Tag: compromised
Compromised Sites Use Fake Chrome Update Warnings to Spread Malware
The campaign has been underway since November 2022, and according to NTT’s security analyst Rintaro Koike, it shifted up a gear after February 2023, expanding its targeting scope to cover users who speak Japanese, Korean, and Spanish. BleepingComputer has found numerous sites hacked in this malware distribution campaign, including adult sites, blogs, news sites, and online stores…
If a targeted visitor browses the site, the scripts will display a fake Google Chrome error screen stating that an automatic update that is required to continue browsing the site failed to install. “An error occurred in Chrome automatic update. Please install the update package manually later, or wait for the next automatic update,” reads the fake Chrome error message. The scripts will then automatically download a ZIP file called ‘release.zip’ that is disguised as a Chrome update the user should install.
However, this ZIP file contains a Monero miner that will utilize the device’s CPU resources to mine cryptocurrency for the threat actors. Upon launch, the malware copies itself to C:Program FilesGoogleChrome as “updater.exe” and then launches a legitimate executable to perform process injection and run straight from memory. According to VirusTotal, the malware uses the “BYOVD” (bring your own vulnerable driver) technique to exploit a vulnerability in the legitimate WinRing0x64.sys to gain SYSTEM privileges on the device.
The miner persists by adding scheduled tasks and performing Registry modifications while excluding itself from Windows Defender. Additionally, it stops Windows Update and disrupts the communication of security products with their servers by modifying the IP addresses of the latter in the HOSTS file. This hinders updates and threat detection and may even disable an AV altogether.
Read more of this story at Slashdot.
Ukrainian Hackers Compromised Russian Spy Who Hacked Democrats In 2016
InformNapalm said in an article about the breach that it had confirmed Morgachev’s identity by poring through personnel files and a curriculum vitae stolen by the hackers, including one document that identified him as a department head in Unit 26165 — the same position which the FBI accused him of holding in 2018. […] It wasn’t immediately clear what information the hackers had managed to steal or how significant it was. Morgachev’s inbox could potentially hold insight into Russia’s hacking operations, including the operation against Clinton and the Democrats.
In its indictment, the FBI described him as an officer in the Russia’s military spy agency, still known by its old acronym, GRU. It said his department was “dedicated to developing and managing malware,” including the “X-Agent” spy software used to hack the DNC. In its message announcing the theft, the group said of Morgachev: “A very cool and clever hacker, but … We hacked him.”
Read more of this story at Slashdot.
3CX DesktopApp compromised by supply chain attack
Satechi Duo Wireless Charger Power Stand Review: Compromised Versatility
The Satechi Duo Wireless Charger Power Stand is for those who value the convenience of an all-in-one charging solution for multiple devices as well as the choice of wired or wireless power delivery. But there’s a price to be paid—literally and figuratively.
Read This Article on How-To Geek ›
The Guardian says ransomware attack compromised staff’s personal data
The Guardian has confirmed that it was the victim of a ransomware attack, and that the damage is more serious than first thought. In an update to staff, Guardian group chief Anna Bateson and newspaper editor-in-chief Katharine Viner said the December attack was “highly sophisticated” and accessed the personal data of UK employees. There was no evidence of the data being exposed online, or that the intruders had breached data for readers or non-UK editions.
Bateson and Viner understood that this was a “criminal” ransomware campaign, and that the perpetrators hadn’t targeted The Guardian as a media outlet. The paper has alerted both police as well as the UK’s Information Commissioner’s Office. The leaders didn’t identify the suspected culprits.
The fallout from the cyberattack has worsened. While The Guardian now expects some vital systems to return within two weeks, workers now won’t return to the office until early February. That will give the IT team more time to restore infrastructure, the outlet said. Staff have largely been working from home since the attack was spotted on December 20th, but were originally told only to stay away from the office for the remainder of that week.
The company has continued to run its online and print publications in the weeks since. Even so, the confirmation still makes this one of the more serious online security incidents for the press in recent memory. Fast Company was knocked offline for eight days early last fall, while The New York Postfell prey to a rogue employee weeks later. The Guardian is still dealing with the consequences of the ransomware over three weeks later, and won’t return to normality for a while yet.
Uber Says ‘No Evidence’ User Accounts Were Compromised in Hack
Read more of this story at Slashdot.
Some Authy 2FA accounts were compromised in Twilio data breach
Secure messaging app Signal isn’t the only platform dealing with the aftermath of the recent Twilio data breach. In an August 24th update spotted by TechCrunch, the company disclosed that hackers gained access to 93 individual Authy accounts. The platform is one of the more popular two-factor authentication apps on the market. It was acquired by Twilio in 2015 and has approximately 75 million users.
According to Twilio, hackers took advantage of the access they gained to register additional devices to the 93 accounts affected by the breach, meaning they had the opportunity to use the software to generate login codes. The company has “since identified and removed unauthorized devices” from the 93 accounts. Twilio says affected users should review their linked logins and look for signs of suspicious activity. It also recommends that those individuals double-check their linked device list and disable the app’s “Allow Multi-device” option.
On Wednesday, Twilio also shared that it now believes 163 of its customers had their data accessed for a “limited period of time” due to the hack. The company previously put that number at 125. While the scale of the Authy component is small, it represents a worst-case scenario for those individuals. Adding two-factor authentication to your accounts is one of the best ways to protect yourself online; having a hacker compromise that system, even if only momentarily, is scary.
Curve Finance Issues Warning About Compromised Front End Amid $570K Theft
Curve Finance Front End UI Compromised In DNS Hack
Other participants in the DeFi space quickly took to Twitter to spread the warning to their own followers, with some noting that the alleged thief appears to have stolen more than $573K USD at time of publication: “Alert to all @CurveFinance users, their frontend has been compromised! Do not interact with it until further notice! It appears around $570k stolen so far.”
Read more of this story at Slashdot.