Collaborate Disseminate
What lies behind the click of a phishing scam? If you’ve ever wondered how you could lose your Paypal credentials from an email, read how it works here.
The post Return to Sender: A Technical Analysis of A Paypal Phishing Scam appeared first on Securit… Continue reading Return to Sender: A Technical Analysis of A Paypal Phishing Scam
A new variant of the infamous Mirai botnet is targeting embedded devices like routers and internet-connected cameras with new exploits, security researchers have concluded. By taking aim at enterprises with large network bandwidths, the Mirai offshoot could give the botnet “greater firepower” to orchestrate distributed denial-of-service attacks, said researchers at Unit 42, Palo Alto Networks’ threat intelligence unit. Operators of the new variant have gone after devices that are popular with businesses, such as wireless presentation systems, according to Unit 42. “IoT/Linux botnets continue to expand their attack surface, either by the incorporation of multiple exploits targeting a plethora of devices, or by adding to the list of default credentials they brute force, or both,” Ruchna Nigam, senior threat researcher at Unit 42, wrote in a blog post. Either patch your devices or get them off the network, Nigam advised. Mirai is a multi-part cautionary tale in the vulnerability of […]
The post Mirai offshoot offers ‘greater firepower’ for DDoS attacks, researchers warn appeared first on CyberScoop.
Continue reading Mirai offshoot offers ‘greater firepower’ for DDoS attacks, researchers warn
Dozens of organizations left terabytes of data exposed online through web links to files hosted on data-sharing platform Box, according to research published Monday. The exposed data, which spanned hundreds of thousands of documents, included Social Security and bank account numbers; hundreds of passport photos; files of technology prototypes; VPN configurations; and financial data and invoices, according to Adversis, a vulnerability assessment company. Box allows users to easily share files that, if not properly secured, are vulnerable to brute-force attacks, the research shows. After locating the sub-domains of various corporate Box accounts, Adversis researchers began brute-forcing files and folders, “returning results faster than we could review them.” TechCrunch was first to report on the data leak. As the researchers pointed out, their findings have parallels with security problems in another popular data storage service – Amazon Web Services S3 “buckets” – which are routinely exposed online. The Box issue is worse […]
The post Bad Box configurations lead to leaks of sensitive corporate data appeared first on CyberScoop.
Continue reading Bad Box configurations lead to leaks of sensitive corporate data
Researchers at Google have found previously unkown vulnerabilities – one in Google Chrome and the other in Microsoft Windows – that they say attackers have been exploiting in tandem. Both zero-day vulnerabilities could allow hackers to escape the “sandboxes” that software programs use as safeguards against malicious activity. The vulnerability in Chrome, the web’s most popular browser, affects Chrome’s FileReader API, and could allow an attacker to carry out remote code execution. The Windows vulnerability, which Google researchers had been exploited on Windows 7, could give a hacker the ability to escalate privileges on a certain Windows kernel driver, letting the attacker break out of a security sandbox. Google has released a patch for the Chrome vulnerability, while Microsoft is still working on its own, according to Clement Lecigne, a researcher with Google’s Threat Analysis Group. “The unpatched Windows vulnerability can still be used to elevate privileges or combined with another browser […]
The post Google researchers uncover two zero-days affecting Chrome, Windows appeared first on CyberScoop.
Continue reading Google researchers uncover two zero-days affecting Chrome, Windows
A year ago, cybersecurity researchers at Trend Micro who were tinkering with home-automation systems in their spare time decided to make a formal project out of it. One of the researchers invited the others to hack his smart home in Germany and see what they could find out about the underlying protocols used in it. They quickly discovered that not only was the system susceptible to manipulation, but it was also ill-equipped to detect it. The owner of the home found himself moving from room to room, trying to figure out why his lights and window blinds weren’t working. Stephen Hilt, a senior threat researcher at Trend Micro, had inadvertently carried out a denial-of-service attack on devices running on a popular building-automation protocol in the house. The researchers knew where the attack was coming from — Hilt was using a software-defined radio to jam the devices, flooding them with noise — but they didn’t realize how effective it would be. “That was […]
The post By hacking one of their own homes, researchers want to open a window on IoT security appeared first on CyberScoop.
