News – Page 4 – BU-CERT

Hackers are carrying out ransomware experiments in developing countries

Posted on 24 April 2024

From arstechnica.com

Cyber attackers are experimenting with their latest ransomware on businesses in Africa, Asia, and South America before targeting richer countries that have more sophisticated security methods.

Hackers have adopted a “strategy” of infiltrating systems in the developing world before moving to higher-value targets such as in North America and Europe, according to a report published on Wednesday by cyber security firm Performanta.

“Adversaries are using developing countries as a platform where they can test their malicious programs before the more resourceful countries are targeted,” the company told Banking Risk and Regulation, a service from FT Specialist.

Recent ransomware targets include a Senegalese bank, a financial services company in Chile, a tax firm in Colombia, and a government economic agency in Argentina, which were hit as part of gangs’ dry runs in developing countries, the data showed.

Nvidia acquires AI workload management startup Run:ai

Posted on 24 April 2024

From techcrunch.com

Nvidia is acquiring Run:ai, a Tel Aviv-based company that makes it easier for developers and operations teams to manage and optimize their AI hardware infrastructure, for an undisclosed sum.

Ctech reported earlier this morning the companies were in “advanced negotiations” that could see Nvidia pay upwards of $1 billion for Run:ai. Evidently, the negotiations went on without a hitch.

A source close to the matter tells TechCrunch that the exact price tag was $700 million.

HACKERS HIJACKED THE ESCAN ANTIVIRUS UPDATE MECHANISM IN MALWARE CAMPAIGN

Posted on 24 April 2024

From securityaffairs.com

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners.

Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Threat actors employed two different types of backdoors and targeted large corporate networks

The researchers believe the campaign could be attributed to North Korea-linked AP Kimsuky. The final payload distributed by GuptiMiner was also XMRig.

“GuptiMiner is a highly sophisticated threat that uses an interesting infection chain along with a couple of techniques that include performing DNS requests to the attacker’s DNS servers, performing sideloading, extracting payloads from innocent-looking images, signing its payloads with a custom trusted root anchor certification authority, among others.” reads the analysis published by Avast. “The main objective of GuptiMiner is to distribute backdoors within big corporate networks.”

Web3 Game Developers Targeted in Crypto Theft Scheme

Posted on 16 April 2024

From darkreading.com

A Russian threat actor is peppering game developers with fraudulent Web3 gaming projects that drop multiple variants of infostealers on both MacOS and Windows devices.

The ultimate goal of the campaign appears to be defrauding victims and stealing their cryptocurrency wallets, according to Recorded Future’s Insikt Group, which discovered the malicious activity.

Yearbook phishing campaign

Posted on 4 April 2024

by Morgan Brazier

A moderately sophisticated phishing campaign has been observed targeting multiple universities including Bournemouth University, Brighton and Warwick.

The email and subsequent registration portal masquerades as a university yearbook to harvest personally identifiable information (PII) and card details, tricking users into submitting payment and sensitive information by creating convincing emails already containing their first name and university.

Similar campaigns have been seen this time last year from different domains.

If you have been affected by this phishing campaign it is recommended you report the incident to both Action Fraud and the BU IT help desk:

https://www.actionfraud.police.uk

https://www.bournemouth.ac.uk/news/2019-03-04/contacting-it-service-desk

Hackers discover way to access Google accounts without a password

Posted on 9 January 2024

From independent.co.uk

Security researchers have uncovered a hack that allows cyber criminals to gain access to people’s Google accounts without needing their passwords.

Analysis from security firm CloudSEK found that a dangerous form of malware uses third-party cookies to gain unauthorised access to people’s private data, and is already being actively tested by hacking groups.

The exploit was first revealed in October 2023 when a hacker posted about it in a channel on the messaging platform Telegram.

New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices

Posted on 8 December 2023

From thehackernews.com

A critical Bluetooth security flaw could be exploited by threat actors to take control of Android, Linux, macOS and iOS devices.

Tracked as CVE-2023-45866, the issue relates to a case of authentication bypass that enables attackers to connect to susceptible devices and inject keystrokes to achieve code execution as the victim.