‘InTheBox’ Web Injects Targeting Android Banking Applications Worldwide
Cyble analyzes 'InTheBox' as part of its thorough research on Web Injects and their role in targeting Android Banking applications worldwide,
Analyzing and remediating a malware infested T95 TV box from Amazon
Find out why one of our Android experts has been obsessing over a little black box from Amazon.
Welcome to Goot Camp: Tracking the Evolution of GOOTLOADER Operations
We have been seeing notable changes to TTPs used in GOOTLOADER operations since 2022.
IT specialists search and recruitment on the dark web
We have analyzed more than 800 IT job ads and resumes on the dark web. Here is what the dark web job market looks like.
Exploring Killnet's Social Circles
It is not common for analysts to have the opportunity to study the social circles of criminal organizations, but occasionally a group emerges that is more transparent than others. Examining a criminal organization’s social presence can give analysts valuable insights into the structure and operations of the organization, as well as the relationships and connections between its members and the community around them.
A Major App Flaw Exposed the Data of Millions of Indian Students
A mandatory app exposed the personal information of students and teachers across the country for over a year.
Chinese PlugX Malware Hidden in Your USB Devices?
PlugX remains an active threat. A newly discovered variant infects USB devices and a similar variant makes copies of PDF and Microsoft Word files.
An unfaithful employee leaked Yandex source code repositoriesSecurity Affairs
A source code repository allegedly stolen by a former employee of the Russian tech giant Yandex has been leaked online. A Yandex source code repository allegedly stolen by a former employee of the Russian IT giant has been leaked on a popular cybercrime forum. The announcement published on BreachForums includes a magnet link to the alleged […]
Cybercriminals stung as HIVE infrastructure shut down
In the last year, HIVE ransomware has been identified as a major threat as it has been used to compromise and encrypt the data and computer systems of large IT and oil multinationals in the EU and the USA. Since June 2021, over 1 500 companies from over 80 countries worldwide have fallen victim to HIVE associates and lost almost...
The Titan Stealer: Notorious Telegram Malware Campaign
The Uptycs threat research team discovered a Titan stealer malware campaign, which is marketed and sold by a threat actor (TA) through a Telegram channel.
Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats
We observed a recent spate of supply chain attacks attempting to exploit CVE-2021-35394, affecting IoT devices with chipsets made by Realtek.
La vidéosurveillance de l’armée présente des failles de sécurité
Un audit interne révèle que les appareils qui surveillent les places d’armes ou les centres logistiques sont mal protégés
Suisse: Caméras de surveillance de l’armée jugées trop vulnérables
Obsolètes, des caméras sont des «proies faciles pour les pirates», conclut un audit interne qui affirme que l’armée néglige sa sécurité informatique.
Apple patches are out – old iPhones get an old zero-day fix at last!
Don’t delay, especially if you’re still running an iOS 12 device… please do it today!
Following the LNK metadata trail
While tracking some prevalent commodity malware threat actors, Talos observed the popularization of malicious LNK files as their initial access method to download and execute payloads. A closer look at the LNK files illustrates how their metadata could be used to identify and track new campaigns.
Threat groups are using Windows LNK files to gain access
Microsoft's move last year to block macros by default in Office applications is forcing miscreants to find other tools with which to launch cyberattacks, including the software vendor's LNK files – the shortcuts Windows uses to point to other files.
Bitzlato: senior management arrested
Almost half of all Bitzlato transactions linked to criminal activities Targeting crucial crime facilitators such as crypto exchanges is becoming a key priority in the battle against cybercrime. Bitzlato allowed the rapid conversion of various crypto-assets such as bitcoin, ethereum, litecoin, bitcoin cash, dash, dogecoin and USDT into Russian roubles. It is estimated that the crypto exchange platform has received...
how to completely own an airline in 3 easy steps
and grab the TSA nofly list along the way
U.S. ‘No Fly List’ Leaks After Being Left in an Unsecured Airline Server
The list, which was discovered by a Swiss hacker, contains names and birth dates and over 1 million entries.
