Search Results for “Charlie Osborne”


April 17, 2020
Charlie Osborne / ZDNet

Charlie Osborne / ZDNet  
New PoetRAT Trojan Targets Azerbaijan Public and Private Sector Victims, Particularly Energy Sector Organizations, Gives Attackers Full Control Over Compromised Systems

A new campaign that uses Word documents to drop malware based on a previously unknown family dubbed “PoetRAT” is targeting the Azerbaijan public and private sectors, especially the energy sector, using coronavirus lures, researchers at Cisco Talos report. The researchers say that the threat actor is unknown but uses URLs that mimic some Azerbaijan government domains. PoetRAT has all the standard features of a Python-based remote access trojan (RAT) and is capable of giving the attacker full control over the compromised system.

March 18, 2020
Charlie Osborne / ZDNet

Charlie Osborne / ZDNet  
Over 500,000 Highly Sensitive and Private Legal, Financial Documents Left Exposed in Unprotected AWS S3 Bucket

vpnMentor discovered 425GB in sensitive financial documents exposed on the Internet that appear to link to MCA Wizard, an iOS and Android app developed by two companies: Advantage Capital Funding and Argus Capital Funding. Over 500,000 highly sensitive and private legal and financial documents were exposed, leaving numerous parties vulnerable to the risk of fraud and theft. The now-disbanded iOS/Android application was developed as a Merchant Cash Advance (MCA) instrument used to provide businesses with short-term loans based on their future credit card-based sales. The database, first uncovered in December 2019, is an Amazon Web Services (AWS) S3 bucket that was not using any form of encryption, authentication, or access credentials. vpnMentor reached out to Advantage and Argus to inform them of the leak, but emails sent to the entities mentioned bounced back. After contacting Amazon, the database was closed in January 2020.

March 16, 2020
Charlie Osborne / ZDNet

Charlie Osborne / ZDNet  
Europol and Local Law Enforcement Bust Twenty-Six Across Europe in Crackdown on SIM Swapping Attacks

In a crackdown on SIM swapping attacks, Europol, with help from local law enforcement, made a series of twenty-six arrests across Europe under the name “Operation Quinientos Dusim.” Europol’s European Cybercrime Centre (EC3), the Spanish National Police, and Spanish Civil Guard arrested 12 suspects across Benidorm, Granada, and Valladolid. Law enforcement in Romania and Austria arrested a further 14 alleged members of a separate gang under “Operation Smart Cash.” The first hacking ring is believed to be responsible for the theft of over €3 million (around $3.3 million) in a series of SIM-swapping attacks.

June 25, 2019
Charlie Osborne / ZDNet

Charlie Osborne / ZDNet  
Social Engineering Forum Social Engineered Hacked With Data Leaked on Rival Website, Now-Patched Flaw in MyBB Blamed

Social engineering forum Social Engineered has been compromised and its users’ data leaked on an unnamed rival website. The data exposed includes 89,000 unique email addresses linked to 55,000 forum account holders, usernames, IP addresses, and passwords stored as salted MD5 hashes. Moreover, private messages sent by users were also included in the data dump, according to Have I Been Pwned. Social Engineered says a critical stored XSS bug in MyBB,  a free open-source, free software for creating and maintaining forums, is to blame for the breach.  The vulnerability was patched in MyBB version 1.8.21, released on June 10 but Social Engineered has now moved over to the XenForo platform.

Related: ZDNet Security, Tweets Journos, Cyware News, Cyware News, ZDNet Security, Cyware News, TechNadu, Tweets Journos, Social Engineered, SC Magazine, Security Affairs, E Hacking News

Tweets:@SecurityCharlie @TroyHunt


July 18, 2019
Charlie Osborne / ZDNet

Charlie Osborne / ZDNet  
Bluetooth Flaw Can Expose Windows, macOS Devices to Tracking, ID Leaking, Researchers

A flaw in the Bluetooth communication protocol may expose modern device users to tracking and could leak their IDs, researchers from Boston University David Starobinski, David Li and Johannes Becker said at the 19th Privacy Enhancing Technologies Symposium, in Stockholm. The vulnerability can be used to spy on users despite native OS protections that are in place and impacts Bluetooth devices on Windows 10, iOS, and macOS machines. The researchers say that many Bluetooth devices will use MAC addresses when advertising their presence to prevent long-term tracking, but they found that it is possible to circumvent the randomization of these addresses to permanently monitor a specific device. The Android operating system is immune because it does not continually send out advertising messages.

