Select Page
Police Arrested Hundreds of Criminals After Hacking Into Encrypted Chat Network

Police Arrested Hundreds of Criminals After Hacking Into Encrypted Chat Network

In a joint operation, European and British law enforcement agencies recently arrested hundreds of alleged drug dealers and other criminals after infiltrating into a global network of an encrypted chatting app that was used to plot drug deals, money laundering, extortions, and even murders.

Dubbed EncroChat, the top-secret encrypted communication app comes pre-installed on a customised Android-based handset with GPS, camera, and microphone functionality removed for anonymity and security.

EncroChat phones aim to securely exchange data and messages with pre-loaded apps for secure instant messaging, VOIP calling, self destruct messages, and includes a ‘kill code’ functionality to let users remotely wipe complete data in times of trouble.

The handset and its services, which cost around £1,500 for a six-month subscription, had 60,000 users worldwide and approximately 10,000 users in the United Kingdom.

“EncroChat phones were presented to customers as guaranteeing perfect anonymity (no device or SIM card association on the customer’s account, acquisition under conditions guaranteeing the absence of traceability) and perfect discretion both of the encrypted interface (dual operating system, the encrypted interface being hidden so as not to be detectable) and the terminal itself (removal of the camera, microphone, GPS and USB port),” Europol said.

images from Hacker News

Critical Apache Guacamole Flaws Put Remote Desktops at Risk of Hacking

Critical Apache Guacamole Flaws Put Remote Desktops at Risk of Hacking

A new research has uncovered multiple critical reverse RDP vulnerabilities in Apache Guacamole, a popular remote desktop application used by system administrators to access and manage Windows and Linux machines remotely.

The reported flaws could potentially let bad actors achieve full control over the Guacamole server, intercept, and control all other connected sessions.

According to a report published by Check Point Research and shared with The Hacker News, the flaws grant “an attacker, who has already successfully compromised a computer inside the organisation, to launch an attack on the Guacamole gateway when an unsuspecting worker tries to connect to an infected machine.”

After the cybersecurity firm responsibly disclosed its findings to Apache, the maintainers of Guacamole, on March 31, the company released a patched version in June 2020.

Apache Guacamole is a popular open-source clientless remote desktop gateways solution. When installed on a company’s server, it allows users to remotely connect to their desktops simply using a web browser post an authentication process.

Notably, Apache Guacamole remote desktop application has amassed over 10 million downloads to date on Docker Hub.

images from Hacker News

Microsoft Releases Urgent Windows Update to Patch Two Critical Flaws

Microsoft Releases Urgent Windows Update to Patch Two Critical Flaws

Microsoft yesterday quietly released out-of-band software updates to patch two high-risk security vulnerabilities affecting hundreds of millions of Windows 10 and Server editions’ users.

To be noted, Microsoft rushed to deliver patches almost two weeks before the upcoming monthly ‘Patch Tuesday Updates’ scheduled for 14th July.

That’s likely because both flaws reside in the Windows Codecs Library, an easy attack vector to social engineer victims into running malicious media files downloaded from the Internet.

For those unaware, Codecs is a collection of support libraries that help the Windows operating system to play, compress and decompress various audio and video file extensions.

 

The two newly disclosed security vulnerabilities, assigned CVE-2020-1425 and CVE-2020-1457, are both remote code execution bugs that could allow an attacker to execute arbitrary code and control the compromised Windows computer.

According to Microsoft, both remote code execution vulnerabilities reside in the way Microsoft Windows codec library handles objects in memory.

However, exploiting both flaws requires an attacker to trick a user running an affected Windows system into clicking on a specially crafted image file designed to be opened with any app that uses the built-in Windows Codec Library.

Out of both, CVE-2020-1425 is more critical because the successful exploitation could allow an attacker even to harvest data to compromise the affected user’s system further.

The second vulnerability, tracked as CVE-2020-1457, has been rated as important and could allow an attacker to execute arbitrary code on an affected Windows system.

However, none of the security vulnerabilities has been reported as being publicly known or actively exploited in the wild by hackers at the time Microsoft released emergency patches.

 

According to advisories, both vulnerabilities were reported to Microsoft by Abdul-Aziz Hariri of Trend Micro’s Zero Day Initiative and affect the following operating systems:

  • Windows 10 version 1709
  • Windows 10 version 1803
  • Windows 10 version 1809
  • Windows 10 version 1903
  • Windows 10 version 1909
  • Windows 10 version 2004
  • Windows Server 2019
  • Windows Server version 1803
  • Windows Server version 1903
  • Windows Server version 1909
  • Windows Server version 2004

images from Hacker News

A New Ransomware Targeting Apple macOS Users Through Pirated Apps

A New Ransomware Targeting Apple macOS Users Through Pirated Apps

Cybersecurity researchers this week discovered a new type of ransomware targeting macOS users that spreads via pirated apps.

According to several independent reports from K7 Lab malware researcher Dinesh DevadossPatrick Wardle, and Malwarebytes, the ransomware variant — dubbed “EvilQuest” — is packaged along with legitimate apps, which upon installation, disguises itself as Apple’s CrashReporter or Google Software Update.

Besides encrypting the victim’s files, EvilQuest also comes with capabilities to ensure persistence, log keystrokes, create a reverse shell, and steal cryptocurrency wallet-related files.

With this development, EvilQuest joins a handful of ransomware strains that have exclusively singled out macOS, including KeRanger and Patcher.

The source of the malware appears to be trojanised versions of popular macOS software — such as Little Snitch, a DJ software called Mixed In Key 8, and Ableton Live — that are distributed on popular torrent sites.

“To start, the legitimate Little Snitch installer is attractively and professionally packaged, with a well-made custom installer that is properly code signed,” Thomas Reed, director of Mac and mobile at Malwarebytes, said. “However, this installer was a simple Apple installer package with a generic icon. Worse, the installer package was pointlessly distributed inside a disk image file.”

images from Hacker News

Advanced StrongPity Hackers Target Syria and Turkey with Retooled Spyware

Advanced StrongPity Hackers Target Syria and Turkey with Retooled Spyware

Cybersecurity researchers today uncovered new details of watering hole attacks against the Kurdish community in Syria and Turkey for surveillance and intelligence exfiltration purposes.

The advanced persistent threat behind the operation, called StrongPity, has retooled with new tactics to control compromised machines, cybersecurity firm Bitdefender said in a report shared with The Hacker News.

“Using watering hole tactics to selectively infect victims and deploying a three-tier C&C infrastructure to thwart forensic investigations, the APT group leveraged Trojanised popular tools, such as archivers, file recovery applications, remote connections applications, utilities, and even security software, to cover a wide range of options that targeted victims might be seeking,” the researchers said.

With the timestamps of the analysed malware samples used in the campaign coinciding with the Turkish offensive into north-eastern Syria (codenamed Operation Peace Spring) last October, Bitdefender said the attacks could have been politically motivated.

Using Tainted Installers to Drop Malware

StrongPity (or Promethium) was first publicly reported on in October 2016 after attacks against users in Belgium and Italy that used watering holes to deliver malicious versions of WinRAR and TrueCrypt file encryption software.

Since then, the APT has been linked to a 2018 operation that abused Türk Telekom’s network to redirect hundreds of users in Turkey and Syria to malicious StrongPity versions of authentic software.

images from Hacker News