Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Mobile viruses in 20 ...

 Threats

We continuously monitor the mobile threat landscape to keep you informed of the most important trends. Not long back, we published a report about the threats facing smartphone and tablet owners in 2021. First the good news: a major takeaway is that last year we saw a significant decrease in mobile threat activity   show more ...

compared to 2020. However, with that said — its too early to relax. For one thing, the number of attacks on smartphones and tablets fell only relative to the record high of 2020, and remained at around the same level as in 2019. For another, cybercriminals are becoming increasingly inventive. Adware attacks One of the trends in 2021 was the introduction of malicious code in third-party ads modules, which developers of various useful apps often plug in to monetize their work. For example, last spring cybercriminals used a malicious advertisement SDK to infect APKPure, a popular alternative Android app store. Fortunately, its developers took security seriously, and released a clean version a day after we got in touch with them. A similar story happened with the popular WhatsApp mod FMWhatsApp: one of the versions of the app harbored the Triada Trojan inside an advertisement SDK. This Trojan is infamous for being very difficult to remove from an infected device. Moreover, Triada rarely comes alone and tends to download a bunch of other malicious apps onto the victims device. Malware on Google Play Weve already written more than once that malware can sneak into official app stores. To pass all checks and get to through to users, cybercriminals employ all sorts of tricks, such as loading malicious code into an approved program in the guise of an update. In 2021, loaders for various Trojans were found in apps on Google Play, which included the Joker and Facestealer malware. Joker stealthily takes out paid subscriptions for the user, while Facestealer, as the name suggests, specializes in stealing Facebook credentials. In most cases, to spread their creations via Google Play, cybercriminals add tiny injections of malicious code to an otherwise harmless apps that have been already approved by the store. For example, the authors of the Joker Trojan took advantage of the popularity of the Korean TV series Squid Game to hide the malware in an app that offered themed wallpapers. When Joker was discovered, there were more than 200 apps dedicated to the series on Google Play, and many of them borrowed features from each other. Unsurprisingly, when scanning such programs, the store moderators let a malicious upgrade sneak past. Small injections of malicious code are hard to detect during moderation, which cybercriminals constantly try to exploit. One of the apps in Google Play that contained Joker Trojan Bankers — creative theft For several years now, banking Trojans have been hunting, not just for bank accounts but also for accounts in online stores and other digital services. In 2021, their area of interest widened even further: our experts discovered the Gamethief malware, which steals login data for the mobile version of the game PlayerUnknowns Battlegrounds (PUBG). This is the first mobile Trojan that specializes in stealing gaming accounts — just a few years ago, this type of malware was exclusive to desktop computers. Cybercriminals also improved the functionality of their creations. For example, the Fakecalls banking Trojan is capable of dropping the call if the user tries to contact their bank, and replacing it with a pre-recorded response of a fake bank representative. That way, the malware lulls the victim into thinking that a bank employee answered the call. How to protect your smartphone from malware Cybercriminals are resourceful and take every opportunity to prey on mobile device users. So, regardless of their activity level, it pays to be alert. Download apps only from official sources. True, this is not a 100% security guarantee, but there are far less malicious programs in official stores, and even when malware slips through moderation it usually gets removed from the store relatively quickly. Whenever possible, use apps from trusted developers with a good reputation to minimize the chances of encountering malware. Ignore apps that promise payouts youve never heard of or overly generous prizes. Its almost bound to be a scam. Dont give apps permissions they dont need to work. Most malware will not be able to deploy fully without potentially dangerous permissions, for example, access to Accessibility, access to text messages and installation of unknown apps. Use a reliable mobile antivirus that will detect and block malware that tries to get inside your phone.

image for Estonian Tied to 13 ...

 Ne'er-Do-Well News

An Estonian man was sentenced today to more than five years in a U.S. prison for his role in at least 13 ransomware attacks that caused losses of approximately $53 million. Prosecutors say the accused also enjoyed a lengthy career of “cashing out” access to hacked bank accounts worldwide. Maksim Berezan,   show more ...

