News – Page 169

Countering the Problem of Credential Theft

Posted on 14 April 2023

From intel471.com

Cybercrime has become increasingly challenging to defend against because of its scale, which has been enabled by the cybercrime-as-a-service economy. Rather than lone wolf cybercriminals performing every task needed to compromise and monetize a computer or account, those tasks are now covered by specialists. Malware and botnets can be rented. Vulnerability information can be purchased. Cybercriminals no longer have to learn how to do every action to execute an operation. They can buy the components or services needed for a specific fraud, allowing them to focus their energy on the part that delivers illicit revenue. A key component of cybercrime-as-a-service is the sale of login credentials or access to accounts.

RTM Locker, a new RaaS gains notorieties in the threat landscape

Posted on 14 April 2023

From securityaffairs.com

Researchers from cybersecurity firm Trellix have detailed the tactics, techniques, and procedures of an emerging cybercriminal gang called ‘Read The Manual RTM Locker. The group provides a ransomware-as-a-service (RaaS) and provides its malicious code to a network of affiliates by imposing strict rules.

The group aims at flying below the radar, and like other groups, doesn’t target systems in the CIS region.

“The business-like set up of the group, where affiliates are required to remain active or notify the gang of their leave, shows the organizational maturity of the group, as has also been observed in other groups, such as Conti.” reads the analysis of the gang. “The gang’s modus operandi is focused on a single goal: to fly below the radar. Their goal is not to make headlines, but rather to make money while remaining unknown. The group’s notifications are posted in Russian and English, where the former is of better quality. Based on that, it isn’t surprising that the Commonwealth of Independent States in Eastern Europe and Asia (CIS) region is off-limits, ensuring no victims are made in that area.”

Zelle users targeted with social engineering tricks

Posted on 14 April 2023

From helpnetsecurity.com

Cybercriminals have been leveraging social engineering techniques to impersonate the popular US-based digital payments network Zelle and steal money from unsuspecting victims, according to Avanan.

The phishing email

The spoofed email is cleverly crafted to look as legitimate as possible: it contains the Zelle logo, grammatically correct text, and an authentic link to the firm’s web page at the bottom of the email, in the “security and privacy” footer. However, it also includes a malicious shortened link.

Severe Android and Novi Survey Vulnerabilities Under Active Exploitation

Posted on 14 April 2023

From thehackernews.com

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

The two flaws are listed below –

CVE-2023-20963 (CVSS score: 7.8) – Android Framework Privilege Escalation Vulnerability
CVE-2023-29492 (CVSS score: TBD) – Novi Survey Insecure Deserialization Vulnerability

“Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed,” CISA said in an advisory for CVE-2023-20963.

DDoS alert traffic reaches record-breaking level of 436 petabits in one day

Posted on 13 April 2023

From helpnetsecurity.com

The dynamic nature of the DDoS threat landscape

Much of the increase comes from the pro-Russian group Killnet and others that explicitly target websites. Attacks of this nature preceded the Ukraine invasion, knocking out critical financial, government, and media sites.

“DDoS attacks threaten organizations worldwide and challenge their ability to deliver critical services,” said Richard Hummel, threat intelligence lead, NETSCOUT. “With multi-terabit-per-second attacks now commonplace, and bad actors’ arsenals continuing to grow in sophistication and complexity, organizations need a strategy that can quickly adapt to the dynamic nature of the DDoS threat landscape.”

Sports Robot browser hijacker (Improved Guide)

Posted on 13 April 2023

From 2-spyware.com

Sports Robot is a browser hijacker that changes default settings like the homepage, new tab address, and search engine to sportrobot.info. Its creators intend to impose the use of specific browsing channels in order to generate revenue through PPC advertising and data collection.

This browser extension provides no unique benefits to users and is solely designed to profit fraudsters. While their machine is affected, users may notice an increase in commercial content as well as pop-ups, banners, and surveys. This app may also direct users to unsafe websites, where they may be tricked into disclosing personal information or downloading PUPs and malware.

The creators place no value on user privacy or security and rely on rogue advertising networks to display advertisements. Aside from changing their settings, users should be concerned about the potential use of cookies^[1] to collect data on their browsing activities.

MERCURY – A Destructive Operation From Iranian Hackers Wipe Cloud Environments

Posted on 13 April 2023

From gbhackers.com

MERCURY, an Iranian nation-state group, has recently been detected by Microsoft’s Threat Intelligence team operating under the guise of a ransomware attack in hybrid environments.

Since 2017, MERCURY has been conducting espionage campaigns against targets in the Middle East, and this state-sponsored group is financially motivated.