On an incident response engagement, CISA found that cybercriminals exploited VPN flaws to acquire access and deploy Supernova malware on SolarWinds.
Category: cybercrime/malcode – Page 137
An unprecedented event occurred a few hours ago when, by mistake, thousands of users received an email from Twitter requesting users to confirm their accounts, giving the impression of being a massive phishing attack. This incident, which began around 10:00 PM on Thursday, impacted individual and business accounts alike.
The subject line of these messages only mentioned the phrase “Confirm your Twitter account”, and included a button to complete the action. While these messages seemed legitimate, the cybersecurity community soon began to question their provenance and intentions, as this clearly seemed like a simple but effective phishing attack.
During the minutes following the sending of this message, users began posting their doubts on Twitter and other social media platforms.
A new phishing campaign targets specific targets by trying to distribute various remote access Trojan (RAT) variants. According to Cisco Talos Intelligence researchers, this hacking campaign was identified as “Fajan” and could be being operated from an Arabic-speaking country.
Experts believe this campaign would have started in early March, starting with a commitment to “low-profile” targets to determine whether malware samples were properly distributed or some debugging process was needed.
Attacks begin in the form of emails specifically addressed to Bloomberg Industry Group customers. This company adds news content on platforms for various industries, such as law, taxes and accounting, and government, and sells them to its various customers.
Human Security cybersecurity specialists reveal the finding of a massive botnet made up of compromised Android devices. This malicious operation, identified as Pareto, would aim to conduct advertising fraud related to payment connected television (CTV) services and would so far be made up of about one million infected devices.
As you will recall, the term botnet refers to a network of computer systems committed to a specific malware variant, executed autonomously and automatically and under remote control by attack operators.
Experts say hackers have used dozens of mobile apps to mimic the image of over 6000 CTV apps, equivalent to around 650 million ad requests per day. This botnet was first identified in 2020 and since then companies such as Google and Roku have tried to mitigate their progress, although operators have managed to grow inordinately.
A recent security report mentions that a dark web leak containing access keys has been published to more than 1.3 million Windows Remote Desktop servers. This is a clear indication of the scope of cybercrime and could even be binding on other incidents of which cybersecurity community knows little.
It’s not all bad news, as network administrators will also benefit from a new service launched by advanced cybersecurity firm Advanced Intel called RDPwned that allows you to verify whether an organization’s RDP credentials have been sold on the hacking black market.
As users may remember, Remote Desktop Protocol (RDP) is a Microsoft remote access solution that allows users to remotely access applications and the desktop of a Windows device. Due to their frequent use in corporate networks, malicious hackers develop an important market around the theft and sale of stolen access credentials to multiple public and private organizations.
Like crafty genies, AIs will grant our wishes, and then hack them, exploiting our social, political, and economic systems like never before.
Hackers have retooled an Xcode malware campaign to work with Apple’s new M1 chips and steal data from cryptocurrency apps.
Cambridge Quantum Computing (CQC) hiring Stephen Clark as head of AI last week could be a sign the company is boosting research into ways quantum computing could be used for natural language processing.
Quantum computing is still in its infancy but promises such significant results that dozens of companies are pursuing new quantum architectures. Researchers at technology giants such as IBM, Google, and Honeywell are making measured progress on demonstrating quantum supremacy for narrowly defined problems. Quantum computers with 50–100 qubits may be able to perform tasks that surpass the capabilities of today’s classical digital computers, “but noise in quantum gates will limit the size of quantum circuits that can be executed reliably,” California Institute of Technology theoretical physics professor John Preskill wrote in a recent paper. “We may feel confident that quantum technology will have a substantial impact on society in the decades ahead, but we cannot be nearly so confident about the commercial potential of quantum technology in the near term, say the next 5 to 10 years.”
CQC has been selling software focused on specific use cases, such as in cybersecurity and pharmaceutical and drug delivery, as the hardware becomes available. “We are very different from the other quantum software companies that we are aware of, which are primarily focused on consulting-based revenues,” CQC CEO Ilyas Khan told VentureBeat.
Cybersecurity specialists report that a hacker is selling real-time access to a single-use password system, allowing cybercriminals to access Facebook, Twitter, Google, Amazon, Microsoft, Signal, Telegram accounts, among many others without having to obtain multi-factor authentication codes.
This report should be taken seriously, as a related attack could engage billions of users. In turn, cybersecurity experts point out that this is the consequence of using servers that handle OTP requests from online service users.
The first reports on this hacker were published by researcher Rajshekhar Rajaharia, who mentions that the hacker offers 50 GB of data extracted from multiple sources and webshell access to the OTP generating platform. The seller asks for about $5000 USD in cryptocurrency, although Rajaharia notes that initially the hacker planned to sell this information for about $18000 USD.