Σε Ευρωπαικά δημοσιεύματα φαίρεται να έχουν εντοπιστεί ψεύτικα διαδικτυακά καταστήματα που εισβάλλουν στο Διαδίκτυο με πλαστοπροσωπίες δημοφιλών εμπορικών εταιρειών.  Παρακάτω εμφανίζεται ένας πίνακας που περιλαμβάνει τους κακόβουλους τομείς προκειμένου να αποτραπεί η απάτη των χρηστών του Διαδικτύου.

website IP address brand
aenergyes[.]com 196[.]245[.]52[.]77 nike
amthucthuanviet[.]com 196[.]245[.]52[.]78 nike
aquipopular[.]com 196[.]245[.]52[.]69 nike
auweaving[.]com 196[.]245[.]52[.]76 nike
buyconverseaustralia[.]com 196[.]245[.]52[.]80 converse
conversehu[.]com 196[.]245[.]52[.]88 converse
converseeshopslovensko[.]com 196[.]245[.]52[.]74 converse
daftarniaga[.]com 196[.]245[.]52[.]86 adidas
dogemuoutlet[.]com 196[.]245[.]52[.]80 nike
drpauleisen[.]com 196[.]245[.]52[.]90 converse
entreazucares[.]com 196[.]245[.]52[.]79 fitflop
fitflopeurope[.]com 196[.]245[.]52[.]72 fitflop
fitflopindirim[.]com 196[.]245[.]52[.]68 fitflop
fitflopromania[.]com 196[.]245[.]52[.]74 fitflop
flyknitromania[.]com 196[.]245[.]52[.]89 nike
gokcenberke[.]com 196[.]245[.]52[.]126 nike
indanhthiephcm[.]com 196[.]245[.]52[.]89 converse
myisiomasblog[.]com 196[.]245[.]52[.]73 nike
nikeoficialbrasil[.]com 196[.]245[.]52[.]75 nike
nikestoregreece[.]net 196[.]245[.]52[.]82 nike
nikestoreschweiz[.]net 196[.]245[.]52[.]87 nike
okyourday[.]com 196[.]245[.]52[.]84 puma
pandorahu[.]com 196[.]245[.]52[.]71 pandora
pumabelgium[.]com 196[.]245[.]52[.]75 puma
pumamagazin[.]com 196[.]245[.]52[.]69 puma
saldinike[.]it 196[.]245[.]52[.]126 nike
seredinka[.]com 196[.]245[.]52[.]72 fitflop
tufayazilim[.]com 196[.]245[.]52[.]79 converse
vansslovakia[.]com 196[.]245[.]52[.]68 vans
vanstennaritale[.]com 196[.]245[.]52[.]70 vans
vansviphungary[.]com 196[.]245[.]52[.]67 vans
northfacesg[.]com 196[.]245[.]52[.]86 the north face
conversesalecanada[.]com 196[.]245[.]52[.]79 converse
tenisonlineportugal[.]com 196[.]245[.]52[.]80 adidas
shoespriceinindia[.]co[.]in 196[.]245[.]52[.]126 nike
adidasfi[.]com 196[.]245[.]52[.]80 adidas
huarachefiyat[.]com 196[.]245[.]52[.]83 nike
pumadktilbud[.]com 196[.]245[.]52[.]71 puma
ultraboostsalecanada[.]com 196[.]245[.]52[.]80 adidas
miloroshop[.]top 196[.]245[.]52[.]81 nike
sneakersytanie[.]pl 196[.]245[.]52[.]69 puma
vanstilbud[.]co[.]no 196[.]245[.]52[.]69 vans
nikerabattcode[.]de 196[.]245[.]52[.]72 nike
pumakaufen[.]at 196[.]245[.]52[.]80 puma
miloroshop[.]com 196[.]245[.]52[.]81 nike
fitflopindiastore[.]co[.]in 196[.]245[.]52[.]81 fitflop
converseindiastores[.]in 196[.]245[.]52[.]81 converse
fitflopindiastore[.]in 196[.]245[.]52[.]81 converse
newbalanceau[.]com 196[.]245[.]52[.]95 new balance
tenisnb[.]com 196[.]245[.]52[.]95 new balance
nbsaleindia[.]co[.]in 196[.]245[.]52[.]95 new balance
nb574[.]gr 196[.]245[.]52[.]95 new balance
converseonlineoutlet[.]es 196[.]245[.]52[.]95 converse
conversetrainerssale[.]com 196[.]245[.]52[.]95 converse
conversepl[.]com 196[.]245[.]52[.]95 converse
nb574canada[.]com 196[.]245[.]52[.]95 new balance
conversepolska[.]com 196[.]245[.]52[.]95 converse
adidasro[.]ro 196[.]245[.]52[.]95 adidas
baugrunduntersuchung[.]at 196[.]245[.]52[.]113 new balance
nike-greece[.]gr 196[.]245[.]52[.]113 nike
nikeslevyboty[.]cz 196[.]245[.]52[.]113 nike
pumawebshophu[.]com 196[.]245[.]52[.]113 puma
pumatarjous[.]com 196[.]245[.]52[.]113 puma
enucuzconverse[.]com 196[.]245[.]52[.]113 converse
pumask[.]com 196[.]245[.]52[.]108 puma
conversepolska[.]pl 196[.]245[.]52[.]108 converse
nblenkkarit[.]com 196[.]245[.]52[.]108 new balance
pumaaanbieding[.]com 196[.]245[.]52[.]108 puma
pumashopcz[.]cz 196[.]245[.]52[.]96 puma
chucktaylorrebajas[.]es 196[.]245[.]52[.]96 converse
allstarsbelgie[.]com 196[.]245[.]52[.]96 converse
chucktaylorsverige[.]se 196[.]245[.]52[.]96 converse
adidasonlineshopgreece[.]com 196[.]245[.]52[.]96 adidas
artcons[.]pl 196[.]245[.]52[.]94 adidas
tiendanb[.]com[.]mx 196[.]245[.]52[.]94 new balance
superstarslipon[.]com 196[.]245[.]52[.]94 adidas
newadidasskor[.]se 196[.]245[.]52[.]94 adidas
conversebudapest[.]com 196[.]245[.]52[.]109 converse

Hackers in the Evilnum group have developed a toolset that combines custom malware, legitimate utilities, and tools bought from a malware-as-a-service (MaaS) provider that caters for big fintech threat actors.

The group has been active since at least 2018 and focuses on companies from the financial technology sector that offer trading and investment platforms.

Taking a shortcut

Its targets are both companies and their customers, the objective being to steal financial information. An investigation into Evilnum’s activity from cybersecurity company ESET reveals that they’re looking for the following type of data:

  • spreadsheets and documents with investment and trading operations
  • internal presentations
  • licenses and credentials for trading software
  • cookies and session info from Google Chrome
  • email logins
  • customer credit card data and proof of identity

Read more »

Admins should patch their Citrix ADC and Gateway installs immediately. Multiple vulnerabilities in the Citrix Application Delivery Controller (ADC) and Gateway would allow code injection, information disclosure and denial of service, the networking vendor announced Tuesday. Four of the bugs are exploitable by an unauthenticated, remote attacker.

The Citrix products  (formerly known as NetScaler ADC and Gateway) are used for application-aware traffic management and secure remote access, respectively, and are installed in at least 80,000 companies in 158 countries, according to a December assessment from Positive Technologies.

Other flaws announced Tuesday also affect Citrix SD-WAN WANOP appliances, models 4000-WO, 4100-WO, 5000-WO and 5100-WO.

Read more »

Global IT services and solutions provider DXC Technology announced over the weekend a ransomware attack on systems from its Xchanging subsidiary.

Xchanging is known as a managed service provider for businesses in the insurance industry but its list of customers includes companies from other fields: financial services, aerospace and defense, automotive, education, consumer packaged goods, healthcare, manufacturing.

Read more »

Two days after patches for critical F5 BIG-IP vulnerability were released, security researchers have started publicly posting proof-of-concept (PoC) exploits show how easy it is to exploit these devices.

F5 customers using BIG-IP devices and solutions include governments, Fortune 500 firms, banks, Internet services providers, and many consumer brands, including Microsoft, Oracle, and Facebook.

On Friday, F5 disclosed that they released patches for a critical 10/10 CVSSv3 rating vulnerability tracked as CVE-2020-5902.

This vulnerability allows a remote attacker to access the Traffic Management User Interface (TMUI) of the BIG-IP application delivery controller (ADC) without authentication and perform remote code execution.

Exploiting a BIG-IP device would allow an attacker to gain full access to the system, export user credentials, and potentially traverse the device’s internal network.

Read more »