Author Archives: Zaid Shoorbajee

Hackers target ‘hundreds’ of Middle East activists with fake login pages, 2FA bypass schemes

Posted on by

Hackers have been going after email accounts of hundreds of Middle East-based human rights activists, journalists and others using methods that bypass security features of services like Google, Yahoo, ProtonMail and Tutanota, according to a report published Wednesday by Amnesty International. The human rights watchdog says its likely that a single group of hackers has been using clever pages that mimic secure login pages, as well as tricks that bypass two-factor authentication (2FA) to target accounts at least throughout 2017 and 2018. The targets are mostly in the United Arab Emirates, Egypt, Yemen and Palestine, the group said. “What makes these campaigns especially troubling is the lengths to which they go to subvert the digital security strategies of their targets,” the group says in the report. Amnesty International analyzes the activity as two separate campaigns. One uses fake pages that look like they belong to ProtonMail and Tutanota in order to get […]

The post Hackers target ‘hundreds’ of Middle East activists with fake login pages, 2FA bypass schemes appeared first on CyberScoop.

Continue reading Hackers target ‘hundreds’ of Middle East activists with fake login pages, 2FA bypass schemes

APT28-linked trojan being developed in multiple programming languages, research shows

Posted on by

An elite Russia-linked hacking group is creating multiple versions of one of its go-to malicious tools in an apparent attempt to make its activity harder to detect, according to research published Tuesday by Palo Alto Networks. The company’s Unit42 threat intelligence team says that the hacker group Sofacy, also known as APT28, Fancy Bear and many other names, has been spotted using a version of the Zebrocy trojan written in the “Go” programming language in multiple phishing campaigns. The findings add to a list of Zebrocy variants written in different types of code. Researchers and Western governments have largely attributed APT28 to Russian intelligence services. “The use of a different programming language to create a functionally similar Trojan is not new to this group, as past Zebrocy variants have been developed in AutoIt, Delphi, VB.NET, C# and Visual C++,” the researchers wrote. “While we cannot be certain the impetus for this, […]

The post APT28-linked trojan being developed in multiple programming languages, research shows appeared first on CyberScoop.

Continue reading APT28-linked trojan being developed in multiple programming languages, research shows

Memes posted to Twitter have been coded to talk to malware

Posted on by

You have probably seen dank memes that really speak to you, but research shows that memes can also be made to speak to malware that has infected a computer. A piece of malware analyzed in a report published Friday by Trend Micro responds to executable commands embedded in images posted on Twitter. Hackers used stenography to conceal the command “/print” within a specific meme in such a way that’s invisible to a casual observer, prompting the malicious software to send a screenshot to a command and control server. The malware has to already be in place on the victim’s computer for the trick to work. Researchers said they weren’t aware of the malware’s delivery mechanism. It’s worth noting that Twitter as a platform does not host any malicious software in this scheme. The malware, once it infects the system, downloads the image from the hacker’s Twitter account and searches it for commands. Twitter […]

The post Memes posted to Twitter have been coded to talk to malware appeared first on CyberScoop.

Continue reading Memes posted to Twitter have been coded to talk to malware

Avanan raises $25 million Series B to secure cloud business apps

Posted on by

Avanan, a startup that protects organizations cloud applications from cyberattacks, announced Monday that it raised $25 million in a Series B funding round. The company’s platform integrates multiple security vendors and lets customers choose which solutions they want to protect their software-as-a-service (SaaS) business apps. The company deploys the customers’ selected security solutions, from names like McAfee, Symantec and Check Point, via the cloud. The offering is meant to provide organizations with protection from online trickery in a world where phishing attacks have spilled beyond email into work organization services like Slack, Google’s G Suite, Microsoft Office 365, Box and others. The platform protects customers from “phishing attacks, malicious content, data leakage, account takeover and more,” the company says. “Companies that use SaaS-based email and collaboration platforms quickly realize that hackers find ways to bypass their security,” said Avanan CEO and co-founder Gil Friedrich in press release. “By connecting directly to […]

The post Avanan raises $25 million Series B to secure cloud business apps appeared first on CyberScoop.

Continue reading Avanan raises $25 million Series B to secure cloud business apps

Equifax, others must secure apps as part of New York settlement

Posted on by

The New York attorney general’s office said five apps made by well-known companies could have leaked user data. The firms – Western Union, Priceline, Equifax, Spark Networks and Credit Sesame – have agreed to revamp the security of their apps as part of a settlement announced Friday. The state office said the companies failed to use the proper protocols to secure user information that is transmitted over the internet, despite assuring users about the security of the apps in question. “Businesses that make security promises to their users – especially as it relates to personal information – have a duty to keep those promises,” said Barbara Underwood, the New York attorney general, in a statement. The AG’s office said that the apps at had a “well-known security vulnerability” that could enable man-in-the-middle attacks, whereby a hacker can intercept data when it’s sent via a wireless connection. The office explained that apps that fail […]

The post Equifax, others must secure apps as part of New York settlement appeared first on CyberScoop.

