Items tagged with Hackers
Counter-Strike: Global Offensive (CS:GO) has been going strong since 2012, regularly hitting the “Top Games By Current Player Count” list on Steam. With this thriving community, it could make for a great opportunity to try and hack players through the game, and it seems that is indeed a potential threat. Researchers recently found a way to get reliable remote code execution on players’ computers just by joining a malicious community server. The Secret Club is a group of like-minded hackers and researchers who believe in open research about security, reverse engineering malware, and game hacking. Concerning the last part about game hacking, it seems they targeted CS:GO due to...
Read more...
The Remote Desktop Protocol (RDP) is an incredibly useful feature used by likely millions of people every day. Considering it is free and preinstalled from Microsoft, it beats out most other Windows-based remote desktop software with ease. This, however, does not give it a free pass from having flaws; however, as a security researcher has discovered his password in cleartext within the RDP service’s memory. Researcher Jonas Lykkegård of the Secret Club, a group of hackers, seems to stumble across interesting things from time to time. He recently posted to Twitter about finding a password in cleartext in memory after using the RDP service. It seems he could not believe what he had...
Read more...
When we hear of ransomware attacks, it usually involves high-value targets, such as the recent $50 million attack against Apple supplier Quanta. This time, a ransomware gang took a different approach and targeted consumers and small businesses using QNAP devices and subsequently encrypted their files. In just five days, the gang managed to collect $260,000 in Bitcoin for unlocking all the devices they took hostage. On Monday, a ransomware operation called Qlocker kicked off, exploiting new vulnerabilities in QNAP NAS devices and leaving users to wake up to their files being locked up. The ransomware gang behind this pulled it off by scanning the web for connected QNAP devices and then locking...
Read more...
Israeli-based digital intelligence company Cellebrite provides software that enables the extraction of data from devices. While law enforcement loves this, it raises ire from phone manufacturers and individuals alike, with privacy concerns abound. Interestingly, the CEO of Signal got their hands on one of these devices and managed to hack it, which provided some interesting insights, to say the least. For context, Cellebrite software seems to exist in a moral and legal grey area, when law enforcement can unlock phones without authorization by the owner. While it is important to note that Cellebrite software requires the device to be in the hands of the person attempting to get data, this may...
Read more...
Black Hat hackers, or simply cybercriminals, can be effective in stealing, leaking, or encrypting data in efforts to extort money from organizations. With the advent of the ProxyLogon vulnerabilities for Microsoft Exchange servers, attackers are now taking advantage of the situation and may ramp up attacks in the coming weeks. Earlier this week, we reported on BlackKingdom attempting to encrypt files on vulnerable Exchange servers and they are at it again. Yesterday, Microsoft Senior Threat Intelligence Analyst Kevin Beaumont reported that BlackKingdom ransomware had, in fact, encrypted files on his honeypot servers. What the criminals failed to do is exclude system critical files so when the...
Read more...
When we report on cybersecurity breaches, all too often it involves innocent individuals (or companies) that are on the receiving end of the attack. Such is the case with Chinese hackers that exploited Microsoft Exchange servers. Now, it appears that a hacker vigilante has breached four long-running and venerated Russian cybercrime forums. In two of the hacks, the vigilante made off with the forums’ user databases, which could prove to be problematic for the black-hat hackers on the forums. Earlier in the week, thousands of usernames, email addresses, and encrypted passwords were leaked on the dark web, and they all seemed to come from an “exclusive crime forum that has for more...
Read more...
There is a hacking campaign to disrupt this year's presidential election in the United States, according to a warning issued by the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA). Hackers are chaining Windows and virtual private network (VPN) exploits to carry out their attacks. "CISA has recently observed advanced persistent threat (APT) actors exploiting multiple legacy vulnerabilities in combination with a newer privilege escalation vulnerability—CVE-2020-1472—in Windows Netlogon. The commonly used tactic, known as vulnerability chaining, exploits multiple vulnerabilities in the course of a single intrusion to compromise a network...
Read more...
