Security News – Malware Board

May 22

IBM data reveals Hacktivists dead

It was time long when Threat intelligence said that hacktivism was dead. But, by the data, IBM-X Force confirms about the collapse scene of the hacktivism with activity levels sink down by 95% since 2015. Here is short analysis about the data about the decreasing percentage from the 2015 to 2019: In 2015 to 2016 hacktivist attacked dropped from 35 to 24 2016- 2017, in this gap, the attacks dropped to 5 at the end of 2017 2018-2019, only two incidents were recorded Till so far, in this year no attacks have been observed Reasons of the decline as blamed as researchers are: The death of the Anonymus hacker collective A sustained crackdown by law enforcement officials Let’s discuss the both in somewhat detail manner The death of Anonymous The disintegration of the Anonymous hacker collect probably be the main reason for the hacktivist collapse. It constituted of about 45% Read more

May 22

Millions of Instagram Influencers data are found on a database with no password

According to a report from TechCrunch, Cyber Security researcher, Anurag Sen, has just found a database containing private information of about 50 millions and more Instagram influencers. The data hosted on an Amazon Web services server without any password protection. The Cyber Security researcher has claimed that those Instagram influencers, including celebrities and official brand accounts, personal details were leaving without password and thus open for all to access to it creating the huge vulnerabilities of privacy issues or even data theft. TechCrunch tracked the database to a Mumbai-based social media marketing company named Chtrbox. The influencers were paid to post their client sponsored content on their accounts. Further analysis revealed that the database contained the details including: Names, Pictures, Phone numbers It is surprising that the database contains that details also that are not made public by Instagram. The data also contains the worth of Instagram influencers in terms Read more

May 20

Emerging hacker group MirrorThief Card skimming details

Card Skimming is very serious cyber crime that has been being carrying out by shady individuals for years. Recently, it was reported that 201 US and Canadian college online stores had been a victim of Card-Skimming attack. It seems here that it is a creation of a new hacker group, whom experts named “Mirrorthief” who manages to get the hand of the credit card details such as Credit card numbers, verifications numbers, card type and other important credentials stored on the Credit or debit Card. Card Skimming For your information, Card Skimming or Credit Card Skimming is a type of Credit Card theft where crooks use some small device to steal credit card credentials in legitimate credit or debit card transaction, which allow the crooks get the details of the credit card such as credit card numbers, verification numbers, card type, expiry date, the name of the holder, their phone Read more

May 18

Hackers delete over 12, 000 unsecured MongoDB databases

MongoDB attacks: victims are demanded payment to restore the database Over 12, 000 unsecured MongoDB databases have been deleted over the past three weeks with only option left behind asking the owners to make contact the hackers to have the data back. A security researcher, Sanyam jain discovered and reported the attacks and believes that this is most likely charging money in Cryptocurrency. The sum of the money may be smaller or bigger that’s depends on the sensitiveness of the database. The attacked was firstly reported on 24th of April by this year. He noticed that the MongoDB database did not contain the usual huge amounts of the leaked data but the following note: “Restore ? Contact : [email protected]”. That means, hackers were dropping some ransom note and asking the victims to contact them via email addresses [email protected] or [email protected] in order to get the data back to the system. It is believed that Read more

May 17

Zombieload attack impacts the Intel CPU allowing attackers to retrieve the processed data

On 14th of May 2019, Academics announced that they had discovered a new class of vulnerabilities affecting entire Intel processors generations. The vulnerabilities allow the attackers to retrieve data being processed inside a CPU. This flaw named Zombieload which is in the same class to the earlier vulnerabilities Meltdown, Spectre and Foreshadow happened in January 2018. How the flaw is exploited? Like the same with the other three, the Zombiaload Side channel flaw is exploited abusing an optimization technique named Speculation execution process which is added by the intel for to improve data processing speeds and performances. Academics have been pocking in various speculation processes for many years and revealing various ways how to leak the data from CPU buffer zones. The mentioned Meltdown, Spectre and ForeShadow vulnerabilities are the instances that shown how CPU components could leak data during the process. Bitdefender confirmed the finding of the academic team Read more