A pair of precocious interns at IBM’s red-teaming unit has found 19 previously undisclosed vulnerabilities in the automated systems that companies use to check visitors into their facilities. A hacker exploiting the security flaws could access visitor logs, contact information, and other company data, and use that access to go after corporate networks, the IBM X-Force Red researchers said. The study of five popular visitor-management systems is a warning of the risk of automating common societal tasks without security precautions. These systems are supplanting security guards as an efficient way of enabling access to a building, and apparent negligence in their architecture leaves them vulnerable. The interns, Hanna Robbins and Scott Brink, are students at the University of Tulsa and the Rochester Institute of Technology, respectively, according to their LinkedIn profiles. Robbins and Brink found default administrative login credentials that would give attackers complete control of a visitor-management application. They […]
The post IBM interns find 19 vulnerabilities in corporate check-in systems appeared first on CyberScoop.
Continue reading IBM interns find 19 vulnerabilities in corporate check-in systems
An analysis of a command-and-control server suspected of being used by North Korean hackers shows it was the centerpiece of a previously discovered global espionage campaign that is broader and longer-running than initially understood, security researchers with McAfee announced Sunday. The campaign began as early as September 2017, a year earlier than previously documented, and is targeting financial services and government organizations, among others, researchers said. Most of the malicious activity is against organizations in Germany, Turkey, the U.S., and the United Kingdom, the researchers said. In December, McAfee published research on the espionage campaign, dubbed Operation Sharpshooter, saying it hit 87 organizations – including those in the nuclear, defense, and financial sectors – in October and November alone. After picking apart code and other data from the server, McAfee researchers say they’ve found “striking similarities” between last year’s attacks and several others attributed to Lazarus Group, a broad set of […]
The post A server likely used by Lazarus Group offers clues to a broader espionage campaign appeared first on CyberScoop.
Continue reading A server likely used by Lazarus Group offers clues to a broader espionage campaign
A hacking group has been phishing the owners of popular Instagram accounts, extorting the victims, and then keeping them from recovering the stolen accounts, according to new research that underscores how attackers are exploiting the value of social-media brands. “We’ve seen cases where owners of Instagram profiles with followers between 15,000 and 70,000 were hacked and were never retrieved,” researchers from cybersecurity company Trend Micro wrote in a Thursday blog post. “The victims ranged from famous actors and singers to owners of startup businesses like photoshoot equipment rentals.” As with many a breach, the attack starts with a phishing email. Trend Micro researchers got a hold of the hackers’ phishing kit to explore further. The lure purports to be a message from Instagram asking users to get a “verified badge” and encourages them to submit login credentials. Once the hackers have access to the Instagram profile and the email associated […]
The post How hackers are extorting Instagram users and throwing away the key appeared first on CyberScoop.
Continue reading How hackers are extorting Instagram users and throwing away the key
The websites of foreign embassies are often where people go to download visa applications and other documents They are also ripe openings for embedding malware. Criminal hackers have taken notice. In the case of the Bangladesh Embassy in Cairo, attackers appear to be using the website to mine cryptocurrency, according to research published Wednesday by SpiderLabs, the security team of Chicago-based company Trustwave. Almost the entire embassy website appears to be compromised, with nearly every attempt to access a URL ending in a request to save a malicious file, the researchers said. Only three of 69 antivirus engines detected the infected website as malicious. “This level of compromise usually indicates the attacker’s ability to not only upload their own data, but also change the web server’s configuration,” SpiderLabs’ Nikita Kazymirskyi wrote in a blog post. The hackers appear to have breached the website in October. In January, SpiderLabs noticed a Microsoft Word […]
The post Hackers turn Bangladeshi embassy website into cryptomining scheme appeared first on CyberScoop.
Continue reading Hackers turn Bangladeshi embassy website into cryptomining scheme
A maxim of cybersecurity holds that hackers will exert just enough resources to compromise a network or avoid detection. Why deploy new, top-shelf tools when you can just refashion old ones? The strategy on full display in research on a Chinese government-linked hacking group that Dell Technologies’ SecureWorks published Wednesday. The hackers — categorized as an advanced persistent threat by researchers and usually labeled APT27 or Bronze Union — dusted off and upgraded a couple of long-available digital weapons to carry out intrusions in 2018, the report said. “The threat actors have access to a wide range of tools, so they can operate flexibly and select tools appropriate for intrusion challenges,” the research says. One remote access trojan (RAT) was developed over a decade ago, but Bronze Union added a packet redirection tool and digital certificates signed by two Chinese technology companies before deploying it last year, according to the research. The […]
The post Inside a Chinese APT’s very flexible playbook appeared first on CyberScoop.
Continue reading Inside a Chinese APT’s very flexible playbook