Items tagged with Hackers
Ransomware incidents are on the rise worldwide with no end in sight, and trying to fight back is like trying to punch a ghost, it seems. However, using empirical data and evidence, we can figure out what does and does not work to smother ransomware. Thanks to a new website called Ransomwhere, anyone can now track this evidence and figure out the full impact of ransomware while looking at the big picture. Last week, white-hat hacker Jack Cable announced the crowdsourced ransomware payment tracker website Ransomwhe.re. He explained that “there's no comprehensive public data on the total number of ransomware payments” and that without this, “we can't know the full impact of ransomware,...
Read more...
Last week, hundreds if not thousands of My Book Live customers awoke to their devices being wiped and, in some cases, unrecoverable. At that time, it was simply thought that Western Digital had not patched a critical vulnerability from 2018 that allowed attackers to do this, but it seems there is more to the story than initially thought. On June 23rd, WD Community Forum user sunspeak created a forum post that would ultimately spearhead the community outcry over the wiping of My Book Live devices. There have now been over 46,000 views and 763 replies on that post at the time of writing, some of which have devolved into fighting whether a company can just "end-of-life" (EOL) a product and not support...
Read more...
The Golden Arches are not so shiny today it seems, as the world's biggest fast-food chain, McDonald's, has been hit by an international data breach. The company reported today that hackers have stolen data containing employee and restaurant information from its South Korean, Taiwanese, and United States markets. Though it is believed that the data was not sensitive nor personal, it still raises concerns for the future. Recently, McDonald's discovered unauthorized activity on an internal security system, which prompted the company to lock things down and cut off access. Following this security incident, external cybersecurity consultants were brought in to investigate and found that indeed...
Read more...
Earlier this year, one of the largest insurance providers in the U.S. was hit by a ransomware attack that managed to cripple its network and exfiltrate data. According to people familiar with the situation, CNA Financial Corp. out of Chicago, Illinois, paid $40 million to wrest control of its network back in March. The people familiar with the situation, who were not authorized to publicly speak on the matter, discussed the hack with Bloomberg. It is reported that the company paid hackers “about two weeks after a trove of company data was stolen, and CNA officials were locked out of their network.” When asked specifically about the ransom payment, CNA declined to comment specifically...
Read more...
Counter-Strike: Global Offensive (CS:GO) has been going strong since 2012, regularly hitting the “Top Games By Current Player Count” list on Steam. With this thriving community, it could make for a great opportunity to try and hack players through the game, and it seems that is indeed a potential threat. Researchers recently found a way to get reliable remote code execution on players’ computers just by joining a malicious community server. The Secret Club is a group of like-minded hackers and researchers who believe in open research about security, reverse engineering malware, and game hacking. Concerning the last part about game hacking, it seems they targeted CS:GO due to...
Read more...
The Remote Desktop Protocol (RDP) is an incredibly useful feature used by likely millions of people every day. Considering it is free and preinstalled from Microsoft, it beats out most other Windows-based remote desktop software with ease. This, however, does not give it a free pass from having flaws; however, as a security researcher has discovered his password in cleartext within the RDP service’s memory. Researcher Jonas Lykkegård of the Secret Club, a group of hackers, seems to stumble across interesting things from time to time. He recently posted to Twitter about finding a password in cleartext in memory after using the RDP service. It seems he could not believe what he had...
Read more...
When we hear of ransomware attacks, it usually involves high-value targets, such as the recent $50 million attack against Apple supplier Quanta. This time, a ransomware gang took a different approach and targeted consumers and small businesses using QNAP devices and subsequently encrypted their files. In just five days, the gang managed to collect $260,000 in Bitcoin for unlocking all the devices they took hostage. On Monday, a ransomware operation called Qlocker kicked off, exploiting new vulnerabilities in QNAP NAS devices and leaving users to wake up to their files being locked up. The ransomware gang behind this pulled it off by scanning the web for connected QNAP devices and then locking...
Read more...