37, is an Estonian national who was arrested nearly two years ago in Latvia. U.S. authorities alleged Berezan was a longtime member of DirectConnection, a closely-guarded Russian cybercriminal forum that existed until 2015. Berezan’s indictment (PDF) says he used his status at DirectConnection to secure cashout jobs from other vetted crooks on the exclusive crime forum. Berezan specialized in cashouts and “drops.” Cashouts refer to using stolen payment card data to make fraudulent purchases or to withdraw money from bank accounts without authorization. A drop is a location or individual able to securely receive and forward funds or goods obtained through cashouts or other types of fraud. Drops typically are used to make it harder for law enforcement to trace fraudulent transactions and to circumvent fraud detection measures used by banks and credit card companies. Acting on information from U.S. authorities, in November 2020 Latvian police searched Berezan’s residence there and found a red Porsche Carrera 911, a black Porsche Cayenne, a Ducati motorcycle, and an assortment of jewelry. They also seized $200,000 in currency, and $1.7 million in bitcoin. After Berezan was extradited to the United States in December 2020, investigators searching his electronic devices said they found “significant evidence of his involvement in ransomware activity.” “The post-extradition investigation determined that Berezan had participated in at least 13 ransomware attacks, 7 of which were against U.S. victims, and that approximately $11 million in ransom payments flowed into cryptocurrency wallets that he controlled,” reads a statement from the U.S. Department of Justice. Berezan pleaded guilty in April 2021 to conspiracy to commit wire fraud. The DirectConnection cybercrime forum, circa 2011. For many years on DirectConnection and other crime forums, Berezan went by the hacker alias “Albanec.” Investigators close to the case told KrebsOnSecurity that Albanec was involved in multiple so-called “unlimited” cashouts, a highly choreographed, global fraud scheme in which crooks hack a bank or payment card processor and used cloned payment cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hours. Berezan joins a growing list of top cybercriminals from DirectConnection who’ve been arrested and convicted of cybercrimes since the forum disappeared years ago. One of Albanec’s business partners on the forum was Sergey “Flycracker” Vovnenko, a Ukrainian man who once ran his own cybercrime forum and who in 2013 executed a plot to have heroin delivered to our home in a bid to get Yours Truly arrested for drug possession. Vovnenko was later arrested, extradited to the United States, pleaded guilty and spent more than three years in prison on botnet-related charges (Vovnenko is now back in Ukraine, trying to fight the Russian invasion with his hacking abilities). Perhaps the most famous DirectConnection member was its administrator Aleksei Burkov, a Russian hacker thought to be so connected to the Russian cybercriminal scene that he was described as an “asset of extreme importance to Moscow.” Burkov was arrested in Israel in 2015, and the Kremlin arrested an Israeli woman on trumped-up drug charges to force a prisoner swap. That effort failed. Burkov was extradited to the U.S. in 2019, soon pleaded guilty, and was sentenced to nine years. However, he was recently deported back to Russia prior to serving his full sentence, which has prompted Republican leaders in the House to question why. Other notable cybercrooks from DirectConnection who’ve been arrested, extradited to the U.S. and sentenced to prison include convicted credit card fraudsters Vladislav “Badb” Horohorin and Sergey “zo0mer” Kozerev, as well as the infamous spammer and botnet master Peter “Severa” Levashov. At his sentencing today, Berezan was sentenced to 66 months in prison and ordered to pay $36 million in restitution to his victims.

 Malware and Vulnerabilities

A little over a week ago, players of Elden Ring complained that their sessions were being invaded by “hackers”. Invading people’s games is a normal feature of the title, but being put into an endless death loop, not so much.

 Incident Response, Learnings

A class-action lawsuit was filed against Ultimate Kronos Group for alleged negligence leading to the exposure of millions of workers' info during a ransomware attack and private cloud breach in December.

