News – Page 521

Magecart Hackers Hide Stolen Credit Card Data Into Images & Selling It in DarkWeb

Posted on 11 July 2021

From gbhackers.com

A brand-new technique has been used by the hackers of the Magecart threat group recently to hide stolen credit card data in the images.

In general, the threat actors of Magecart target the e-commerce websites, as their main motive is to steal credit card details. Once they are done with the stealing process, the threat actors sell the stolen data in the underground markets in Darkweb.

However, the experts opined that the threat actors usually obfuscate the malware code inside comment sections and encode the data into images that are hosted in the server.

Stories from the SOC – Office 365 account compromise and credential abuse

Posted on 10 July 2021

From cybersecurity.att.com

Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Threat Detection and Response customers.

Executive Summary

Credential abuse and compromised user accounts are serious concerns for any organization. Credential abuse is often used to access other critical assets within an organization, subsidiaries, or another partner corporation. Once an account is compromised, it can be used for data exfiltration, or to further promote the agenda of a threat actor. Threat actors often compromise the internal email accounts of legitimate organizations for many reasons including to send internal users phishing links leading to additional compromise, to send malicious emails to external users for later compromise, or create inbox rules to forward confidential emails to the threat actor’s account outside of the organization. Monitoring for events surrounding internal, inbound, and outbound email activity is important.

Cyber Criminals Sending Phishing Mails Pretending to be from Russian Government Domain

Posted on 10 July 2021

From ehackingnews.com

The administration of RSNet (Russian State Network) recommended not to open letters from unknown senders, not to click on links from emails of legitimate users of the RSNet, including from the administration of the RSNet, and also not to open attachment files contained in such emails.

According to Andrey Kovtun, the head of the mail threat protection group at Kaspersky Lab, scammers set up phishing mailings allegedly from a domain gov.ru. He explained that the attackers use a fake sender’s address webmaster@gov.ru.

FBI warns cryptocurrency owners, exchanges of ongoing attacks

Posted on 10 July 2021

From bleepingcomputer.com

FBI warns cryptocurrency owners, exchanges of ongoing attacks

The Federal Bureau of Investigation (FBI) warns cryptocurrency owners, exchanges, and third-party payment platforms of threat actors actively targeting virtual assets in attacks that can lead to significant financial losses.

The FBI issued the warning via a TLP:GREEN Private Industry Notification (PIN) designed to provide cybersecurity professionals with the information required to properly defend against these ongoing attacks.

WildPressure APT Hackers Uses New Malware to Attack Both Windows & macOS Operating Systems

Posted on 10 July 2021

From gbhackers.com

WildPressure APT Hackers Uses New Malware to Attack Both Windows & macOS Operating Systems

WildPressure has been attacking Windows for a long time, that’s why this is not the first time when Windows and macOS operating systems are being attacked by such malicious trojan.

However, in 2019 Kaspersky had detected a malicious trojan named “Milum” that has been used by the threat actors of WildPressure.

Since then Kaspersky has been tracking the Milum Trojan, and recently the threat actors have used a newer version of this Trojan to attack both Windows and macOS operating systems.

What you need to know about transatlantic data transfers

Posted on 9 July 2021

From helpnetsecurity.com

Where does data live and who can access it? This seemingly simple question is, in fact, incredibly complex in the cloud era, as servers often reside abroad and regional data rights clash with international government surveillance efforts.

This friction is evident on both side of the Atlantic after last year’s court decision that Facebook’s transfer of personal data from the EU to its headquarters in the US directly breached the General Data Protection Regulation (GDPR), leaving thousands of companies – from device manufacturers to software creators – wondering what data they can use in their products.

Hackers Use New Trick to Disable Macro Security Warnings in Malicious Office Files

Posted on 9 July 2021

From thehackernews.com

While it’s a norm for phishing campaigns that distribute weaponized Microsoft Office documents to prompt victims to enable macros in order to trigger the infection chain in the background, new findings indicate that macro security warnings can be disabled entirely without requiring any user interaction and infect victims’ computers with malware.

In yet another instance of malware authors continue to evolve their techniques to evade detection, researchers from McAfee Labs stumbled upon a novel tactic that “downloads and executes malicious DLLs (ZLoader) without any malicious code present in the initial spammed attachment macro.”