Kategorie

Bishop Fox's Christie Terrill talks to us about IoT security and other trends at Black Hat 2018 this month.

After a report said Google tracks users even when they opt out, the company is under fire from activists and has been slapped with a lawsuit.

WhatsAppers have until 12 November. That's when WhatsApp will sweep out dusty old backups that haven't been updated in more than a year.

Games streaming giant Twitch has admitted accidentally exposing some users’ messages to other users as it shut down its legacy in-house messaging system in May.

Draft EU legislation, due out next month, will likely incorporate a one-hour takedown window for extremist content flagged by law enforcement.

Po více než půlročním testování přichází komunikační aplikace Skype s end-to-end šifrováním textové i hlasové komunikace. Vyšší úroveň zabezpečení však není nastavena jako výchozí, informuje Engadget. Používat šifrování zabezpečeným protokolem Signal Protocol od Open Whisper Systems k ...

We take a look at the beta version of iOS 12 and the security-related changes we can expect to see when it's released in (probably) September.

Elektronická korespondence a mobilní telefony jsou v dnešní době všudypřítomné. Přesto například v bankovnictví či zdravotnictví se stále ještě těší popularitě faxy pro odesílání nejrůznějších informací. Bezpečnostní experti z antivirové společnosti Check Point však nyní upozornili, že faxy mohou být relativně snadno zneužity při útocích hackerů.

Google was in the news last week for a misleading claim that "with Location History off, the places you go are no longer stored," which is not true. Now, the search engine giant is once again in the news after a San Diego man has filed the first lawsuit against Google over this issue. Last week, the Associated Press investigation revealed that the search engine giant tracks movements of

Dark Tequila is a complex malicious campaign targeting Mexican users, with the primary purpose of stealing financial information, as well as login credentials to popular websites that range from code versioning repositories to public file storage accounts and domain registrars.

A multi-stage payload is delivered to the victim only when certain conditions are met; avoiding infection when security suites are installed or the sample is being run in an analysis environment. From the target list retrieved from the final payload, this particular campaign targets customers of several Mexican banking institutions and contains some comments embedded in the code written in the Spanish language, using words only spoken in Latin America.

Most of the victims are located in Mexico. The campaign has been active since at least 2013, so it is a very ‘añejo’ (mature) product. There are two known infection vectors: spear-phishing and infection by USB device.

The threat actor behind it strictly monitors and controls all operations. If there is a casual infection, which is not in Mexico or is not of interest, the malware is uninstalled remotely from the victim’s machine.

(Translation for “Abrir la carpeta para ver los archivos” – “Open folder to see files”. The word “Archivos” is used by Spanish speakers from Latin America only)

The Dark Tequila malware and its supporting infrastructure are unusually sophisticated for a financial fraud operation. The malicious implant contains all the modules required for the operation and, when instructed to do so by het command server, different modules decrypt and activate. All stolen data is uploaded to the server in encrypted form.

This campaign modules are as follows:

• Module 1, which is responsible for communication with the command and control server. It verifies if a man-in-the-middle network check is being performed, by validating the certificates with a few very popular websites.
• Module 2 – CleanUp. If the service detects any kind of ‘suspicious’ activity in the environment, such as the fact that it is running on a virtual machine, or that debugging tools are running in the background, it will execute this module to perform a full cleanup of the system, removing the persistence service as well as any files created previously on the system.
• Module 3 – Keylogger and Windows Monitor. This is designed to steal credentials from a long list of online banking sites, as well as generic Cpanels, Plesk, online flight reservation systems, Microsoft Office365, IBM lotus notes clients, Zimbra email, Bitbucket, Amazon, GoDaddy, Register, Namecheap, Dropbox, Softlayer, Rackspace, and other services.
• Module 4 – Information stealer, which is designed to steal saved passwords in email and FTP clients, as well as from browsers.
• Module 5 – The USB infector. This copies an executable file to a removable drive to run automatically. This enables the malware to move offline through the victim’s network, even when only one machine was initially compromised via spear-phishing. When another USB is connected to the infected computer, it automatically becomes infected, and ready to spread the malware to another target.
• Module 6 – The service watchdog. This service is responsible for making sure that the malware is running properly.

The campaign remains active. It is designed to be deployed in any part of the world, and attack any targets according to the interests of the threat actor behind it.

