Select Page
Europol Shuts Down ‘Imminent Monitor’ RAT Operations With 13 Arrests

Europol Shuts Down ‘Imminent Monitor’ RAT Operations With 13 Arrests

In a coordinated International law enforcement operation, Europol today announced to shut down the global organized cybercrime network behind Imminent Monitor RAT, yet another hacking tool that allows cybercriminals to gain complete control over a victim’s computer remotely.

The operation targeted both buyers and sellers of the IM-RAT (Imminent Monitor Remote Access Trojan), which was sold to more than 14,500 buyers and used against tens of thousands of victims across 124 countries.

The infrastructure and front-end sale website of the Imminent Monitor have also been seized as part of this operation, making the Trojan unusable for those who already bought it, as well as unavailable for the new users.

Promoted as a legitimate remote administration framework, the hacking tool was widely used to unauthorisedly access targeted users’ computers and steal their login credentials for online banking and other financial accounts.

According to Europol’s press release, authorities also executed search warrants in June this year against the developer and an employee of IM-RAT in Australia and Belgium, likely with an aim to identify re-sellers and users of the tool.

Moreover, 13 of the most prolific customers of IM-RAT were also arrested in Australia, Colombia, Czechia, the Netherlands, Poland, Spain, Sweden, and the United Kingdom.

images from Hacker News

Magento Marketplace Suffers Data Breach Exposing Users’ Account Info

Magento Marketplace Suffers Data Breach Exposing Users’ Account Info

If you have ever registered an account with the official Magento marketplace to bought or sold any extension, plugin, or e-commerce website theme, you must change your password immediately.

Adobe—the company owning Magento e-commerce platform—today disclosed a new data breach incident that exposed account information of Magento marketplace users to an unknown group of hackers or individuals.

According to the company, the hacker exploited an undisclosed vulnerability in its marketplace website that allowed him to gain unauthorized third-party access to the database of registered users — both customers (buyers) as well as the developers (sellers).

The leaked database includes affected users’ names, email addresses, MageID, billing and shipping address information, and some limited commercial information.

While Adobe didn’t reveal or might don’t know when the Magento marketplace was compromised, the company did confirm that its security team discovered the breach last week on November 21.

images from Hacker News

Over 12,000 Google Users Hit by Government Hackers in 3rd Quarter of 2019

Over 12,000 Google Users Hit by Government Hackers in 3rd Quarter of 2019

As part of its active efforts to protect billions of online users, Google identified and warned over 12,000 of its users who were targeted by a government-backed hacking attempt in the third quarter of this year.

According to a report published by Google’s Threat Analysis Group (TAG), more than 90 percent of the targeted users were hit with “credential phishing emails” that tried to trick victims into handing over access to their Google account.

Google’s TAG tracks over 270 government-backed hacking groups from over 50 countries that are involved in intelligence collection, stealing intellectual property, destructive cyber attacks, targeting dissidents, journalists, and activists, or spreading coordinated disinformation.

The alerts were sent to targeted users between July and September 2019, which is consistent within a +/-10 percent range of the number of phishing email warnings sent in the same period of 2018 and 2017, the company said.

These warnings usually get sent to the potential targets, which generally are activists, journalists, policy-makers, and politicians. However, if you have received any such alert, do not freak out straight away — it doesn’t necessarily mean that your Google account has been compromised.​

images from Hacker News

Latest Kali Linux OS Added Windows-Style Undercover Theme for Hackers

Latest Kali Linux OS Added Windows-Style Undercover Theme for Hackers

You can relate this:

While working on my laptop, I usually prefer sitting at a corner in the room from where no one should be able to easily stare at my screen, and if you’re a hacker, you must have more reasons to be paranoid.

Let’s go undercover:

If you’re in love with the Kali Linux operating system for hacking and penetration testing, here we have pretty awesome news for you.

Offensive Security today released a new and the final version of Kali Linux for 2019 that includes a special theme to transform your Xfce desktop environment into a Windows look-a-like desktop.

Dubbed ‘Kali Undercover,’ the theme has been designed for those who work in public places or office environments and don’t want people to spot that you’re working on Kali Linux, an operating system popular among hackers, penetration testers, and cybersecurity researchers.