Continue reading Equifax, others must secure apps as part of New York settlement

Facebook bug gave developers access to private photos of 6.8 million users

Posted on by

Facebook said Friday that a bug on its platform exposed 6.8 million users’ private photos to developers for 12 days in September. The flaw was in Facebook’s photo API, the company said, and accidentally gave developers access to private photos. The API should only allow authorized applications to access public photos on users’ timelines. “In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories. The bug also impacted photos that people uploaded to Facebook but chose not to post,” Facebook engineering director Tomer Bar said in a blog post.  “We’re sorry this happened.” The bug seems to have impacted 1,500 apps made by 876 developers, according to the blog post. Bar said Facebook will be rolling out a feature for app developers to see which of their users were affected by the bug and “will be working with those developers to […]

The post Facebook bug gave developers access to private photos of 6.8 million users appeared first on CyberScoop.

Continue reading Facebook bug gave developers access to private photos of 6.8 million users

Shamoon resurfaces, targeting Italian oil company

Posted on by

Researchers are trying to make sense of an apparent reprisal of Shamoon, a piece of malware known for high profile attacks targeting oil and gas computer systems. Saipem, an Italian oil services company, confirmed Wednesday it was infected with a variant of the notorious virus, resulting in an outage. The attack shut down more than 300 of the company’s servers and 100 computers, Reuters reported, and Saipem says it’s working to restore operations affected by the attack from backups. Shamoon is best known for an attack in 2012 on Saudi Arabia-owned oil company Saudi Aramco, which experts have described as one of the most destructive cyberattacks in history. Saudi Aramco is Saipem’s largest customer, according to Reuters. Researchers have blamed Iranian hackers for the 2012 attack on Aramco. “The attack led to the cancellation of data and infrastructures, typical effects of malware,” the company said in a statement. “The restoration activities, in a gradual and […]

The post Shamoon resurfaces, targeting Italian oil company appeared first on CyberScoop.

Continue reading Shamoon resurfaces, targeting Italian oil company

Can’t hack? You can buy the tools on the dark web instead

Posted on by

You don’t have to be a hacker to hack. Much like legitimate businesses must pay for the various inputs that make up their offerings, cybercriminals rely on products and services — some legitimate and some purchased on the dark web — to conduct their operations. A report published Friday by Deloitte, titled “Black Market Ecosystem: Estimating the Cost of ‘Pwnership,’” paints a picture of an underground economy of tools for cybercriminals and assesses how actors in this space adapt and innovate much like legitimate businesses would invest in their own services. “The underground economy is a diverse but interrelated ecosystem where nearly all criminal enterprises incorporate a mixed assortment of tools and services,” the report says. “This same concept is reflected in legitimate markets where businesses and economies focus their effort on the production of a limited scope of products or services to achieve productive efficiencies, increase quality, and reduce […]

The post Can’t hack? You can buy the tools on the dark web instead appeared first on CyberScoop.

Continue reading Can’t hack? You can buy the tools on the dark web instead

Misconfigured server exposed half of Brazilian taxpayer ID numbers: report

Posted on by

A database containing personally identifying information of 120 million Brazilian citizens and residents was accessible on the open web for some time, according to a report published Tuesday by cybersecurity company InfoArmor. The records reportedly contained the Cadastro de Pessoas Físicas (CPF) — a counterpart to Social Security numbers — of more than half of Brazil’s population of 210 million. The unprotected CFPs were linked to people’s basic contact information, financial accounts, credit and debit history, voting history family relations and more, InfoArmor says. The company’s researchers say they encountered the openly accessible HTTP server in March 2018 while scanning the web for compromised machines. Within the database, the file “index.html” had been renamed to “index.html_bkp,” which the report says made it visible to the public. Anyone who knew what they were looking for could have found it, InfoArmor says. While the data wasn’t discovered as part of a breach, the researchers caution […]

The post Misconfigured server exposed half of Brazilian taxpayer ID numbers: report appeared first on CyberScoop.

Continue reading Misconfigured server exposed half of Brazilian taxpayer ID numbers: report

Supermicro concludes ‘Big Hack’ investigation, says no tampering

Posted on by

Executives at Super Micro Computer (Supermicro) contended Tuesday that their company did not fall victim to a major supply chain compromise described in a Bloomberg Businessweek story in October. CEO Charles Liang and senior vice presidents David Weigand and Raju Penumatcha wrote in a letter to customers that a “thorough investigation” by a third-party firm concluded that malicious hardware had not been planted on Supermicro devices. “Recent reports in the media wrongly alleged that bad actors had inserted a malicious chip or other hardware on our products during our manufacturing process,” the letter reads. “After thorough examination and a range of functional tests, the investigations firm found absolutely no evidence of malicious hardware on our motherboards.” The Bloomberg story alleged Chinese operatives embedded rice grain-sized chips onto to motherboards that Supermicro supplied to major technology companies like Apple and Amazon Web Services. The report was immediately met with strong denials from Supermicro […]

The post Supermicro concludes ‘Big Hack’ investigation, says no tampering appeared first on CyberScoop.

Continue reading Supermicro concludes ‘Big Hack’ investigation, says no tampering