Cybercriminals scam two federal agencies via remote desktop tool, CISA warns

CISA and the NSA warned federal agencies that malicious hackers used legitimate remote monitoring and management software to execute scams.

The post Cybercriminals scam two federal agencies via remote desktop tool, CISA warns appeared first on CyberScoop.

Continue reading Cybercriminals scam two federal agencies via remote desktop tool, CISA warns

A Peek Inside Today’s Modern RATs (Remote Access Tools) and Trojan Horses C&C (Command and Control) Communication Channels – An OSINT Analysis

Dear blog readers,I’ve decided to share with everyone a currently active portfolio of RATs (Remote Access Tools) and trojan horses C&C (Command and Control) communication channels including actual currently active names of RATs (Remote Access Tools… Continue reading A Peek Inside Today’s Modern RATs (Remote Access Tools) and Trojan Horses C&C (Command and Control) Communication Channels – An OSINT Analysis

Online testing firm agrees to security audit after inquiry from senator

A company whose software has been widely used to administer law school entrance exams during the coronavirus pandemic has agreed to an independent audit of the software after a U.S. senator raised cybersecurity concerns about the product. Alabama-based ProctorU’s web-browser extension software has allowed people across the U.S. to take the LSAT exam from home during the pandemic. But Sen. Ron Wyden, D-Ore., worried that that same accessibility, if left unsecured, could give cybercriminals a foothold onto test-takers’ devices. And so, after inquiries from Wyden, ProctorU has hired outside security experts to review its software and the tool it uses for remote troubleshooting, according to the Law School Admissions Council (LSAC), which administers the LSAT. More than 145,000 LSAT exams were administered online from May 2020 to February 2021, and ProctorU appears to be the main contractor for doing so. It’s another case of privacy and security risks emerging in […]

The post Online testing firm agrees to security audit after inquiry from senator appeared first on CyberScoop.

Continue reading Online testing firm agrees to security audit after inquiry from senator

Exposing GRU’s Involvement in U.S Election Interference – 2016 – An OSINT Analysis

Dear blog readers,Continuing the “FBI’s Most Wanted Cybercriminals” series I’ve decided to share some of the actionable intelligence that I have on GRU’s involvement in the 2016 U.S Election interference with the idea to assist U.S Law Enforcement and … Continue reading Exposing GRU’s Involvement in U.S Election Interference – 2016 – An OSINT Analysis

Florida hack highlights security shortages in US water sector

A hack that apparently affected a Florida water facility’s chemical setting is emblematic of a water sector that’s short on money, cybersecurity personnel and often reliant on the practices of vendors, experts say. The Feb. 5 incident in Oldsmar, a Florida town of 15,000 people, involved a still-unidentified hacker infiltrating the local water treatment facility’s computer system and trying to increase the amount of sodium hydroxide to a potentially dangerous level, local authorities said. The substance is used in the water purification process but can be toxic at higher levels. No harm was done to public health — the facility had safety checks in place — but the level of access obtained by the attacker has prompted calls for tighter security in the sector. The breach is an uncomfortable reminder that water facilities struggle to invest as much money in effective security as other industrial organizations, even as they face “an […]

The post Florida hack highlights security shortages in US water sector appeared first on CyberScoop.

Continue reading Florida hack highlights security shortages in US water sector

New VPN flaws highlight proven pathway for hackers into industrial organizations

Sometime in the second half of 2019, suspected Iranian hackers started burrowing into the network of an unnamed organization in the Middle East. What likely began, according to investigators, as a breach of a virtual private network application led to a compromise of the organization’s administrative network accounts. It culminated in a data-wiping attack on Dec. 29 that hit most of the machines on the organization’s IT network. A forensic report on the attack produced by Saudi cybersecurity officials warns industrial companies to secure VPN connections, which employees use for remote connectivity, lest they become a valuable foothold for hackers in search of sensitive data. Seven months later, with the rise in remote work during the coronavirus pandemic, that advice is even more critical. On Tuesday, researchers from cybersecurity company Claroty drove the point home by publishing data on multiple remote-connectivity products popular in the oil, gas and other industrial […]

The post New VPN flaws highlight proven pathway for hackers into industrial organizations appeared first on CyberScoop.

Continue reading New VPN flaws highlight proven pathway for hackers into industrial organizations

Who is World Wired Labs and why are they selling an Android trojan?

A company advertising a remote access tool frequently used by criminals and nation-state hackers may be serving as a front for a Chinese hacking group, according to new research published Tuesday by BlackBerry Cylance. In a lengthy report on remote access trojans (RAT), BlackBerry Cylance researchers detail an Android malware variant, which they call PWNDROID4, that can be used to monitor targets’ phone calls, record audio, send and receive text messages, and track victims’ GPS location. Researchers believe it has been used by suspected Chinese government-linked hackers known as the Winnti group. In the report, researchers have pieced together that PWNDROID4 is remarkably similar to the Android version of a RAT known as NetWire, which has been around since 2017. BlackBerry Chief Product Architect Eric Cornelius told CyberScoop that researchers traced NetWire, a multi-platform RAT that’s been in use since at least 2012, back to a firm known as World Wired […]

The post Who is World Wired Labs and why are they selling an Android trojan? appeared first on CyberScoop.

Continue reading Who is World Wired Labs and why are they selling an Android trojan?

COVID-19: Hackers Begin Exploiting Zoom’s Overnight Success to Spread Malware

As people increasingly work from home and online communication platforms such as Zoom explode in popularity in the wake of coronavirus outbreak, cybercriminals are taking advantage of the spike in usage by registering new fake “Zoom” domains and malici… Continue reading COVID-19: Hackers Begin Exploiting Zoom’s Overnight Success to Spread Malware