Hacks

Hackers abuse legitimate RDP service to use fileless attack techniques for dropping multi-purpose off-the-shelf tools for device fingerprinting and to deploy malicious payloads ranging from ransomware to cryptocurrency miners. The Remote Desktop is the built-in feature with most of the Windows installation and it has built-in file-sharing functionality that is used by the attackers as an infection vector. Abusing Remote Desktop Server Feature The infection starts by abusing the feature of the Windows Remote Desktop Server in which the  RDP  client shares the virtual network file share location named “ tsclient ” of the connected computer. Attackers use these paths to create multiple-letter directory names. PC Drives According to Bitdefender researchers  report , the attackers placed a malicious component of the attack named  worker.exe  located on the network share on the “tsclient” network location and it can be executed using explorer.exe or ...

As  promised by Apple  in August this year, the company today finally opened its bug bounty program to all security researchers, offering monetary rewards to anyone for reporting vulnerabilities in the iOS, macOS, watchOS, tvOS, iPadOS, and iCloud to the company. Since its  launch  three years ago,  Apple's bug bounty program  was open only for selected security researchers based on invitation and was only rewarded for reporting vulnerabilities in the iOS mobile operating system. However, speaking at a hacking conference in August this year, Ivan Krstić, head of Apple Security Engineering and Architecture at Apple,  announced  the company's upcoming  extended bug bounty program  which included three main highlights: an enormous increase in the maximum reward from $200,000 to $1.5 million, accepting bug reports for all of its operating systems and latest hardware, opening the program for all researchers. Now starting from tod...

A 22-year-old man who claimed to have  access to over 300 million iCloud accounts  and threatened to factory reset all accounts unless Apple pays ransom has pleaded guilty in London for trying to blackmail Apple. In March 2017, Kerem Albayrak from North London claimed to be a spokesman for a hacking group called the " Turkish Crime Family " and in possession of 319 million iCloud accounts. Albayrak gave Apple a deadline until April 7, 2017, to pay up $75,000 in crypto-currency or $100,000 worth of iTunes gift cards in return for deleting the copy of stolen database, the U.K. National Crime Agency said in a  statement , calling the blackmailer a "fame-hungry cyber-criminal." However, if the company failed to meet his demands, Albayrak threatened that he would start remotely wiping the victim's Apple devices, factory reset iCloud accounts, and dump the stolen database online. In late March 2017, the NCA's National Cyber Crime Unit arrested Albayrak at hi...

Maze exfiltrates data as well as locks down systems. Officials said they don’t know yet whether any residents’ personal information has been breached.  The Maze ransomware is likely the culprit behind the recently reported cyberattack on Pensacola, Fla. that occurred earlier this week, which downed systems citywide. In an email  sent to  county commissioners, IT administrators said that the Florida Department of Law Enforcement said that the Pensacola attack was indeed ransomware, and Maze operators quickly  took responsibility  for the incident, saying that they are demanding $1 million in ransom. As of Wednesday, Pensacola’s systems were slowly coming back online, as IT staff cleared the network of malware, officials told the  Pensacola News Journal  (online payments for Pensacola Energy and city sanitation customers remained down). It’s unclear whether the city is paying the ransom, but officials did say they don’t know yet ...

Besides rewarding ethical hackers from its pocket for responsibly reporting vulnerabilities in third-party open-source projects, Google today announced financial support for open source developers to help them arrange additional resources, prioritizing the security of their products. The initiative, called " Patch Rewards Program ," was launched nearly 6 years ago, under which Google rewards hackers for reporting severe flaws in many widely used open source software, including OpenSSH, OpenSSL, Linux kernel, Apache, Nginx, jQuery, and OpenVPN. So far, Google has paid hundreds of thousands of dollars as bounty to hackers across the world who helped improve the overall security of many crucial open source software and technologies that power the Internet, operating systems, and networks. The company has now also decided to motivate volunteer work done by the open source community by providing upfront financial help to project teams, using which they can acquire additiona...

WhatsApp, the world's most popular end-to-end encrypted messaging application, patched an incredibly frustrating software bug that could have allowed a malicious group member to crash the messaging app for all members of the same group, Just by sending a maliciously crafted message to a targeted group, an attacker can trigger a fully-destructive WhatsApp crash-loop, forcing all group members to completely uninstall the app, reinstall it, and remove the group to regain normal function. Since the group members can't selectively delete the malicious message without opening the group window and re-triggering the crash-loop, they have to lose the entire group chat history, indefinitely, to get rid of it. Discovered by researchers at Israeli cybersecurity firm  Check Point , the latest bug resided in the WhatsApp's implementation of XMPP communication protocol that crashes the app when a member with invalid phone number drops a message in the group. "When we attempt ...

A well-known APT Hackers group “OceanLotus” breach the automobile giant BMW network, and successfully installed a hacking tool called “Cobalt Strike” which help them to spy and remotely control the system. Security experts from BMW spotted that hackers penetrate the company network system and remain stayed active since March 2019. The OceanLotus APT group believed to be active on behalf of the State of Vietnam, and they mainly focus on the automobile industry. GBHackers previously  reported  various high profile malware attacks involved by the OceanLotus APT group around the globe since 2014, and the threat group targets private sectors across multiple industries, foreign governments. Last weekend, security experts from BMW take down the hacked computers and blocked the path that was used by hackers to penetrate the network. Florian Roth @cyb3rops BMW hacked by # OceanLotus in spring 2019 - used CobaltStrike - no evidence that they had acces...