News – Page 2 – BU-CERT

Top 6 Fraud Prevention APIs For 2022

Posted on 20 January 2022

From cybersecuritynews.com

The most effective way to reduce online fraud is to collect data on its occurrence so that the necessary measures can take place.

According to a study conducted in 2020, about 4.8 million identity theft complaints were filed. Moreover, this was a 113% rise only from 2019. More data is being asked for online, and the issue with this is that not every site can be trusted.

Fraud prevention is the most crucial in organizations such as financial institutions. Currently, many applications can be used in order to prevent fraud. Many applications have used their Application Programming Interfaces (API) to let developers use their features and integrate them into their own use cases.

Furthermore, to help you find a suitable API, we will show you the top six that can help you prevent significant fraud attacks.

New BHUNT Password Stealer Malware Targeting Cryptocurrency Wallets

Posted on 20 January 2022

From thehackernews.com

A new evasive crypto wallet stealer named BHUNT has been spotted in the wild with the goal of financial gain, adding to a list of digital currency stealing malware such as CryptBot, Redline Stealer, and WeSteal.

“BHUNT is a modular stealer written in .NET, capable of exfiltrating wallet (Exodus, Electrum, Atomic, Jaxx, Ethereum, Bitcoin, Litecoin wallets) contents, passwords stored in the browser, and passphrases captured from the clipboard,” Bitdefender researcher said in a technical report on Wednesday.

The campaign, distributed globally across Australia, Egypt, Germany, India, Indonesia, Japan, Malaysia, Norway, Singapore, South Africa, Spain, and the U.S., is suspected to be delivered to compromised systems via cracked software installers.

UK’s Cyber Security Center publishes new guidance to fight smishing

Posted on 20 January 2022

From bleepingcomputer.com

UK’s National Cyber Security Center (NCSC) has published new guidance for organizations to follow when communicating with customers via SMS or phone calls.

The goal of the new guidelines is to make it harder for scammers to trick the public and lead users to phishing sites.

This action comes in response to an alarming rise in scams that spoof popular brands, with fake parcel deliveries being the dominant theme.

The NCSC urges businesses to do their part in protecting consumers and fighting the rising threat of scams, and the main way to achieve this is by making legitimate and fraudulent communications easier to discern.

Microsoft: Hackers Exploiting New SolarWinds Serv-U Bug Related to Log4j Attacks

Posted on 20 January 2022

From thehackernews.com

Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets.

Tracked as CVE-2021-35247 (CVSS score: 5.3), the issue is an “input validation vulnerability that could allow attackers to build a query given some input and send that query over the network without sanitation,” Microsoft Threat Intelligence Center (MSTIC) said.

The flaw, which was discovered by security researcher Jonathan Bar Or, affects Serv-U versions 15.2.5 and prior, and has been addressed in Serv-U version 15.3.

FIN8 Hackers Spotted Using New ‘White Rabbit’ Ransomware in Recent Attacks

Posted on 19 January 2022

From thehackernews.com

The financially motivated FIN8 actor, in all likelihood, has resurfaced with a never-before-seen ransomware strain called “White Rabbit” that was recently deployed against a local bank in the U.S. in December 2021.

That’s according to new findings published by Trend Micro, calling out the malware’s overlaps with Egregor, which was taken down by Ukrainian law enforcement authorities in February 2021.

“One of the most notable aspects of White Rabbit’s attack is how its payload binary requires a specific command-line password to decrypt its internal configuration and proceed with its ransomware routine,” the researchers noted. “This method of hiding malicious activity is a trick that the ransomware family Egregor uses to hide malware techniques from analysis.”

OpenWeedLocator (OWL): an open-source, low-cost device for fallow weed detection

Posted on 19 January 2022

From nature.com

The use of a fallow phase is an important tool for maximizing crop yield potential in moisture limited agricultural environments, with a focus on removing weeds to optimize fallow efficiency. Repeated whole field herbicide treatments to control low-density weed populations is expensive and wasteful. Site-specific herbicide applications to low-density fallow weed populations is currently facilitated by proprietary, sensor-based spray booms. The use of image analysis for fallow weed detection is an opportunity to develop a system with potential for in-crop weed recognition. Here we present OpenWeedLocator (OWL), an open-source, low-cost and image-based device for fallow weed detection that improves accessibility to this technology for the weed control community. A comprehensive GitHub repository was developed, promoting community engagement with site-specific weed control methods. Validation of OWL as a low-cost tool was achieved using four, existing colour-based algorithms over seven fallow fields in New South Wales, Australia. The four algorithms were similarly effective in detecting weeds with average precision of 79% and recall of 52%. In individual transects up to 92% precision and 74% recall indicate the performance potential of OWL in fallow fields. OWL represents an opportunity to redefine the approach to weed detection by enabling community-driven technology development in agriculture.

Many users don’t know how to protect their broadband Wi-Fi routers

Posted on 17 January 2022

From helpnetsecurity.com

Millions of home broadband Wi-Fi routers in the UK could be at risk because many internet users do not take basic security precautions that could protect them from online threats, research from Broadband Genie has found.