Israeli-based digital intelligence company Cellebrite provides software that enables the extraction of data from devices. While law enforcement loves this, it raises ire from phone manufacturers and individuals alike, with privacy concerns abound. Interestingly, the CEO of Signal got their hands on one of these devices and managed to hack it, which provided some interesting insights, to say the least. For context, Cellebrite software seems to exist in a moral and legal grey area, when law enforcement can unlock phones without authorization by the owner. While it is important to note that Cellebrite software requires the device to be in the hands of the person attempting to get data, this may...
Read more...
Black Hat hackers, or simply cybercriminals, can be effective in stealing, leaking, or encrypting data in efforts to extort money from organizations. With the advent of the ProxyLogon vulnerabilities for Microsoft Exchange servers, attackers are now taking advantage of the situation and may ramp up attacks in the coming weeks. Earlier this week, we reported on BlackKingdom attempting to encrypt files on vulnerable Exchange servers and they are at it again. Yesterday, Microsoft Senior Threat Intelligence Analyst Kevin Beaumont reported that BlackKingdom ransomware had, in fact, encrypted files on his honeypot servers. What the criminals failed to do is exclude system critical files so when the...
Read more...
When we report on cybersecurity breaches, all too often it involves innocent individuals (or companies) that are on the receiving end of the attack. Such is the case with Chinese hackers that exploited Microsoft Exchange servers. Now, it appears that a hacker vigilante has breached four long-running and venerated Russian cybercrime forums. In two of the hacks, the vigilante made off with the forums’ user databases, which could prove to be problematic for the black-hat hackers on the forums. Earlier in the week, thousands of usernames, email addresses, and encrypted passwords were leaked on the dark web, and they all seemed to come from an “exclusive crime forum that has for more...
Read more...
There is a hacking campaign to disrupt this year's presidential election in the United States, according to a warning issued by the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA). Hackers are chaining Windows and virtual private network (VPN) exploits to carry out their attacks. "CISA has recently observed advanced persistent threat (APT) actors exploiting multiple legacy vulnerabilities in combination with a newer privilege escalation vulnerability—CVE-2020-1472—in Windows Netlogon. The commonly used tactic, known as vulnerability chaining, exploits multiple vulnerabilities in the course of a single intrusion to compromise a network...
Read more...
If any of you out there are running the Firefox browser app for Android, please update immediately. Versions below Firefox version 79 on mobile are vulnerable to exploitation of Android intent URIs. This attack uses SSDP payloads to trigger actions without user interaction. According to exploit researcher Chris Moberly, the exploit he found is a way to trick Firefox on Android into running applications. The simple service discovery protocol (SSDP) engine in Firefox can be sent payloads which trick it into running Android intent URIs. Android intent URIs are “messages which request actions from another app component,” according to the developer site for Android. Intents can be...
Read more...
It is rather rare to be able to peek behind the scenes for a look at how a state-sponsored threat group operates. However, a recent mistake has provided security researchers with information about the methods of the group referred to as “ITG18.” The security researchers discovered training videos that were accidentally uploaded by the Iranian hackers to an unprotected server. The video footage reveals some of the hackers’ techniques and their preferred targets. ITG18 is an Iranian state-sponsored threat group. They are also referred to as APT35 or Charming Kitten by other security researchers. The group uploaded more than 40 gigabytes of data onto an unprotected server back...
Read more...
According to security officials in the UK, Russian cyber actors have been targeting organizations that are involved in coronavirus (COVID-19) vaccine development. The National Cyber Security Centre (NCSC), which is part of GCHQ, published an advisory that detailed the activity of the Russian threat group known as APT29. The same group also goes by the name "The Dukes" or "Cozy Bear." According to the security officials, the group is "almost certainly" operating as part of Russian intelligence services. The UK isn't alone in coming to these conclusions. It points out that partners at the Canadian Communication Security Establishment and the U.S. Department for Homeland Security, Cyber Security...
Read more...
Hackers are always on the look out for the "next big thing" to exploit, either by finding vulnerabilities in an app or by latching onto brand recognition. With the coronavirus pandemic, hackers have aimed at certain software platforms that are being used heavily by workers stuck at home. One of the applications that are being increasingly targeted is Zoom. Zoom has seen a significant increase in its user base since the coronavirus outbreak and security researchers have seen a substantial increase in the registration of Zoom-themed domains for malicious purposes. Zoom is a cloud-based communication platform that can be used for both audio and video conferences, online meetings, chat, and collaboration...