If any of you out there are running the Firefox browser app for Android, please update immediately. Versions below Firefox version 79 on mobile are vulnerable to exploitation of Android intent URIs. This attack uses SSDP payloads to trigger actions without user interaction. According to exploit researcher Chris Moberly, the exploit he found is a way to trick Firefox on Android into running applications. The simple service discovery protocol (SSDP) engine in Firefox can be sent payloads which trick it into running Android intent URIs. Android intent URIs are “messages which request actions from another app component,” according to the developer site for Android. Intents can be...
Read more...
It is rather rare to be able to peek behind the scenes for a look at how a state-sponsored threat group operates. However, a recent mistake has provided security researchers with information about the methods of the group referred to as “ITG18.” The security researchers discovered training videos that were accidentally uploaded by the Iranian hackers to an unprotected server. The video footage reveals some of the hackers’ techniques and their preferred targets. ITG18 is an Iranian state-sponsored threat group. They are also referred to as APT35 or Charming Kitten by other security researchers. The group uploaded more than 40 gigabytes of data onto an unprotected server back...
Read more...
According to security officials in the UK, Russian cyber actors have been targeting organizations that are involved in coronavirus (COVID-19) vaccine development. The National Cyber Security Centre (NCSC), which is part of GCHQ, published an advisory that detailed the activity of the Russian threat group known as APT29. The same group also goes by the name "The Dukes" or "Cozy Bear." According to the security officials, the group is "almost certainly" operating as part of Russian intelligence services. The UK isn't alone in coming to these conclusions. It points out that partners at the Canadian Communication Security Establishment and the U.S. Department for Homeland Security, Cyber Security...
Read more...
Hackers are always on the look out for the "next big thing" to exploit, either by finding vulnerabilities in an app or by latching onto brand recognition. With the coronavirus pandemic, hackers have aimed at certain software platforms that are being used heavily by workers stuck at home. One of the applications that are being increasingly targeted is Zoom. Zoom has seen a significant increase in its user base since the coronavirus outbreak and security researchers have seen a substantial increase in the registration of Zoom-themed domains for malicious purposes. Zoom is a cloud-based communication platform that can be used for both audio and video conferences, online meetings, chat, and collaboration...
Read more...
Hackers need physical access to a computer or need to trick a user into installing malware to steal data from an air-gapped PC (one that is not physically connected to a network). Air-gapped computers can have malware installed to steal data, but getting the data out is harder. That may not be the case with new research shared by The Hacker News that claims hackers can exfiltrate sensitive data from a PC by changing the brightness of the screen. This hack allegedly works on air-gapped computers. The hack is said to play an important role in stealing sensitive data from an infected, but an air-gapped computer. Details of the process come from Mordechai Guri, head of cybersecurity research center...
Read more...
Security researchers at Kaspersky have identified a new strain of malware affecting Chrome and Firefox browsers. The researchers say the malware's authors "put a lot of effort" into how it manipulates digital certificates and mucks with outbound TLS traffic, which ultimate compromises encrypted communications. "Analysis of the malware allowed us to confirm that the operators have some control over the target’s network channel and could replace legitimate installers with infected ones on the fly. That places the actor in a very exclusive club, with capabilities that few other actors in the world have," Kaspersky says. The malware allows an attacker to wreak havoc on a victim's PC remotely....
Read more...
iDefense engineers recently discovered an updated version of MegaCortex Ransomware that targets corporations in Europe and North America. Hackers have demanded anywhere from 2 to 600 Bitcoins or $20,000 to $5.8 million USD from victims. MegaCortex ransomware could traditionally only be installed by the hacker through a manual sequence. The ransomware also required a custom password during an infection. Although the ransomware was hard for business and security analysts to detect, it was also difficult to execute in the first place. Businesses in Canada, France, Ireland, Italy, the Netherlands, and the United States suffered from a string of attacks this past spring. Infected systems would see...
Read more...
This mobile app is definitely something to scream about in more ways than one. The Android game “Scary Granny ZOMBYE Mod: The Horror Game 2019” s stealing users’ Google and Facebook data. The malicious app attempts to siphon both data and money from its users to attackers. “Scary Granny ZOMBYE Mod: The Horror Game 2019” was a horror game that mimicked another popular Android game “Granny”. Users were tasked with running away from zombies while uncovering extra lives and various weapons. The game was installed over 50,000 times and boasted a 4-star review in the Google Play store before it was removed on June 27th. Image credit: Wandera Security...
