Hacks

Currently, the whole world is in lockdown due to the deadly COVID-19 pandemic, but, for the cybercriminals, this is the most luring opportunity. And as a result, recently, the cyber attackers have targeted all the co-operative banks in India. Researchers uncovered a new campaign in which the attackers have used the renewed wave of the “ Adwind Java RAT ” to initiate the attacks against the co-operative banks in India. Don’t know about the co-operative banks? The co-operative banks are small banks that are small in size, and they generally don’t have any large trained IT and cybersecurity team to handle such types of cyberattacks. Just like the other popular COVID-19 themed cyber-attacks, this Java RAT campaign also starts its operation with a spear-phishing email. But, here, the difference is that the phishing emails that the attacker send to its victims, claims to be from the Reserve Bank of India or any other large banking institution in the country. According to the Qu...

Recently, a hacker has claimed that he/she managed to steal more than 500GB of data from the tech giant Microsoft’s private GitHub repositories. By observing the timestamps in the files that the hacker has published, indicates that the alleged hack could have occurred on March 28, 2020.  On Wednesday evening, May 6, 2020, someone named as ‘Shiny Hunters’ have contacted the BleepingComputer security portal and clearly announced that they had hacked a Microsoft’s Private GitHub repositories. Moreover, the hacker, ‘Shiny Hunters’ told the BleepingComputer security portal that they have stolen more than 500 GB of private projects from the company’s private GitHub repositories with the intention of selling them, but somehow they changed their mind and decided to publish this data for free. Microsoft’s Private Repositories Leaked As a teaser, the hacker offers 1 GB of data on one of the hacker forums for registered users, but, somehow the members of the forum doubt the aut...

A new phishing campaign aimed to steal employees’ login credentials by impersonating Microsoft Teams’ notifications. Due to this COVID-19 pandemic situation, many companies moved to full-time remote work, attackers taking advantage of it. Fake Microsoft Teams Notifications Attackers use crafted emails that appear to be automated notifications emails coming from Microsoft Teams. Once the user click’s in the email it takes them to the fake landing that impersonates the real webpages of Microsoft Teams. The campaign was  observed  by Abnormal Security, according to researchers the “sender email originates from a recently registered domain, “sharepointonline-irs.com”, which is not associated with either Microsoft or the IRS.” Malicious Email Attackers used numerous URL redirection to evade malicious link detection and hide the original URL used to launch the attack. Researchers observed two such attacks that try to steal employee login credentials In one such...

Microsoft’s Digital Crimes Unit (DCU) uncovered an IoT botnet operation that 100 times within one month. Analyzing further DCU team able to map 400,000 publicly available IPs and narrowed 90 suspicious IPs. The botnets continue to increase, as the threat actors can abuse millions of devices to carry out malicious activities. Major Malware Attack Out of 90 suspicious IP DCU able to define one IP that associated with the distribution of several malicious activities including malware, phishing emails, ransomware, and DDoS attacks. The issue has been further reported by DCU to Taiwan’s Ministry of Justice Investigation Bureau (MJIB), who tracked down the illegal VPN IP quickly and the accounts behind it. Generally, cybercriminals use compromise PCs to launch cyberattacks, but this time an IOT LED light control console is used. MJIB managed to shut down the device quickly. “This case marks a milestone. That’s because we were able to take down the IoT device and secure the br...

Pawn Storm having a group also known as  APT28 , Strontium, and  Fancy Bear  active since at least 2004, the group has targeted many organizations globally. The threat actors behind the hacking group use sophisticated social engineering lures, data-stealing malware, several zero-days, and even a private exploit kit. Attack on Webmail servers According to a new report from Trend Micro, the hacker group searches for vulnerable mail servers, for the past 2 years to launch sophisticated phishing campaigns. Starting from 2019 the group probes on several email servers and Microsoft Exchange services around the world. Threat actors aimed at TCP port 443 (used by webmail and Microsoft Exchange Autodiscover services), IMAP port (143, 993), PoP3 port (110, 995) and SMTP port(465, 587) are checked. Pawn Storm Phishing Campaign The attack was conducted aiming to exfiltrate data such as vulnerable systems, brute force credentials, exfiltrate email data, and send out...

Patch Tuesday Microsoft released a security update for February under Patch Tuesday with the fixes for 99 vulnerabilities that affected various Microsoft products, including Actively exploited Internet Explorer zero-day vulnerability. Microsoft recently achieved a big milestone of 1 billion Windows 10 users, and Microsoft issued current security updates for all the Windows 10 users. Microsoft listed 12 vulnerabilities under “Critical” severity, 87 are listed as Important in severity out of 99 vulnerabilities. The February security release consists of security updates for the following software: Microsoft Windows Microsoft Edge (EdgeHTML-based) Microsoft Edge (Chromium-based) ChakraCore Internet Explorer Microsoft Exchange Server Microsoft SQL Server Microsoft Office and Microsoft Office Services and Web Apps Windows Malicious Software Removal Tool Windows Surface Hub This updates fixed one of the notable actively exploited  internet explorer zero-day vuln...