cRyPtHoN™ INFOSEC (EN)

2022-05-23 14:14:23 How to find NPM dependencies vulnerable to account hijacking.

Security engineer outlines self-help strategy for keeping software supply chain safe

Following the recent disclosure of a technique for hijacking certain NPM packages, security engineer Danish Tariq has proposed a defensive strategy for those looking to assess whether their web apps include dependencies tied to subvertable email domains.

NPM, acquired by Microsoft's GitHub in March 2020, operates the NPM Registry, an online repository of code libraries that web developers include in their applications. It currently hosts almost two million packages and serves more than 174 billion downloads per month.

https://www.theregister.com/2022/05/23/npm_dependencies_vulnerable/

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-23 13:56:38 Elon Musk deep fakes promote new cryptocurrency scam.

Cryptocurrency scammers are using deep fake videos of Elon Musk and other prominent cryptocurrency advocates to promote a BitVex trading platform scam that steals deposited currency.

This fake BitVex cryptocurrency trading platform claims to be owned by Elon Musk, who created the site to allow everyone to earn up to 30% returns on their crypto deposits.

This scam campaign started earlier this month with threat actors creating or hacking existing YouTube accounts to host deep fake videos of Elon Musk, Cathie Wood, Brad Garlinghouse, Michael Saylor, and Charles Hoskinson.

These videos are legitimate interviews modified with deep fake technology to use the person's voice in a script provided by the threat actors.

https://www.bleepingcomputer.com/news/security/elon-musk-deep-fakes-promote-new-cryptocurrency-scam/

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-23 13:54:43 Bank refuses to pay ransom to hackers, sends dick pics instead.

I’m not sure if it would be enough for me to switch bank accounts, but I have something of a sneaking respect for the Bank of Zambia.

As Bleeping Computer reports, Zambia’s central bank fell foul of a ransomware attack orchestrated by the Hive ransomware gang earlier this month.

In a press release, the Bank of Zambia reassured its customers, partners, and media that it had recovered from the attack:

https://grahamcluley.com/bank-refuses-to-pay-ransom-to-hackers-sends-dick-pics-instead/

PDF - HERE

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-23 13:51:37 ISaPWN – research on the security of ISaGRAF Runtime.

In early 2020, we notified the Rockwell Automation Product Security Incident Response Team (RA PSIRT) of several vulnerabilities we had identified in the ISaGRAF Runtime execution environment.

According to public sources of information, ISaGRAF Runtime is used as an automation framework in multiple products in various industries across the globe and its use is not limited to ICS. ISaGRAF Runtime are also used in transportation, power & energy, and other sectors.

This report includes an analysis of the ISaGRAF framework, its architecture, the IXL and SNCP protocols that are used to program and control ISaGRAF-based devices and to communicate with them.

https://securelist.com/isapwn-research-on-the-security-of-isagraf-runtime/106521/

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-23 13:49:58 Microsoft sounds the alarm on – wait for it – a Linux botnet.

Redmond claims the numbers are scary, but won't release them

Microsoft has sounded the alarm on DDoS malware called XorDdos that targets Linux endpoints and servers.

The trojan, first discovered in 2014 by security research group MalwareMustDie, was named after its use of XOR-based encryption and the fact that is amasses botnets to carry out distributed denial-of-service attacks. Over the last six months, Microsoft threat researchers say they've witnessed a 254 percent spike in the malware's activity.

https://www.theregister.com/2022/05/23/microsoft_linux_botnet/

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-23 13:47:40 Anonymous Declares Cyber-War on Pro-Russian Hacker Gang Killnet.

Hacktivist group Anonymous has announced on social media that it’s launching a cyber-war against the pro-Russian group Killnet, which recently attacked European institutions.

The news comes after anonymous hackers recently declared “cyber war” against Vladimir Putin’s government following the Russian invasion of Ukraine, including leaking over 360,000 Russian federal agency files in the process.

On Twitter, the @YourAnonOne account announced that: “The #Anonymous collective is officially in cyber war against the pro-Russian hacker group #Killnet.”

https://www.infosecurity-magazine.com/news/anonymous-declares-war-on-killnet/

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-23 13:43:11 PDF Malware Is Not Yet Dead.

For the past decade, attackers have preferred to package malware in Microsoft Office file formats, particularly Word and Excel. In fact, in Q1 2022 nearly half (45%) of malware stopped by HP Wolf Security used Office formats. The reasons are clear: users are familiar with these file types, the applications used to open them are ubiquitous, and they are suited to social engineering lures.

In this post, we look at a malware campaign isolated by HP Wolf Security earlier this year that had an unusual infection chain. The malware arrived in a PDF document – a format attackers less commonly use to infect PCs – and relied on several tricks to evade detection, such as embedding malicious files, loading remotely-hosted exploits, and shellcode encryption.

https://threatresearch.ext.hp.com/pdf-malware-is-not-yet-dead/#

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-23 13:41:18 IBM Dives Into TrickBot Gang's Malware Crypting Operation.

Researchers with IBM Security’s X-Force division have analyzed 13 crypters employed by the cybercrime group behind the infamous TrickBot and Conti malware.

The use of crypters to obfuscate malware in order to evade antivirus detection is not new, but TrickBot’s operators – which are known as Wizard Spider, ITG23, or the Trickbot Group – took this practice to a new level, by automating the crypting of malware at scale with the launch of a Jenkins build server.

The TrickBot malware family emerged in 2016, when it mainly facilitated online banking fraud. The malware has evolved into helping the mass distribution of other malware families, and the cybercrime group behind it has widened its activities as well.

https://www.securityweek.com/ibm-dives-trickbot-gangs-malware-crypting-operation

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-22 19:38:20 The Privacy, Security, & OSINT Show.

EPISODE 262-Brief Updates

This week I offer brief updates from the road.

Direct support for this podcast comes from our privacy services, online training, and new books for 2022: Extreme Privacy (4th Edition) and Open Source Intelligence Techniques (9th Edition). More details can be found at IntelTechniques.com. Thank you for keeping this show ad-free and sponsor-free.

Listen to PAST episodes at https://inteltechniques.com/podcast.html

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-22 19:36:19 Firefox Browser Hacked In 8 Seconds Using 2 Critical Security Flaws.

With Windows 11, Microsoft Teams, Ubuntu Desktop, and the Tesla Model 3 all falling victim to hackers in one week, you might be forgiven for not noticing that Mozilla Firefox was also hacked. In just eight seconds using two critical security vulnerabilities.

Who hacked the Mozilla Firefox browser in just eight seconds?

The hacker in question was the supremely talented Manfred Paul who pulled off the lightning-fast double exploit using two critical vulnerabilities at the PWN2OWN Vancouver, 2022, event that came to an end on Friday, May 20.

https://www.forbes.com/sites/daveywinder/2022/05/22/firefox-browser-hacked-in-8-seconds-using-2-critical-security-flaws/

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment