Category: Infosec

Scammers Impersonate Companies to Steal Cryptocurrency from Job Seekers

Posted on by esimantiras

Scammers Impersonate Companies to Steal Cryptocurrency from Job Seekers

 

source: infosecurity-magazine.com  |  image: pexels.com

 

Security researchers have discovered a major new scam operation designed to trick job seekers into parting with cryptocurrency, by getting them to complete meaningless tasks they believe will earn them money.

Dubbed “WebWyrm” by CloudSEK, the operation has already targeted more than 100,000 individuals across over 50 countries by impersonating over 1000 companies across 10 industries. It has already potentially netted the scammers over $100m.

The scammers approach victims primarily on WhatsApp, potentially using data from recruitment portals to target their schemes to those most likely to respond.

Promising a weekly salary of $1200-1500, they request the victim to complete 2-3 “packets” or “resets” per day, with each containing 40 tasks.

Continue reading “Scammers Impersonate Companies to Steal Cryptocurrency from Job Seekers”

Data of 2.6 Million Duolingo Users Leaked on Hacking Forum

Posted on by esimantiras

Data of 2.6 Million Duolingo Users Leaked on Hacking Forum

 

source: infosecurity-magazine.com  |  image: pixabay.com

 

Data from 2.6 million users of Duolingo, a language learning platform with over 74 million monthly users, has been leaked on a hacking forum.

The compromised data, which includes real names, login names, email addresses and internal service-related details, was initially offered for sale on the now defunct Breached hacking forum in January 2023 for $1500. 

Despite Duolingo’s confirmation to The Record that the data was sourced from publicly available profiles, the leaked email addresses are particularly alarming as they are not public information and can facilitate targeted phishing attempts.

“We’re aware of this report. These records were obtained by data scraping public profile information. We have no indication that our systems were compromised. We take data privacy and security seriously and are continuing to investigate this matter to determine if any further action is needed to protect our learners,” a spokesperson from the company confirmed to Infosecurity in an email. 

Continue reading “Data of 2.6 Million Duolingo Users Leaked on Hacking Forum”

Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities

Posted on by esimantiras

Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities

source: securityweek.com  |  image: pexels.com

 

Five Eyes government agencies have published a list of the software vulnerabilities that were most frequently exploited in malicious attacks in 2022.

Government agencies in Australia, Canada, New Zealand, the UK, and the US have published a list of the software vulnerabilities that were most frequently exploited in malicious attacks in 2022.

Last year, the Five Eyes agencies say, threat actors mainly targeted internet-facing systems that were not patched against older, known vulnerabilities, including flaws for which proof-of-concept (PoC) exploit code exists publicly.

Continue reading “Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities”

Rorschach Ransomware Emerges: Experts Warn of Advanced Evasion Strategies

Posted on by esimantiras

Rorschach Ransomware Emerges: Experts Warn of Advanced Evasion Strategies

source: thehackernews.com  |  image: pexels.com

Cybersecurity researchers have taken the wraps off a previously undocumented ransomware strain called Rorschach that’s both sophisticated and fast.

“What makes Rorschach stand out from other ransomware strains is its high level of customization and its technically unique features that have not been seen before in ransomware,” Check Point Research said in a new report. “In fact, Rorschach is one of the fastest ransomware strains ever observed, in terms of the speed of its encryption.”

The cybersecurity firm said it observed the ransomware deployed against an unnamed U.S.-based company, adding it found no branding or overlaps that connect it to any previously known ransomware actors.

However, further analysis of Rorschach’s source code reveals similarities to Babuk ransomware, which suffered a leak in September 2021, and LockBit 2.0. On top of that, the ransom notes sent out to the victims appear to be inspired by that of Yanluowang and DarkSide.

Continue reading “Rorschach Ransomware Emerges: Experts Warn of Advanced Evasion Strategies”

A Sneaky Ad Scam Tore Through 11 Million Phones

Posted on by esimantiras

A Sneaky Ad Scam Tore Through 11 Million Phones

source: wired.com  |  image: pexels.com

Some 1,700 spoofed apps, 120 targeted publishers, 12 billion false ad requests per day—Vastflux is one of the biggest ad frauds ever discovered.

 

EVERY TIME YOU open an app or website, a flurry of invisible processes takes place without you knowing. Behind the scenes, dozens of advertising companies are jostling for your attention: They want their ads in front of your eyeballs. For each ad, a series of instant auctions often determines which ads you see. This automated advertising, often known as programmatic advertising, is big business, with $418 billion spent on it last year. But it’s also ripe for abuse.

Security researchers today revealed a new widespread attack on the online advertising ecosystem that has impacted millions of people, defrauded hundreds of companies, and potentially netted its creators some serious profits. The attack, dubbed Vastflux, was discovered by researchers at Human Security, a firm focusing on fraud and bot activity. The attack impacted 11 million phones, with the attackers spoofing 1,700 app and targeting 120 publishers. At its peak, the attackers were making 12 billion requests for ads per day.

“When I first got the results for the volume of the attack, I had to run the numbers multiple times,” says Marion Habiby, a data scientist at Human Security and the lead researcher on the case. Habiby describes the attack as both one of the most sophisticated the company has seen and the largest. “It is clear the bad actors were well organized and went to great lengths to avoid detection, making sure the attack would run as long as possible—making as much money as possible,” Habiby says. 

Continue reading “A Sneaky Ad Scam Tore Through 11 Million Phones”

IP Cameras, VoIP and Video Conferencing Revealed as Riskiest IoT Devices

Posted on by esimantiras

IP Cameras, VoIP and Video Conferencing Revealed as Riskiest IoT Devices

source: infosecurity-magazine.com  |  image: pixabay.com

 

IoT devices from video conferencing systems to IP cameras are among the five riskiest IoT devices connected to networks, according to research highlighted by Forescout’s cybersecurity research arm, Vedere Labs.

