Author: Admin
August 1, 2024Ravi LakshmananVulnerability / Threat Intelligence More than a million domains are susceptible to hijacking by attackers using the so-called a Ducks are sitting attack. A powerful attack vector exploiting weaknesses in the Domain Name System (DNS) is being used by more than a dozen Russian cybercriminals to secretly hijack domains, a joint analysis published Info block and Eclipse discovered. “In a Sitting Ducks attack, an actor hijacks a registered domain from an authoritative DNS service or web hosting provider without accessing the real owner’s account on any DNS provider or recorder,” the researchers said. “Sitting Ducks are easier…
In another sign that threat actors are always looking for new ways to trick users into downloading malware, it emerged that a question-and-answer (Q&A) platform known as Stack Exchange was used to direct unsuspecting developers to fake Python packages capable of drain their cryptocurrency wallets. “Once installed, this code will execute automatically, triggering a chain of events designed to hack and control the victim’s systems, steal their data and drain their crypto wallets,” Checkmarx researchers Yehuda Gelb and Tzahi Zornstein said in the report shared with The Hacker News. The campaign, which began on June 25, 2024, specifically singled out…
August 1, 2024Ravi LakshmananBanking trojan / cyber fraud Cybersecurity researchers have discovered a new Android Remote Access Trojan (RAT) called BingoMod which not only executes fraudulent money transfers from compromised devices, but also deletes them in an attempt to erase traces of the malware. Italian cybersecurity firm Cleafy, which discovered the RAT in late May 2024, said the malware was under active development. He attributed the Android Trojan to a likely Romanian-speaking threat actor due to the presence of Romanian-language comments in the source code associated with early versions. “BingoMod belongs to the current generation of mobile RAT malware, as…
How to detect and prevent attackers from using these different methods Obfuscation is an important technique for protecting software that also carries risks, especially when used by malware authors. In this article, we examine obfuscation, its implications, and responses to it. What is obfuscation? Obfuscation is a method of intentionally making information difficult to read, especially in computer coding. An important use case is data obfuscation, where sensitive data is rendered unrecognizable to protect it from unauthorized access. Various methods are used for this. For example, often only the last four digits of a credit card number are displayed, with…
August 1, 2024Ravi LakshmananData Encryption / Browser Security Google has announced that it is adding a new layer of protection to its Chrome browser through so-called application-bound encryption to prevent information-stealing malware from hijacking cookies on Windows systems. “On Windows Chrome uses the Data Protection API (DPAPI) that protects data at rest from other system users or cold boot attacks.” — Will Harris of the Chrome Security Team said. “However, DPAPI does not protect against malware capable of executing code on behalf of a logged-in user, which is used by information thieves.” Application-bound encryption is an improvement over DPAPI in…
August 1, 2024Ravi LakshmananInternet fraud / Malicious advertising Facebook users are being targeted by an e-commerce fraud network that uses hundreds of fake websites to steal personal and financial data using brand impersonation and malicious advertising tricks. Recorded Future’s Payment Fraud Intelligence team, which discovered the company on April 17, 2024, named it ERIAKOS due to its use of the same content delivery network (CDN) as oss.eriakos(.)com. “These fraudulent sites were only accessible via mobile devices and advertising baits, a tactic designed to evade automated detection systems,” the company said in a statement. saidnoting that the network included 608 fraudulent…
July 31, 2024Ravi LakshmananDevelopment of malware / programs The threat actors behind the current malware campaign targeting software developers have demonstrated new malware and tactics as they expand their focus to Windows, Linux and macOS systems. Activity cluster, dubbing DEV#POPER and linked to North Korea, has been found to have singled out victims in South Korea, North America, Europe and the Middle East. “This form of attack is an advanced form of social engineering designed to manipulate people into revealing sensitive information or taking actions they might not normally take,” Securonix researchers Dan Yuzwick and Tim Peck said in a…
July 31, 2024Ravi LakshmananWeb Security / Compliance Certification authority (CA) DigiCert has warned that it will revoke a subset of SSL/TLS certificates within 24 hours due to an oversight in how it verifies that a digital certificate is issued to a legitimate domain owner. The company said it will revoke certificates that do not have proper domain control checks (CVD). “Before issuing a certificate to a customer, DigiCert verifies the customer’s control or ownership of the domain name for which it is requesting a certificate using one of several methods approved by the CA/Browser Forum (CABF),” this said. One way…
Here’s an introduction to FUDdy: We all know that phishing attacks are growing in scale and sophistication, that artificial intelligence is enabling more sophisticated attacks that evade traditional defenses, and the never-ending shortage of cybersecurity talent means we’re all struggling , to provide a full complement of security teams. Given this reality, security teams must be able to monitor and respond to threats effectively and efficiently. Obviously, you can’t let real threats go unnoticed, but you also can’t afford to waste time on false positives. In this post, we’ll look at some of the ways Material securityA unique approach to…
July 31, 2024Ravi LakshmananCyber attack / threat intelligence Japanese organizations are being targeted by a Chinese nation-state threat that uses a family of malware such as LODEINFO and NOOPDOOR to collect sensitive information from compromised hosts while remaining undetected in some cases for periods of two to three years . Israeli cybersecurity firm Cybereason is tracking a company called Spear Cuckooattributing it as being associated with a well-known intrusion suite called APT10, which is also known as Bronze Riverside, ChessMaster, Cicada, Cloudhopper, MenuPass, MirrorFace, Purple Typhoon (formerly Potassium), and Stone Panda. “The actors behind NOOPDOOR not only used LODEINFO during…