Read more...
Authorities in the U.S. have announced that they have been successful in breaking a ring of hackers who had been running a scam to hijack SIM cards and steal cryptocurrency from the victims of the crime. Court documents in the case allege that the group, known as "The Community," had stolen about $2.4 million in cryptocurrency. Six people from the hacking ring were named in court documents in the case. The indictment came from the U.S. Attorney's Office for the Eastern District of Michigan, and it alleges that six people living around the U.S. and Ireland were part of The Community. The SIM hijacking scheme that the group pulled off involved them using bribery or trickery to convince mobile phone...
Read more...
Another day, another device vulnerability. It was recently discovered that hackers are able to remotely execute code with admin privileges through a Dell SupportAssist utility vulnerability. It is believed that a “high number” of users could be impacted. American security researcher Bill Demirkapi discovered the vulnerability. The vulnerability affects users who use non-updated versions of the Dell SupportAssist tool. This tool comes pre-installed on Dell devices alongside Windows OS. The hackers use a ARP Spoofing and a DNS Spoofing attack. The attackers lead users to a subdomain of dell.com. Once users have reached the site, the DNS Spoofing attack will return an “incorrect”...
Read more...
No information is safe in the Internet age. Citycomp, an Germany-based IT services company, reported that they had been hacked and blackmailed. Some of their clients include Oracle, Airbus, Toshiba, Volkswagen, Leica, and Porsche. Citycomp is an IT services company that provides items such as servers, storage, and other computer equipment to other major companies. It appears that the hackers targeted the German branches of these international companies. The list of victims includes both corporations with an international reach and strictly German companies. The hackers, who go by the alias "Boris-Bullet Dodger", have distributed some of the stolen files on a website. Some of the affected firms...
Read more...
CT scans are essential tools that help medical practitioners detect various medical conditions. Healthcare providers rely on the accuracy of these technologies, because a misdiagnosis could prove fatal. Unfortunately, this vital technology is vulnerable to hackers. Researchers recently designed malware that can add or take away fake cancerous nodules from CT and MRI scans. Researchers at the University Cyber Security Research Center in Israel developed malware that can modify CT and MRI scans. During their research, they showed radiologists real lung CT scans, 70 of which had been altered. At least three radiologists were fooled nearly every time. A CT Scan of a brain trauma. Image from Rehman...
Read more...
For organizations that are reliant on Cisco RV320 and RV325 WAN VPN routers, we implore you to -- if you haven't already -- apply two patches that were issued late last week. The patches address the following vulnerabilities: CVE-2019-1652: A vulnerability in the web-based management interface that could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. CVE-2019-1653: A vulnerability in the web-based management interface that could allow an unauthenticated, remote attacker to retrieve sensitive information. According to BleepingComputer, both vulnerabilities were discovered by German firm RedTeam Pentesting and...
Read more...
As Epic Games’ Fortnite has increased in popularity, so have the number of related scams and criminal activity. It was recently discovered that criminals are laundering Fortnite V-Bucks. Some believe that Epic Games has not taken enough precautionary measures to prevent such a crime. Fortnite is a free-to-play game, but features an in-game currency that can be used to purchase skins, emotes, and Battles Passes. V-Bucks or “Vindertech Bucks” can be earned by completing daily quests and missions or purchased through online vendors like Microsoft Store Online or the Official Playstation Store. 1,000 V-Bucks will run customers $9.99 USD. The Independent and cyber security firm Sixgill...
Read more...
Hackers do not need to bust open a Drama Llama Piñata to get the best loot in Fortnite. Epic Games recently patched a vulnerability that would have granted hackers access to users’ accounts. Nefarious parties would have been able to acquire users’ in-game currency and the last four digits of their credit card. The vulnerability was discovered by Israeli cyber security company Check Point this past November. Epic Games quickly and quietly fixed the issue. They recently remarked, “We thank Check Point for bringing this to our attention. As always, we encourage players to protect their accounts by not re-using passwords and using strong passwords, and not sharing account...
Read more...