 Expert Blogs and Opinion

They consist of ready-made templates and scripts which can be used to create phishing pages quickly and at scale. Phishing kits are easy to use, which is why even inexperienced attackers can get their heads around them.

 Threat Actors

Volexity discovered a newly discovered macOS variant of Gimmick, a malware implant developed by a Chinese group tracked as Storm Cloud. It is targeting organizations across Asia. The samples of the GIMMICK malware are large and complex, which suggests the threat actor behind it seems to be well resourced. Moreover, there is the possibility that Storm Cloud bought this malware from a third-party developer.

 Malware and Vulnerabilities

Taiwanese hardware manufacturer QNAP is facing twin threats. While Deadbolt ransomware actors are targeting users, the vendor has also urged customers to stay vigilant of Dirty Pipe. Around 5,000 exposed QNAP NAS devices—out of 130,000 exposed—were targeted by ransomware. Whereas, the flaw exists in all major distros, leading to root access with local access.

 Malware and Vulnerabilities

Mitmproxy, an open source, interactive HTTPS proxy service, has patched a dangerous bug that potentially allowed attackers to stage HTTP request smuggling attacks against backend servers.

 Feed

Red Hat Security Advisory 2022-1056-01 - Red Hat OpenShift Serverless Client kn 1.21.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.21.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.

 Feed

Red Hat Security Advisory 2022-1051-01 - This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, and 4.10, includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section.

 Feed

Ubuntu Security Notice 5321-3 - USN-5321-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these   show more ...

to cause a denial of service, spoof the browser UI, bypass security restrictions, obtain sensitive information, or execute arbitrary code. A TOCTOU bug was discovered when verifying addon signatures during install. A local attacker could potentially exploit this to trick a user into installing an addon with an invalid signature.

 Feed

Red Hat Security Advisory 2022-1045-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a HTTP request smuggling vulnerability.

 Feed

Red Hat Security Advisory 2022-0983-01 - OpenStack Compute is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running   show more ...

instances, managing networks, and controlling access through users and projects.OpenStack Compute strives to be both hardware and hypervisor agnostic, currently supporting a variety of standard hardware configurations and seven major hypervisors. Issues addressed include an open redirection vulnerability.

 Feed

Red Hat Security Advisory 2022-0990-01 - OpenStack Networking is a virtual network service for OpenStack. Just as OpenStack Compute provides an API to dynamically request and configure virtual servers, OpenStack Networking provides an API to dynamically request and configure virtual networks. These networks connect   show more ...

'interfaces' from other OpenStack services. The OpenStack Networking API supports extensions to provide advanced network capabilities. Issues addressed include a memory leak vulnerability.

 Feed

Red Hat Security Advisory 2022-1053-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only   show more ...

the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include code execution and integer overflow vulnerabilities.

 Feed

Red Hat Security Advisory 2022-0982-01 - Twisted is a networking engine written in Python, supporting numerous protocols. It contains a web server, numerous chat clients, chat servers, mail servers and more. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2022-1049-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a HTTP request smuggling vulnerability.

 Feed

Google's Threat Analysis Group (TAG) on Thursday disclosed that it acted to mitigate threats from two distinct government-backed attacker groups based in North Korea that exploited a recently-uncovered remote code execution flaw in the Chrome web browser. The campaigns, once again "reflective of the regime's immediate concerns and priorities," are said to have targeted U.S. based organizations

 Feed

Researchers have blown the lid off a sophisticated malicious scheme primarily targeting Chinese users via copycat apps on Android and iOS that mimic legitimate digital wallet services to siphon cryptocurrency funds. "These malicious apps were able to steal victims' secret seed phrases by impersonating Coinbase, imToken, MetaMask, Trust Wallet, Bitpie, TokenPocket, or OneKey," said Lukáš Štefanko

