Ειδοποιήσεις

New tools attributed to the Russia-linked Gamaredon hacker group include a module for Microsoft Outlook that creates custom emails with malicious documents and sends them to a victim’s contacts.

The threat actor disables protections for running macro scripts in Outlook and to plant the source file for the spearphishing attacks that spread malware to other victims.

Gamaredon has been in the cyber espionage game since at least 2013, targeting national security institutions in Ukraine for political and military gain. It became more active since December 2019.

Read more »

A vulnerability in the Universal Plug and Play protocol implemented in billions of devices can be exploited to exfiltrate data, turn them into bots for distributed denial-of-service attacks (DDoS), and scan internal networks.

The bug got the name CallStranger and it affects all devices that run a UPnP version earlier than April 17. Included are all versions of Windows 10, routers, access points, printers, gaming consoles, doorphones, media applications and devices, cameras, television sets.

Read more »

The newly revealed USBCulprit malware is used by a group known as Cycldek, Conimes, or Goblin Panda and is designed for compromising air-gapped devices via USB.

Cycldek is a Chinese APT group targeting that has been Southeast Asian nations for a long time to steal government information and state secrets.

The APT group has demonstrably taken an interest in “large organizations and government institutions in Vietnam,” stated a new report on the malware by Kaspersky.

For example, in 2013, the security firm CrowdStrike reported how the group was hacking “defense, energy, and government sectors” in conflicted Southeast Asian territories. At the time, the group had leveraged CVE-2012-0158 exploits to drop malware via malicious Microsoft Word documents.

In the years following the incident, the group continued to expand their arsenal of APTs, such as using rich-text format (RTF) documents with political content to deploy Remote-Access Trojans (RATs).

What Kaspersky revealed this week is a custom-designed stealthy tool called ‘USBCulprit’, which has sophisticated information-leeching capabilities, especially when used on an air-gapped system.

It enters the system via RTF documents or other unknown means, performs an extensive scanning of the victim’s system, and begins to leech documents, passing them and replicating itself onto removable media.

Read more »

Apple recently paid Indian vulnerability researcher Bhavuk Jain a huge $100,000 bug bounty for reporting a highly critical vulnerability affecting its ‘Sign in with Apple‘ system.

The now-patched vulnerability could have allowed remote attackers to bypass authentication and take over targeted users’ accounts on third-party services and apps that have been registered using ‘Sign in with Apple’ option.

Launched last year at Apple’s WWDC conference, ‘Sign in with Apple’ feature was introduced to the world as a privacy-preserving login mechanism that allows users to sign up an account with 3rd-party apps without disclosing their actual email addresses (also used as Apple IDs).

Read more »

Joomla, one of the most popular Open-source content management systems (CMS), last week announced a new data breach impacting 2,700 users who have an account with its resources directory (JRD) website, i.e., resources.joomla.org.

The breach exposed affected users’ personal information, such as full names, business addresses, email addresses, phone numbers, and encrypted passwords.

The company said the incident came to light during an internal website audit that revealed that a member of the Joomla Resources Directory (JRD) team stored a full unencrypted backup of the JRD website on an Amazon Web Services S3 bucket owned by the third-party company.

Read more »