Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Gigabyte Suffers Dat ...

 Security

According to Bleeping Computer, Gigabyte was the target of a ransomware attack last week and are currently being blackmailed with the exposure of 112GB of the stolen data. The corporation announced that it shut down its IT infrastructure and that a small number of servers were impacted, but there are indications that   show more ...

the attack was more widespread. Multiple websites owned by the company were also affected by the incident, including its support site and elements of the company's Chinese website.  RansomEXX claimed to have taken 112GB of sensitive internal data as well as information from the American Megatrends Git Repository, among other things. Intel and AMD processors details as well as a debug document are suspected to be among the sensitive info. Although Gigabyte has said it plans to report the theft to authorities, the com... (read more)

image for FatalRAT: New Trojan ...

 Security

Malicious actors are using Telegram channels as a source of viral attacks for their targets. A new Remote Access Trojan (RAT) was spotted infecting devices via Telegram channels, according to Cyware.  AT &T Alien Labs researchers recently discovered a new Trojan called FatalRAT that can spread via software download   show more ...

vulnerabilities or articles on Telegram. The malware is able to gain persistence, evade detection, collect system information, and exfiltrate data. Interestingly, these messages can only be sent by channel administrators.  And that's not all the Trojan can do. Before it infects the target system, the malware runs a series of tests to determine the number of physical CPUs, VMs running on the system and disk space. Based on t... (read more)

image for Amazon Kindle Expose ...

 Security

In February, security experts from Check Point disclosed a critical flaw to Amazon that may allow an attacker to take control of Kindle devices and collect personal information, according to Threat Post. The issue made Kindle devices vulnerable to malicious eBooks and currently, there is no way to tell if the flaw   show more ...

was exploited. The company released a patch for the Kindle's firmware in April so that devices connected to the Internet are automatically updated. Slava Makkaveev stated that anti-virus software does not include signatures for eBooks. He further explained that “A malicious eBook can be published and made available for free access in any virtual library, including the Kindle Store, via the ‘self-publishing’ service, or sent directly to the end-user device via the Amazon... (read more)

image for How to connect multi ...

 Products

With most Kaspersky solutions, you can purchase one license and connect several gadgets to it. Here are the three simple ways to do it. Method 1. Use your My Kaspersky account If you’re using a Kaspersky solution, then you probably already have a My Kaspersky profile. If not, you can create one during program   show more ...

installation. In addition to connecting devices to a license, you can use your personal account to manage security remotely, locate a gadget, wipe it, and much more. To send a license to a device already connected to your account, follow these steps: Log in to your personal account on the My Kaspersky website; Go to Licenses; Select the desired license if you have more than one; Click Protect another device and select Connected device; Click Send license; Select the device you want to send the license to; Click Send. To send the license to a new device: Log in to your My Kaspersky account on the device you want to connect; Go to Licenses; Select the desired license if you have more than one; Click Protect another device and select New device; In the field that appears, click Download. Once you’ve installed the license, the application will automatically connect to your My Kaspersky account. Method 2. Use an activation code Your Kaspersky activation code is a unique string of 20 characters that comes with the product. If you purchased a license in a brick-and-mortar store, for example, see the code on the first page of the user manual or on the back of the activation card. In the case of an online purchase, you get the code by e-mail. You can recover the code even if the box or activation card is lost or you can’t find the e-mail. In that case, copy the needed combination from your My Kaspersky account: Log in to your My Kaspersky account; Go to Licenses; Select the desired license if you have more than one; Copy the activation code and enter it in the application on the device you intend to connect; Alternatively, log in to My Kaspersky and send the activation code to your e-mail. Method 3. Use a link Note that this method applies only if Kaspersky Security Cloud is installed on your mobile device: You can send a link from your smartphone or tablet to another gadget in a variety of ways such as by e-mail or instant messaging app. To do so, follow these steps: Open the app and go to Protection for all devices; Click Learn more and then Send link; Send the link from the application to another device, for example, by e-mail or via a messaging app; Open the link on the device you want to connect. What else you need to know about the license A software license may come with more benefits than you knew about. We can’t blame anyone for taking no more than a quick skim through the terms of service, but here are a few relevant bits you may have missed. If you have a Kaspersky Security Cloud family subscription and you have already connected all of your devices, you may share the protection with your friends and loved ones; You can look up the number of computers you can connect using your license on our website; The license period starts at the moment you activate the license on the first device. For example, if you activated a one-year license on your computer six months ago and now you’re connecting your smartphone to that license, you can keep the phone protected for six months before renewing. All devices protected Choose any of the methods and follow the simple instructions to connect more devices to your license. Take full advantage of our solutions and always stay protected from malware and other threats.

image for Phishing Sites Targe ...

 A Little Sunshine

I was preparing to knock off work for the week on a recent Friday evening when a curious and annoying email came in via the contact form on this site: “Hello I go by the username Nuclear27 on your site Briansclub[.]com,” wrote “Mitch,” confusing me with the proprietor of perhaps the   show more ...

underground’s largest bazaar for stolen credit and identity data. “I made a deposit to my wallet on the site but nothing has shown up yet and I would like to know why.” The real BriansClub login page. Several things stood out in Mitch’s message. For starters, that is not the actual domain for BriansClub. And it’s easy to see why Mitch got snookered: The real BriansClub site is currently not at the top of search results when one queries that shop name at Google. Also, this greenhorn criminal clearly had bought into BriansClub’s advertising, which uses my name and likeness in a series of ads that run on all the top cybercrime forums. In those ads, a crab with my head on it zigs and zags on the sand. This is all meant to be a big joke: Krebs means “crab” or “cancer” in German, but a “crab” is sometimes used in Russian hacker slang to refer to a “carder,” or a person who regularly engages in street-level credit card fraud. Like Mitch. In late 2019, BriansClub changed its homepage to include doctored images of my Social Security and passport cards, credit report and mobile phone bill information. That was right after KrebsOnSecurity broke the news that someone had hacked BriansClub and siphoned information on 26 million stolen debit and credit accounts. The hacked BriansClub database had an estimated collective street value of $566 million, and that data was subsequently shared with thousands of financial institutions. Mitch said he’d just made a deposit of $240 worth of bitcoin at BriansClub[.]com, and was wondering when the funds would be reflected in the balance of his account on the shop. Playing along, I said I was sorry to hear about his ordeal, and asked Mitch if there were any stolen cards issued by a particular bank or to a specific region that he was seeking. Mitch didn’t bite, but neither would he be dissuaded that I was at fault for his wayward funds. He shared a picture showing funds he’d sent to the bitcoin address instructed by BriansClub[.]com — 1PLALmM5rrmLTGGVRHHTnB6VnZd3FFwh1Z — using a Bitcoin ATM in Canada. The real BriansClub uses a dodgy virtual currency exchange service based in St. Petersburg, Russia called PinPays. The company’s website has long featured little more than a brand icon and an instant messenger address to reach the proprietor. The fake BriansClub told Mitch the Bitcoin address he was asked to pay was a PinPays address that would change with each transaction. The payment message displayed by the carding site phishing domain BriansClub[.]com. However, upon registering at the phishing site and clicking to fund my account, I was presented with the exact same Bitcoin address that Mitch said he paid. Also, the site wasn’t using PinPays; it was just claiming to do so to further mimic the real BriansClub. According to the Blockchain, that Bitcoin address Mitch paid has received more than a thousand payments over the past five months totaling more than USD $40,000 worth of Bitcoin. Most are relatively small payments like Mitch’s. The screenshot Mitch sent of his deposit. Unwary scammers like Mitch are a dime a dozen, as are phishing sites that spoof criminal services online. Shortly after it came online as a phishing site last year, BriansClub[.]com was hosted at a company in Moscow with just a handful of other domains phishing popular cybercrime stores, including Jstashbazar[.]com, vclub[.]cards, vclubb[.]com and vclub[.]credit. Whoever’s behind these sites is making a decent income fleecing clueless crooks. A review of the Bitcoin wallet listed as the payment address for BriansClub[.]org, for example, shows a similar haul: 704 transactions totaling $38,000 in Bitcoin over the past 10 months. “Wow, thanks for ripping me off,” Mitch wrote, after I’d dozed off for the evening without responding to his increasingly strident emails. “Should have spent the last money on my bills I’m trying to pay off. Should have known you were nothing but a thief.” Deciding the ruse had gone too far, I confessed to Mitch that I wasn’t really the administrator of BriansClub, and that the person he’d reached out to was an independent journalist who writes about cybercrime. I told him not to feel bad, as more than a thousand people had been similarly duped by the carding shop. But Mitch did not appear to accept my confession. “If that’s the case then why is your name all over it including in the window that opens up when you go to make a deposit?,” Mitch demanded, referring to the phishing site. Clearly, nothing I said was going to deter Mitch at this point. He asked in a follow-up email if a link he included in the message was indeed the “legitimate” BriansClub address. My only reply was that he should maybe consider another line of work before he got ripped off yet again, or the Royal Canadian Mounted Police showed up at his doorstep. Scammers who fall for fake carding sites can expect to have their accounts taken over at the real shop, which usually means someone spends your balance on stolen cards. But mostly, these imposter carding sites are asking new members to fund their accounts by making deposits in virtual currency like Bitcoin. In 2018, KrebsOnSecurity examined a huge network of phishing sites masquerading as the top carding stores which all traced back to a web development group in Pakistan that’s apparently been stealing from thieves for years. As I noted in that piece, creating a network of fake carding sites is the perfect cybercrime. After all, nobody who gets phished or scammed is going to report the crime to the authorities. Nor will anyone help the poor sucker who gets snookered by one of these fake carding sites. Caveat Emptor! The most one can hope for is that the occasional enterprising phisher is brought to justice. While it may be hard to believe that authorities would go after crooks stealing from one another, in 2017 a Connecticut man pleaded guilty to charges of phishing several criminal dark web markets in a scheme that eventually netted over $365,000 and more than 10,000 stolen user credentials. And what about the provenance of the phishing domain briansclub[.]com? Looking closer at the original WHOIS registration records for briansclub[.]com via DomainTools (an advertiser on this site), we can see it was registered in November 2015 — several months after the real BriansClub came online. It was registered to a “Brian Billionaire,” a.k.a. Brian O’Connor, an apparently accomplished music deejay, rapper and rap music producer in Florida. Brian Billionaire. For several years after it came online, BriansClub[.]com and other domains apparently registered to Mr. Billionaire redirected to his main site — newhotmusic.com, which predates the carding shop BriansClub and also has a members-only section of the site called Brian’s Club. Mr. Billionaire did not respond to multiple requests for comment, but it looks like his only crime is being a somewhat cringeworthy DJ. DomainTools’ record for briansclub[.]com says the domain was abandoned or dormant for a period in 2019, only to be scooped up again by someone in May 2020 when it became a phishing site spoofing the real BriansClub.

