Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for How cybercriminals t ...

 Threats

These days, a 12 or 13-year-old kid can become a professional eSports player, while the youngest of them began his career at the ripe old age of… four! The gaming world has become much younger, but all gamers — both children and adults — face multiple cyberthreats. And scammers tailor each of their schemes with   show more ...

a particular age audience in mind. Although children spend less time playing online games than adults, they remain one of the most sought-after targets for cybercriminals: after all, a kid can often easily lead you to their parents bank card. Free cheese still smells nice One of the most common scams targeting young gamers takes the form of an offer to generate in-game currency for free. Thats because kids today would rather get in-game currency from their parents than pocket money. To be the coolest-of-the-cool in pretty much any online game, you need virtual coins, and lots of them — such as V-bucks in Fortnite or Robux in Roblox. To avoid having to ask their parents to fork out, children are always on the lookout for free coins, which makes them vulnerable to cybercriminals. Relying on most childrens rudimentary knowledge of cybersecurity, scammers dont even bother with clever schemes: they literally spell out what data they want from their victims. For instance, on one phishing site that pretends to generate gems — the currency of the popular childrens game Brawl Stars — users are asked to answer just four questions to get as many gems as they please. As well as the desired number of gems and their in-game name, the user also has to hand over the e-mail address linked to the Supercell online game store and, guess what, the password for it! Why the young gamer needs to share this data, the creators of the site never explain. Now in possession of the victims e-mail, the attackers can get a security code to log in to the Supercell account and hijack it by changing the password. So, instead of picking up lots of free gems, the unfortunate player may lose both their mail account and all their accumulated experience and currency in Brawl Stars. Free cheeeeeese! Other scams are even more primitive. One site we found invited users to download Valorant cheats that give an advantage over other players, together with a detailed installation guide. One of the instructions was to disable all antivirus software before installing the file — otherwise the cheat would be flagged as a false positive and not be installed. The executable file is packed in a password-protected Winrar archive, the contents of which cannot be checked by the antivirus before unpacking, and it must be Run as administrator so that the virus gains full access to the victims computer. The longer the victims antivirus is disabled, the more data the scammers can potentially pump out. It helps if the child has their own computer, but what if its a shared home computer full of parental data, including passwords and bank card details? The winner takes it all. From your PC. Almost any adult would smell the cheese in the mousetrap, but to kids who know little about cybercriminal tricks, nothing feels off. Statistics show that malware disguised as Minecraft or Roblox was downloaded 3–4 times more often than games for mature audience. For more examples of child-targeting scams, see our threat report for young gamers. The more experienced the player, the trickier the scam To fool hardcore gamers, scammers have to be far more sophisticated. Targeting an adult audience, they create phishing sites that mimic 18+ games, such as GTA Online. But the result is the same: the victim is either scammed out of their data and game account, or asked to take an online Im not a robot test, with the offer of a prize — for example, the latest iPhone or a PlayStation 5. Only, to receive it, a small commission needs to be paid. And as you may have guessed, after paying this the gamer gets no prize and may compromise their bank card instead. Havent you seen the Grand Theft inscription? You were warned Also this year, cybercriminals have learned how to mimic the in-game stores of such popular games as CS:GO, PUBG, and Warface. To get a good skin at a low price, victims had to enter their credentials for Steam, or even for social networks like Twitter or Facebook. As soon as they entered this data, their account fell straight into the hands of the cybercriminals, and all the skins and artifacts there were sold to other gamers. A farewell to arms Another common trick is to offer bundles (tens or even hundreds) of licensed games for peanuts. But this meager sum must be paid from your bank card. Or you can get a Battle pass for free, but to confirm, say, your age, you need to give the numbers on both the front and back of your credit card. No prizes for guessing that this data will most likely be stolen and then sold on the dark web. It wont ever be as cheap as this! Oh, wait… How to protect yourself against such threats? Whether youre a rookie or hardcore gamer, the threats you face are the same, and its worth knowing how to guard against them: Use strong passwords — a unique one for each account. Then, even if one of your accounts is hijacked, the others will still be yours. Dont trust your memory? A password manager can help. Protect your accounts further with two-factor authentication. Use virtual bank cards and refill their balance exactly for the purchase amount. By entering the numbers from your bank card, you risk losing all the funds you have there. And remember that a bundle of licensed games selling for a song is a reason to be wary. Install a reliable antivirus solution on your computer — one that works seamlessly with Steam and other gaming platforms. Kaspersky's antivirus products have a special game mode that automatically activates when you start games. Antivirus database updates, scheduled drive scans, and notifications are suspended in this mode, but protection continues to run in the background. Which means: your system is securely protected from any malware; your personal data is monitored for leaks; your passwords are stored in a secure, encrypted vault; all links you follow are checked for scams and phishing; your IP address is hidden by a VPN, which encrypts transmitted data and, by choosing the right server, improves ping/latency; finally, the operating system settings are optimized so you dont lose a single millisecond of gaming.

 Threat Actors

Proofpoint security analysts have seen changes in the TTPs used by TA569 The changes entail a rise in injection types and a switch to different payloads. The threat group has been observed repeatedly reinfecting websites that have already undergone mitigation for malicious injections. This technique is known as   show more ...

strobing. Researchers have published domain rules for TA569-controlled domains that can be monitored and blocked to prevent the download of malware payloads.

 Trends, Reports, Analysis

According to new data from the FTC, U.S. consumers lost $8.8 billion to online fraud in 2022, with investment scams and imposter scams topping the list, causing $3.8 billion and $2.6 billion in losses, respectively. Among the top five fraud schemes, imposter scams topped the list, followed by online shopping scams; prizes, lotteries, and sweepstakes scams; investment scams; and job opportunities. 

