Select Page
Researchers Uncover Classiscam Scam-as-a-Service Operations in Singapore

Researchers Uncover Classiscam Scam-as-a-Service Operations in Singapore

A sophisticated scam-as-a-service operation dubbed Classiscam has now infiltrated into Singapore, more than 1.5 years after expanding to Europe.

“Scammers posing as legitimate buyers approach sellers with the request to purchase goods from their listings and the ultimate aim of stealing payment data,” Group-IB said in a report shared with The Hacker News.

The cybersecurity firm called the operators a “well-coordinated and technologically advanced scammer criminal network.”

Classiscam refers to a Russia-based cybercrime operation that was first recorded in summer 2019 but only came under spotlight a year later coinciding with a surge in activity owing to an increase in online shopping in the aftermath of COVID-19 outbreak.

Called the most widely used fraud scheme during the pandemic, Classiscam targets people who use marketplaces and services relating to property rentals, hotel bookings, online bank transfers, online retail, ride-sharing, and package deliveries.

images from Hacker News

Meta Cracks Down on Cyber Espionage Operations in South Asia Abusing Facebook

Meta Cracks Down on Cyber Espionage Operations in South Asia Abusing Facebook

Facebook parent company Meta disclosed that it took action against two espionage operations in South Asia that leveraged its social media platforms to distribute malware to potential targets.

The first set of activities is what the company described as “persistent and well-resourced” and undertaken by a hacking group tracked under the moniker Bitter APT (aka APT-C-08 or T-APT-17) targeting individuals in New Zealand, India, Pakistan, and the U.K.

“Bitter used various malicious tactics to target people online with social engineering and infect their devices with malware,” Meta said in its Quarterly Adversarial Threat Report. “They used a mix of link-shortening services, malicious domains, compromised websites, and third-party hosting providers to distribute their malware.”

The attacks involved the threat actor creating fictitious personas on the platform, masquerading as attractive young women in a bid to build trust with targets and lure them into clicking on bogus links that deployed malware.

But in an interesting twist, the attackers convinced victims to download an iOS chat application via Apple TestFlight, a legitimate online service that can be used for beta-testing apps and providing feedback to app developers.

images from Hacker News

New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack

New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack

A new IoT botnet malware dubbed RapperBot has been observed rapidly evolving its capabilities since it was first discovered in mid-June 2022.

“This family borrows heavily from the original Mirai source code, but what separates it from other IoT malware families is its built-in capability to brute force credentials and gain access to SSH servers instead of Telnet as implemented in Mirai,” Fortinet FortiGuard Labs said in a report.

The malware, which gets its name from an embedded URL to a YouTube rap music video in an earlier version, is said to have amassed a growing collection of compromised SSH servers, with over 3,500 unique IP addresses used to scan and brute-force their way into the servers.

RapperBot’s current implementation also delineates it from Mirai, allowing it to primarily function as an SSH brute-force tool with limited capabilities to carry out distributed denial-of-service (DDoS) attacks.

The deviation from traditional Mirai behaviour is further evidenced in its attempt to establish persistence on the compromised host, effectively permitting the threat actor to maintain long-term access long after the malware has been removed or the device has been rebooted.

images from Hacker News

Hackers Exploit Twitter Vulnerability to Exposes 5.4 Million Accounts

Hackers Exploit Twitter Vulnerability to Exposes 5.4 Million Accounts

Twitter on Friday revealed that a now-patched zero-day bug was used to link phone numbers and emails to user accounts on the social media platform.

“As a result of the vulnerability, if someone submitted an email address or phone number to Twitter’s systems, Twitter’s systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any,” the company said in an advisory.

Twitter said the bug, which it was made aware of in January 2022, stemmed from a code change introduced in June 2021. No passwords were exposed as a result of the incident.

The six-month delay in making this public stems from new evidence last month that an unidentified actor had potentially taken advantage of the flaw before the fix to scrape user information and sell it for profit on Breach Forums.

images from Hacker News

Slack Resets Passwords After a Bug Exposed Hashed Passwords for Some Users

Slack Resets Passwords After a Bug Exposed Hashed Passwords for Some Users

Slack said it took the step of resetting passwords for about 0.5% of its users after a flaw exposed salted password hashes when creating or revoking shared invitation links for workspaces.

“When a user performed either of these actions, Slack transmitted a hashed version of their password to other workspace members,” the enterprise communication and collaboration platform said in an alert on 4th August.

Hashing refers to a cryptographic technique that transforms any form of data into a fixed-size output (called a hash value or simply hash). Salting is designed to add an extra security layer to the hashing process to make it resistant to brute-force attempts.

The Salesforce-owned company, which reported more than 12 million daily active users in September 2019, didn’t reveal the exact hashing algorithm used to safeguard the passwords.

images from Hacker News

Iranian Hackers Likely Behind Disruptive Cyberattacks Against Albanian Government

Iranian Hackers Likely Behind Disruptive Cyberattacks Against Albanian Government

A threat actor working to further Iranian goals is said to have been behind a set of damaging cyberattacks against Albanian government services in mid-July 2022.

Cybersecurity firm Mandiant said the malicious activity against a NATO state represented a “geographic expansion of Iranian disruptive cyber operations.”

The July 17 attacks, according to Albania’s National Agency of Information Society, forced the government to “temporarily close access to online public services and other government websites” because of a “synchronized and sophisticated cybercriminal attack from outside Albania.”

The politically motivated disruptive operation, per Mandiant, entailed the deployment of a new ransomware family called ROADSWEEP that included a ransom note with the text: “Why should our taxes be spent on the benefit of DURRES terrorists?”

A front named HomeLand Justice has since claimed responsibility for the cyber offensive, with the group also allegedly claiming to have used a wiper malware in the attacks. Although the exact nature of the wiper is unknown, Mandiant said an Albanian user submitted a sample for what’s called ZeroCleare on July 19, coinciding with the attacks, to a public malware repository.

images from Hacker News