cRyPtHoN™ INFOSEC (EN)

2022-05-23 14:41:19 Beware of Fake Windows 11 Downloads Distributing Vidar Malware.

Phishing domains are spreading Windows 11 installers loaded with Vidar infostealer.

According to the cybersecurity firm Zscaler ThreatLabz, threat actors are trying to install info stealing malware on users’ devices through newly registered domains. Zscaler explained that these spoofed domains were first observed in April 2022 and created to distribute “malicious ISO files” (a PE32 binary) disguised as legit MS Windows 11 OS installers.

These malicious files deliver Vidar infostealer on the device. Some of the fake domains registered on 20 April include ms-win11com, win11-servcom, win11installcom, and ms-teams-appnet.

https://www.hackread.com/beware-fake-windows-11-download-vidar-malware/

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-23 14:37:07 Cytrox’s Predator spyware used zero-day exploits in 3 campaigns.

Google’s Threat Analysis Group (TAG) uncovered campaigns targeting Android users with five zero-day vulnerabilities.

Google’s Threat Analysis Group (TAG) researchers discovered three campaigns, between August and October 2021, targeting Android users with five zero-day vulnerabilities.

The attacks aimed at installing the surveillance spyware Predator, developed by the North Macedonian firm Cytrox.

https://securityaffairs.co/wordpress/131561/hacking/predator-spyware-zero-day-exploits.html

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-23 14:34:16 Ubuntu 22.10 is dropping PulseAudio.

Ubuntu 22.10 is making a big change to the future of the Ubuntu Linux distribution line, by switching the audio server setup from PulseAudio to PipeWire.

The news was confirmed officially by Canonical Employee and Ubuntu Desktop Developer, Heather Ellsworth, on the Ubuntu Discourse thread about the topic,

“That’s right, as of today the Kinetic iso (pending, not yet current since the changes were just made) has been updated to run only pipewire and not pulseaudio. So @copong, you can look forward to this for kinetic.

For Jammy, you might notice that you have both pipewire and pulseaudio running. This is because pulseaudio is still being used for the audio but pipewire is being used for the video. (Pipewire is needed for screencasting and screensharing on Wayland.)

https://www.ghacks.net/2022/05/23/ubuntu-22-10-dropping-pulseaudio/

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-23 14:31:32 Password policy guidance.

Why do we need strong passwords?

Passwords are stored by using a one-way hashing algorithm to generate a representation of the original password on a securely designed system. Authentication mechanisms then compare the calculated hash of an entered password with the stored hash value to determine if the password is correct.

Because these hashing algorithms are not reversible, the only way to crack a password is to guess passwords and see if there is a hash match. It is therefore important to make the password resistant to cracking so that if a hashed password is compromised, either by gaining access to the database or capturing it from the network, the original password cannot be retrieved easily and used by an attacker. The way to do that is by using strong passwords.

https://www.pentestpartners.com/security-blog/password-policy-guidance/

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-23 14:28:40 New 'pymafka' malicious package drops Cobalt Strike on macOS, Windows, Linux.

This week, Sonatype's automated malware detection bots have discovered malicious Python package 'pymafka' in the PyPI registry.

The package appears to typosquat a legitimate popular library PyKafka, a programmer-friendly Apache Kafka client for Python. The development follows our discovery of another typosquat targeting the Apache Kafka project from earlier this month.

PyKafka includes Python implementations of Kafka producers and consumers, and has been retrieved over 4,240,305 times by user-initiated downloads and mirrors/bots alike. By contrast, malicious 'pymafka' shows a download count of around 300 as Sonatype timely reported the finding to PyPI.

https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-23 14:26:44 Sandworm uses a new version of ArguePatch to attack targets in Ukraine.

ESET researchers spot an updated version of the malware loader used in the Industroyer2 and CaddyWiper attacks

Sandworm, the APT group behind some of the world’s most disruptive cyberattacks, continues to update its arsenal for campaigns targeting Ukraine.

The ESET research team has now spotted an updated version of the ArguePatch malware loader that was used in the Industroyer2 attack against a Ukrainian energy provider and in multiple attacks involving data wiping malware called CaddyWiper.

https://www.welivesecurity.com/2022/05/20/sandworm-ukraine-new-version-arguepatch-malware-loader/

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-23 14:24:24 Common NFT scams and how to avoid them.

As NFTs exploded in popularity, scammers also jumped on the hype. Watch out for counterfeit NFTs, rug pulls, pump-and-dumps and other common scams plaguing the industry.

Looking back at 2012, colored coins were the first hint of what we now call non-fungible tokens (NFTs), or nifties for some. Ten years later, these blockhain-based assets that can represent pretty much anything are on everyone’s lips, especially in the worlds of arts, sports and videogames.

The NFT market began to pick up steam in 2020, having grown by more than 300% from the previous year and moving millions of dollars’ worth of cryptocurrency. By the first week of May 2022, however, the sale of these tokens plunged 92% to 19,000 from its high of 225,000 last September.

https://www.welivesecurity.com/2022/05/23/common-nft-scams-how-avoid-them/

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-23 14:22:36 Slyther : AWS Security Tool.

Slyther is AWS Security tool to check read/write/delete access for S3 buckets.

https://github.com/iamavu/Slyther

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-23 14:19:31 We need to talk about sex toys and cyber security.

I’ve often been shocked how poor the security of smart devices is. A few years ago we looked at a smart, interactive talking kids dolly. We discovered that it could be used as an audio spy bug and could also be hacked to then swear at children.

More recently, we discovered the area of smart sex toys. Many of us don’t feel comfortable talking publicly about such private and intimate matters. Partly because of this, I believe that smart adult toy manufacturers are not properly held to account for poor cyber security of their products. That’s why I think we need to talk about this subject.

https://www.pentestpartners.com/security-blog/we-need-to-talk-about-sex-toys-and-cyber-security/

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-23 14:16:56 Android apps on Windows: Microsoft's Windows Subsystem for Android just got a big update.

Microsoft has delivered multiple fixes for the Windows Systems for Android on Windows 11.

Microsoft has updated the Windows Subsystem for Android (WSA) to Android 12.1 and shipped improvements to Android integration with Windows, networking, the camera in apps, the Settings app, and more.

Android on Windows has been a hyped but slowly simmering affair, launching with Windows 11 in October with very few apps that must be installed from the Amazon Appstore. Microsoft released 1,000 more games and apps in February for mainstream users, but there are minimum hardware requirements and the Amazon Appstore is still only available in the US.

https://www.zdnet.com/article/android-apps-on-windows-microsofts-windows-subsystem-for-android-just-got-a-big-update/

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment