Jump to content

LSW

Recommended Posts

Massive Email Campaign Sends Locky Ransomware to Over 23 Million Users - THN

https://thehackernews.com/2017/08/locky-ransomware-emails.html

 

"Recently, researchers from two security firms have independently spotted two mass email campaigns, spreading two different, but new variants of the Locky ransomware.

 

Lukitus Campaign
The campaign spotted by researchers at AppRiver sent out more than 23 million messages containing Locky ransomware in just 24 hours on 28 August across the United States in what appears to be one of the largest malware campaigns in the second half of this year.

 

IKARUSdilapidated

The 2nd Locky Campaign sent over 62,000 Emails. In separate research, security firm Comodo Labs discovered another massive spam campaign earlier in August, which sent out over 62,000 spam emails containing a new variant of Locky ransomware in just three days in the first stage of the attack."

 

 

Defense:

  • Have anti-virus software on everything, including smart phones and Tablets
  • Anti-virus signatures must always be kept up to date
  • Backup data often so if something happens you can replace the data rather than pay the ransom
  • Scrutinize emails, be alert for Phishing emails
  • Do not believe virus notifications from web pages! Trust your AV, A colleagues father saw a warning he was infected and told to download a app to clean his PC, he did and that app WAS the ransomware... he lost everything.
Link to comment
Share on other sites

FDA Recalls Nearly Half a Million Pacemakers Over Hacking Fears

https://thehackernews.com/2017/08/pacemakers-hacking.html

 

I pondered over adding this as I don't want to be a fear monger, but it is an issue and many of you may know people with pacemakers, so it is a public service.

 

I might also point you to a news article included in my News thread: Over 8,600 Vulnerabilities Found in Pacemakers

 

This is one of those cases where the threat may not be clear to some of you. Clearly, a federal judge, politician or the President, you will likely agree that it is a present threat and people who want you dead can use this.

 

But you? Mom or Dad? Grandpa Joe? Other than at best a vindictive ex, what is there to fear?

 

You exist, and therefore, you are a target. We have to get away from the "I am nobody" defense. You exist, so you are somebody, even if just a number or a cog. Consider these two possibilities.

  1. I, a terrorist wanting to spread terror, trigger a program that kills 100 people across the nation. No pattern, big city banker and Kansas dirt farmer, men and women, young and old, all religions, gay and straight, white, black, latino, and asian. They all die, and then I claim responsibility. People realise I can kill anyone I want, targeted or just random. Would terror engulf the nation after a second attack? Would pacemaker users crown hospitals to get the removed?
     
  2. I, a cyber criminal wanting money, announce my intention to kill 3 people every day unless $XXXXXXX is paid to me. Promptly 3 people of different backgrounds in different states are dead, may be day two and 3 go by with 6 more dead. How long until I am paid by a brand I am attacking or just in general?

In both of these instances it does not matter who you are. I am not attacking YOU! I am just using you to meet my goal. You personally are of no meaning to me. I don't care if you ARE nobody, you are just a tool.

 

In almost all cases of malware and ransomware, it can attack you because you are not up-to-date. Old, software, old AV signatures. In the case of pacemakers, the programmers were thinking about keeping you alive, not adding an anti-virus or other security gear.

 

So if you know someone, get the into the hospital for a firmware update. Even if there was not a threat, they should always ensure the firmware is up to date. It is tech just like your laptop or router.

 

I will discuss your vulnerability due to the Internet of Things (IoT) in another post. IoT is about all the other crap that connects to the Internet now besides computers, coffee makers to water sensors for your garden. I consider Pacemakers to be IoT as well.

Link to comment
Share on other sites

Hackers Can Silently Control Siri, Alexa & Other Voice Assistants Using Ultrasound

http://thehackernews.com/2017/09/ai-digital-voice-assistants.html

 

 

What if your smartphone starts making calls, sending text messages, and browsing malicious websites on the Internet itself without even asking you?

This is no imaginations, as hackers can make this possible using your smartphone's personal assistant like Siri or Google Now.

A team of security researchers from China's Zhejiang University have discovered a clever way of activating your voice recognition systems without speaking a word by exploiting a security vulnerability that is apparently common across all major voice assistants.

 

Link to comment
Share on other sites

Hackers Can Remotely Access Syringe Infusion Pumps to Deliver Fatal Overdoses

https://thehackernews.com/2017/09/hacking-infusion-pumps.html

 

 

Internet-of-things are turning every industry into the computer industry, making customers think that their lives would be much easier with smart devices. However, such devices could potentially be compromised by hackers.

There are, of course, some really good reasons to connect certain devices to the Internet.

But does everything need to be connected? Of course, not—especially when it comes to medical devices.

Link to comment
Share on other sites

Equifax Hack Exposes Personal Info of 143 Million US Consumers

https://thehackernews.com/2017/09/equifax-credit-report-hack.html

 

 

It's ironic—the company that offers credit monitoring and ID theft protection solutions has itself been compromised, exposing personal information of as many as 143 million Americans—that's almost half the country.

Equifax, one of the largest credit reporting firm in the US, admitted today that it had suffered a massive data breach somewhere between mid-May and July, which was discovered on July 29.

 
However, it's unknown why Equifax waited 6 weeks before informing their millions of affected customers about the massive security breach.

Stolen data includes consumers’ names, Social Security numbers, and birth dates for 143 million Americans, and in some instances, driving licence numbers and credit card numbers for about 209,000 citizens.
Link to comment
Share on other sites

Adobe Patches Two Critical RCE Vulnerabilities in Flash Player

https://thehackernews.com/2017/09/adobe-security-patch.html

 

 

Adobe may kill Flash Player by the end of 2020, but until then, the company would not stop providing security updates to the buggy software.

As part of its monthly security updates, Adobe has released patches for eight security vulnerabilities in its three products, including two vulnerabilities in Flash Player, four in ColdFusion, and two in RoboHelp—five of these are rated as critical.

 

Link to comment
Share on other sites

Warning: CCleaner Hacked to Distribute Malware; Over 2.3 Million Users Infected

https://thehackernews.com/2017/09/ccleaner-hacked-malware.html

 

 

If you have downloaded or updated CCleaner application on your computer between August 15 and September 12 of this year from its official website, then pay attention—your computer has been compromised.

CCleaner is a popular application with over 2 billion downloads, created by Piriform and recently acquired by Avast, that allows users to clean up their system to optimize and enhance performance.

Security researchers from Cisco Talos discovered that the download servers used by Avast to let users download the application were compromised by some unknown hackers, who replaced the original version of the software with the malicious one and distributed it to millions of users for around a month.

 

Link to comment
Share on other sites

  • 2 weeks later...

Whoops, Turns Out 2.5 Million More Americans Were Affected By Equifax Breach

https://thehackernews.com/2017/10/equifax-credit-security-breach.html

 

 

Credit rating agency Equifax says an additional 2.5 million U.S. consumers were also impacted by the massive data breach the company disclosed last month, bringing the total possible victims to 145.5 million from 143 million.

Equifax last month announced that it had suffered a massive data breach that exposed highly sensitive data of hundreds of millions of its customers, which includes names, social security numbers, dates of birth and addresses.

In addition, credit card information for nearly 209,000 customers was also stolen, as well as certain documents with personally identifying information (PII) for approximately 182,000 Equifax consumers.

The breach was due to a critical vulnerability (CVE-2017-5638) in Apache Struts 2 framework, which Apache patched over two months earlier (on March 6) of the security incident.

 

Equifax was even informed by the US-CERT on March 8 to patch the flaw, but the company failed to identified or patched its systems against the issue,...

Link to comment
Share on other sites

  • 2 weeks later...

MS Office Built-in Feature Allows Malware Execution Without Macros Enabled

 

https://thehackernews.com/2017/10/ms-office-dde-malware.html

 

 

This Macro-less code execution in MSWord technique, described in detail on Monday by a pair of security researchers from Sensepost, Etienne Stalmans and Saif El-Sherei, which leverages a built-in feature of MS Office, called Dynamic Data Exchange (DDE), to perform code execution.

 
Dynamic Data Exchange (DDE) protocol is one of the several methods that Microsoft allows two running applications to share the same data. The protocol can be used by applications for one-time data transfers and for continuous exchanges in which apps send updates to one another as new data becomes available.
 
Thousands of applications use the DDE protocol, including Microsoft's Excel, MS Word, Quattro Pro, and Visual Basic.
 
The exploitation technique that the researchers described displays no "security" warnings to victims, except asking them if they want to execute the application specified in the command—however, this popup alert could also be eliminated "with proper syntax modification," the researchers say.

 

 

What's more worrying? Microsoft doesn't consider this as a security issue, rather according to the company the DDE protocol is a feature that can not be removed but could be improved with better warning alerts for users in future.

Link to comment
Share on other sites

Buggy Microsoft Outlook Sending Encrypted S/MIME Emails With Plaintext Copy For Months

 

https://thehackernews.com/2017/10/outlook-email-encryption.html

 

 

Beware, If you are using S/MIME protocol over Microsoft Outlook to encrypt your email communication, you need to watch out.

 
From at least last 6 months, your messages were being sent in both encrypted and unencrypted forms, exposing all your secret and sensitive communications to potential eavesdroppers.
 
S/MIME, or Secure/Multipurpose Internet Mail Extensions, is an end-to-end encryption protocol—based on public-key cryptography and works just like SSL connections—that enables users to send digitally signed and encrypted messages.
 
According to a security advisory published by SEC Consult earlier this week, a severe bug (CVE-2017-11776) in Microsoft Outlook email client causes S/MIME encrypted emails to be sent with their unencrypted versions attached.

 

Link to comment
Share on other sites

  • 2 weeks later...

New Rapidly-Growing IoT Botnet Threatens to Take Down the Internet

https://thehackernews.com/2017/10/iot-botnet-malware-attack.html

Quote

Dubbed 'IoT_reaper,' first spotted in September by researchers at firm Qihoo 360, the new malware no longer depends on cracking weak passwords; instead, it exploits vulnerabilities in various IoT devices and enslaves them into a botnet network.

IoT_reaper malware currently includes exploits for nine previously disclosed vulnerabilities in IoT devices from following manufactures:

  • Dlink (routers)
  • Netgear (routers)
  • Linksys (routers)
  • Goahead (cameras)
  • JAWS (cameras)
  • AVTECH (cameras)
  • Vacron (NVR)

Researchers believe IoT_reaper malware has already infected nearly two million devices and growing continuously at an extraordinary rate of 10,000 new devices per day.

 

Link to comment
Share on other sites

Unpatched Microsoft Word DDE Exploit Being Used In Widespread Malware Attacks

https://thehackernews.com/2017/10/ms-office-dde-malware-exploit.html

Quote

A newly discovered unpatched attacking method that exploits a built-in feature of Microsoft Office is currently being used in various widespread malware attack campaigns.

Last week we reported how hackers could leveraging an old Microsoft Office feature called Dynamic Data Exchange (DDE), to perform malicious code execution on the targeted device without requiring Macros enabled or memory corruption.

DDE protocol is one of the several methods that Microsoft uses to allow two running applications to share the same data.

The protocol is being used by thousands of apps, including MS Excel, MS Word, Quattro Pro, and Visual Basic for one-time data transfers and for continuous exchanges for sending updates to one another.

 

Link to comment
Share on other sites

Bad Rabbit: New Ransomware Attack Rapidly Spreading Across Europe

https://thehackernews.com/2017/10/bad-rabbit-ransomware-attack.html

Quote

Dubbed "Bad Rabbit," is reportedly a new Petya-like targeted ransomware attack against corporate networks, demanding 0.05 bitcoin (~ $285) as ransom from victims to unlock their systems.

According to an initial analysis provided by the Kaspersky, the ransomware was distributed via drive-by download attacks, using fake Adobe Flash players installer to lure victims' in to install malware unwittingly.

 

This may only be in Europe and target Corporations, but if you get it they will want the same money from you. Importatnt to note here is that they are using a fake Flash to get installed. You need to keep Flash blocked on your computers. Only allow it hwere you really need it and you strust the source. - LSW

Link to comment
Share on other sites

Hacker Hijacks CoinHive's DNS to Mine Cryptocurrency Using Thousands of Websites

https://thehackernews.com/2017/10/coinhive-cryptocurrency-miner.html

Quote

...a notification that Coinhive has been hacked — a popular browser-based service that offers website owners to embed a JavaScript to utilise their site visitors' CPUs power to mine the Monero cryptocurrency for monetisation.

Reportedly an unknown hacker managed to hijack Coinhive's CloudFlare account that allowed him/her to modify its DNS servers and replace Coinhive's official JavaScript code embedded into thousands of websites with a malicious version.

As a result, thousands of sites using coinhive script were tricked for at least six hours into loading a modified code that mined Monero cryptocurrency for the hacker rather than the actual site owners.

 

There are really two issues here folks:

  1. The basis of the article - CoinHive was hacked and web sites using it made money for the Hacker rather than themselves.
  2. Websites are using JavaScript to mine bitcoin using your CPU for their profit. They are not asking you for permission and they are not sharing the profit YOUR CPU makes. Are you OK with others using your computer to make money without your knowledge, agreement, and participation?

I have preached it for years. Block JavaScript, do not allow it to run if you do not know what it does. Any web site you visit can run JavaScript you do not know about. -LSW

Link to comment
Share on other sites

For Dell users, Dell recently lost control of the servers used to save your backups. This server is called on automatically and behind the scenes without your imput. It is used to reset your your computer to factory fresh settings. They lost control of the server this summer. On the off chance that you did a refresh of your coputer to Dells purchase state in June or July, you might want to keep an eye on the story as Dell is not being very forth coming with details.

It is again a matter of trust. Dell lost control and Dell users can suffer. If you are concerned you can get a version of your windows straight from Microsoft that will also be free of Dell's bloatware they force on us. Or best yet just install Debian (Linux).

 

Dell Lost Control of Key Customer Support Domain for a Month in 2017

https://krebsonsecurity.com/2017/10/dell-lost-control-of-key-customer-support-domain-for-a-month-in-2017/

Quote

A Web site set up by PC maker Dell Inc. to help customers recover from malicious software and other computer maladies may have been hijacked for a few weeks this summer by people who specialize in deploying said malware, KrebsOnSecurity has learned.

There is a program installed on virtually all Dell computers called “Dell Backup and Recovery Application.” It’s designed to help customers restore their data and computers to their pristine, factory default state should a problem occur with the device. That backup and recovery program periodically checks a rather catchy domain name — DellBackupandRecoveryCloudStorage.com — which until recently was central to PC maker Dell’s customer data backup, recovery and cloud storage solutions.

Sometime this summer, DellBackupandRecoveryCloudStorage.com was suddenly snatched away from a longtime Dell contractor for a month and exposed to some questionable content. More worryingly, there are signs the domain may have been pushing malware before Dell’s contractor regained control over it.

 

Link to comment
Share on other sites

Hackers Could Turn LG Smart Appliances Into Remote-Controlled Spy Robot

https://thehackernews.com/2017/10/smart-iot-device-hacking.html

 

Quote

If your smart devices are smart enough to make your life easier, then their smart behaviour could also be exploited by hackers to invade your privacy or spy on you, if not secured properly. (Highlighted by LSW)

Recent research conducted by security researchers at threat prevention firm Check Point highlights privacy concern surrounding smart home devices manufactured by LG.

Check Point researchers discovered a security vulnerability in LG SmartThinQ smart home devices that allowed them to hijack internet-connected devices like refrigerators, ovens, dishwashers, air conditioners, dryers, and washing machines manufactured by LG.

...and what's worse?

Hackers could even remotely take control of LG's Hom-Bot, a camera-equipped robotic vacuum cleaner, and access the live video feed to spy on anything in the device's vicinity.

This hack doesn't even require hacker and targeted device to be on the same network.

