BU-CERT – Page 5 – Bournemouth University Computer Emergency Response Team

HACKERS HIJACKED THE ESCAN ANTIVIRUS UPDATE MECHANISM IN MALWARE CAMPAIGN

Posted on 24 April 2024

From securityaffairs.com

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners.

Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Threat actors employed two different types of backdoors and targeted large corporate networks

The researchers believe the campaign could be attributed to North Korea-linked AP Kimsuky. The final payload distributed by GuptiMiner was also XMRig.

“GuptiMiner is a highly sophisticated threat that uses an interesting infection chain along with a couple of techniques that include performing DNS requests to the attacker’s DNS servers, performing sideloading, extracting payloads from innocent-looking images, signing its payloads with a custom trusted root anchor certification authority, among others.” reads the analysis published by Avast. “The main objective of GuptiMiner is to distribute backdoors within big corporate networks.”

Web3 Game Developers Targeted in Crypto Theft Scheme

Posted on 16 April 2024

From darkreading.com

A Russian threat actor is peppering game developers with fraudulent Web3 gaming projects that drop multiple variants of infostealers on both MacOS and Windows devices.

The ultimate goal of the campaign appears to be defrauding victims and stealing their cryptocurrency wallets, according to Recorded Future’s Insikt Group, which discovered the malicious activity.

Yearbook phishing campaign

Posted on 4 April 2024

by Morgan Brazier

A moderately sophisticated phishing campaign has been observed targeting multiple universities including Bournemouth University, Brighton and Warwick.

The email and subsequent registration portal masquerades as a university yearbook to harvest personally identifiable information (PII) and card details, tricking users into submitting payment and sensitive information by creating convincing emails already containing their first name and university.

Similar campaigns have been seen this time last year from different domains.

If you have been affected by this phishing campaign it is recommended you report the incident to both Action Fraud and the BU IT help desk:

https://www.actionfraud.police.uk

https://www.bournemouth.ac.uk/news/2019-03-04/contacting-it-service-desk

Hackers discover way to access Google accounts without a password

Posted on 9 January 2024

From independent.co.uk

Security researchers have uncovered a hack that allows cyber criminals to gain access to people’s Google accounts without needing their passwords.

Analysis from security firm CloudSEK found that a dangerous form of malware uses third-party cookies to gain unauthorised access to people’s private data, and is already being actively tested by hacking groups.

The exploit was first revealed in October 2023 when a hacker posted about it in a channel on the messaging platform Telegram.

New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices

Posted on 8 December 2023

From thehackernews.com

A critical Bluetooth security flaw could be exploited by threat actors to take control of Android, Linux, macOS and iOS devices.

Tracked as CVE-2023-45866, the issue relates to a case of authentication bypass that enables attackers to connect to susceptible devices and inject keystrokes to achieve code execution as the victim.

Four major browsers impacted by a single zero-day vulnerability

Posted on 15 September 2023

From techmonitor.ai

Google Chrome, Microsoft Edge, Mozilla Firefox and Apple’s Safari browser have all been impacted by a single zero-day vulnerability, it has emerged. The flaw, tracked as CVE-2023-4863, is caused by a heap buffer overflow in the WebP code library. Once exploited it can lead to system crashes and arbitrary code execution, where hackers can gain control over an infected device.

CVE-2023-4863 was first identified by researchers at The Citizen Lab, a research arm of the University of Toronto. The institution subsequently informed Google and Apple of the vulnerability’s existence. Both companies have now released patches. They were joined by Mozilla, which released its own advisory on CVE-2023-4863 yesterday and updates for several versions of its Firefox browser and Thunderbird email client, and Microsoft.

Dark web price index 2023

Posted on 4 July 2023

From privacyaffairs.com

A recently published report from privacyaffairs‘ recent research revealed that, despite the impressive efforts of law enforcement to takedown and disrupt darknet markets selling illicit goods and services, the darkweb markets continue to flourish.

Some notable findigs from the report are as follows:

Sales volume: We have detected no long-term decrease in sales volume
Data volume: During this reporting period we noted that sellers and buyers preferred to transact more bulk data rather than individual goods
Prices: Most items and services we track for 3 years saw a significant decrease in pricing
No clear market leader: Unlike in 2020, 2021, and early 2022, in 2023 no market appears to dominate.
Telegram instead of websites: Telegram has become a major channel for facilitating the sale of hacked personal data.
Cloned Mastercard with PIN as usual costs around $20, at the same time for $100 they are selling stolen online banking logins with a minimum $100 on it.
Paypal accounts, PerfectMoney and other payment processing services are getting cheaper.
Verified Stripe account with payment gateway Is one of the most expensive on the list – $1200.
New payment processing services on the Dark Web: Revolut ($1600), Switzerland online banking login ($2200), Payoneer verified account ($200).
Cryptocurrency accounts were the only category that we saw to have experienced an increase: LocalBitcoins account ($70), Blockchain.com ($85), Coinbase ($250), Kraken (has significant increase in price from $250 in 2022 to $1170 in 2023).
Hacked Online Services & Entertainment Accounts as always are very cheap and very available – average price $5-$10 per account.
Fake money (mostly in 20- and 50-USD bills) is a very common and easy-to-find item.