cRyPtHoN™ INFOSEC (EN)
11 Oct 2023 05:28
The Art of Concealment: A New Magecart Campaign That’s Abusing 404 Pages
A new, sophisticated, and covert Magecart web skimming campaign has been targeting Magento and WooCommerce websites. Some of the victims of this campaign are associated with large organizations in the food and retail industries.
According to the evidence we’ve uncovered, this campaign has been active for a couple of weeks, and in some cases, even longer. This campaign managed to surprise us with a high-level concealment technique that we had not previously encountered.
https://www.akamai.com/blog/security-research/magecart-new-technique-404-pages-skimmer
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
10 Oct 2023 11:13
Curl 8.4.0 – Proactively Identifying Potential Vulnerable Assets
On Wednesday, October 4, 2023, the curl project maintainers announced pre-notification for curl version 8.4.0 to be released on October 11. This version will fix two new vulnerabilities with one high and one low-severity CVE. The prenotification stated that the high-severity issue is arguably the most critical security flaw identified in curl in recent history.
Details regarding the vulnerabilities and the new version will be disclosed around 06:00 UTC October 11, 2023.
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/05/curl-8-4-0-proactively-identifying-potential-vulnerable-assets
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
06 Oct 2023 14:35
Amazon Prime email scammer snatches defeat from the jaws of victory
More often than not, its our solemn duty on this site to keep you informed about the nature and tactics of dangerous, cunnning, and persistent cybercriminals.
This is not one of those days.
In fact, this is the oppposite of one of those days. This is about a passable spam email sent by a spammer who did the phishing equivalent of arriving at the airport three hours early for their flight, the day after it left.
https://www.malwarebytes.com/blog/news/2023/10/amazon-prime
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
23 Sep 2023 09:37
BBTok Banking Trojan Impersonates 40+ Banks to Hijack Victim Accounts
Attackers use convincing fake website interfaces and sophisticated geo-fencing to target users exclusively in Mexico and Brazil with a new variant of the malware.
Threat actors are targeting hundreds of banking customers in Latin America with a new variant of an existing banking Trojan that replicates the interfaces of more than 40 Mexican and Brazilian banks. The campaign is aimed at tricking infected victims into giving up two-factor authentication (2FA) and/or payment-card details so attackers can hijack their bank accounts.
The active campaign — the initial infection vector of which is through phishing — is aimed at spreading a variant of the BBTok banking malware to victims in Mexico and Brazil,
https://www.darkreading.com/endpoint/bbtok-banking-trojan-impersonates-40-banks-to-hijack-victim-accounts
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
23 Sep 2023 09:27
Rumors of another T-Mobile data breach have been debunked by the carrier
Employee data was rumored to have been leaked this time around
When it comes to your personal information, there are a number of tools you can use to ensure that it’s protected on the internet. However, what happens to your data once it’s in the hands of a company is not always up to you, since a breach can expose your information unexpectedly without the company’s consent. T-Mobile is one mobile service provider that has become almost as renowned for its data breaches as its promotional deals. After an app glitch showed incorrect billing info earlier this week, a separate rumor began circulating on X (formerly known as Twitter) that the carrier had suffered yet another breach. However, T-Mobile has now debunked this report as false.
https://www.androidpolice.com/t-mobile-employee-data-breach-rumor-debunked/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
23 Sep 2023 09:21
Apple squashes security bugs after iPhone flaws exploited by Predator spyware
Holes in iOS, macOS and more fixed following tip off from Google, Citizen Lab
Apple emitted patches this week to close security holes that have been exploited in the wild by commercial spyware.
The updates, which were issued yesterday and should be installed as soon as possible if not already, address as many as three CVE-listed flaws. We've just learned today that the Predator spyware sold by Intellexa used these vulnerabilities to infect at least one target's iPhone.
https://www.theregister.com/2023/09/22/apple_emergency_patches/
https://www.bleepingcomputer.com/news/security/recently-patched-apple-chrome-zero-days-exploited-in-spyware-attacks/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
23 Sep 2023 09:12
Nigerian man pleads guilty to attempted $6 million BEC email heist
Kosi Goodness Simon-Ebo, a 29-year-old Nigerian national extradited from Canada to the United States last April, pleaded guilty to wire fraud and money laundering through business email compromise (BEC).
Simon-Ebo admitted that in 2017, while he resided in South Africa, he conspired with others in the U.S. to compromise business and employee email accounts.
The scammers then used these accounts to contact businesses with spoofed sender addresses to make it appear that the emails came from trustworthy partners.
https://www.redpacketsecurity.com/nigerian-man-pleads-guilty-to-attempted-million-bec-email-heist/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
22 Sep 2023 16:38
Air Canada says hackers accessed limited employee records during cyberattack
Canada’s largest airline announced a data breach this week that involved the information of employees, but said its operations and customer data was not impacted.
Air Canada, one of the world’s oldest airlines running more than 1,300 flights a day, released a statement on Wednesday explaining a recent data breach.
The company did not respond to requests for comment about when the attack occurred and whether it was a byproduct of a ransomware attack.
“An unauthorized group briefly obtained limited access to an internal Air Canada system related to limited personal information of some employees and certain records. We can confirm that our flight operations systems and customer facing systems were not affected,” the company said.
https://therecord.media/air-canada-limited-employee-info-accessed
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
22 Sep 2023 16:27
Attacker Unleashes Stealthy Crypto Mining via Malicious Python Package
🌀 A malicious Python package, “Culturestreak”, hijacks system resources for unauthorized cryptocurrency mining.
🌀 The malicious package utilizes obfuscated code and random filenames to evade detection.
🌀 The code runs in an infinite loop, making it a relentless threat that continually exploits system resources.
🌀 The malicious code originates from an active GitLab repository, underscoring the ongoing risk to users.
Recently, our team came across a Python package named "culturestreak". A closer look reveals a darker purpose: unauthorized cryptocurrency mining. Let's break down how "culturestreak" operates, its potential impact, and the broader implications for user security and ethical computing.
https://checkmarx.com/blog/attacker-unleashes-stealthy-crypto-mining-via-malicious-python-package/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
22 Sep 2023 16:19
The latest Windows 11 update will help you ditch passwords for good
Microsoft’s Windows 11 update on September 26th introduces general support for the passkey passwordless logins.
Microsoft’s incoming Windows 11 update will introduce public support for passkeys — a passwordless login technology that instead uses your face, fingerprint, or device PIN to sign into accounts. Announced at Microsoft’s AI and Surface launch event on Thursday, the latest Windows 11 update (available from September 26th) will allow users to create, manage, and store passkeys, and use them to access supported websites and services using their device’s own authentication systems.
https://www.theverge.com/2023/9/22/23885212/microsoft-windows-11-update-passkey-support-availability-date
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
22 Sep 2023 15:54
India's biggest tech centers named as cyber crime hotspots
Global tech companies' Bharat offices attract the wrong sort of interest
India is grappling with a three-and-a-half year surge in cyber crime, with analysis suggesting cities like Bengaluru and Gurugram – centers of India's tech development – are hubs of this activity.
The report – A Deep Dive into Cybercrime Trends Impacting India from the non-profit Future Crime Research Foundation (FCRF) – identified cyber crime hot spots from January 2020 until June 2023.
"The analysis of the top 10 cyber crime-prone districts in India reveals several common factors contributing to their vulnerability. These include geographical proximity to major urban centers, limited cyber security infrastructure, socioeconomic challenges, and low digital literacy," states the report.
https://www.theregister.com/2023/09/21/india_cybercrime_trends_report/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
22 Sep 2023 15:43
MGM Resorts computers back up after 10 days as analysts eye effects of casino cyberattacks
LAS VEGAS (AP) — MGM Resorts brought to an end a 10-day computer shutdown prompted by efforts to shield from a cyberattack data including hotel reservations and credit card processing, the casino giant said Wednesday, as analysts and academics measured the effects of the event.
“We are pleased that all of our hotels and casinos are operating normally,” the Las Vegas-based company posted on X, the platform formerly known as Twitter. It reported last week that the attack was detected Sept. 10.
https://apnews.com/article/vegas-mgm-resorts-caesars-cyberattack-shutdown-a01b9a2606e58e702b8e872e979040cc
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
22 Sep 2023 15:38
Cyberespionage Attacks Against Southeast Asian Government Linked to Stately Taurus, Aka Mustang Panda
An advanced persistent threat (APT) group suspected with moderate-high confidence to be Stately Taurus engaged in a number of cyberespionage intrusions targeting a government in Southeast Asia. The intrusions took place from at least the second quarter of 2021 to the third quarter of 2023. Based on our observations and analysis, the attackers gathered and exfiltrated sensitive documents and other types of files from compromised networks.
We found this activity as part of an investigation into compromised environments within a Southeast Asian government. We identified this cluster of activity as CL-STA-0044.
https://unit42.paloaltonetworks.com/stately-taurus-attacks-se-asian-government/
#oscp #iocteams #spread #snortteams
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
22 Sep 2023 15:34
Hotel hackers redirect guests to fake Booking.com to steal cards
Security researchers discovered a multi-step information stealing campaign where hackers breach the systems of hotels, booking sites, and travel agencies and then use their access to go after financial data belonging to customers.
By using this indirect approach and a fake Booking.com payment page, cybercriminals have found a combination that ensures a significantly better success rate at collecting credit card information.
https://www.bleepingcomputer.com/news/security/hotel-hackers-redirect-guests-to-fake-bookingcom-to-steal-cards/
https://www.akamai.com/blog/security-research/sophisticated-phishing-campaign-targeting-hospitality
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Sep 2023 09:31
Destiny 2 players are battling DDoS attacks
Destiny 2 players are facing an unexpected challenge as Bungie, the game's developer, sheds light on a series of perplexing error codes and disconnection problems. These issues, previously attributed to an in-game crafting exploit, have now been unveiled as the consequence of a coordinated Distributed Denial of Service (DDoS) attack targeting Bungie.
Destiny 2 has been on quite the rollercoaster ride lately. As the gaming community eagerly awaits the culmination of the Light and Dark saga with The Final Shape expansion, Bungie has introduced the Season of the Witch to tide players over. This latest season delivered a substantial dose of fresh content, including new weaponry, engaging activities, and the long-awaited return of the Crota's End raid.
https://www.ghacks.net/2023/09/20/destiny-2-ddos-attack-2023/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
10 Oct 2023 11:27
D-Link DAP-X1860: Remote Command Injection
The Wi-Fi network scanning functionality of the D-Link DAP-X1860 range extender is susceptible to remote command injection. Attackers who create a Wi-Fi network with a crafted SSID in range of the extender can run shell commands during the setup process or when using the network scan function of the range extender.
https://www.redteam-pentesting.de/en/advisories/rt-sa-2023-006/-d-link-dap-x1860-remote-command-injection
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
10 Oct 2023 11:08
Hackers Join In on Israel-Hamas War With Disruptive Cyberattacks
Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.
Several hacker groups have joined in on the Israel-Hamas conflict escalation that started over the weekend after the Palestinian militant group launched a major attack.
Hamas launched an unprecedented attack on Israel out of Gaza, firing thousands of rockets and sending its fighters to the southern part of the country. In response, Israel declared war on Hamas and started to retaliate. Hundreds have been killed and thousands have been wounded on both sides as a result of the conflict escalation.
https://www.securityweek.com/hackers-join-in-on-israel-hamas-war-with-disruptive-cyberattacks/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
23 Sep 2023 09:40
The Privacy, Security, & OSINT Show.
EPISODE 306-Six New Privacy Strategies
This week I present six new privacy strategies which I have been testing while away for the last three months.
