Category Archives: Volexity

VMware Flaw a Vector in SolarWinds Breach?

Posted on by

U.S. government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. According to sources, among those was a flaw in software virtualization platform VMware, which the U.S. National Security Agency (NSA) warned on Dec. 7 was being used by Russian hackers to impersonate authorized users on victim networks. Continue reading VMware Flaw a Vector in SolarWinds Breach?

SolarWinds hackers’ capabilities include bypassing MFA

Posted on by

As the list of known organizations compromised by way of the SolarWinds supply chain attack is slowly growing – according to Reuters, the attackers also breached U.S. Department of Homeland Security’s systems, the State Department, and the … Continue reading SolarWinds hackers’ capabilities include bypassing MFA

Vietnamese hacking group OceanLotus uses imitation news sites to spread malware

Posted on by

Suspected Vietnamese government-linked hackers are behind a series of fake news websites and Facebook pages meant to target victim with malicious software, according to Volexity research published Friday. The hackers, known as OceanLotus or APT32, historically have targeted companies that have business interests in Vietnam. In this case, the fake sites and Facebook pages, which were set up within the last year, were intended for targets in Vietnam and across Southeast Asia, according to Volexity researchers. The attackers appear to have dual aims in their campaign — first, to gather information about the visitors to the fake media sites through a web profiling framework. They also occasionally target victims with malware meant to log targets’ keystrokes. Earlier this year, Kaspersky researchers revealed the hackers have been using the Google Play Store to disperse malware, suggesting both domestic and foreign intelligence collection requirements. This April, when the coronavirus was spreading around the world, the same group began sending malware to […]

The post Vietnamese hacking group OceanLotus uses imitation news sites to spread malware appeared first on CyberScoop.

Continue reading Vietnamese hacking group OceanLotus uses imitation news sites to spread malware

Researchers uncover malicious sites targeting China’s Uyghur population

Posted on by

Eleven websites related to China’s Uyghur population and the East Turkestan region where they reside were compromised and exploited as part of a surveillance operation that may be connected to an iOS hacking campaign revealed last week, according to new security research. Volexity, an incident response and digital forensics firm, on Monday said at least 11 websites had been “strategically compromised and leveraged as part of a series of attack campaigns” aimed at the Uyghur people. By using the affected websites — which range from the Uighur Times, the Turkistan Press, Turkistan TV, and the Uyghur Academy — hackers could infect visitors’ Android devices and collect information including the unique identification number, the phone number, location, CPU data, username and other sensitive details. Volexity did not directly attribute the attack to Beijing, saying only that two advanced persistent threat (APT) groups with ties to Chinese were behind it. The Chinese […]

The post Researchers uncover malicious sites targeting China’s Uyghur population appeared first on CyberScoop.

Continue reading Researchers uncover malicious sites targeting China’s Uyghur population

New Magecart victims ABS-CBN and Newegg are just the tip of the iceberg

Posted on by

With the Magecart attackers compromising web shops left and right, online shopping is becoming a risky proposition. After Ticketmaster, British Airways and Feedify, two new Magecart victims have been identified: the broadcasting giant ABS-CBN and onlin… Continue reading New Magecart victims ABS-CBN and Newegg are just the tip of the iceberg

Magecart strikes again, this time at electronics retailer Newegg

Posted on by

Code has been discovered siphoning credit card numbers from consumer technology retail website Newegg, according to security researchers from two cybersecurity companies. In reports published Wednesday by RiskIQ and Volexity, researchers discovered instances of code liked to the operators of Magecart, a group that has been behind a slew of recent, high-profile credit card number breaches. Thieves have been siphoning credit card data since Aug. 14, when a piece of Javascript was inserted into Newegg’s payment sites. That code pulled credit card numbers and sent them to a site with a similar URL — neweggstats[.]com. According to Volexity, the code wasn’t removed from the Newegg payment site until Tuesday. Newegg is an extremely popular retailer, ranking 161 on Alexa’s list of top websites in the U.S. According to SimilarWeb, the site receives 50 million visitors a month. “Over an entire month of skimming, we can assume this attack claimed a […]

The post Magecart strikes again, this time at electronics retailer Newegg appeared first on Cyberscoop.

Continue reading Magecart strikes again, this time at electronics retailer Newegg

Russian ‘Dukes’ of Hackers Pounce on Trump Win

Posted on by

Less than six hours after Donald Trump became the president-elect of the United States, a Russian hacker gang perhaps best known for breaking into computer networks at the Democratic National Committee launched a volley of targeted phishing campaigns against American political think-tanks and non-government organizations (NGOs). Continue reading Russian ‘Dukes’ of Hackers Pounce on Trump Win