Collaborate Disseminate
Two years after it was disclosed, the Log4j vulnerability continues to enable North Korean hacking operations.
The post North Korean hacking ops continue to exploit Log4Shell appeared first on CyberScoop.
Continue reading North Korean hacking ops continue to exploit Log4Shell
Fraudsters are posing as human rights group Amnesty International to trick individuals into downloading malicious software, researchers at Cisco’s threat intelligence unit Talos report. Masquerading as the human rights group, hackers registered multiple domains using variations on the Amnesty name to advertise a demo for “Amnesty Anti Pegasus” software that could allegedly scan devices for the NSO Group spyware, which Amnesty has closely examined. The malware had a realistic-looking “Anti Pegasus” user interface. In fact, victims downloaded Sarwent, a malicious software that gives attackers a backdoor to a victim’s machine. Hackers can use that access to download and execute other malicious tools as well as exfiltrate data such as passwords. The campaign preys on growing concerns around the threat of spyware. Human rights advocates have long criticized the NSO Group for the use of its technology by governments to spy on activists, dissidents and journalists. A sweeping July report by […]
The post Hackers posed as Amnesty International, promising anti-spyware tool that actually collects passwords appeared first on CyberScoop.
A group that’s been linked to Iranian-based hackers has been working to obfuscate its activities to evade detection, according to new research from Cisco’s Talos researchers. The hackers, whose attacks are ongoing, are working to avoid host-based signatures and Yara signatures by using a Visual Basic for Applications (VBA) script, PowerShell stager attacks, and a separate command and control server, researchers write in a blog post. In some cases the group, which Talos has dubbed “BlackWater,” has been successful in avoiding detection mechanisms. Some of the code the group has used in its attacks is the same as that used by a group known as MuddyWater. Talos writes the code was used in attacks against Kurds in Turkey. This code overlap and the fact that BlackWater and MuddyWater have had similar targets, including those in Turkey, lead Talos researchers to report they have “moderate confidence” that the actors behind BlackWater […]
The post Middle East-linked hacking group is working hard to mask its moves appeared first on CyberScoop.
Continue reading Middle East-linked hacking group is working hard to mask its moves
Five of them allow remote compromise of the IoT gadgets, so attackers can intercept video feeds and more. Continue reading Yi IoT Home Camera Riddled with Code-Execution Vulnerabilities
A malware framework that’s already infected hundreds of thousands of routers across the globe appears to be even more dangerous than originally thought, according to new findings by Cisco’s internal cybersecurity unit Talos. The latest results show that the malware, “VPNFilter,” affects a wider array of devices, including more than 11 different hardware vendors, and carries several previously unknown infection capabilities, such as the potential to manipulate internet traffic on the end device in novel ways. The Talos researchers revealed the additional analysis Wednesday after having first publicly documented the botnet last week. A significant percentage of the devices infected through VPNFilter are based in Ukraine, leading domestic security services to claim that the malware symbolized a national security threat. Broadly speaking, VPNFilter works by traversing the web and automatically targeting unpatched routers and servers that carry outdated software. The term “botnet” is used to describe an army of zombie computers […]
The post Russian-linked VPNFilter malware is even worse than originally thought, new research suggests appeared first on Cyberscoop.
A massive hacking operation that co-opts more than 500,000 routers into a botnet looms over Ukraine, according to cybersecurity researchers and people familiar with the matter who spoke with CyberScoop. Over the last several days, a combination of at least three groups — Cisco’s cybersecurity unit Talos, the non-profit information sharing group Cyber Threat Alliance (CTA) and U.S. law enforcement — have all been quietly notifying companies about what appears to be the early stages of a potentially expansive cyberattack against Ukraine. The scheme carries indicators that suggests a Russian government-linked hacking group may be involved, but so far that connection is only tentative. The public notifications are ahead of a massive international soccer match, which will be hosted in Kiev, on May 26 and an important domestic holiday in Ukraine on June 28. Last year, there was a delayed reaction inside Ukraine to the NotPetya attack due to it being launched a day before […]
The post Researchers uncover sophisticated botnet aimed at possible attack inside Ukraine appeared first on Cyberscoop.
Continue reading Researchers uncover sophisticated botnet aimed at possible attack inside Ukraine
Vigilante hackers have left American flags and messages on machines in Russia and Iran. The hackers tell Motherboard why they did it. Continue reading “Don’t Mess With Our Elections”: Vigilante Hackers Strike Russia, Iran
Hackers armed with destructive malware appear to have compromised the main IT service provider for the Winter Olympic Games months before last week’s highly publicized cyberattack. Publicly available evidence analyzed by experts and reviewed by CyberScoop suggests that whoever deployed the Olympic Destroyer malware on Feb. 9 likely previously penetrated a series of computer systems in December belonging to Atos, a multinational information technology service provider that is hosting the cloud infrastructure for the Pyeongchang games. The evidence was recently posted to the VirusTotal repository, but information associated with the malware samples carries indications that the hackers were inside Atos systems since at least December. Some of the earliest samples were uploaded by unnamed VirusTotal users geographically located in France, where Atos is headquartered, and Romania, where some members of Atos’ security team work. On Feb. 9, the official Winter Olympics website went down for several hours, causing a disruption to ticket sales and downloads during the […]
The post Atos, IT provider for Winter Olympics, hacked months before Opening Ceremony cyberattack appeared first on Cyberscoop.
There is a chain of trust in every modern computing device that starts with the code you write yourself, and extends backwards through whatever frameworks you’re using, whatever OS you’re using, whatever drivers you’re using, and ultimately whatever BIOS, UEFI, Secure Boot, or firmware you’re running. With an Intel processor, this chain of trust extends to the Intel Management Engine, a system running independent of the CPU that has access to the network, USB ports, and everything else in the computer.
Needless to say, this chain of trust is untenable. Any attempt to audit every line of code running in …read more
No encryption is needed for the ransomware Ranscam, which simply deletes users’ files, even if the victim chooses to pay, researchers claim.
Continue reading Ranscam Ransomware Deletes Victims’ Files Outright
