Items tagged with Hackers
If any of you out there are running the Firefox browser app for Android, please update immediately. Versions below Firefox version 79 on mobile are vulnerable to exploitation of Android intent URIs. This attack uses SSDP payloads to trigger actions without user interaction. According to exploit researcher Chris Moberly, the exploit he found is a way to trick Firefox on Android into running applications. The simple service discovery protocol (SSDP) engine in Firefox can be sent payloads which trick it into running Android intent URIs. Android intent URIs are “messages which request actions from another app component,” according to the developer site for Android. Intents can be...
Read more...
It is rather rare to be able to peek behind the scenes for a look at how a state-sponsored threat group operates. However, a recent mistake has provided security researchers with information about the methods of the group referred to as “ITG18.” The security researchers discovered training videos that were accidentally uploaded by the Iranian hackers to an unprotected server. The video footage reveals some of the hackers’ techniques and their preferred targets. ITG18 is an Iranian state-sponsored threat group. They are also referred to as APT35 or Charming Kitten by other security researchers. The group uploaded more than 40 gigabytes of data onto an unprotected server back...
Read more...
According to security officials in the UK, Russian cyber actors have been targeting organizations that are involved in coronavirus (COVID-19) vaccine development. The National Cyber Security Centre (NCSC), which is part of GCHQ, published an advisory that detailed the activity of the Russian threat group known as APT29. The same group also goes by the name "The Dukes" or "Cozy Bear." According to the security officials, the group is "almost certainly" operating as part of Russian intelligence services. The UK isn't alone in coming to these conclusions. It points out that partners at the Canadian Communication Security Establishment and the U.S. Department for Homeland Security, Cyber Security...
Read more...
Hackers are always on the look out for the "next big thing" to exploit, either by finding vulnerabilities in an app or by latching onto brand recognition. With the coronavirus pandemic, hackers have aimed at certain software platforms that are being used heavily by workers stuck at home. One of the applications that are being increasingly targeted is Zoom. Zoom has seen a significant increase in its user base since the coronavirus outbreak and security researchers have seen a substantial increase in the registration of Zoom-themed domains for malicious purposes. Zoom is a cloud-based communication platform that can be used for both audio and video conferences, online meetings, chat, and collaboration...
Read more...
Hackers need physical access to a computer or need to trick a user into installing malware to steal data from an air-gapped PC (one that is not physically connected to a network). Air-gapped computers can have malware installed to steal data, but getting the data out is harder. That may not be the case with new research shared by The Hacker News that claims hackers can exfiltrate sensitive data from a PC by changing the brightness of the screen. This hack allegedly works on air-gapped computers. The hack is said to play an important role in stealing sensitive data from an infected, but an air-gapped computer. Details of the process come from Mordechai Guri, head of cybersecurity research center...
Read more...
Security researchers at Kaspersky have identified a new strain of malware affecting Chrome and Firefox browsers. The researchers say the malware's authors "put a lot of effort" into how it manipulates digital certificates and mucks with outbound TLS traffic, which ultimate compromises encrypted communications. "Analysis of the malware allowed us to confirm that the operators have some control over the target’s network channel and could replace legitimate installers with infected ones on the fly. That places the actor in a very exclusive club, with capabilities that few other actors in the world have," Kaspersky says. The malware allows an attacker to wreak havoc on a victim's PC remotely....
Read more...
iDefense engineers recently discovered an updated version of MegaCortex Ransomware that targets corporations in Europe and North America. Hackers have demanded anywhere from 2 to 600 Bitcoins or $20,000 to $5.8 million USD from victims. MegaCortex ransomware could traditionally only be installed by the hacker through a manual sequence. The ransomware also required a custom password during an infection. Although the ransomware was hard for business and security analysts to detect, it was also difficult to execute in the first place. Businesses in Canada, France, Ireland, Italy, the Netherlands, and the United States suffered from a string of attacks this past spring. Infected systems would see...
Read more...
