Skip to main content

Posts

Showing posts from November, 2019

13 Arrested in an Europol Operation and ShutDown 'Imminent Monitor' Rat Operation

Europol Today in a coordinated International law enforcement operation, announced to shut down the global organized cybercrime network behind Imminent Monitor RAT, yet another hacking tool that allows cybercriminals to gain complete control over a victim's computer remotely. The operation targeted both buyers and sellers of the IM-RAT (Imminent Monitor Remote Access Trojan), which was sold to more than 14,500 buyers and used against tens of thousands of victims across 124 countries. The infrastructure and front-end sale website of the Imminent Monitor has also been seized as part of this operation, making the Trojan unusable for those who already bought it, as well as unavailable for the new users Promoted as a legitimate remote administration framework, the hacking tool was widely used to unauthorisedly access targeted users' computers and steal their login credentials for online banking and other financial accounts. According to Europol's press release, auth...

Caught Again Accessing Facebook and Twitter Users Data in a Malicious Android SDKs

Two third-party software development kits integrated by over hundreds of thousands of Android apps have been caught holding unauthorized access to users' data associated with their connected social media accounts. In a  blog post  published a week before, Twitter revealed that an SDK developed by  OneAudience  contains a privacy-violating component which may have passed some of its users' personal data to the OneAudience servers. Following Twitter's disclosure, Facebook today released a statement revealing that an SDK from another company,  Mobiburn , is also under investigation for a similar malicious activity that might have exposed its users connected with certain Android apps to data collection firms. Both OneAudience and Mobiburn are data monetization services that pay developers to integrate their SDKs into the apps, which then collect users' behavioral data and then use it with advertisers for targeted marketing. In general, third-party software dev...

Another Data Breach Exposing User' Account Info in Magento Marketplace

If you have ever registered an account with the official Magento marketplace to bought or sold any extension, plugin, or e-commerce website theme, you must change your password immediately. Adobe—the company owning Magento e-commerce platform—today disclosed a new data breach incident that exposed account information of Magento marketplace users to an unknown group of hackers or individuals. According to the company, the hacker exploited an undisclosed vulnerability in its marketplace website that allowed him to gain unauthorized third-party access to the database of registered users — both customers (buyers) as well as the developers (sellers). The leaked database includes affected users' names, email addresses, MageID, billing and shipping address information, and some limited commercial information. While Adobe didn't reveal or might don't know when the Magento marketplace was compromised, the company did confirm that its security team discovered the breach last we...

Even Google's around 12,000 Users where Hit By Government Hacker in 3rd Quarter of 2019

As part of its active efforts to protect billions of online users, Google identified and warned over 12,000 of its users who were targeted by a government-backed hacking attempt in the third quarter of this year. According to a  report  published by Google's Threat Analysis Group (TAG), more than 90 percent of the targeted users were hit with " credential phishing emails " that tried to trick victims into handing over access to their Google account. Google's TAG tracks over 270 government-backed hacking groups from over 50 countries that are involved in intelligence collection, stealing intellectual property, destructive cyber attacks, targeting dissidents, journalists, and activists, or spreading coordinated disinformation. The alerts were sent to targeted users between July and September 2019, which is consistent within a +/-10 percent range of the number of phishing email warnings sent in the same period of 2018 and 2017, the company said. These warnings usual...

Now Go Undercover with Latest Kali Linux OS added Windows Style Undercover Theme for Hackers

Ever required to perform penetration testing with an Undercover or in cognitive mode. Well for starter here is the good news. Offensive Security today released a new and the final version of Kali Linux for 2019 that includes a special theme to transform your Xfce desktop environment into a Windows look-a-like desktop. Dubbed ' Kali Undercover ,' the theme has been designed for those who work in public places or office environments and don't want people to spot that you're working on Kali Linux, an operating system popular among hackers, penetration testers, and cybersecurity researchers. As shown in the demo below, simply enabling "Kali Undercover Mode" from the menu would immediately turn your distinctive Kali dragon theme to the boring bluish version of the Windows operating system. Besides Kali Undercover, the latest  Kali Linux 2019.4  release, powered by Linux kernel 5.3.9, now also includes some new exciting updates, including: Xfce De...

Stealing Login credentials,E-wallets and Payment Cards Details ,Hackers now distributing Anubis Malware via Google Play Store

Anubis banking malware  re-emerges again and the threat actors distributing the malware on Google Play store apps to stealing login credentials to banking apps, e-wallets, and payment cards. Hackers always finding new ways to bypass the Google play store security and distributing malware via Android apps that will act as the first step in an infection routine that fetches the BankBot Anubis mobile banking Trojans via C&C server. Users are frequently get infected once they download and install the malicious apps via google play store, even though play store security inspects all the app that uploaded into Google Play, cybercriminals always implement the sophisticated techniques to evade detection. Researchers found a new downloader in-app store that linked with Anubis banking malware and this campaign contains at least 10 malicious downloaders disguised as various applications. All the Downloader distributed via Android apps can fetch more than 1,000 samp...

Steals Chrome and Firefox Browsers Data , Newly Evolved Malware Attack Drops Double Remote Access Trojan in Windows

Researchers discovered a new  malware  campaign that drops two different Remote Access Trojan(RAT) on targeted Windows systems and steal sensitive information from popular browsers such as Chrome and Firefox. The samples that uncovered by Fortinet researchers drop the RevengeRAT and WSHRAT malware and it has various obfuscation functionalities that use the various stage to maintain the persistence. RAR’s Infection Process RevengeRAT The RAT has infected the victims by utilizing the different stages. When opening the malicious sample file, it contained JavaScript code in a text editor with encoded data. Once decoded its drops the VBScript code is responsible for drop the next stage of malware. The dropper then later download the second stage of malicious downloader( “A6p.vbs” file) from the external website which also contains an obfuscated strings to avoid detection. If the downloader script will be successfully executed then it establishes a connection with...

1.2 billion people’s data Database leaked online without password

The database was available for anyone to access without a password. Recently on October 16, 2019, a team of two dark web researchers named Bob Diachenko and Vinny Troia discovered a database containing a massive trove of personal records of more than 1.2 billion people. While they were looking for exposures through  BinaryEdge  and  Shodan , they stumbled upon the server which had an IP address that could be traced to Google Cloud Services.  In total, the database was home to over 4 terabytes of data sitting in plain sight for public access. Found on an exposed Elasticsearch server; the good news is that these records did not host login credentials, social security numbers or payment card details. A look at the details shared by researchers indicates that the data was scraped from social media platforms including  Twitter ,  Facebook ,  LinkedIn  and  GitHub , a Git repository hosting service. Additionally, it contains ...