The company identified recurring themes in their recent research, highlighting the growing attack surface due to more devices being connected to enterprise networks, and how threat actors are able to leverage these devices to achieve their goals.

“IP cameras, VoIP and video-conferencing systems are the riskiest IoT devices because they are commonly exposed on the internet, and there is a long history of threat actor activity targeting them,” The Forescout report said.

The attack surface now encompasses IT, IoT and OT in almost every organization, with the addition of IoMT in healthcare. Organizations must be aware of risky devices across all categories. Forescout recommends that automated controls are implement and that companies do not rely on siloed security in the IT network, OT network or for specific types of IoT devices.

This latest research provides an update to the company’s findings from 2020 in which networking equipment, VoIP, IP cameras and programmable logic controllers (PLCs) were listed and remain among the riskiest devices across IT, IoT, OT and IoMT in 2022.

However, new entries such as hypervisors and human machine interfaces (HMIs) are representative of trends including critical vulnerabilities and increased OT connectivity.

Vedere Labs analyzed device data between January 1 and April 30 in Forescout’s Device Cloud. The anonymized data comes from Forescout customer deployments and contains information about almost 19 million devices – a number that grows daily, according to the company.

The overall risk of a device was calculated based on three factors: configuration, function and behavior.

After measuring the risk of each individual device, Vedered Labs calculated averages per device type to understand which are the riskiest.

 

TikTok Engaging in Excessive Data Collection

Posted on by esimantiras

TikTok Engaging in Excessive Data Collection

source: infosecurity-magazine.com  |  image: pexels.com

 

TikTok has been engaging in excessive data collection and connecting to mainland China-based infrastructure, Internet 2.0 has claimed in a new white paper.

The latest report, overseen by Internet 2.0’s head security engineer Thomas Perkins, is an analysis of “the source code of TikTok mobile applications Android 25.1.3 as well as IOS 25.1.1”, with Internet 2.0 carrying out static and dynamic testing between 1 July to 12 July 2022 that focused on device and user data collection.

The report identified multiple instances of unwarranted data harvesting, including:

  • Device mapping
  • Hourly monitoring of device location
  • Persistent calendar access
  • Continuous requests for access to contacts
  • Device information

Continue reading “TikTok Engaging in Excessive Data Collection”

Microsoft Disrupts Russian Cyber-Espionage Group Seaborgium

Posted on by esimantiras

Microsoft Disrupts Russian Cyber-Espionage Group Seaborgium

source: infosecurity-magazine.com  |  image: pexels.com

 

Microsoft claims to have disrupted a prolific Russian state-backed threat group known for conducting long-running cyber-espionage campaigns against mainly NATO countries.

In an update on August 15, the tech giant said it had disabled accounts used by the “Seaborgium” group for reconnaissance, phishing, and email collection, and updated detections against its phishing domains in Microsoft Defender SmartScreen.

Also known by threat researchers as Callisto Group, ColdRiver, TA446 and other monikers, Seaborgium is a “highly persistent threat actor” that focuses most of its time on the US and UK, and occasionally the countries of the Baltics, Nordics and Eastern Europe.

“Once successful, it slowly infiltrates targeted organizations’ social networks through constant impersonation, rapport building, and phishing to deepen their intrusion,” said Microsoft.

Continue reading “Microsoft Disrupts Russian Cyber-Espionage Group Seaborgium”

Smishing vs. Phishing: Understanding the Differences

Posted on by esimantiras

 

Smishing vs. Phishing: Understanding the Differences

 

source: proofpoint.com  |  image: pexels.com

 
What have smishing offenders learned from their phishing email counterparts?

Email-based credential theft remains by far the most common threat we encounter in our data. But SMS-based phishing (commonly known as smishing and including SMS, MMS, RCS, and other mobile messaging types) is a fast-growing counterpart to email phishing. In December 2021, we published an article exploring the ubiquity of email-based phish kits. These toolkits make it straightforward for anyone to set up a phishing operation with little more than a laptop and a credit card. Since then, we’ve tracked their evolution as they gain new functions, including the ability to bypass multifactor authentication.

In this blog post we’re going to look at smishing vs. phishing and what smishing offenders have learned from their email counterparts, as well as some significant differences that remain between the two threats.

Setting the (crime) scene

A modern email phishing setup can be as simple as one person with a computer and access to common cloud-hosted services. But for a smishing operation, the picture is somewhat different. While software smishing kits are available to buy on the dark web, accessing and abusing mobile networks requires a little more investment.

Continue reading “Smishing vs. Phishing: Understanding the Differences”

5 Ways to Make Your Passwords Instantly More Secure

Posted on by esimantiras

 

5 Ways to Make Your Passwords Instantly More Secure

 

source: cnet.com  |  image: pexels.com

 

If you think your passwords are uncrackable, think again.

Despite years of warnings, experts say most people are still using weak passwords to protect even their most sensitive information. Many people are reusing those insecure passwords to protect multiple accounts, putting more of their data at risk should any of the accounts be compromised.

“It’s the total account takeover scenario,” said John Buzzard, lead fraud and security analyst at Javelin Strategy & Research, referring to a cybercriminal cracking one password and then using it to access other accounts. “Consumers lose control over their entire digital lives.”

World Password Day, which takes place on Thursday, is a good time to review your digital security. Sure, it’s a totally made-up celebration that Intel created in 2013. But it’s still a good reminder to take a close look at your logins and make sure they check the required security boxes.

Continue reading “5 Ways to Make Your Passwords Instantly More Secure”