Hacks

Multiple zero-day vulnerabilities in  digital video recorders  (DVRs) for surveillance systems manufactured by Taiwan-based LILIN have been exploited by botnet operators to infect and co-opt vulnerable devices into a family of denial-of-service bots. The findings come from Chinese security firm  Qihoo 360 's Netlab team, who say different attack groups have been using LILIN DVR zero-day vulnerabilities to spread  Chalubo ,  FBot , and  Moobot  botnets at least since August 30, 2019. Netlab researchers said they reached out to LILIN on January 19, 2020, although it wasn't until a month later the vendor released a  firmware update  (2.0b60_20200207) addressing the vulnerabilities. The development comes as IoT devices are increasingly being used as an  attack surface  to launch DDoS attacks and as proxies to engage in various forms of cybercrime. What Are the LILIN Zero-Days About? The flaw in itself concerns a chain of vulnerab...

Pawn Storm having a group also known as  APT28 , Strontium, and  Fancy Bear  active since at least 2004, the group has targeted many organizations globally. The threat actors behind the hacking group use sophisticated social engineering lures, data-stealing malware, several zero-days, and even a private exploit kit. Attack on Webmail servers According to a new report from Trend Micro, the hacker group searches for vulnerable mail servers, for the past 2 years to launch sophisticated phishing campaigns. Starting from 2019 the group probes on several email servers and Microsoft Exchange services around the world. Threat actors aimed at TCP port 443 (used by webmail and Microsoft Exchange Autodiscover services), IMAP port (143, 993), PoP3 port (110, 995) and SMTP port(465, 587) are checked. Pawn Storm Phishing Campaign The attack was conducted aiming to exfiltrate data such as vulnerable systems, brute force credentials, exfiltrate email data, and send out...

Microsoft has taken down the infamous Necurs botnet that impacted more than nine million computers worldwide. The Necurs botnet is the largest spam and malware botnet. The botnet is known for distributing several malware particularly the Locky ransomware malware, the botnet believed to be operated from Russia. The Necurs botnet was first detected in 2012, it primarily acts as a dropper for other malware, between the years 2016 to 2019 the botnet emerges as largets one and responsible for 90% of the malware spread by email worldwide. Necurs Botnet TakeDown The world’s largest botnet was taken down as a coordinated operation between Microsoft and partners across 35 countries. Microsoft  said  that within a “58-day period in our investigation, for example, we observed that one Necurs-infected computer sent a total of 3.8 million spam emails to over 40.6 million potential victims.” The botnet is known for conducting various spam attacks such as stock scams, fake ...

Cybercriminals will stop at nothing to exploit every chance to prey on internet users. Even the disastrous spread of SARS-COV-II (the virus), which causes COVID-19 (the disease), is becoming an opportunity for them to likewise spread malware or launch cyber attacks. Reason Cybersecurity recently released a  threat analysis report  detailing a new attack that takes advantage of internet users' increased craving for information about the novel coronavirus that is wreaking havoc worldwide. The malware attack specifically aims to target those who are looking for cartographic presentations of the spread of COVID-19 on the Internet, and trickes them to download and run a malicious application that, on its front-end, shows a map loaded from a legit online source but in the background compromises the computer. New Threat With An Old Malware Component The latest threat, designed to steal information from unwitting victims, was first  spotted  by MalwareHunterTeam l...

A researcher discovered a critical Account takeover vulnerability in Facebook’s Authorization feature “Login with Facebook” and, it allowed attackers to steal the Access_Token and completely take over the victim’s Facebook account. Facebook using  OAuth 2.0  as an Authorization protocol that helps to exchange the token from Facebook and other third party websites. The vulnerability resides in the “Login with Facebook” feature that allowed attackers to set up a malicious website, and steak the Access token for several apps including Instagram, Oculus, Netflix, Tinder, Spotify, etc along with Facebook accounts. Once the attacker compromised the targeted accounts using the stolen tokens, he/she could able to gain full read/write privileges such as messages, photos, videos even if privacy control is set to the “only me”. Indian Security Researcher  Amol Baikar   who found this Vulnerability told  GBHackers on Security  ” This critical Faceboo...

On the same day yesterday, when the US-based telecom giant  T-Mobile admitted a data breach , the UK-based telecommunication provider Virgin Media announced that it has also suffered a data leak incident exposing the personal information of roughly 900,000 customers. What happened? Unlike the T-Mobile data breach that involved a sophisticated cyber attack, Virgin Media said the incident was neither a cyber attack nor the company's database was hacked. Rather the personal details of around 900,000 Virgin Media UK-based customers were exposed after one of its marketing databases was left unsecured on the Internet and accessible to anyone without requiring any authentication. "The precise situation is that information stored on one of our databases has been accessed without permission. The incident did not occur due to a hack, but as a result of the database being incorrectly configured," the company said in a  note published  on its website on Thursday night. Accord...