Hacks

Europol Today in a coordinated International law enforcement operation, announced to shut down the global organized cybercrime network behind Imminent Monitor RAT, yet another hacking tool that allows cybercriminals to gain complete control over a victim's computer remotely. The operation targeted both buyers and sellers of the IM-RAT (Imminent Monitor Remote Access Trojan), which was sold to more than 14,500 buyers and used against tens of thousands of victims across 124 countries. The infrastructure and front-end sale website of the Imminent Monitor has also been seized as part of this operation, making the Trojan unusable for those who already bought it, as well as unavailable for the new users Promoted as a legitimate remote administration framework, the hacking tool was widely used to unauthorisedly access targeted users' computers and steal their login credentials for online banking and other financial accounts. According to Europol's press release, auth

Two third-party software development kits integrated by over hundreds of thousands of Android apps have been caught holding unauthorized access to users' data associated with their connected social media accounts. In a  blog post  published a week before, Twitter revealed that an SDK developed by  OneAudience  contains a privacy-violating component which may have passed some of its users' personal data to the OneAudience servers. Following Twitter's disclosure, Facebook today released a statement revealing that an SDK from another company,  Mobiburn , is also under investigation for a similar malicious activity that might have exposed its users connected with certain Android apps to data collection firms. Both OneAudience and Mobiburn are data monetization services that pay developers to integrate their SDKs into the apps, which then collect users' behavioral data and then use it with advertisers for targeted marketing. In general, third-party software development

If you have ever registered an account with the official Magento marketplace to bought or sold any extension, plugin, or e-commerce website theme, you must change your password immediately. Adobe—the company owning Magento e-commerce platform—today disclosed a new data breach incident that exposed account information of Magento marketplace users to an unknown group of hackers or individuals. According to the company, the hacker exploited an undisclosed vulnerability in its marketplace website that allowed him to gain unauthorized third-party access to the database of registered users — both customers (buyers) as well as the developers (sellers). The leaked database includes affected users' names, email addresses, MageID, billing and shipping address information, and some limited commercial information. While Adobe didn't reveal or might don't know when the Magento marketplace was compromised, the company did confirm that its security team discovered the breach last we

As part of its active efforts to protect billions of online users, Google identified and warned over 12,000 of its users who were targeted by a government-backed hacking attempt in the third quarter of this year. According to a  report  published by Google's Threat Analysis Group (TAG), more than 90 percent of the targeted users were hit with " credential phishing emails " that tried to trick victims into handing over access to their Google account. Google's TAG tracks over 270 government-backed hacking groups from over 50 countries that are involved in intelligence collection, stealing intellectual property, destructive cyber attacks, targeting dissidents, journalists, and activists, or spreading coordinated disinformation. The alerts were sent to targeted users between July and September 2019, which is consistent within a +/-10 percent range of the number of phishing email warnings sent in the same period of 2018 and 2017, the company said. These warnings usual

Ever required to perform penetration testing with an Undercover or in cognitive mode. Well for starter here is the good news. Offensive Security today released a new and the final version of Kali Linux for 2019 that includes a special theme to transform your Xfce desktop environment into a Windows look-a-like desktop. Dubbed ' Kali Undercover ,' the theme has been designed for those who work in public places or office environments and don't want people to spot that you're working on Kali Linux, an operating system popular among hackers, penetration testers, and cybersecurity researchers. As shown in the demo below, simply enabling "Kali Undercover Mode" from the menu would immediately turn your distinctive Kali dragon theme to the boring bluish version of the Windows operating system. Besides Kali Undercover, the latest  Kali Linux 2019.4  release, powered by Linux kernel 5.3.9, now also includes some new exciting updates, including: Xfce De

Anubis banking malware  re-emerges again and the threat actors distributing the malware on Google Play store apps to stealing login credentials to banking apps, e-wallets, and payment cards. Hackers always finding new ways to bypass the Google play store security and distributing malware via Android apps that will act as the first step in an infection routine that fetches the BankBot Anubis mobile banking Trojans via C&C server. Users are frequently get infected once they download and install the malicious apps via google play store, even though play store security inspects all the app that uploaded into Google Play, cybercriminals always implement the sophisticated techniques to evade detection. Researchers found a new downloader in-app store that linked with Anubis banking malware and this campaign contains at least 10 malicious downloaders disguised as various applications. All the Downloader distributed via Android apps can fetch more than 1,000 samples from the c

Researchers discovered a new  malware  campaign that drops two different Remote Access Trojan(RAT) on targeted Windows systems and steal sensitive information from popular browsers such as Chrome and Firefox. The samples that uncovered by Fortinet researchers drop the RevengeRAT and WSHRAT malware and it has various obfuscation functionalities that use the various stage to maintain the persistence. RAR’s Infection Process RevengeRAT The RAT has infected the victims by utilizing the different stages. When opening the malicious sample file, it contained JavaScript code in a text editor with encoded data. Once decoded its drops the VBScript code is responsible for drop the next stage of malware. The dropper then later download the second stage of malicious downloader( “A6p.vbs” file) from the external website which also contains an obfuscated strings to avoid detection. If the downloader script will be successfully executed then it establishes a connection with command

The database was available for anyone to access without a password. Recently on October 16, 2019, a team of two dark web researchers named Bob Diachenko and Vinny Troia discovered a database containing a massive trove of personal records of more than 1.2 billion people. While they were looking for exposures through  BinaryEdge  and  Shodan , they stumbled upon the server which had an IP address that could be traced to Google Cloud Services.  In total, the database was home to over 4 terabytes of data sitting in plain sight for public access. Found on an exposed Elasticsearch server; the good news is that these records did not host login credentials, social security numbers or payment card details. A look at the details shared by researchers indicates that the data was scraped from social media platforms including  Twitter ,  Facebook ,  LinkedIn  and  GitHub , a Git repository hosting service. Additionally, it contains approximately 50 million phone numbers and 622 million

Researchers discovered a critical vulnerability in Docker that allows an attacker to take complete control of the host and the containers associated with it. The Docker vulnerability resides in the copy command (cp) used in containers platforms such as  Docker ,  Podman , and  Kubernetes . This command can be used to copy files & folders between the container and the local file system. The commands can be used like below: docker cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|- docker cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH Docker Copy Command Vulnerability According to researchers, this is the first Docker cp command that leads to a full container escape after the runC vulnerability identified in February. The vulnerability can be exploited by the attacker if the docker already compromised with any previous vulnerabilities or if the user runs a malicious container image from an untrusted source. “If the user then executes the vulnerable cp command to copy files out