Skip to main content

Posts

Showing posts from May, 2020

Kali Linux 2020.2: New look, new packages, new installer options

Offensive Security has  released  Kali Linux 2020.2, the latest iteration of the popular open-source penetration testing platform. Kali Linux 2020.2 changes Dark and light themes are now available for the KDE Plasma desktop environment. The login screen got new graphics and a new layout. New package logos for each tool There are several cosmetic changes in this newest Kali Linux release: New packages: the latest version of the GNOME desktop environment (v3.36),  Joplin  (an open-source note taking and to-do application),  Nextnet  (a pivot point discovery tool), SpiderFoot (automated OSINT collection for reconnaissance), and Python 3.8. Also, the module for Python 2 has been re-included temporarily because some tools still need it. After recently switching the default “root/toor” credentials to “kali/kali” for desktop images and making the default user account a standard, unprivileged (non-root) user, Offensive Secur...

Hackers Attacking Indian Banks via JAVA RAT To Hack Java Installed Windows, Linux, and Mac

Currently, the whole world is in lockdown due to the deadly COVID-19 pandemic, but, for the cybercriminals, this is the most luring opportunity. And as a result, recently, the cyber attackers have targeted all the co-operative banks in India. Researchers uncovered a new campaign in which the attackers have used the renewed wave of the “ Adwind Java RAT ” to initiate the attacks against the co-operative banks in India. Don’t know about the co-operative banks? The co-operative banks are small banks that are small in size, and they generally don’t have any large trained IT and cybersecurity team to handle such types of cyberattacks. Just like the other popular COVID-19 themed cyber-attacks, this Java RAT campaign also starts its operation with a spear-phishing email. But, here, the difference is that the phishing emails that the attacker send to its victims, claims to be from the Reserve Bank of India or any other large banking institution in the country. According to the Qu...

Roughly ~500 GB Of Microsoft’s Private GitHub Repositories Data Stolen!!

Recently, a hacker has claimed that he/she managed to steal more than 500GB of data from the tech giant Microsoft’s private GitHub repositories. By observing the timestamps in the files that the hacker has published, indicates that the alleged hack could have occurred on March 28, 2020.  On Wednesday evening, May 6, 2020, someone named as ‘Shiny Hunters’ have contacted the BleepingComputer security portal and clearly announced that they had hacked a Microsoft’s Private GitHub repositories. Moreover, the hacker, ‘Shiny Hunters’ told the BleepingComputer security portal that they have stolen more than 500 GB of private projects from the company’s private GitHub repositories with the intention of selling them, but somehow they changed their mind and decided to publish this data for free. Microsoft’s Private Repositories Leaked As a teaser, the hacker offers 1 GB of data on one of the hacker forums for registered users, but, somehow the members of the forum doubt the aut...

Improper Microsoft Patch for Reverse RDP Attacks Leaves 3rd-Party RDP Clients Vulnerable

Remember the  Reverse RDP Attack —wherein a client system vulnerable to a path traversal vulnerability could get compromised when remotely accessing a server over Microsoft's Remote Desktop Protocol? Though Microsoft had patched the vulnerability (CVE-2019-0887) as part of its July 2019 Patch Tuesday update, it turns out researchers were able to bypass the patch just by replacing the backward slashes in paths with forward slashes. Microsoft acknowledged the improper fix and re-patched the flaw in its February 2020 Patch Tuesday update earlier this year, now tracked as CVE-2020-0655. In the latest report shared with The Hacker News, Check Point researcher  disclosed  that Microsoft addressed the issue by adding a separate workaround in Windows while leaving the root of the bypass issue, an API function "PathCchCanonicalize," unchanged. Apparently, the workaround works fine for the built-in RDP client in Windows operating systems, but the patch is not fool-proof enough...

HTTP Status Codes Command This Malware How to Control Hacked Systems

Yes, you heard it right. A new version of COMpfun remote access trojan (RAT) has been discovered in the wild that uses HTTP status codes to control compromised systems targeted in a recent campaign against diplomatic entities in Europe. The cyberespionage malware—traced to Turla APT with "medium-to-low level of confidence" based on the history of compromised victims—spread via an initial dropper that masks itself as a visa application, the Global Research and Analysis Team at  Kaspersky  discovered. The  Turla APT , a Russian-based threat group, has a  long history  of carrying out espionage and watering hole attacks spanning various sectors, including governments, embassies, military, education, research, and pharmaceutical companies. First documented by  G-Data  in 2014, COMpfun received a significant upgrade last year (called "Reductor") after Kaspersky found that the malware was used to spy on a victim's browser activity by staging man-in-the...

Beware of Fake Microsoft Teams Notifications Aimed to Steal Employees Passwords

A new phishing campaign aimed to steal employees’ login credentials by impersonating Microsoft Teams’ notifications. Due to this COVID-19 pandemic situation, many companies moved to full-time remote work, attackers taking advantage of it. Fake Microsoft Teams Notifications Attackers use crafted emails that appear to be automated notifications emails coming from Microsoft Teams. Once the user click’s in the email it takes them to the fake landing that impersonates the real webpages of Microsoft Teams. The campaign was  observed  by Abnormal Security, according to researchers the “sender email originates from a recently registered domain, “sharepointonline-irs.com”, which is not associated with either Microsoft or the IRS.” Malicious Email Attackers used numerous URL redirection to evade malicious link detection and hide the original URL used to launch the attack. Researchers observed two such attacks that try to steal employee login credentials In one such...