Direct support for this podcast comes from our privacy services, online training, and latest books. More details can be found at IntelTechniques.com. Thank you for keeping this show ad-free.
https://inteltechniques.com/blog/2023/09/22/the-privacy-security-osint-show-episode-306/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
23 Sep 2023 09:30
IBM's Weather Company leaked my personal info to analytics, thunders netizen
Video watching habits and other data just handed over, lawsuit claims
A lawsuit brought against IBM's Weather Company claims the website "knowingly and willfully disclosed its users’ personally identifiable information – including a record of every video viewed by the user – to unrelated third parties, mParticle and AdNexus," now known as Microsoft's Xandr.
The complaint [PDF], filed in June in a federal district court in New York City, was amended this week to address deficiencies in the original filing. It alleges violations of the Video Privacy Protection Act (VPPA), of the Maryland Wiretapping And Electronic Surveillance Act, and unjust enrichment.
https://www.theregister.com/2023/09/22/ibms_weather_company_video_privacy/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
23 Sep 2023 09:23
Dallas says Royal ransomware breached its network using stolen account
The City of Dallas, Texas, said this week that the Royal ransomware attack that forced it to shut down all IT systems in May started with a stolen account.
Royal gained access to the City's network using a stolen domain service account in early April and maintained access to the compromised systems between April 7 and May 4.
During this period, they successfully collected and exfiltrated 1.169 TB worth of files based on system log data analysis conducted by city officials and external cybersecurity experts.
https://www.bleepingcomputer.com/news/security/dallas-says-royal-ransomware-breached-its-network-using-stolen-account/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
23 Sep 2023 09:16
Over 700 Dark Web Ads Offer DDoS Attacks Via IoT in 2023
The year 2023 has seen a surge of over 700 advertisements on the dark web offering Distributed Denial of Service (DDoS) attacks through Internet of Things (IoT) devices, suggests a new report by Kaspersky.
These services come at varying price points, depending on factors like DDoS protection and verification on the target’s end, ranging from $20 per day to $10,000 a month. On average, these services cost around $63.50 per day or $1350 per month.
https://www.infosecurity-magazine.com/news/700-dark-web-ads-offer-ddos/
https://usa.kaspersky.com/about/press-releases/2023_kaspersky-releases-overview-of-iot-related-threats-in-2023
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
22 Sep 2023 16:41
Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions
Pro-Russia hacker group NoName is suspected to have launched a cyberattack that caused border checkpoint outages at several Canadian airports.
A massive DDoS cyber attack, likely carried out by Pro-Russia hacker group NoName, severely impacted operations at several Canadian airports last week, reported Recorded Future News.
Canada Border Services Agency (CBSA) was able to mitigate the attack after a few hours.
The Canada Border Services Agency (CBSA) confirmed that the attack impacted check-in kiosks and electronic gates at airports.
https://securityaffairs.com/151149/hacking/noname-ddos-attack-canadian-airports.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
22 Sep 2023 16:33
Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit
In collaboration with QGroup GmbH, SentinelLabs observed over August 2023 a threat activity cluster targeting the telecommunication sector. The activities have been conducted by a threat actor of unknown origin using a novel modular backdoor based on the LuaJIT platform. We dub this threat actor and the backdoor Sandman and LuaDream in reference to what we suspect to be the backdoor’s internal name – DreamLand client.
The activities we observed are characterized by strategic lateral movement to specific targeted workstations and minimal engagement, suggesting a deliberate approach aimed at achieving the set objectives while minimizing the risk of detection.
https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
22 Sep 2023 16:23
Ohio Community College Data Theft Breach Affects Nearly 300K
Researchers Say Breach Illustrates Why Schools Are Major Targets for Cybercriminals
In a breach notification Wednesday, Lakeland Community College did not provide any details on the attack, which occurred between March 7 and March 31, but the Vice Society ransomware group earlier this year had listed the college on its data leak website.
"This particular ransomware operation seemed to focus on the education sector - presumably because they found it to be a lucrative niche," said Brett Callow, a threat analyst at security firm Emsisoft.
https://www.bankinfosecurity.com/ohio-community-college-data-theft-breach-affects-nearly-300k-a-23132
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
22 Sep 2023 16:06
Snatch ransomware - what you need to know
What's happened?
The FBI and US Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory warning organisations about a ransomware-as-a-service operation called "Snatch."
Snatch? As in the movie from twenty odd years ago? I'm not sure I've heard of Snatch before...
Maybe you haven't. They don't have as high a profile as some of the other more notorious ransomware organisations out there, but if the FBI and CISA think it's worth issuing a warning about the group then maybe it makes sense to sit up and listen. And yes, judging by their logo - they appear to fans of Guy Richie's crime comedy movie released in 2000.
https://www.tripwire.com/state-of-security/snatch-ransomware-what-you-need-know
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
22 Sep 2023 15:51
Apple Patches Three Actively Exploited Zero-Days
Apple has patched three zero-day vulnerabilities it claims may have been actively exploited in the wild on iOS devices.
CVE-2023-41991 is described as “a certificate validation issue” which has now been fixed in iOS 16.7 and iPadOS 16.7, iOS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6 and watchOS 10.0.1.
The vulnerability, which affects the Apple Security framework, could enable a malicious app to bypass signature validation, the tech giant revealed.
https://www.infosecurity-magazine.com/news/apple-patches-three-actively/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
22 Sep 2023 15:39
Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government
A cluster of threat actor activity that Unit 42 observed attacking a Southeast Asian government target could provide insight into a rarely seen, stealthy APT group known as Gelsemium.
We found this activity as part of an investigation into compromised environments within a Southeast Asian government. We identified the cluster as CL-STA-0046.
This unique cluster had activity spanning over six months between 2022-2023. It featured a combination of rare tools and techniques that the threat actor leveraged to gain a clandestine foothold and collect intelligence from sensitive IIS servers belonging to a government entity in Southeast Asia.
https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia/
#oscp #iocteams #spread #snortteams
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
22 Sep 2023 15:37
Persistent Attempts at Cyberespionage Against Southeast Asian Government Target Have Links to Alloy Taurus
We observed a series of intrusions directed at a Southeast Asian government target, a cluster of activity that we attribute with a moderate level of confidence to Alloy Taurus, a group believed to be operating on behalf of Chinese state interests. The multiwave intrusions, which started in early 2022 and persisted throughout 2023, capitalized on vulnerabilities in Exchange Servers to deploy a large number of web shells.
These web shells served as gateways for the introduction of additional tools and malware, some specially crafted for the target environments. These incursions were consistent with techniques used for long-term espionage operations
https://unit42.paloaltonetworks.com/alloy-taurus-targets-se-asian-government/
#oscp #iocteams #spread #snortteams
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
22 Sep 2023 15:29
New ‘Sandman’ APT Group Hitting Telcos With Rare LuaJIT Malware
New and mysterious APT Sandman spotted targeting telcos in Europe and Asia as part of a cyberespionage campaign.
A new and mysterious APT group has been spotted targeting telco service providers in Europe and Asia as part of what appears to be a cyberespionage campaign, according to a joint investigation by SentinelLabs and QGroup GmbH.
According to SentinelLabs researcher Aleksandar Milenkoski, the shadowy APT group is using a sophisticated modular backdoor based on Lua, the lightweight cross-platform programming language designed primarily for embedded use in applications.
https://www.securityweek.com/new-sandman-apt-group-hitting-telcos-with-rare-luajit-malware/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Sep 2023 09:28
Cyberattack on Kansas town affects email, phone, payment systems
A cyberattack on a small city in Kansas has disrupted the government’s email, phone and online payment systems.
Pittsburg — home to about 20,000 people along the state’s border with Missouri and Oklahoma — said it discovered the incident over the weekend. The attack caused an IT outage that limited government systems but did not affect 911 dispatch and other utilities.
“While these types of situations have become all-too-common nationwide, we recognize the significance of this event and have taken quick action to address it,” said City Manager Daron Hall. “Our comprehensive assessment is ongoing and may take several weeks. In the meantime, we are committed to delivering the highest level of services to our community.”
https://therecord.media/pittsburg-kansas-government-cyberattack
📡@
📡@
📡@
📡@
📡@
Читать полностью…
4200