Hostile Takeover: Kraken Hacks Rival Darknet Market Solaris
Since Hydra Market Got Shuttered by Police, Russian Rivals Battle for Market Share. Competition between Russian-language darknet markets remains fierce following the takedown of market leader Hydra last April by a multinational law enforcement operation.
Darth Vidar: The Dark Side of Evolving Threat Infrastructure
Summary Three key takeaways from our analysis of Vidar infrastructure: Russian VPN gateways are potentially providing anonymity for Vidar operators / customers, making it more challenging for analysts to have a complete overview of this threat. These gateways now appear to be migrating to Tor. Vidar operators appear to be expanding their infrastructure, so analysts need to keep them in their sights. We expect a new wave of customers and as a result, an increase of campaigns in the upcoming weeks
Risky Biz News: Crypto-crime volumes went down in 2022, ransomware payments too
Crypto-crime volumes went down in 2022, ransomware payments too In other news: Riot Games cancels game updates after hack; T-Mobile discloses eighth breach since 2018; APT group deploys DNS changer on victims' routers.
New GTA Online exploit now allows cheaters to ban your account
a new Grand Theft Auto: Online exploit now allows cheaters to ban or delete peoples online profile and edit their stats
Breaking Down the SEO Poisoning Attack | How Attackers Are Hijacking Search Results
SEO poisoning is gaining momentum as threat actors leverage malicious ads to deliver malware through web browser searches.
Ransomware Diaries: Volume 1
The LockBit ransomware gang is one of the most notorious organized cybercrime syndicates that exists today. The gang is behind attacks targeting private-sector corporations and other high-profile industries worldwide. News and media outlets have documented many LockBit attacks, while security vendors offer technical assessments explaining how each occurred. Although these provide insight into the attacks, I wanted to know more about the human side of the operation to learn about the insights, motivations, and behaviors of the individuals on the other side of the keyboard. To prepare for this project, I spent months developing several online personas and established their credibility over time to gain access to the gang’s operation.
Enregistrez un contact de sécurité sur votre site Internet
19.01.2023 - En cas de problème de cybersécurité au sein d'une entreprise ou d'une organisation, il est crucial d'en informer aussitôt le responsable de la sécurité. Or, il est généralement difficile, voire impossible, de retrouver ce dernier sur les sites Internet. La norme «security.txt» sert à indiquer de manière uniforme le responsable de la sécurité d'une entreprise ou d'une organisation, ce qui permet de prendre contact avec lui plus rapidement.permet de prendre contact avec lui plus rapidement.
Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)
The Galaxy App Store is an alternative application store that comes pre-installed on Samsung Android devices. Several Android applications are available on both the Galaxy App Store and Google App Store, and users have the option to use either store to install specific applications. Two vulnerabilities were uncovered with the Galaxy App Store application: Technical…
Des hackers détournent des sites de l’UE pour voler des infos bancaires
Plusieurs noms de domaine de l'Union européenne ont été utilisés par des malfaiteurs pour promouvoir des sites de streaming gratuits. Ces liens sont en réalité des pièges pour dérober des informations bancaires. Le vrai défi d'un piratage réside dans la manière de présenter le piège à la victime. Plutôt que d'envoyer
PayPal Notifies 35,000 Users of Data Breach
PayPal has alerted over 35,000 customers of a data breach revealing that their accounts were hacked between December 6th and 8th, 2022.
ManageEngine CVE-2022-47966 Technical Deep Dive
Introduction On January 10, 2023, ManageEngine released a security advisory for CVE-2022-47966 (discovered by Khoadha of Viettel Cyber Security) affecting a wide range of products. The vulnerability allows an attacker to gain remote code execution by issuing a HTTP POST request containing a malicious SAML response. This vulnerability is a result of using an outdated […]