May 16

Cipher Stunting: a new method for evasion of detection mechanisms

A new way, named Cipher Stunting to evasion of detection mechanisms used by Security companies–which is the main goal for cybercriminals –has been discovered by AKamai researchers. This is based on SSL/TLS signature randomization. It first came into existence in early 2018. “Over the last few months, attackers have been tampering with SSL/TLS signatures at a scale never before seen by Akamai”, the researchers noted. “The TLS fingerprints that Akamai observed before Cipher Stunting could be counted in the tens of thousands. Soon after the initial observation, that count ballooned to millions, and then recently jumped to billions.” If you analyze the figure, which is 18,652 distinct fingerprints in Aug 2018 and after the TLS campaigns on September last year the number reached to 255 million in October, the huge increase came because of the range of attacks against the airlines, banking and dating websites. Such websites are also the main targets Read more

May 15

ScarCruft Hackers exploit Bluetooth device harvester to spy on victims

ScarCruft, a hacker group from North Korea has found to use a new infiltration device, i.e. the Bluetooth harvesting tool that allows them to get various sensitive details from the compromised computer. These professional hackers group seemingly to be highly experienced one known by different alternatives such as APT37, Reaper or Group123 has been active at least 2012 and their actions first noticed in 2016. By so far, ScarCruft main targets was high profile targets such as government, media and military organizations in South Korean. Such attacks have detected and after being analyzed concluded that it fits in three criteria: The North Korean IP is being used by the attackers Malware’s complication timestamps correspond to North Korean time zone. Objective aligns to the North Korean Government The past attacks used zero day vulnerabilities or Trojan. The campaigns were done against Japan, Vietnam and Middle East. What new in the trend; Read more

May 14

Vulnerability CVE-2019-3568 in WhatsApp leads Pegasus to spy users’ data

Here is the news for all the WhatsApp users. A flaw had been detected in the application that allows hackers to compromised device. The hackers used an advanced spyware developed by Israeli company NSO group to cause the infection. The flaw was firstly detected by Financial Times. It was tracked under CVE-2019-3568, which is a buffer overflow in the WhatsApp VOID stack. Due to this help, the remote code execution via specially crafted series of SRTCP packets are sent to a target a target phone number. The vulnerability under it was discovered at beginning of this month when company was busy working for security improvements. Following had major impact due to the vulnerability CVE-2019-3568 in WhatsApp: WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, And, Read more

May 09

Binance attacks: $41M BTC worth loss, affected users will be refunded

Binance, global cryptocurrency Exchange Company provides a platform for trading more than 100 cryptocurrencies, has released a report according to which attackers stole 7000BTC from their network. At the time of writing, this values worth up to $41M. Later on, it increased by 2% of the total Binance network and thus the total sum 7,074 BTC loss overall to company due to the attack. The CEO of the company, Changpeng Zhao, has reported that the data breach was discovered on 7th of this month. He added, the first time the company is experiencing such a big loss. The company manages to identity the transaction. According to it, the hackers transformed the money to a single wallet. It has ensured that the all other Bitoin are safe and will be in the future as well. But the bad news is that, as the company has added, there might be more infected Read more

May 08

wyzant data breach; number of affected users not yet known

Data breach on the Popular online marketplace for tutors and students website Wyzant Wyzant, online market place to match tutors with students suffered a huge data breach. According to the official news of the data breach reported by the end of April month of this year, intruder managed to access customers’ personal credentials. The company claims that they have fixed the issues. The breach was come into appearance in the next week on 2nd May. The company called this incident anomaly claimed to have invested in further. It was not yet known the exact person behind the breach. But, the data that the anonymous intruder could get was gained. The important users’ data stored on the network includes: Full names, email addresses, zip code, and Facebook profile information Numbers of users affected Wyzant is one that has more than two million registered users in total. Of them 80 000 are Read more