 

Link to comment
Share on other sites

iPhone Apps With Camera Permissions Can Secretly Take Your Photos Without You Noticing

https://thehackernews.com/2017/10/iphone-camera-spying.html

Quote

iPhone Apps Can Silently Turn On Cameras at Any Time


Krause explained that that granting camera permission could enable iOS app developers to access:

 

 

  • both the front and the back camera of your device,
  • photograph and record you at any time the app is in the foreground,
  • upload the recorded and captured content immediately, and
  • run real-time face detection to read your facial expressions
...and all without warning or alerting you in any way.


Since Apple only requires users to enable camera access one time when they are asked to grant blanket permission to an app and gives free access to the camera without requiring any LED light or notification, Krause explained that a malicious app could leverage this loophole to go far beyond its intended level of access to spy on users.

 

Link to comment
Share on other sites

  • 3 weeks later...

17-Year-Old MS Office Flaw Lets Hackers Install Malware Without User Interaction

https://thehackernews.com/2017/11/microsoft-office-rce-exploit.html

Quote
The vulnerability is a memory-corruption issue that resides in all versions of Microsoft Office released in the past 17 years, including Microsoft Office 365, and works against all versions of Windows operating system, including the latest Microsoft Windows 10 Creators Update.

Discovered by the security researchers at Embedi, the vulnerability leads to remote code execution, allowing an unauthenticated, remote attacker to execute malicious code on a targeted system without requiring user interaction after opening a malicious document.

 

Link to comment
Share on other sites

Bluetooth Hack Affects 20 Million Amazon Echo and Google Home Devices

https://thehackernews.com/2017/11/amazon-alexa-hacking-bluetooth.html

Quote
As estimated during the discovery of this devastating threat, several IoT and smart devices whose operating systems are often updated less frequently than smartphones and desktops are also vulnerable to BlueBorne.

BlueBorne is the name given to the sophisticated attack exploiting a total of eight Bluetooth implementation vulnerabilities that allow attackers within the range of the targeted devices to run malicious code, steal sensitive information, take complete control, and launch man-in-the-middle attacks.

What's worse? Triggering the BlueBorne exploit doesn't require victims to click any link or open any file—all without requiring user interaction. Also, most security products would likely not be able to detect the attack.

 

Link to comment
Share on other sites

  • 6 months later...

Adobe Issues Patch for Actively Exploited Flash Player Zero-Day Exploit

https://thehackernews.com/2018/06/flash-player-zero-day-exploit.html

Quote

If you have already uninstalled Flash player, well done! But if you haven't, here's another great reason for ditching it.

Adobe has released a security patch update for a critical vulnerability in its Flash Player software that is actively being exploited in the wild by hackers in targeted attacks against Windows users.

Independently discovered last week by several security firms—including ICEBRGQihoo 360 and Tencent—the Adobe Flash player zero-day attacks have primarily been targeting users in the Middle East using a specially crafted Excel spreadsheet.

 

"The hackers carefully constructed an Office document that remotely loaded Flash vulnerability. When the document was opened, all the exploit code and malicious payload were delivered through remote servers," Qihoo 360 published vulnerability analysis in a blog post.


The stack-based buffer overflow vulnerability, tracked as CVE-2018-5002, impacts Adobe Flash Player 29.0.0.171 and earlier versions on Windows, MacOS, and Linux, as well as Adobe Flash Player for Google Chrome, and can be exploited to achieve arbitrary code execution on targeted systems.

 

Link to comment
Share on other sites

Facebook bug changed 14 million users’ default privacy settings to public

https://thehackernews.com/2018/06/facebook-privacy-setting.html

Quote

Facebook admits as many as 14 millions of its users who thought they're sharing content privately with only friends may have inadvertently shared their posts with everyone because of a software bug.

Facebook said in front of Congress in March over the Cambridge Analytica scandal that "every piece of content that you share on Facebook you own, you have complete control over who sees it and how you share it," but the news came out to be another failure of the company to keep the information of millions of users private.

Facebook typically allows users to select the audiences who can see their posts, and that privacy setting remains the default until the user itself manually updates it.


However, the social media giant revealed Thursday that it recently found a bug that automatically updated the default audience setting for 14 million users' Facebook posts to "Public," even if they had intended to share them just with their friends, or a smaller group of people only.

 

"We recently discovered a technical error between May 18 and 27 that automatically suggested a public audience when you were creating posts," Facebook's 'Please Review Your Posts' alert sent to affected users reads. "We apologize for this mistake."

According to Facebook chief privacy officer Erin Egan, the bug was live for a period of 4 days between May 18 and May 22, which was caused while the company was testing a new feature.

Egan said the Facebook team fixed the bug within 4 days on May 22 and changed the default audience setting back to what it was previously set by the affected users. So, the posts you shared with your friends after May 22 would not be affected.

 

Link to comment
Share on other sites

  • 1 month later...

New Bluetooth Hack Affects Millions of Devices from Major Vendors

https://thehackernews.com/2018/07/bluetooth-hack-vulnerability.html

Quote

Yet another bluetooth hacking technique has been uncovered.

A highly critical cryptographic vulnerability has been found affecting some Bluetooth implementations that could allow an unauthenticated, remote attacker in physical proximity of targeted devices to intercept, monitor or manipulate the traffic they exchange.

The Bluetooth hacking vulnerability, tracked as CVE-2018-5383, affects firmware or operating system software drivers from some major vendors including Apple, Broadcom, Intel, and Qualcomm, while the implication of the bug on Google, Android and Linux are still unknown.

The security vulnerability is related to two Bluetooth features—Bluetooth low energy (LE) implementations of Secure Connections Pairing in operating system software, and BR/EDR implementations of Secure Simple Pairing in device firmware.

 

Link to comment
Share on other sites

  • 1 month later...

I must assume we have a few more Canadian types other than our favorite admin, so heads up to all our neighbors:

Air Canada Suffers Data Breach — 20,000 Mobile App Users Affected

https://thehackernews.com/2018/08/air-canada-data-breach.html

Quote

The exposed information contains basic information such as customers' names, email addresses, phone numbers, and other information they have added to their profiles.
 

Passport Numbers Exposed in Air Canada Data Breach

However, what's worrisome?


Hackers could have also accessed additional data including customer's passport number, passport expiration date, passport country of issuance and country of residence, Aeroplan number, known traveler number, NEXUS number, gender, date of birth, and nationality, if users had this information saved in their profile on the Air Canada mobile app.


The airline assured its customers that credit card information saved to their profile was "encrypted and stored in compliance with security standards set by the payment card industry or PCI standards," and therefore, are protected.

 

Link to comment
Share on other sites

Cyber security is not just about protecting your data and files. It also includes protecting your-self. Who you are, what you do, what you like. Habits and data describing who you are as well as just data representing you like birthdays and SSNs.

SO we need to beware of data collected about us as much as data that is ours. Anything free like Google is collecting data about you and selling it for their own profit, that is why you get the free services.

 

Google Secretly Tracks What You Buy Offline Using Mastercard Data

https://thehackernews.com/2018/09/google-mastercard-advertising.html

Quote

Over a week after Google admitted the company tracks users' location even after they disable location history, it has now been revealed that the tech giant has signed a secret deal with Mastercard that allows it to track what users buy offline.

Google has paid Mastercard millions of dollars in exchange to access this information.

Neither Google nor Mastercard has publicly announced the business partnership over allowing Google to measure retail spending, though the deal has now been disclosed by Bloomberg.

According to four unidentified people with knowledge of the deal cited by the news outlet, Google and Mastercard reached the agreement after a four-year negotiation, wherein all Mastercard transaction data in the U.S. has been encrypted and transmitted to Google.

 

Link to comment
Share on other sites

  • 2 weeks later...

Beware! Unpatched Safari Browser Hack Lets Attackers Spoof URLs

https://thehackernews.com/2018/09/browser-address-spoofing-vulnerability.html

Quote

A security researcher has discovered a serious vulnerability that could allow attackers to spoof website addresses in the Microsoft Edge web browser for Windows and Apple Safari for iOS.

While Microsoft fixed the address bar URL spoofing vulnerability last month as part of its monthly security updates, Safari is still unpatched, potentially leaving Apple users vulnerable to phishing attacks.

The phishing attacks today are sophisticated and increasingly more difficult to spot, and this newly discovered vulnerability takes it to another level that can bypass basic indicators like URL and SSL, which are the first things a user checks to determine if a website is fake.

Discovered by Pakistan-based security researcher Rafay Baloch, the vulnerability (CVE-2018-8383) is due to a race condition type issue caused by the web browser allowing JavaScript to update the page address in the URL bar while the page is loading.

 

Link to comment
Share on other sites

Apple Removes Several Trend Micro Apps For Collecting MacOS Users' Data

https://thehackernews.com/2018/09/apple-trendmicro-macos-apps.html

Quote

Apple has removed almost all popular security apps offered by well-known cyber-security vendor Trend Micro from its official Mac App Store after they were caught stealing users' sensitive data without their consent.

The controversial apps in question include Dr Cleaner, Dr Cleaner Pro, Dr Antivirus, Dr Unarchiver, App Uninstall, Dr. Battery, and Duplicate Finder for Mac computers.

The apps were removed just two days after Apple kicked out another popular "Adware Doctor" application for collecting and sending browser history data from users' Safari, Chrome, and Firefox to a server in China.

 

Link to comment
Share on other sites

  • 2 weeks later...

New Malware Combines Ransomware, Coin Mining and Botnet Features in One

https://thehackernews.com/2018/09/ransomware-coinmining-botnet.html

 

Quote

Windows and Linux users need to beware, as an all-in-one, destructive malware strain has been discovered in the wild that features multiple malware capabilities including ransomware, cryptocurrency miner, botnet, and self-propagating worm targeting Linux and Windows systems.

Dubbed XBash, the new malware, believed to be tied to the Iron Group, a.k.a. Rocke—the Chinese speaking APT threat actors group known for previous cyber attacks involving ransomware and cryptocurrency miners.

According to the researchers from security vendor Palo Alto Networks, who uncovered the malware, XBash is an all-in-one malware that features ransomware and cryptocurrency mining capabilities, as well as worm-like ability similar to WannaCry or Petya/NotPetya.

In addition to self-propagating capabilities, XBash also contains a functionality, which is not yet implemented, that could allow the malware to spread quickly within an organization's network.

Important: Paying Ransom Will Get You Nothing!

What's worrisome is that the malware itself does not contain any functionality that would allow the recovery of the deleted databases once a ransom amount has been paid by the victims.

To date, XBash has infected at least 48 victims, who have already paid the ransom, making about $6,000 to date for cybercriminals behind the threat. However, researchers see no evidence that the paid payments have resulted in the recovery of data for the victims.

 

Link to comment
Share on other sites

I do believe we have some Indian members:

UIDAI’s Aadhaar Software Hacked, ID Database Compromised, Experts Confirm

https://www.huffingtonpost.in/2018/09/11/uidai-s-aadhaar-software-hacked-id-database-compromised-experts-confirm_a_23522472/

Quote

NEW DELHI—The authenticity of the data stored in India's controversial Aadhaaridentity database, which contains the biometrics and personal information of over 1 billion Indians, has been compromised by a software patch that disables critical security features of the software used to enrol new Aadhaar users, a three month-long investigation by HuffPost India reveals.

This has significant implications for national security at a time when the Indian government has sought to make Aadhaar numbers the gold standard for citizen identification, and mandatory for everything from using a mobile phone to accessing a bank account.

 

Link to comment
Share on other sites

Hackers Steal Customers' Credit Cards From Newegg Electronics Retailer

https://thehackernews.com/2018/09/newegg-credit-card-hack.html

Quote

The notorious hacking group behind the Ticketmaster and British Airways data breaches has now victimized popular computer hardware and consumer electronics retailer Newegg.

Magecart hacking group managed to infiltrate the Newegg website and steal the credit card details of all customers who entered their payment card information between August 14 and September 18, 2018, according to a joint analysis from Volexity and RiskIQ.

Magecart hackers used what researchers called a digital credit card skimmer wherein they inserted a few lines of malicious Javascript code into the checkout page of Newegg website that captured payment information of customers making purchasing on the site and then send it to a remote server.

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...