In a coordinated International law enforcement operation, Europol today announced to shut down the global organized cybercrime network behind Imminent Monitor RAT, yet another hacking tool that allows cybercriminals to gain complete control over a victim’s computer remotely.

The operation targeted both buyers and sellers of the IM-RAT (Imminent Monitor Remote Access Trojan), which was sold to more than 14,500 buyers and used against tens of thousands of victims across 124 countries.

The infrastructure and front-end sale website of the Imminent Monitor have also been seized as part of this operation, making the Trojan unusable for those who already bought it, as well as unavailable for the new users.

Promoted as a legitimate remote administration framework, the hacking tool was widely used to unauthorisedly access targeted users’ computers and steal their login credentials for online banking and other financial accounts.

According to Europol’s press release, authorities also executed search warrants in June this year against the developer and an employee of IM-RAT in Australia and Belgium, likely with an aim to identify re-sellers and users of the tool.

Moreover, 13 of the most prolific customers of IM-RAT were also arrested in Australia, Colombia, Czechia, the Netherlands, Poland, Spain, Sweden, and the United Kingdom.

images from Hacker News

If you have ever registered an account with the official Magento marketplace to bought or sold any extension, plugin, or e-commerce website theme, you must change your password immediately.

Adobe—the company owning Magento e-commerce platform—today disclosed a new data breach incident that exposed account information of Magento marketplace users to an unknown group of hackers or individuals.

According to the company, the hacker exploited an undisclosed vulnerability in its marketplace website that allowed him to gain unauthorized third-party access to the database of registered users — both customers (buyers) as well as the developers (sellers).

The leaked database includes affected users’ names, email addresses, MageID, billing and shipping address information, and some limited commercial information.

While Adobe didn’t reveal or might don’t know when the Magento marketplace was compromised, the company did confirm that its security team discovered the breach last week on November 21.

images from Hacker News

As part of its active efforts to protect billions of online users, Google identified and warned over 12,000 of its users who were targeted by a government-backed hacking attempt in the third quarter of this year.

According to a report published by Google’s Threat Analysis Group (TAG), more than 90 percent of the targeted users were hit with “credential phishing emails” that tried to trick victims into handing over access to their Google account.

Google’s TAG tracks over 270 government-backed hacking groups from over 50 countries that are involved in intelligence collection, stealing intellectual property, destructive cyber attacks, targeting dissidents, journalists, and activists, or spreading coordinated disinformation.

The alerts were sent to targeted users between July and September 2019, which is consistent within a +/-10 percent range of the number of phishing email warnings sent in the same period of 2018 and 2017, the company said.

These warnings usually get sent to the potential targets, which generally are activists, journalists, policy-makers, and politicians. However, if you have received any such alert, do not freak out straight away — it doesn’t necessarily mean that your Google account has been compromised.​

images from Hacker News

You can relate this:

While working on my laptop, I usually prefer sitting at a corner in the room from where no one should be able to easily stare at my screen, and if you’re a hacker, you must have more reasons to be paranoid.

Let’s go undercover:

If you’re in love with the Kali Linux operating system for hacking and penetration testing, here we have pretty awesome news for you.

Offensive Security today released a new and the final version of Kali Linux for 2019 that includes a special theme to transform your Xfce desktop environment into a Windows look-a-like desktop.

Dubbed ‘Kali Undercover,’ the theme has been designed for those who work in public places or office environments and don’t want people to spot that you’re working on Kali Linux, an operating system popular among hackers, penetration testers, and cybersecurity researchers.

As shown in the demo below, simply enabling “Kali Undercover Mode” from the menu would immediately turn your distinctive Kali dragon theme to the boring bluish version of the Windows operating system.

images from Hacker News

Two third-party software development kits integrated by over hundreds of thousands of Android apps have been caught holding unauthorized access to users’ data associated with their connected social media accounts.

In a blog post published yesterday, Twitter revealed that an SDK developed by OneAudience contains a privacy-violating component which may have passed some of its users’ personal data to the OneAudience servers.

Following Twitter’s disclosure, Facebook today released a statement revealing that an SDK from another company, Mobiburn, is also under investigation for a similar malicious activity that might have exposed its users connected with certain Android apps to data collection firms.

Both OneAudience and Mobiburn are data monetization services that pay developers to integrate their SDKs into the apps, which then collect users’ behavioral data and then use it with advertisers for targeted marketing.

In general, third-party software development kits used for advertisement purposes are not supposed to have access to your personally identifiable information, account password, or secret access tokens generated during ‘Login with Facebook’ or ‘Login with Twitter’ process.

However, reportedly, both malicious SDKs contain the ability to stealthy and unauthorizedly harvest this personal data, which you otherwise had only authorized app developers to access from your Twitter or Facebook accounts.

“This issue is not due to a vulnerability in Twitter’s software, but rather the lack of isolation between SDKs within an application,” Twitter clarified while revealing about the data collection incident.

So, the range of exposed data is based upon the level of access affected users had provided while connecting their social media accounts to the vulnerable apps.

This data usually includes users’ email addresses, usernames, photos, tweets, as well as secret access tokens that could have been misused to take control of your connected social media accounts.

“While we have no evidence to suggest that this was used to take control of a Twitter account, it is possible that a person could do so,” Twitter said.

“We have evidence that this SDK was used to access people’s personal data for at least some Twitter account holders using Android; however, we have no evidence that the iOS version of this malicious SDK targeted people who use Twitter for iOS.”

Twitter has also informed Google and Apple about the malicious SDKs and suggested users to simply avoid downloading apps from third-party app stores and periodically review authorized apps.​

images from Hacker News