User Panel

General News(9)

14/01/2024

GitLab Rolls Out Updates to Patch Critical Security Flaws

GitLab has released versions 16.7.2, 16.6.3, and 16.5.6 to address critical vulnerabilities, including an authentication issue and an issue that allows impersonation of another user. The vendor urges users to update and enable two-factor authentication for all accounts. Three additional vulnerabilities related to CODEOWNERS approval removal, workspaces, and modification of commit metadata have also been fixed.

14/01/2024

Scammers Posing as Recruiters Trick Facebook Users with Bogus Remote-Work Proposals

A new wave of job scams is spreading on Facebook, with scammers luring users with offers for remote work and then stealing their personal data and banking credentials. The attackers impersonate legitimate recruiters and send what appear to be work contracts to victims. The scams are often seen following the holidays when people are looking for new opportunities and making resolutions.

14/01/2024

State-Sponsored Actors Exploit Ivanti VPN Zero-Days, Deploying Quintet of Malware Families

Nation-state actors have been exploiting two zero-day vulnerabilities in Ivanti Connect Secure (ICS) VPN appliances since December 2023, using up to five different malware families. Mandiant and Volexity have tracked the threat actors, known as UNC5221, and suspect Chinese espionage actor UTA0178 to be responsible. The attacks have targeted less than 20 customers and Ivanti is expected to release patches for the vulnerabilities in late January. The campaign appears to be highly targeted and indicates the presence of an advanced persistent threat (APT).

14/01/2024

29-Year-Old Ukrainian Mastermind Arrested for Cryptojacking, Exploiting Cloud Services

A Ukrainian national has been arrested for running a cryptojacking scheme that made over $2 million. The person was described as the mastermind behind the operation and was apprehended with the help of Europol and a cloud service provider. Cryptojacking involves using someone's computing resources without their consent to mine cryptocurrencies.

08/01/2024

Syrian Hackers Distributing Stealthy Silver RAT to Cybercriminals

Anonymous Arabic has released a remote access trojan (RAT) called Silver RAT that bypasses security software and launches hidden applications. The developers, believed to be of Syrian origin, are active on hacker forums and social media platforms, offering various services like distributing cracked RATs and engaging in carding activities. The C#-based malware has features such as connecting to a command-and-control server, logging keystrokes, encrypting data with ransomware, and an Android version is potentially in development. Analysis shows one group member is likely in their mid-20s and based in Damascus.

23/12/2023

Latest Instagram Phishing Scheme Targets 2FA Backup Codes

A new phishing campaign targeting Instagram users has been identified, focusing on stealing two-factor authentication (2FA) backup codes. The attackers use a "Copyright Infringement" pretext, creating urgency for users to respond. Instagram's 2FA backup codes consist of five eight-digit codes, crucial for accessing accounts on unrecognized devices.Reported by TrustWave, the attackers impersonate Meta, Instagram's parent company, sending emails claiming copyright infringement. These emails instruct users to fill out an "appeal form" within 12 hours to prevent account deletion.The phishing process begins when users click an embedded button in the email, which leads to a fake Meta website. This site, hosted on platforms like Bio sites for tracking user traffic, acts as a bridge to the actual phishing website. The final phishing site, which mimics a legitimate Meta Portal Appeal center, prompts users for their Instagram username and password.

23/12/2023

German Authorities Shut Down Dark Web Marketplace Kingdom Market

Kingdom Market, a prominent dark web marketplace dealing in drugs, malicious software, criminal services, and counterfeit documents, has been dismantled by the German Federal Criminal Police Office (BKA), with support from various international law enforcement agencies. The marketplace, operational since March 2021, was a hub for illegal activities, hosting around 42,000 products, 3,600 of which were from Germany. It boasted hundreds of seller accounts and tens of thousands of customers.Transactions on Kingdom Market were conducted using cryptocurrencies like Litecoin, Zcash, Monero, and Bitcoin, with the marketplace operators earning a 3% commission on sales. A significant breakthrough in the operation was the arrest of Alan Bill, also known as “Vend0r” or “KingdomOfficial,” by US law enforcement on December 15. Bill was suspected to be the administrator of Kingdom Market.Investigations revealed a connection between cryptocurrency transactions linked to the marketplace and wallets registered in Bill's name. An IP address used to access a Kingdom Reddit account was also linked to Bill's email, cryptocurrency accounts, and his ESTA application. Additionally, Bill had deposited over €189,000 in unexplained funds into his Slovakian bank accounts between November 2021 and April 2023.

23/12/2023

Iranian Cyber Group Crafts Novel Backdoor for Windows System Infiltration

Peach Sandstorm, an Iranian hacker group linked to APT33, Elfin, and Refined Kitten, has been actively targeting various global sectors, including aviation, construction, defense, education, energy, finance, healthcare, government, satellite, and telecommunications. In 2023, the group has shown a particular interest in satellite, defense, and pharmaceutical sectors, employing password spray campaigns as a part of their opportunistic approach.In contrast to their previously noisy operations, their recent activities in 2023 are more stealthy, demonstrating advanced cloud-based techniques. The Microsoft Threat Intelligence team has uncovered a new backdoor named “FalseFont,” attributed to Peach Sandstorm, which is designed to hack the Windows operating system.FalseFont offers capabilities such as remote access, file launching, and data transmission to command and control (C2) servers. Detected in early November 2023, this custom backdoor signifies Peach Sandstorm's continued enhancement of their cyberattack capabilities.

23/12/2023

Microsoft Word Documents as Decoys in Delivering Nim-Language Backdoor Malware

A new phishing campaign utilizes Microsoft Word documents as bait to distribute a backdoor malware developed in the Nim programming language. Netskope researchers highlight the challenge this poses due to the security community's unfamiliarity with less common programming languages like Nim. Although Nim-based malware is rare, its use is gradually increasing, as seen in loaders like NimzaLoader, Nimbda, IceXLoader, and ransomware such as Dark Power and Kanti.The attack begins with a phishing email featuring a Word document that, once opened, prompts users to enable macros, triggering the deployment of the Nim malware. The email poses as being from a Nepali government official. The malware then checks for analysis tools on the host and self-terminates if any are detected. Otherwise, it connects to a remote server disguised as a Nepali government domain, such as the National Information Technology Center (NITC), and waits for further instructions. These command-and-control servers, however, are currently inaccessible.Nim's cross-compilation feature is particularly advantageous for attackers, allowing them to target different platforms with a single malware variant. This disclosure aligns with Cyble's revelation of a social media-based social engineering campaign delivering Python-based Editbot Stealer malware.