Displaying items by tag: Hacking
Minecraft Mods stuffed with Malware Used to Target Windows and Linux
As we hear more about Supply Chain attacks and the need for Software Build of Materials we are now hearing of an attack on the popular game, Minecraft. It seems that attackers are leveraging popular Modding platforms to push out information stealing malware (Fractureiser). They are accomplishing this by injecting malicious code into modifications that are then uploaded to different platforms. These are then downloaded and installed by unwary gamers.
More Ransomware as a Service Fun as Cyclops Gang Now Offers Value Add Information Stealer
Anyone that does not think that cybercrime is now a bug business has been living under a rock. The news related to different cybercrime-as-a-service groups, especially ransomware, has never been more frequent. We have seen groups offer larger profit sharing, special tools, access to customization tools and now we hear that the Cyclops group is even offering an information stealer as something of a value add if you use their services.
Why SBOM is in the News and Why it is Important
Since Executive Order 14028 came out on May 12th from the Biden Administration there has been a lot of talk about what it means and what are the legal and regulatory ramifications of this order. While the larger conversation is one for a later (and much longer) article the overall tone of the EO is one that highlights a desire to centralize control over cybersecurity at the federal level, but not a lot of direct regulatory changes. Everything is recommendations, or guidelines. There is nothing in EO14038 that makes any real changes. Now that is both a good thing and a bad thing. On the one hand it means that organizations have time to adapt to the tone and general message of the EO and new cybersecurity requirements, and on the other hand, as we are already in an election cycle, many companies are likely to adopt a wait and see attitude towards any changes. One area is around SBOM, or Software Build of Materials.
Attackers Drop Card Stealing Scripts into Legitimate eCommerce Sites
So, there you are, you have found the one thing in all the internet that will make your object drive life complete. You put the fabulous object into your cart, giddily fumble out your credit card and enter those embossed numbers into the checkout screen and click to start the journey of your newfound treasure. Unbeknownst to you, attackers had previously injected skimming scripts into the site and captured all your card data for use later, or to sell in bulk on a dark web marketplace later.
MOVEit Transfer Zero Day gets added to the KEV and a Cool New Web Shell
Spring, the time of renewal, the time when nature wakes up. It is also a time when Zero-Day flaws hit the web. This year has been no different with many Zero-Day flaws identified in April and May 2023. The reasons for this are varied, but commonly we see Zero-Day flaws identified after everyone comes back from their Holiday vacations and after budgets are done, the money is available and initiatives for thew new year start. One of the more interesting zero-days for 2023 was a flaw found in MOVEit Transfer software.
Google’s Verification Feature in Gmail already Abused by Scammers and Phishers
The news that a feature in Gmail that shows a verification check mark for a sender is being abused by attackers should come as a surprise to no one. After all attackers have coopted, code singing certificates, legitimate web sites, and more as part of their attack processes, why wouldn’t a simple blue check mark be difficult? The new feature was introduced last month and, on the surface, looks like a great idea. Show that the sender of an email is who they say they are.
New APT Group targeting iOS Users with Zero-Click Malware, US gets the Blame
There is a new bit of malware targeting iOS users via iMessage from what appears to be a new APT (Advanced Persistent Threat) group. The campaign appears to have been in play since some time in 2019. The malware, according to researchers, leverages iMessage to send the targeted user an attachment that then runs with Root Privileges on the device. The result is a complete takeover of the device in question.
Claimed EDR Killer Found to be a Vulnerable AV Driver Similar to Past Evasion Techniques
A couple of days ago an email was sent to me about a new tool kit being sold on the darker side of the internet. The claim what that this new tool could kill the processes behind “any” AV, EDR, or XDR running on Windows 7 and newer. The same email included a link to what was supposed to be proof of its efficacy. I opened the link in a sandbox on a controlled VM just to be sure the link was not malicious all on its own. What I saw was nothing all that new, although it was a bit worrying.
The Barracuda Zero Day Flaw Shows Us Why Mean Time to Remediation Matters
On May 19th 2023 Barracuda disclosed that there was a critical vulnerability in their Email Security Gateway appliances. This vulnerability is tracked under CVE-2023-2868 and is listed as a remote command injection vulnerability. The flaw is present in software versions 5.1.3.001 up to 9.2.0.006 for the ESG appliances only. As this was disclosed as a Zero-Day vulnerability there was an accelerated patch release schedules with the first patches made available on May 20th.
Google’s New Zip Domains Can be Easily Abused for Phishing and Malware Payloads
This one will get filed in the “you knew it was going to happen” file. After the announcement of a few new top-level domains (TLDs) including .zip and .mov by Google the security world silently shook its head. The concept of using file extensions as TLDs is one that defies logic. As soon as I read about these new domains, I knew someone was going to create phishing or malware attacks with URLs that look like common file names. These attacks can leverage modern web design to make a target think they are using an application to run or open the file when they are really executing commands in the background to compromise their systems. Lo and behold! We now have file archiver in the browser as shown off by mr.d0x.