Skip to main content

Posts

Showing posts from April, 2020

Law enforcement and Microsoft Shutdown a Major Malware Attack by Mapping 400,000 IP’s

Microsoft’s Digital Crimes Unit (DCU) uncovered an IoT botnet operation that 100 times within one month. Analyzing further DCU team able to map 400,000 publicly available IPs and narrowed 90 suspicious IPs. The botnets continue to increase, as the threat actors can abuse millions of devices to carry out malicious activities. Major Malware Attack Out of 90 suspicious IP DCU able to define one IP that associated with the distribution of several malicious activities including malware, phishing emails, ransomware, and DDoS attacks. The issue has been further reported by DCU to Taiwan’s Ministry of Justice Investigation Bureau (MJIB), who tracked down the illegal VPN IP quickly and the accounts behind it. Generally, cybercriminals use compromise PCs to launch cyberattacks, but this time an IOT LED light control console is used. MJIB managed to shut down the device quickly. “This case marks a milestone. That’s because we were able to take down the IoT device and secure the br...

One of kind attack used by Malicious USB Drives Infecting around ~35k PC's With Crypto-Mining Botnet

Cybersecurity researchers from ESET on Thursday said they took down a portion of a malware botnet comprising at least 35,000 compromised Windows systems that attackers were secretly using to mine Monero cryptocurrency. The botnet, named "VictoryGate," has been active since May 2019, with infections mainly reported in Latin America, particularly Peru accounting for 90% of the compromised devices. "The main activity of the botnet is mining Monero cryptocurrency,"  ESET said . "The victims include organizations in both public and private sectors, including financial institutions." ESET said it worked with dynamic DNS provider No-IP to take down the malicious command-and-control (C2) servers and that it set up fake domains (aka sinkholes) to monitor the botnet's activity. The sinkhole data shows that between 2,000 and 3,500 infected computers connected to the C2 servers on a daily basis during February and March this year. According to ESET researcher...

New Zoom Flaw Let Hackers to Record Meetings Anonymously Even Recording Disabled

A new Zoom flaw lets hackers record Zoom meeting sessions and to capture the chat text without the knowledge of meeting participants’ even though host disables recording option for the participants. Zoom is an online video communication platform that has features such as video conferencing, online meetings, chat, and mobile collaboration. Zoom Malware Injection Process Security researchers from Morphisec Labs observed a new vulnerability that lets malware injects into the Zoom process without any interaction even the recording option disabled for the user. At the time of recording none of the participants aware that the session is recorded and the Zoom malware has full control over the outputs. This opens a way for hackers to spy on Zoom sessions, as hackers already started selling thousands of  Compromised Usernames and Passwords  of Zoom Accounts Listed on Dark Web Forum. “Furthermore, Zoom is usually a trusted application; turning it into an info-stealer in...

IT Services Giant Cognizant Hit by Maze Ransomware Cyber Attack

Cognizant Technology Solutions Corp, one of the largest IT services providers hit by Maze Ransomware Cyber Attack which causes service disruptions to its clients. The company has more than 300,000 employees and it provides IT services, including digital, technology, consulting, and operations services. Maze Ransomware Attack – Cognizant The company started emailing their client on Friday, stating that their internal systems hit by Maze ransomware attack. “Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack,” reads the company statement. Vitali Kremez @VK_Intel High alert related to the yet another ransomware attack perpetrated by the Maze group possibly affecting @ Cognizant . Reviewing & mitigating against the usual Maze TTPs (including RDP + remote services as an attack vector) is advisable. Pushed # YARA https:// github.c...

Hackers Attack Taxpayers Computers Using Netwire RAT via Weaponized Microsoft Excel 4.0

With tax season upon us, Researchers from FortiGuard Labs observed that a new NetWire RAT is spreading in wild using legacy MS Excel 4.0 named “1040 W2 IRS letter.xls” to perform keylogger functions such as capturing screenshots, collecting credentials and so on from victim machines. In the past, Many NetWire RAT  campaigns  primarily target verticals like financial services, businesses, and educational institutions.  It is a multiplatform  RAT  typically delivered via malspam attachments that contain Microsoft Office files with embedded executables. It has emerged in the wild from 2012 onwards with improved remote access features and is commercially available in the dark web. Netwire RAT campaigns  This is the first time, Researchers  observed  NetWire RAT being spread in an Excel file using an Excel 4.0 Macro. Excel 4.0 was introduced in 1992, contained an early version of Macro Excel 4.0 macros (also called XLM macr...

Over 700 Malicious Typosquatted Libraries Found On RubyGems Repository

As developers increasingly embrace off-the-shelf software components into their apps and services, threat actors are abusing open-source repositories such as RubyGems to distribute malicious packages, intended to compromise their computers or backdoor software projects they work on. In the latest research shared with The Hacker News, cybersecurity experts at ReversingLabs revealed over  700 malicious gems  — packages written in Ruby programming language — that supply chain attackers were caught recently distributing through the RubyGems repository. The malicious campaign leveraged the  typosquatting technique  where attackers uploaded intentionally misspelled legitimate packages in hopes that unwitting developers will mistype the name and unintentionally install the malicious library instead. ReversingLabs said the typosquatted packages in question were uploaded to RubyGems between February 16 and February 25, and that most of them have been designed to secretly ...