Read more...
Hackers need physical access to a computer or need to trick a user into installing malware to steal data from an air-gapped PC (one that is not physically connected to a network). Air-gapped computers can have malware installed to steal data, but getting the data out is harder. That may not be the case with new research shared by The Hacker News that claims hackers can exfiltrate sensitive data from a PC by changing the brightness of the screen. This hack allegedly works on air-gapped computers. The hack is said to play an important role in stealing sensitive data from an infected, but an air-gapped computer. Details of the process come from Mordechai Guri, head of cybersecurity research center...
Read more...
Security researchers at Kaspersky have identified a new strain of malware affecting Chrome and Firefox browsers. The researchers say the malware's authors "put a lot of effort" into how it manipulates digital certificates and mucks with outbound TLS traffic, which ultimate compromises encrypted communications. "Analysis of the malware allowed us to confirm that the operators have some control over the target’s network channel and could replace legitimate installers with infected ones on the fly. That places the actor in a very exclusive club, with capabilities that few other actors in the world have," Kaspersky says. The malware allows an attacker to wreak havoc on a victim's PC remotely....
Read more...
iDefense engineers recently discovered an updated version of MegaCortex Ransomware that targets corporations in Europe and North America. Hackers have demanded anywhere from 2 to 600 Bitcoins or $20,000 to $5.8 million USD from victims. MegaCortex ransomware could traditionally only be installed by the hacker through a manual sequence. The ransomware also required a custom password during an infection. Although the ransomware was hard for business and security analysts to detect, it was also difficult to execute in the first place. Businesses in Canada, France, Ireland, Italy, the Netherlands, and the United States suffered from a string of attacks this past spring. Infected systems would see...
Read more...
This mobile app is definitely something to scream about in more ways than one. The Android game “Scary Granny ZOMBYE Mod: The Horror Game 2019” s stealing users’ Google and Facebook data. The malicious app attempts to siphon both data and money from its users to attackers. “Scary Granny ZOMBYE Mod: The Horror Game 2019” was a horror game that mimicked another popular Android game “Granny”. Users were tasked with running away from zombies while uncovering extra lives and various weapons. The game was installed over 50,000 times and boasted a 4-star review in the Google Play store before it was removed on June 27th. Image credit: Wandera Security...
Read more...
Authorities in the U.S. have announced that they have been successful in breaking a ring of hackers who had been running a scam to hijack SIM cards and steal cryptocurrency from the victims of the crime. Court documents in the case allege that the group, known as "The Community," had stolen about $2.4 million in cryptocurrency. Six people from the hacking ring were named in court documents in the case. The indictment came from the U.S. Attorney's Office for the Eastern District of Michigan, and it alleges that six people living around the U.S. and Ireland were part of The Community. The SIM hijacking scheme that the group pulled off involved them using bribery or trickery to convince mobile phone...
Read more...
Another day, another device vulnerability. It was recently discovered that hackers are able to remotely execute code with admin privileges through a Dell SupportAssist utility vulnerability. It is believed that a “high number” of users could be impacted. American security researcher Bill Demirkapi discovered the vulnerability. The vulnerability affects users who use non-updated versions of the Dell SupportAssist tool. This tool comes pre-installed on Dell devices alongside Windows OS. The hackers use a ARP Spoofing and a DNS Spoofing attack. The attackers lead users to a subdomain of dell.com. Once users have reached the site, the DNS Spoofing attack will return an “incorrect”...
Read more...
No information is safe in the Internet age. Citycomp, an Germany-based IT services company, reported that they had been hacked and blackmailed. Some of their clients include Oracle, Airbus, Toshiba, Volkswagen, Leica, and Porsche. Citycomp is an IT services company that provides items such as servers, storage, and other computer equipment to other major companies. It appears that the hackers targeted the German branches of these international companies. The list of victims includes both corporations with an international reach and strictly German companies. The hackers, who go by the alias "Boris-Bullet Dodger", have distributed some of the stolen files on a website. Some of the affected firms...
Read more...
