CyberSecure Specialist

08 Mar

Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials

Information

ESET researchers analyze a cyberespionage campaign that distributes CapraRAT backdoors through trojanized and supposedly secure Android messaging apps – but also exfiltrates sensitive information ESET researchers have identified an active Transparent Tribe campaign, targeting mostly Indian and Pakistani Android users – presumably with a military or political orientation. Victims were probably targeted through a honey-trap romance scam, where they were initially contacted on another platform and then convinced to use supposedly “more secure” apps, which…

Read More
08 Mar

Serious Security: TPM 2.0 vulns – is your super-secure data at risk?

Information

by Paul Ducklin Even if you’re not entirely sure what a TPM is, you’ll probably know that if you want to run Windows 11, you need one. More precisely, you need a TPM 2.0 (although there’s an official Microsoft workaround to get by with TPM 1.2, the previous, incompatible version of the technology). TPM is short for trusted plaftorm module, a encryption-and-cybersecurity gizmo that was invented by an industry grouping known as the TCG, short…

Read More
08 Mar

CISA has added three new…

Attacks, Insights, Malware

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2022-28810 Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability CVE-2022-33891 Apache Spark Command Injection Vulnerability CVE-2022-35914 Teclib GLPI Remote Code Execution Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in…

Read More
08 Mar

How CISOs can do more with less in turbulent economic times

Data Breaches, Malware, Social Engineering

CISO Nicole Darden Ford has become accustomed to doing more with less since the COVID-19 pandemic suddenly upended her company’s workforce. “I got off a plane from India and saw all these people with masks at the airport in Washington, DC, and I wondered what was going on. I went straight to the office where my CEO and CIO explained our new reality: We were going into quarantine and we had less than a week…

Read More
07 Mar

Sued by Meta, Freenom Halts Domain Registrations

Information, Insights

The domain name registrar Freenom, whose free domain names have long been a draw for spammers and phishers, has stopped allowing new domain name registrations. The move comes just days after the Dutch registrar was sued by Meta, which alleges the company ignores abuse complaints about phishing websites while monetizing traffic to those abusive domains. Freenom’s website features a message saying it is not currently allowing new registrations. Freenom is the domain name registry service…

Read More
07 Mar

Pre-Deepfake Campaign Targets Putin Critics

Information, News

Russia is continuing its campaign of disinformation around the Ukraine war through advanced social engineering delivered by a threat group tracked as TA499. According to a report from Proofpoint, TA499 targets US and European politicians, and leading businessmen and celebrities who have spoken out against Putin’s invasion. The primary purpose is to persuade the victims to take part in phone calls or video chats from which pro-Putin snippets can be elicited and published – thereby…

Read More
07 Mar

Trusted Directory Abused To Perform UAC Bypass And Deliver Malware

Attacks, Malware

Binary Defense and SentinelOne advise system administrators to set Windows UAC to “Always Notify,” with the caveat that this may be excessively intrusive for some organizations. For trusted filesystem paths with trailing spaces, administrators should keep an eye out for suspicious file creations and process executions, especially in directories containing the string “Windows”. https://www.bleepingcomputer.com/news/security/old-windows-mock-folders-uac-bypass-used-to-drop-malware/

Read More
07 Mar

PoC Released for Critical Microsoft Word RCE Bug

Attacks, Malware

There is no indication that this attack is being carried out in the wild. Microsoft has addressed the issue with a patch but warned that there are other workarounds if needed. For anyone that cannot apply the fix for some reason, Microsoft recommends reading all emails in plain text. Another workaround is to enable the Microsoft Office File Block Policy, which prevents Office apps from opening RTF documents from unknown origins. To do this, the…

Read More
07 Mar

Acer Breach Exposes 160GB of Data

Attacks, Malware

This incident follows a series of Acer security breaches that happened over the previous few years. The REvil ransomware gang attacked the computer manufacturer in March 2021, demanding a record-breaking $50,000,000 ransom payment for a decryptor. The hacker group Desorden gained access to Acer’s after-sales systems in India. As a result, over 60GB of data was compromised, including information about thousands of customers, retailer records, and distributors. https://www.bleepingcomputer.com/news/security/acer-confirms-breach-after-160gb-of-data-for-sale-on-hacking-forum/

Read More
07 Mar

Attack campaign uses PHP-based infostealer to target Facebook business accounts

Data Breaches, Malware, Social Engineering

Over the past year, a group of attackers has targeted Facebook business account owners by spreading information stealing malware through malicious Google ads or fake Facebook profiles. The infection chain uses DLL sideloading via legitimate apps, as well as self-contained executable files written in various programming languages such as Rust, Python, and PHP. “We have seen SYS01stealer attacking critical government infrastructure employees, manufacturing companies, and other industries,” researchers from security firm Morphisec said in a…

Read More