 Malware and Vulnerabilities

An assessment of online shopping cart software used by e-commerce sites performed by the German cybersecurity agency found a slew of vulnerabilities, including code so old it's no longer supported as well as vulnerable JavaScript libraries.

 Malware and Vulnerabilities

A new decryptor for the MortalKombat ransomware is now available for download. Bitdefender has been monitoring the MortalKombat ransomware family since it first appeared online in January this year.

 Companies to Watch

Immuta, a Boston, MA-based data security company, received an additional strategic investment from ServiceNow. The investment, which was in addition to the Series E funding round, will allow the company to continue growing its cloud offering.

 Malware and Vulnerabilities

Researchers from FortiGuard Labs observed a new LockBit ransomware campaign during December 2022 and January 2023 using a combination of techniques effective against AV and EDR solutions.

 Feed

Red Hat Security Advisory 2023-0899-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.53.

 Feed

Debian Linux Security Advisory 5366-1 - The Qualys Research Labs reported an authorization bypass (CVE-2022-41974) and a symlink attack (CVE-2022-41973) in multipath-tools, a set of tools to drive the Device Mapper multipathing driver, which may result in local privilege escalation.

 Feed

Ubuntu Security Notice 5880-2 - USN-5880-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Christian Holler discovered that Firefox did not properly manage memory when using PKCS 12 Safe Bag attributes. An attacker could construct a PKCS 12 cert bundle   show more ...

in such a way that could allow for arbitrary memory writes. Johan Carlsson discovered that Firefox did not properly manage child iframe's unredacted URI when using Content-Security-Policy-Report-Only header. An attacker could potentially exploits this to obtain sensitive information. Vitor Torres discovered that Firefox did not properly manage permissions of extensions interaction via ExpandedPrincipals. An attacker could potentially exploits this issue to download malicious files or execute arbitrary code. Irvan Kurniawan discovered that Firefox did not properly validate background script invoking requestFullscreen. An attacker could potentially exploit this issue to perform spoofing attacks. Ronald Crane discovered that Firefox did not properly manage memory when using EncodeInputStream in xpcom. An attacker could potentially exploits this issue to cause a denial of service. Samuel Grob discovered that Firefox did not properly manage memory when using wrappers wrapping a scripted proxy. An attacker could potentially exploits this issue to cause a denial of service. Holger Fuhrmannek discovered that Firefox did not properly manage memory when using Module load requests. An attacker could potentially exploits this issue to cause a denial of service. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code.

 Feed

Ubuntu Security Notice 5900-1 - It was discovered that tar incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive information or cause a crash.

 Feed

Ubuntu Security Notice 5638-4 - USN-5638-1 fixed several vulnerabilities in Expat. This update provides the corresponding update for Ubuntu 14.04 ESM. Rhodri James discovered that Expat incorrectly handled memory when processing certain malformed XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

 Feed

Red Hat Security Advisory 2023-1017-01 - OpenStack Image Service provides discovery,registration, and delivery services for virtual disk images. The Image Service API server provides a standard REST interface for querying information about virtual disk images stored in a variety of back-end stores, including OpenStack   show more ...

Object Storage. Clients can register new virtual disk images with the Image Service, query for information on publicly available disk images, and use the Image Service's client library for streaming virtual disk images.

 Feed

Red Hat Security Advisory 2023-1008-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include denial of service, integer overflow, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2023-0890-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.5. Issues addressed include denial of service and out of bounds read vulnerabilities.

 Feed

Red Hat Security Advisory 2023-1015-01 - OpenStack Compute is open source software designed to provision and manage large networks of virtual machines,creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running   show more ...

instances, managing networks, and controlling access through users and projects.OpenStack Compute strives to be both hardware and hypervisor agnostic, currently supporting a variety of standard hardware configurations and seven major hypervisors.

 Feed

Ubuntu Security Notice 5903-1 - It was discovered that lighttpd incorrectly handled certain inputs, which could result in a stack buffer overflow. A remote attacker could possibly use this issue to cause a denial of service.

 Feed

Six different law firms were targeted in January and February 2023 as part of two disparate threat campaigns distributing GootLoader and FakeUpdates (aka SocGholish) malware strains. GootLoader, active since late 2020, is a first-stage downloader that's capable of delivering a wide range of secondary payloads such as Cobalt Strike and ransomware. It notably employs search engine optimization (

 Feed

A stealthy Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus has become the first publicly known malware capable of bypassing Secure Boot defenses, making it a potent threat in the cyber landscape. "This bootkit can run even on fully up-to-date Windows 11 systems with UEFI Secure Boot enabled," Slovak cybersecurity company ESET said in a report shared with The Hacker News.

 Feed

Employee well-being has become a primary focus for many businesses. Even before the pandemic, the C-suite was acutely aware of how employee mental health impacts business outcomes.  But for cybersecurity professionals, stress has always been a part of the job. A new survey revealed that one of the most concerning aspects of employee mental health is how it impacts cybersecurity programs and,

 Feed

Google has announced the general availability of client-side encryption (CSE) for Gmail and Calendar, months after piloting the feature in late 2022. The data privacy controls enable "even more organizations to become arbiters of their own data and the sole party deciding who has access to it," Google's Ganesh Chilakapati and Andy Wen said. To that end, users can send and receive emails or

 Feed

Cryptocurrency companies are being targeted as part of a new campaign that delivers a remote access trojan called Parallax RAT. The malware "uses injection techniques to hide within legitimate processes, making it difficult to detect," Uptycs said in a new report. "Once it has been successfully injected, attackers can interact with their victim via Windows Notepad that likely serves as a

2023-03
Aggregator history
Wednesday, March 01
WED
THU
FRI
SAT
SUN
MON
TUE
MarchAprilMay