Reference hashes:

4f49a01e02e8c47d84480f6fb92700aa091133c894821fff83c7502c7af136d9
dce2d575bef073079c658edfa872a15546b422ad2b74267d33b386dc7cc85b47

Reference C2s:

https://46[.]17[.]97[.]12/website/
https://174[.]37[.]6[.]34/98157cdfe45945293201e71acb2394d2
https://75[.]126[.]60[.]251/store/

For more information about this campaign, please contact us at financialintel@kaspersky.com

LinuxSecurity.com: The idea that organizations should be doing more to protect the personal data they hold about individuals has been gaining ground in recent years. The European Union's General Data Protection Regulation (GDPR) sparked a scramble to operationalize data management and security.

LinuxSecurity.com: Chief US District Judge Janet Hall last week sentenced Olumuyiwa Adejumo to 15 years in federal prison for his role in a business email compromise scheme targeting organizations in the United States. His sentence will be followed by 3 years of supervised release.

LinuxSecurity.com: A leading US healthcare organization (HCO) has admitted that a phishing attack last September may have led to the compromise of highly sensitive data on nearly half a million patients.

Microsoft claims to have uncovered another new Russian hacking attempts targeting United States' Senate and conservative think tanks ahead of the 2018 midterm elections. The tech giant said Tuesday that the APT28 hacking group—also known as Strontium, Fancy Bear, Sofacy, Sednit, and Pawn Storm, which is believed to be tied to the Russian government—created at least six fake websites related

** Gmail přichází s novou funkcí „důvěrný režim“ ** Nabízí možnost zabezpečit přístup ke zprávě SMS kódem ** Dovoluje nastavit platnost zprávy jako na Snapchatu

Posted by Shane Huntley, Threat Analysis Group

TLDR: Government-backed phishing has been in the news lately. If you receive a warning in Gmail, be sure to take prompt action. Get two-factor authentication on your account. And consider enrolling in the Advanced Protection Program.

One of the main threats to all email users (whatever service you use) is phishing, attempts to trick you into providing a password that an attacker can use to sign into your account. Our ​improving ​technology has enabled ​us to ​significantly ​decrease ​the ​volume ​of ​phishing ​emails that ​get ​through to our users. ​ Automated ​protections, ​account ​security ​(like ​security ​keys), ​and specialized ​warnings give ​Gmail users industry-leading ​security.

Beyond phishing for the purposes of fraud, a small minority of users in all corners of the world are still targeted by sophisticated government-backed attackers. These attempts come from dozens of countries. Since 2012, we've shown prominent warnings within Gmail notifying users that they may be targets of these types of phishing attempts; we show thousands of these warnings every month, even if we have blocked the specific attempt.

We also send alerts to G Suite administrators if someone in their corporate network may have been the target of government-backed phishing. And we regularly post public advisories to make sure that people are aware of this risk.

This is what an account warning looks like; an extremely small fraction of users will ever see one of these, but if you receive this warning from us, it's important to take immediate action on it.
We intentionally send these notices in batches to all users who may be at risk, rather than at the moment we detect the threat itself, so that attackers cannot track some of our defense strategies. We have an expert team in our Threat Analysis Group, and we use a variety of technologies to detect these attempts. We also notify law enforcement about what we’re seeing; they have additional tools to investigate these attacks.

We hope you never receive this type of warning, but if you do, please take action right away to enhance the security of your accounts.

Even if you don’t receive such a warning, you should enable 2-step verification in Gmail. And if you think you’re at particular risk of government-backed phishing, consider enrolling in the Advanced Protection Program, which provides even stronger levels of security.

An attacker could escalate privileges on the server, further penetrating the network, harvesting customer information or mounting credible social-engineering campaigns.

Researchers launched a Proof-of-Concept attack on two Android mobile phones and an embedded system board.

Threat Intelligence One of the most popular specialized fields within the security domain is threat intelligence. In the recent years, organizations have been focusing more and more on proactive, preventative security. Within that space, threat intelligence analysis is one of the most successful tools available. Information is collected around observed malicious infrastructure such as IPs […]

The post Open-Source Intelligence Collection in Cloud Platforms appeared first on InfoSec Resources.

Open-Source Intelligence Collection in Cloud Platforms was first posted on August 20, 2018 at 3:38 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Today, we’ll be continuing with our walkthrough series on interesting Vulnhub machines. In this article, we will see a walkthrough of the Tr0ll: 2 virtual machine. Note: For all these machines, I have used VMware workstation to provision the VMs. Kali Linux VM will be my attacking box. Also, remember the techniques used are solely […]

The post Vulnhub Machines Walkthrough Series — Tr0ll: 2 appeared first on InfoSec Resources.

Vulnhub Machines Walkthrough Series — Tr0ll: 2 was first posted on August 20, 2018 at 3:34 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com