Hacks

Researchers uncovered a new wave of an APT campaign that target the Indian financial institutions with the powerful Crimson RAT to compromise the network devices and exfiltrate the sensitive data. Crimson RAT was initially observed in 2016 that targeted the Indian diplomatic and military resources on behalf of APT attack, since then threat actors are continuously targeting the financial, healthcare, and space technology sectors. The recently observed campaign has specifically targeted the Indian Financial institutions with  spear-phishing  emails. Crimson RAT Infection Process  A Phishing email campaign contains a malicious attachment and the email send to a targeted organization in two different ways. A first method malformed Email campaign hit the target with a malicious link that pointed to PE (executable) file that contains two ZIP files with an embedded document. Once the payload executed by the victim, it automatically checks the OS version of the ...

Cybersecurity researchers today uncovered an ongoing new Magecart skimmer campaign that so far has successfully compromised at least 19 different e-commerce websites to steal payment card details of their customers. According to a  report  published today and shared with The Hacker News, RiskIQ researchers spotted a new digital skimmer, dubbed " MakeFrame ," that injects HTML iframes into web-pages to phish payment data. MakeFrame attacks have been attributed to Magecart Group 7 for its approach of using the compromised sites to host the skimming code, load the skimmer on other compromised websites, and siphoned off the stolen data. Magecart attacks usually involve bad actors compromising a company's online store to siphon credit card numbers and account details of users who're making purchases on the infected site by placing malicious JavaScript skimmers on payment forms. It's the latest in a series of attacks by Magecart, an umbrella term for eight differen...

Zoom has been there for nine years, but the immediate requirement of an easy-to-use video conferencing app during the coronavirus pandemic made it overnight a favorite tool for millions of people. Though Zoom is an efficient online video meeting solution, it's still not the best choice in terms of privacy and security. According to the latest finding by cybersecurity expert  @_g0dmode , which was also  confirmed  by researcher Matthew Hickey and  Mohamed A. Baset , the Zoom client for Windows is vulnerable to the ' UNC path injection ' vulnerability that could let remote attackers steal login credentials for victims' Windows systems The attack involves the SMBRelay technique wherein Windows automatically exposes a user's login username and NTLM password hashes to a remote SMB server when attempting to connect and download a file hosted on it. The attack is possible only because Zoom for Windows supports remote UNC paths, which converts such potentially insec...

Cybersecurity researchers today uncovered a sustained malicious campaign dating back to May 2018 that targets Windows machines running MS-SQL servers to deploy backdoors and other kinds of malware, including multi-functional remote access tools (RATs) and cryptominers. Named " Vollgar " after the Vollar cryptocurrency it mines and its offensive "vulgar" modus operandi, researchers at  Guardicore Labs  said the attack employs password brute-force to breach Microsoft SQL servers with weak credentials exposed to the Internet. Researchers claim the attackers managed to successfully infect nearly 2,000-3,000 database servers daily over the past few weeks, with potential victims belonging to healthcare, aviation, IT & telecommunications, and higher education sectors across China, India, the US, South Korea, and Turkey. Thankfully for those concerned, researchers have also  released a script  to let sysadmins detect if any of their Windows MS-SQL servers have b...