A team of researchers today unveiled previously undisclosed capabilities of an Android spyware implant—developed by a sanctioned Iranian threat actor—that could let attackers spy on private chats from popular instant messaging apps, force Wi-Fi connections, and auto-answer calls from specific numbers for purposes of eavesdropping on conversations.

In September, the US Department of the Treasury imposed sanctions on APT39 (aka Chafer, ITG07, or Remix Kitten) — an Iranian threat actor backed by the country’s Ministry of Intelligence and Security (MOIS) — for carrying out malware campaigns targeting Iranian dissidents, journalists, and international companies in the telecom and travel sectors.

Coinciding with the sanctions, the Federal Bureau of Investigation (FBI) released a public threat analysis report describing several tools used by Rana Intelligence Computing Company, which operated as a front for the malicious cyber activities conducted by the APT39 group.

Formally linking the operations of APT39 to Rana, the FBI detailed eight separate and distinct sets of previously undisclosed malware used by the group to conduct their computer intrusion and reconnaissance activities, including an Android spyware app called “optimizer.apk” with information-stealing and remote access capabilities.

images from Hacker News

21st-century technology has allowed Cybercriminals to use sophisticated and undetectable methods for malicious activities.

In 2020 alone, a survey revealed that 65% of US-based companies were vulnerable to email phishing and impersonation attacks. This calls for upgrading your organization’s security with DMARC, which if not implemented, will enable cyber-attackers to:

• Instigate money transfers from vulnerable employees via spoofed emails while impersonating senior executives in your company
• Send fake invoices to your employees and partners
• Deal in illegal goods via your domain
• Spread Ransomware
• Impersonate customer support to steal confidential customer or partner information

Such situations can have long-lasting consequences on your business. From inflicting a blow on the brand’s reputation and credibility among its partners and customer base to loss of valuable company information and millions of dollars, the risks are countless.

images from Hacker News

A cybercrime group known for targeting e-commerce websites unleashed a “multi-stage malicious campaign” earlier this year designed with an intent to distribute information stealers and JavaScript-based payment skimmers.

In a new report published today and shared with The Hacker News, Singapore-based cybersecurity firm Group-IB attributed the operation to the same group that’s been linked to a separate attack aimed at online merchants using password-stealing malware to infect their websites with FakeSecurity JavaScript-sniffers (JS-sniffers).

The campaign progressed in four waves, starting in February and ending in September, with the operators relying on specially-crafted phishing pages and lure documents laced with malicious macros to download Vidar and Raccoon information stealers onto victim systems.

The ultimate goal of the attack, the researchers noted, was to steal payment and user data via several attack vectors and tools to deliver the malware.

The fake web pages were created using the Mephistophilus phishing kit, which allows attackers to create and deploy phishing landing pages engineered for distributing malware.

images from Hacker News

A global spear-phishing campaign has been targeting organizations associated with the distribution of COVID-19 vaccines since September 2020, according to new research.

Attributing the operation to a nation-state actor, IBM Security X-Force researchers said the attacks took aim at the vaccine cold chain, companies responsible for storing and delivering the COVID-19 vaccine at safe temperatures.

The development has prompted the US Cybersecurity and Infrastructure Security Agency (CISA) to issue an alert, urging Operation Warp Speed (OWS) organizations and companies involved in vaccine storage and transport to review the indicators of compromise (IoCs) and beef up their defences.

It is unclear whether any of the phishing attempts were successful, but the company said it has notified appropriate entities and authorities about this targeted attack.

The phishing emails, dating to September, targeted organizations in Italy, Germany, South Korea, the Czech Republic, greater Europe, and Taiwan, including the European Commission’s Directorate-General for Taxation and Customs Union, unnamed solar panel manufacturers, a South Korean software development firm, and a German website development company.

images from Hacker News

There is no question that attackers are going after your sensitive account data. Passwords have long been a target of those looking to compromise your environment.

Why would an attacker take the long, complicated way if they have the keys to the front door?

No matter how extensive your security solutions are, protecting the various systems in your environment, your organization may likely be an easy target without proper password security. An especially vulnerable type of password is a breached password, a.k.a “pwned” password.

What is a breached password? How do you discover breached passwords in your environment? How can organizations effectively protect their end-users from using these types of passwords?

The Danger of Compromised Accounts

The IBM Cost of a Data Breach Report 2020 noted compromised credentials as one of the primary contributors to malicious data breaches in the report’s key findings. It noted:

images from Hacker News