 Feed

The U.S. government on Thursday released a cybersecurity advisory outlining multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 that targeted the energy sector in the U.S. and beyond. "The [Federal Security Service] conducted a multi-stage campaign in which they gained remote access to U.S. and international Energy Sector networks, deployed

 Feed

The City of London Police has arrested seven teenagers between the ages of 16 and 21 for their alleged connections to the prolific LAPSUS$ extortion gang that's linked to a recent burst of attacks targeting NVIDIA, Samsung, Ubisoft, LG, Microsoft, and Okta. The development, which was first disclosed by BBC News, comes after a report from Bloomberg revealed that a 16-year-old Oxford-based

 Business + Partners

Think of all the important files sitting on your computer right now. If your computer crashed tomorrow, would you be able to retrieve your important files? Would your business suffer as a result? As more and more of our daily activities incorporate digital and online files, it’s important for businesses and   show more ...

consumers to back up their data. What is backup? Simply put, backup is a copy of your files. Think of your family photos, home videos, tax information and other important documents. Typically we compile these files on our computer. Without backing these files up, they can get lost or stolen.   Why backup? Backup enables you to keep your data accessible and secure. There are so many ways your personal files or business documents could experience data loss. It could simply be a result of human error. Data loss can also occur as a result of falling victim to ransomware, malware or phishing. According to the 2022 BrightCloud® Threat Report, medium-sized organizations (21 to 100 licensed PCs) experienced malware infection rates that affected nine PCs on average last year. To make matters worse, BrightCloud® Threat Intelligence also revealed four million new high-risk URLs were in existence in 2021 and almost 66% of them involved phishing. Whether you have important files stored on your personal or business computers, your data remains at risk. “The possibility of data loss and theft should be top of mind for individuals and businesses. Our increased reliance on digital files, the rise in cyber attacks, human error and natural disasters are just a few examples of how your data remains highly vulnerable,” says Tyler Moffitt, senior security analyst at Carbonite + Webroot, OpenText Security Solutions. Take control of your data through backup Beginning the backup process can be daunting. Whether you’re looking to back up your family’s documents or your mission-critical business files, it’s important to consider: Where will you back up your data? There are a number of backup options. From external hard drive to the cloud, there are many ways to prevent loss. It’s important to find a solution that fits your needs.What is your retention policy? A retention policy allows you to keep certain backups for a longer period of time. For instance, a business may decide it’s necessary to keep daily backups for a total of 30 days, but a family may choose to hold onto all their family photos for months  before archiving. Say goodbye to data loss with Carbonite Even though there are many ways to back up your data, not all options are created equal. For instance, storing your personal files on an external drive can backfire if the drive becomes corrupt or lost. As more of our data exists online, it’s important to consider cloud-based options. Many vendors in the market offer cloud backup solutions for your home or business. But it’s important to find a reliable and trusted provider. Carbonite is an award-winning, industry leader with reliable backup solutions. Over one million people trust Carbonite to protect their digital lives. Carbonite offers automatic, dependable and convenient backup for all of your devices and hard drive files. Make data backup a priority World Backup Day is an important reminder to preserve our data. As the threat landscape continues to evolve, backing up your files becomes part of a larger cyber resilience strategy. Cyber resilience is a defense in depth strategy that helps ensure continuous access to your personal and business data no matter what happens.  Carbonite offers solutions for consumers and businesses. Discover which of our plans is right for you. Own a small business and need data backup? Discover Carbonite Safe® for professionals. Kick start your backup journey today. To understand your backup needs, begin with our quick assessment. We’ll help you pinpoint the level of backup you need. We’ll also give you an opportunity to experience it without commitment. Start a free trial today and discover for yourself how simple it is to back up your data with Carbonite. The post World Backup Day reminds us all just how precious our data is appeared first on Webroot Blog.

2022-03
Aggregator history
Friday, March 25
TUE
WED
THU
FRI
SAT
SUN
MON
MarchAprilMay