Related: MacRumorsDark Reading: Attacks/Breaches, Slashdot, MacDailyNews, iDownload BlogThreatpost, Tom’s Guide, Pet Symposium (PDF)


June 17, 2019
Charlie Osborne / ZDNet

Charlie Osborne / ZDNet  
New Strain of Houdini Malware Targets Financial Institutions and Customers via Phishing Campaigns, Available on Dark Web for $50 per Month

A new strain of Houdini malware, also known as HWorm, was released by its author on June 2, 2019 and has been detected in campaigns against financial institutions and their customers, researchers from Cofense say. The new variant, dubbed WSH Remote Access Tool (RAT), seeks to steal online banking credentials which can be used to make fraudulent purchases and spreads via phishing campaigns that use emails masquerading as legitimate communication from banks including HSBC. Each module of the new malware has been developed by third parties and are not the original work of the WSH RAT creator. WSH RAT is for sale in underground forums on a $50 per month subscription basis.

April 7, 2019
Charlie Osborne / ZDNet

Charlie Osborne / ZDNet  
U.S.-Based Scammers Launched Numerous Strains of Banking Malware Possibly Linked to Necurs Botnet

From May 2018 to last month, scammers used data centers located in the United States to launch Neutrino, IcedID, GandCrab, and Dridex banking malware strains, among others, against English-speaking web users to steal millions of dollars from international banks, according to researchers at Bromium. The operation relied on more than a dozen U.S. data centers, with 11 web servers hosted at BuyVM, a virtual private server company in Nevada, an unusual location given that most criminal hackers try to keep their operations out of reach of the FBI. The hackers might be related to the global cybercrime gang that operates the Necurs botnet.

Related: Dark Reading: Attacks/Breaches, Cyberscoop, Techradar, Cybersecurity ReviewSC Magazine, Bromium, IT Pro, Infosecurity Magazine, Decipher, ZDNet


April 10, 2019
Charlie Osborne / ZDNet

Charlie Osborne / ZDNet  
Slick Grab and Go Information Stealer Baldr Is Making the Rounds in Russian Underground Forums

A “high-level functionality” information stealer called Baldr that operates in the “grab and go” mode is making the rounds in Russian underground forums, according to researchers at Malwarebytes. Baldr is able to gather user profile data including browser information, as well as detecting the existence of cryptocurrency wallets, VPNs, Telegram, and Jabber and cycles through PC files and folders to steal information from important file types. Malwarebytes believes that Baldr is likely the work of three prominent hackers who operate on Russian forums, “Agressor,” also known as Agri_MAN, “Overdot,” and “LordOdin.”

June 10, 2019
Charlie Osborne / ZDNet

Charlie Osborne / ZDNet  
Exposed Database Belonging to Shanghai Jiao Tong University Containing 8.4TB in Email Metadata Discovered

An exposed ElasticSearch database belonging to Shanghai Jiao Tong University containing 8.4TB in email metadata was discovered through a Shodan search on May 22 by Cloudflare Director of Trust & Safety Justin Paine. The open database contained 9.5 billion rows of data and was active at the time of discovery. The bulk email cache related to email being sent “by a specific person,” according to the researcher, and also included the IP addresses and user agents of those checking their email. Within 24 hours after being notified of the open server, the university plugged the leak.

May 31, 2019
Charlie Osborne / ZDNet

Charlie Osborne / ZDNet  
Pyramid Hotel Group Leaked 85GB of Data Via Unsecured Database, Exposed Information Included Security Logs for Major Hotels, Hotel Employee Data

An unsecured database belonging to hotel and resort management company The Pyramid Hotel Group exposed 85GB of data including the security logs of major hotels including Marriott locations VpnMentor researchers Noam Rotem and Ran Locar and company co-founder Ariel Hochstadt discovered. Pyramid manages 90  properties include 19 Marriott locations, Sheraton hotels, Plaza resorts, and Hilton Hotel properties, alongside a number of independent hotels. The unsecured server, which has an Elasticsearch database instance in Port 9200, allowed unrestricted access to security audit logs generated by Wazuh, an open-source intrusion detection system. The exposed information stems back to April 19, 2019 and includes server API keys and passwords, device names, IP addresses of incoming connections, firewall and open port data, malware alerts, restricted applications, login attempt records, application errors, and both brute-force attack detection and malware infection logs are all included. Also exposed were detailed data for hotel employees, such as their full names and usernames, local PC names and addresses, server names and operating system details, cybersecurity policy details, and a variety of other cybersecurity-related information was all made available for public viewing. After both vpnMentor and ZDNet informed Pyramid of the exposure, the company closed the database.