their target, according to ZeroFox Threat Research.  Since the beginning of the quarter, there have been several upgrades, the most prominent of which is the installation of new "crypters." The goal of a crypter is to obfuscate a binary by adding junk code, breaking up the flow of code without affecting the original functionality, or encrypting parts of code so that static signatures cannot identify them. Support for stealing various new bitcoin wallets has also been added, as well as the addition of Discord to the list of targeted applications.  The stealer is being bundled with malware such as malicious browser extensions, crypto miners, the Djvu/Stop consumer ransomware strain, and click-fraud bots targeting YouTube sessions, according to samples received by Sophos....

Annoyed after the slow response from Apple, a researcher has publicly dropped three iOS zero-day… Disgruntled Researcher Publicly Disclosed Three iOS Zero-Day Bugs As Apple Delayed Patches on Latest Hacking News . from Latest Hacking News https://ift.tt/3CRnpKK

Up to 15 Russian financial organizations were subjected to a large-scale cyberattack in August and September of this year. The first deputy head of the Information Security Department of the Bank of Russia, Artem Sychev, said that 10-15 Russian financial organizations that serve e-commerce were subjected to cyber attacks in August and early September. According to him, it was several DDoS attacks. “Most of these attacks were repelled in an automated mode by the means that financial organizations have,” Sychev noted. Financial CERT (Financial Sector Computer Emergency Response Team, a special division of the Bank of Russia) also helped to cope with the attacks, which quickly notified banks about the attacks and connected telecom operators to solving problems. They helped to quickly redirect traffic and enable tools that filter malicious traffic. According to Sychev, the attacks were serious, but the attackers failed to disrupt the performance of credit institutions. “But, neverthe...

  Guardicore Security Researcher, Amit Serper identified a critical vulnerability in Microsoft's autodiscover- the protocol, which permits for the automatic setup of an email account with only the address and password needed.  The vulnerability allows attackers who buy domains containing the word "autodiscover," such as autodiscover.com or autodiscover.co.uk, to capture the clear-text login details of users experiencing network issues (or whose admins incorrectly configured DNS).  From April 16 through August 25 of this year, Guardicore purchased many similar domains and used them as proof-of-concept credential traps:   Autodiscover.com.br   Autodiscover.com.cn   Autodiscover.com.co   Autodiscover.es   Autodiscover.fr   Autodiscover.in   Autodiscover.it   Autodiscover.sg   Autodiscover.uk   Autodiscover.xyz   Autodiscover.online  A web s...