The Computer Security Incident Response Team in Italy issued an urgent alert yesterday to raise awareness about the high risk of cyberattacks against national bodies and organizations on Monday.
Category: cybercrime/malcode – Page 140
Hacker Stole Verizon Employee Data, Holds It For $250,000 Ransom
Verizon has suffered a data breach. A hacker recently accessed the company’s employee database and stole personally identifiable information about hundreds of its employees. The stolen information includes the full name, phone number, email address, and corporate ID numbers.
According to a Motherboard report, the hacker got access to the Verizon database by tricking an employee to grant them remote access to their corporate computer. They posed as internal support and convinced the victim through social engineering. Once the hacker had access to the database, they launched a script to copy the information.
“These employees are idiots,” the hacker told Motherboard in an online chat. They shared the stolen data, perhaps part of it, with the publication. The report suggests the information is accurate but unclear how up to date. The publication called some of the phone numbers and four people confirmed their full names and email addresses. They also confirmed that they work at Verizon.
Space Force rolls out cybersecurity standards for commercial providers of satellite services
WASHINGTON — The Space Systems Command on May 26 rolled out a new process to assess the cybersecurity of commercial satellite operators that do business with the Defense Department.
Under the Infrastructure Asset Pre-Approval program, or IA-Pre, commercial suppliers of satellite-based services are evaluated based on their cybersecurity practices and systems. Those suppliers that pass the government’s checklist are then placed on a pre-approved list and will not be required to complete lengthy cybersecurity questionnaires for each individual contract proposal.
“Our office will begin accepting IA-Pre applications for a limited number of assets to perform assessments,” said Jared Reece, program analyst at the Space Systems Command’s commercial services systems office.
Trend Micro fixes bug Chinese hackers exploited for espionage
Trend Micro says it patched a DLL hijacking flaw in Trend Micro Security used by a Chinese threat group to side-load malicious DLLs and deploy malware.
As Sentinel Labs revealed in an early-May report, the attackers exploited the fact that security products run with high privileges on Windows to plant and load their own maliciously crafted DLL into memory, allowing them to elevate privileges and execute code.
“Trend Micro is aware of some research that was published on May 2, 2022, regarding a purported Central-Asian-based threat actor dubbed ‘Moshen Dragon’ that had deployed malware clusters that attempted to hijack various popular security products, including one from Trend Micro,” the cybersecurity company said.
PDF smuggles Microsoft Word doc to drop Snake Keylogger malware
Threat analysts have discovered a recent malware distribution campaign using PDF attachments to smuggle malicious Word documents that infect users with malware.
The choice of PDFs is unusual, as most malicious emails today arrive with DOCX or XLS attachments laced with malware-loading macro code.
However, as people become more educated about opening malicious Microsoft Office attachments, threat actors switch to other methods to deploy malicious macros and evade detection.
Elon Musk deep fakes promote new cryptocurrency scam
Cryptocurrency scammers are using deep fake videos of Elon Musk and other prominent cryptocurrency advocates to promote a BitVex trading platform scam that steals deposited currency.
This fake BitVex cryptocurrency trading platform claims to be owned by Elon Musk, who created the site to allow everyone to earn up to 30% returns on their crypto deposits.
This scam campaign started earlier this month with threat actors creating or hacking existing YouTube accounts to host deep fake videos of Elon Musk, Cathie Wood, Brad Garlinghouse, Michael Saylor, and Charles Hoskinson.
More than 200 apps on Play Store with millions of downloads are stealing users’ passwords and sensitive information
Researchers at Trend Micro identified a set of mobile apps available on the Google Play Store performing malicious tasks in the background, including stealing user credentials and banking details from Android users. Some of these apps have nearly 100,000 downloads, so the scope of the problem is considerable.
In total, the analysis revealed the detection of 200 malicious applications that hide code from dangerous malware variants, capable of putting users of the affected devices in serious trouble.
One of the main threats identified is Facestealer, a spyware variant capable of stealing Facebook access credentials, allowing subsequent phishing campaigns, social engineering, and invasive advertising. Facestealer is constantly updated and there are multiple versions, making it easy for them to get into the Play Store.
Microsoft Warns of “Cryware” Info-Stealing Malware Targeting Crypto Wallets
Microsoft warns of “cryware” malware that steals information and exfiltrate data directly from non-custodial cryptocurrency wallets.
Microsoft is warning of an emerging threat targeting internet-connected cryptocurrency wallets, signaling a departure in the use of digital coins in cyberattacks.
The tech giant dubbed the new threat “cryware,” with the attacks resulting in the irreversible theft of virtual currencies by means of fraudulent transfers to an adversary-controlled wallet.
“Cryware are information stealers that collect and exfiltrate data directly from non-custodial cryptocurrency wallets, also known as hot wallets,” Berman Enconado and Laurie Kirk of the Microsoft 365 Defender Research Team said in a new report.
Teslas are susceptible to hacking due to bluetooth locks, cybersecurity firm says
Teslas are among the most susceptible vehicles to be hacked due to their Bluetooth locks, cybersecurity firm NCC Group said. The cars can be remotely unlocked and controlled by hackers that can exploit a vulnerability in the Bluetooth system’s security, the group said.
NCC Group researcher Sultan Qasim Khan was shown in a video opening, then driving a Tesla using a small relay device attached to a laptop. The device bridged a large gap between the Tesla and the Tesla owner’s phone, Reuters said.
“This proves that any product relying on a trusted BLE connection is vulnerable to attacks even from the other side of the world,” NCC said in a statement. BLE means Bluetooth Low Energy, and is a technology utilized in vehicles and Bluetooth locks that will automatically unlock or unlatch when an authorized device is nearby. While it is a convenience feature, it is not immune to attacks, which was the point of NCC’s experiment.