As shown in the demo below, simply enabling “Kali Undercover Mode” from the menu would immediately turn your distinctive Kali dragon theme to the boring bluish version of the Windows operating system.

images from Hacker News

Malicious Android SDKs Caught Accessing Facebook and Twitter Users Data

Malicious Android SDKs Caught Accessing Facebook and Twitter Users Data

Two third-party software development kits integrated by over hundreds of thousands of Android apps have been caught holding unauthorized access to users’ data associated with their connected social media accounts.

In a blog post published yesterday, Twitter revealed that an SDK developed by OneAudience contains a privacy-violating component which may have passed some of its users’ personal data to the OneAudience servers.

Following Twitter’s disclosure, Facebook today released a statement revealing that an SDK from another company, Mobiburn, is also under investigation for a similar malicious activity that might have exposed its users connected with certain Android apps to data collection firms.

Both OneAudience and Mobiburn are data monetization services that pay developers to integrate their SDKs into the apps, which then collect users’ behavioral data and then use it with advertisers for targeted marketing.

In general, third-party software development kits used for advertisement purposes are not supposed to have access to your personally identifiable information, account password, or secret access tokens generated during ‘Login with Facebook’ or ‘Login with Twitter’ process.

However, reportedly, both malicious SDKs contain the ability to stealthy and unauthorizedly harvest this personal data, which you otherwise had only authorized app developers to access from your Twitter or Facebook accounts.

“This issue is not due to a vulnerability in Twitter’s software, but rather the lack of isolation between SDKs within an application,” Twitter clarified while revealing about the data collection incident.

So, the range of exposed data is based upon the level of access affected users had provided while connecting their social media accounts to the vulnerable apps.

This data usually includes users’ email addresses, usernames, photos, tweets, as well as secret access tokens that could have been misused to take control of your connected social media accounts.

“While we have no evidence to suggest that this was used to take control of a Twitter account, it is possible that a person could do so,” Twitter said.

 

“We have evidence that this SDK was used to access people’s personal data for at least some Twitter account holders using Android; however, we have no evidence that the iOS version of this malicious SDK targeted people who use Twitter for iOS.”

Twitter has also informed Google and Apple about the malicious SDKs and suggested users to simply avoid downloading apps from third-party app stores and periodically review authorized apps.​

images from Hacker News

Dozens of Severe Flaws Found in 4 Popular Open Source VNC Software

Dozens of Severe Flaws Found in 4 Popular Open Source VNC Software

Four popular open-source VNC remote desktop applications have been found vulnerable to a total of 37 security vulnerabilities, many of which went unnoticed for the last 20 years and most severe could allow remote attackers to compromise a targeted system.

VNC (virtual network computing) is an open source graphical desktop sharing protocol based on RFB (Remote FrameBuffer) that allows users to remotely control another computer, similar to Microsoft’s RDP service.

The implementation of the VNC system includes a “server component,” which runs on the computer sharing its desktop, and a “client component,” which runs on the computer that will access the shared desktop.

In other words, VNC allows you to use your mouse and keyboard to work on a remote computer as if you are sitting in front of it.

There are numerous VNC applications, both free and commercial, compatible with widely used operating systems like Linux, macOS, Windows, and Android.

Considering that there are currently over 600,000 VNC servers accessible remotely over the Internet and nearly 32% of which are connected to industrial automation systems, cybersecurity researchers at Kaspersky audited four widely used open source implementation of VNC, including:

  • LibVNC
  • UltraVNC
  • TightVNC 1.x
  • TurboVNC

After analyzing these VNC software, researchers found a total of 37 new memory corruption vulnerabilities in client and server software: 22 of which were found in UltraVNC, 10 in LibVNC, 4 in TightVNC, just 1 in TurboVNC.

“All of the bugs are linked to incorrect memory usage. Exploiting them leads only to malfunctions and denial of service — a relatively favorable outcome,” Kaspersky says. “In more serious cases, attackers can gain unauthorized access to information on the device or release malware into the victim’s system.

Some of the discovered security vulnerabilities can also lead to remote code execution (RCE) attacks, meaning an attacker could exploit these flaws to run arbitrary code on the targeted system and gain control over it.

Since the client-side app receives more data and contains data decoding components where developers often make errors while programming, most of the vulnerabilities affect the client-side version of these software.

images from Hacker News