This mobile app is definitely something to scream about in more ways than one. The Android game “Scary Granny ZOMBYE Mod: The Horror Game 2019” s stealing users’ Google and Facebook data. The malicious app attempts to siphon both data and money from its users to attackers. “Scary Granny ZOMBYE Mod: The Horror Game 2019” was a horror game that mimicked another popular Android game “Granny”. Users were tasked with running away from zombies while uncovering extra lives and various weapons. The game was installed over 50,000 times and boasted a 4-star review in the Google Play store before it was removed on June 27th. Image credit: Wandera Security...
Read more...
Authorities in the U.S. have announced that they have been successful in breaking a ring of hackers who had been running a scam to hijack SIM cards and steal cryptocurrency from the victims of the crime. Court documents in the case allege that the group, known as "The Community," had stolen about $2.4 million in cryptocurrency. Six people from the hacking ring were named in court documents in the case. The indictment came from the U.S. Attorney's Office for the Eastern District of Michigan, and it alleges that six people living around the U.S. and Ireland were part of The Community. The SIM hijacking scheme that the group pulled off involved them using bribery or trickery to convince mobile phone...
Read more...
Another day, another device vulnerability. It was recently discovered that hackers are able to remotely execute code with admin privileges through a Dell SupportAssist utility vulnerability. It is believed that a “high number” of users could be impacted. American security researcher Bill Demirkapi discovered the vulnerability. The vulnerability affects users who use non-updated versions of the Dell SupportAssist tool. This tool comes pre-installed on Dell devices alongside Windows OS. The hackers use a ARP Spoofing and a DNS Spoofing attack. The attackers lead users to a subdomain of dell.com. Once users have reached the site, the DNS Spoofing attack will return an “incorrect”...
Read more...
No information is safe in the Internet age. Citycomp, an Germany-based IT services company, reported that they had been hacked and blackmailed. Some of their clients include Oracle, Airbus, Toshiba, Volkswagen, Leica, and Porsche. Citycomp is an IT services company that provides items such as servers, storage, and other computer equipment to other major companies. It appears that the hackers targeted the German branches of these international companies. The list of victims includes both corporations with an international reach and strictly German companies. The hackers, who go by the alias "Boris-Bullet Dodger", have distributed some of the stolen files on a website. Some of the affected firms...
Read more...
CT scans are essential tools that help medical practitioners detect various medical conditions. Healthcare providers rely on the accuracy of these technologies, because a misdiagnosis could prove fatal. Unfortunately, this vital technology is vulnerable to hackers. Researchers recently designed malware that can add or take away fake cancerous nodules from CT and MRI scans. Researchers at the University Cyber Security Research Center in Israel developed malware that can modify CT and MRI scans. During their research, they showed radiologists real lung CT scans, 70 of which had been altered. At least three radiologists were fooled nearly every time. A CT Scan of a brain trauma. Image from Rehman...
Read more...
For organizations that are reliant on Cisco RV320 and RV325 WAN VPN routers, we implore you to -- if you haven't already -- apply two patches that were issued late last week. The patches address the following vulnerabilities: CVE-2019-1652: A vulnerability in the web-based management interface that could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. CVE-2019-1653: A vulnerability in the web-based management interface that could allow an unauthenticated, remote attacker to retrieve sensitive information. According to BleepingComputer, both vulnerabilities were discovered by German firm RedTeam Pentesting and...
Read more...
As Epic Games’ Fortnite has increased in popularity, so have the number of related scams and criminal activity. It was recently discovered that criminals are laundering Fortnite V-Bucks. Some believe that Epic Games has not taken enough precautionary measures to prevent such a crime. Fortnite is a free-to-play game, but features an in-game currency that can be used to purchase skins, emotes, and Battles Passes. V-Bucks or “Vindertech Bucks” can be earned by completing daily quests and missions or purchased through online vendors like Microsoft Store Online or the Official Playstation Store. 1,000 V-Bucks will run customers $9.99 USD. The Independent and cyber security firm Sixgill...
Read more...
Hackers do not need to bust open a Drama Llama Piñata to get the best loot in Fortnite. Epic Games recently patched a vulnerability that would have granted hackers access to users’ accounts. Nefarious parties would have been able to acquire users’ in-game currency and the last four digits of their credit card. The vulnerability was discovered by Israeli cyber security company Check Point this past November. Epic Games quickly and quietly fixed the issue. They recently remarked, “We thank Check Point for bringing this to our attention. As always, we encourage players to protect their accounts by not re-using passwords and using strong passwords, and not sharing account...
Read more...
The USB Implementers Forum (USB-IF) has announced a new authentication standard that can be implemented for USB-C devices and complimenting chargers. USB-C Authentication, as it’s called, uses 128-bit “cryptographic-based authentication” to help mitigate potential security intrusions from USB thumb drives and chargers that could be used to deliver malicious payloads/firmware. The USB-IF says that with its new authentication protocol, the host device would be able to in effect enter in a secure “handshake” with another USB-C device, confirming its identify. At the moment the connection is made, the host would be able to determine “product aspects as the capabilities...
Read more...
We have all seen it on Facebook -- one of your friends “shares” a link to a new shake that will help you lose ten pounds in two days or a code to get suspiciously discounted Ray-Bans. Thankfully, most of these posts are obviously spam. Unfortunately, hackers are finding more ways to post annoying and potentially dangerous content. One researcher recently discovered a proof-of-concept Facebook worm that posts unwanted spam links. A Polish security researcher, who goes by the pseudonym “Lasq”, was the first to find the issue. He noted that a number of his Facebook friends appeared to be posting a link to French comic site hosted on a Amazon Web Services (AWS) bucket. Users...
Read more...
Two-factor authentication (2FA) is usually touted as an effective layer of security for online account. Many people have recently learned the hard way that this method may not be as helpful as it seems. Hackers have targeted nearly 1,000 Google and Yahoo accounts by bypassing two-factor authentication. Amnesty International, a non-profit group, recently published a report that documented the phishing attacks. The attacks have specifically targeted journalists and activists in the Middle East and North Africa in 2017 and 2018. Amnesty International believes that the hackers are based in Persian Gulf countries. How does the attack work? First, the attackers sent out convincing “security alerts”...
Read more...
A group of hackers claims to have a service that will allow anyone willing to spend $250 to send out a "marketing" campaign that can reach "every single printer in the world." The people are offering to sell advertisers a spot in "the most viral ad campaign in history" according to the advertisement for the service. Security experts the world over have had concerns about the security of Internet of Things (IoT) devices and the security of web-connected printers specifically. HP has in the past offered $10,000 in bug bounty money to get white hat hackers to find bugs in its printers. We also talked in depth about some of the security hazards that the IoT posed last year. Hackers have taken advantage...
Read more...
Hackers employed by the Chinese government have purportedly stolen 614GB of sensitive data from a United States Navy contractor. The data potentially includes plans for a supersonic anti-ship missile and other information related to naval warfare. According to a report by The Washington Post, the breaches occurred in January and February of 2018. The Chinese hackers compromised a contractor who had been hired by the Naval Undersea Warfare Center. The Rhode Island-based military organization focuses on researching and developing submarines and naval weapons. Navy officials have not publicly identified the contractor. The stolen information was technically unclassified when isolated, but could...
Read more...
ATMs can be a blessing and a curse to financial institutions. On the one hand, they can process financial transactions quickly, allowing the machines to serve more people over a span of time than a human teller. However, ATMs are often the target of hackers, many using skimmers to obtain debit card numbers for later nefarious spending sprees. Now, the Secret Service is warning that an existing type of ATM attack, jackpotting, is finally beginning to make its way to the United States. Jackpotting has been prevalent at banking institutions across Europe and Asia, but not so much in the U.S. It involves using malware and a direct physical connection to an ATM to force it to shoot out large sums...
Read more...
With the booming value of cryptocurrency, many hackers and nefarious actors are rolling out schemes to unwittingly trick regular web users into mining for them. The latest scheme to dupe people into mining cryptocurrency is taking advantage of Facebook Messenger via some slick malware. The malware being distributed via Messenger is mining Monero, an alternative to the wildly valuable and volatile Bitcoin. Security researchers from Trend Micro are calling the malware Digmine and are saying that it could also help perpetrators to take over a Facebook account. The Digmine malware is disguised to look like a video file being shared over messenger. The only way the malware can spread is...
Read more...