 Malware and Vulnerabilities

Sophos stumbled across a new attack campaign by Raccoon Stealer that uses SEO techniques to rank its fake website for pirated software. It uses clippers to rip off cryptocurrency, alongside financial information from victims. Besides, the recent update of Raccoon Stealer shows that the cyber threat landscape is now becoming commercialized.

 Threat Actors

The threat actor has been in action since at least 2016 and its specific attack vectors include abusing application flaws and exploiting previously unknown zero-days from Equation Group.

 Trends, Reports, Analysis

The risk of cyberattacks has increased in the last year. According to Trend Micro, 80% of enterprises report they are likely to experience a data breach impacting customer data in the next 12 months.

 Security Products & Services

Ever since the 2017 edition, the Black Hat conference has also been the place where the cybersecurity community has also announced and released security tools part of the lesser-known “Arsenal” track.

 Breaches and Incidents

The company said it had learned that the personal information of some customers from its database -- including names, birth dates, phone numbers, and shopping histories -- had been breached last week.

 Breaches and Incidents

The insurer for Joplin paid $320,00 to an unknown person after a ransomware attack shut down the city’s government’s computer system last month, Joplin City Manager Nick Edwards said Thursday.

 Feed

Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports   show more ...

Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.

 Feed

Ubuntu Security Notice 5032-2 - USN-5032-1 fixed vulnerabilities in Docker. This update provides the corresponding updates for Ubuntu 21.04. Several vulnerabilities were fixed in Docker. This update provides a new upstream version that fixed them.

 Feed

Red Hat Security Advisory 2021-3024-01 - Red Hat OpenShift distributed tracing is Red Hat's distribution of the Jaeger project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a denial of service vulnerability.

 Feed

Pulse Secure has shipped a fix for a critical post-authentication remote code execution (RCE) vulnerability in its Connect Secure virtual private network (VPN) appliances to address an incomplete patch for an actively exploited flaw it previously resolved in October 2020. "The Pulse Connect Secure appliance suffers from an uncontrolled archive extraction vulnerability which allows an attacker to

 Feed

A critical vulnerability has been disclosed in hardware random number generators used in billions of Internet of Things (IoT) devices whereby it fails to properly generate random numbers, thus undermining their security and putting them at risk of attacks. "It turns out that these 'randomly' chosen numbers aren't always as random as you'd like when it comes to IoT devices," Bishop Fox

 Feed

Among the problems stemming from our systemic failure with cybersecurity, which ranges from decades-old software-development practices to Chinese and Russian cyber-attacks, one problem gets far less attention than it should—the insider threat. But the reality is that most organizations should be at least as worried about user management as they are about Bond villain-type hackers launching

 Feed

A new Android trojan has been found to compromise Facebook accounts of over 10,000 users in at least 144 countries since March 2021 via fraudulent apps distributed through Google Play Store and other third-party app marketplaces. Dubbed "FlyTrap," the previously undocumented malware is believed to be part of a family of trojans that employ social engineering tricks to breach Facebook accounts as

2021-08
Aggregator history
Monday, August 09
SUN
MON
TUE
WED
THU
FRI
SAT
AugustSeptemberOctober