News – Page 178

23 Most Notorious Hacks History that Fall Under OWASP Top 10

Posted on 28 March 2023

From indusface.com

Hacks and data leaks have affected many major players in recent years, including AT&T Vendor(9 Million accounts), T-Mobile (37 Million accounts), JD Sports(10 Million), MyDeal (2.2Million), Dropbox (nearly 69 million accounts), Flagstar bank (1.5 Million) and eBay (145 million).

Those were bad. But not the worst. What are the most notorious hacks in history? They’re subject to debate, but these 23 attacks categorized under OWASP Top 10 would be strong candidates for the title.

Tracking the CHM Malware Using EDR

Posted on 28 March 2023

From asec.ahnlab.com

CHM is a Help screen that is in an HTML format. Threat actors are able to input malicious scrip codes in HTMLs with the inclusion of CHM. The inserted script is executed through hh.exe which is a default OS application. MITRE ATT&CK refers to this technique where a threat actor uses a signed program or a program installed by default on an OS to execute malware as T1218 (System Binary Proxy Execution). MITRE explains that if threat actors use the T1218 technique to execute their malware, they can easily avoid process and signature-based detection due to being executed through a signed binary or a default MS program.

NCA Harvests Info on DDoS-For-Hire With Fake Booter Sites

Posted on 27 March 2023

From infosecurity-magazine.com

The UK’s National Crime Agency (NCA) has revealed it is running several fake DDoS-for-hire websites in a bid to disrupt this thriving part of the cybercrime economy.

The agency revealed the news after deciding to go public with one of these sites, by replacing it with a splash page warning users that their data had been collected by law enforcers.

The NCA didn’t say how many of the sites it had set up as part of the operation, but claimed that “several thousand” people had already accessed them in search of the “booter” services needed to launch DDoS attacks against targets.

China crisis is a TikToking time bomb

Posted on 27 March 2023

From theregister.com

OPINION As country after country bans TikTok from official systems, it’s fair to ask what’s so dodgy about a social network filled with dance crazes, makeup advice and cats.

You can understand why selling the Middle Kingdom state-of-the-art EUV lithography gear might be a bad idea, but this? Is it the xenophobia China often blames for Western reticence? Plain old trade barriers? Cold war cultural imperialism? No, it really is a security matter, and one that’s far more serious than it looks.

State security and national intelligence can look like, and often is, a proxy for political machinations. This is not that. It’s not a matter of morality or the ethical superiority of democracy. The West can bug, spy, infiltrate and deceive with the best of them. The CIA secretly owned Crypto AG, a Swiss cryptography company, and most certainly snaffled a ton of data from unsuspecting organisations as a result.

Okta Post-Exploitation Method Exposes User Passwords

Posted on 27 March 2023

From darkreading.com

A post-exploitation attack method has been uncovered that allows adversaries to read cleartext user passwords for Okta, the identity access and management (IAM) provider — and gain far-ranging access into a corporate environment.

Researchers from Mitiga discovered that the IAM system saves Okta user passwords to audit logs if a user accidentally types them in the “username” field when logging in. Threat actors who have gained access to a company’s system can then easily harvest them, elevate privileges, and gain access across multiple enterprise assets that use Okta, the researchers said.

Earth Preta’s Cyberespionage Campaign Hits Over 200

Posted on 27 March 2023

From trendmicro.com

Since 2022, we’ve been following a series of cyberespionage efforts carried out by multiple groups carried from an old campaign. It combines the collective activities carried out by subgroups of advanced persistent threat (APT) group Earth Preta (also known as Mustang Panda), representing a comprehensive network of operations for gathering sensitive information from various entities. An analysis of their deployments also revealed a level of coordination and collaboration.

Through extensive analysis and as of this writing, we discovered over 200 victims, leading to a wider intelligence analysis of the groups’ goals, different operation groups, and tactics, techniques, and procedures (TTPs). Our study aimed at understanding the different phases and facets involved in this operation, shedding light on the motives and techniques used by Earth Preta to provide valuable insights and aid in the development of effective countermeasures.

ShellBot Targets Exposed Linux SSH Servers With Three New Variants

Posted on 27 March 2023

From cyware.com

ShellBot (aka PerlBot)—a Perl-based DDoS bot malware previously seen in attacks along with CoinMiner—targets poorly managed Linux SSH servers in a new campaign. The malware scans vulnerable SSH servers over the internet, and after successful exploitation, leverages them for various malicious activities.

ShellBot was first discovered in 2017. The malware typically uses the IRC protocol to establish communication with its C2 server. It commonly uses SSH brute force technique to break into Internet-connected Linux servers with weak passwords to infect a system and mine cryptocurrency.