Lifeboat Foundation

Researchers reveal details about recent cyberattacks carried out by the Donot Hacking Team against government and military entities in South Asia.

A team of security researchers at Avanan is reporting that hackers are taking advantage of a Google Docs security vulnerability—one that takes advantage of a comment feature. They are claiming that they saw hackers using the vulnerability to target 500 inboxes of 30 Outlook users involving over 100 individual email accounts.

The team at Avanan claims that they found an earlier exploit in Google Docs last June—one that allowed hackers to send phishing links to users. Then, this past October, they discovered that hackers had found another way to send phishing links to unsuspecting users, using the comment feature. They further claim that the vulnerability was not fixed by Google and because of that they began seeing hackers taking advantage of the vulnerability last month.

The hacking approach is both simple and straightforward—a hacker creates a Google Docs document and adds comments to it that include an @ symbol followed by an email address. The symbol automatically alerts the system to send an email to the person designated in the email address—the email that is sent has phishing links in it, sending the user to a webpage that could lead to malicious code.

Athletes headed to the Beijing Olympic Winter Games are making final travel preparations, including keeping in line with China’s health measures on the “My 2022″ smartphone app. However, inadequate encryption measures within the app can leave Olympians, journalists and sports officials vulnerable to hackers, privacy breaches, and surveillance, according to a cybersecurity report by the Citizen Lab obtained exclusively by DW. Additionally, the IT forensic specialists found that the app includes a censorship keyword list. The findings come as international concern over digital safety at the Games mounts. Germany, Australia, UK and US have urged their athletes and National Olympic Committees to leave their personal phones and laptops behind and to travel with special devices over fears of digital espionage. The Dutch Olympic Committee outright banned its athletes from bringing personal phones and laptops due to surveillance concerns.

In the Olympic Playbook for athletes and team officials, the International Olympic Committee states that the “My 2022″ app is “in accordance with international standards and Chinese law.” But based on its findings, Citizen Lab concludes that the insecure transmission of personal information “may constitute a direct violation of China’s privacy laws.” This is because China’s data protection laws require that a person’s health and medical records held digitally be transmitted and stored in an encrypted manner. Citizen Lab’s findings also raise questions concerning two Western tech giants that carry the “My 2022″ app: Apple and Google. “Both Apple’s and Google’s policies forbid apps to transmit sensitive data without proper encryption, so Apple and Google will need to determine whether the app’s unresolved vulnerabilities warrant delisting,” Citizen Lab’s Knockel told DW. The Beijing Organizing Committee has stood by its app, however, saying it “passed the examination” of international mobile application markets such as Google, Apple and Samsung.“We have taken measures such as personal information encryption in the app to ensure privacy security,” the committee said Monday to Xinhua News Agency.

Continue reading “Hacking backdoor? Security flaws in China’s mandatory Olympics app | DW News” »

As the number of electric cars on the road grows, so does the need for electric vehicle (EV) charging stations and the Internet-based managing systems within those stations. However, these managing systems face their own issues: cybersecurity attacks.

Elias Bou-Harb, director of the UTSA Cyber Center for Security and Analytics, and his colleagues — Claud Fachkha of the University of Dubai and Tony Nasr, Sadegh Torabi and Chadi Assi of Concordia University in Montreal — are shedding light on the vulnerabilities of these cyber systems. The researchers are also recommending measures that would protect them from harm.

The systems built into electric cars perform critical duties over the Internet, including remote monitoring and customer billing, as do a growing number of internet-enabled EV charging stations.

The number of malware infections targeting Linux devices rose by 35% in 2021, most commonly to recruit IoT devices for DDoS (distributed denial of service) attacks.

IoTs are typically under-powered “smart” devices running various Linux distributions and are limited to specific functionality. However, when their resources are combined into large groups, they can deliver massive DDoS attacks to even well-protected infrastructure.

Besides DDoS, Linux IoT devices are recruited to mine cryptocurrency, facilitate spam mail campaigns, serve as relays, act as command and control servers, or even act as entry points into corporate networks.

Threat actors are actively incorporating public cloud services from Amazon and Microsoft into their malicious campaigns to deliver commodity remote access trojans (RATs) such as Nanocore, Netwire, and AsyncRAT to siphon sensitive information from compromised systems.

The spear-phishing attacks, which commenced in October 2021, have primarily targeted entities located in the U.S., Canada, Italy, and Singapore, researchers from Cisco Talos said in a report shared with The Hacker News.

Using existing legitimate infrastructure to facilitate intrusions is increasingly becoming part of an attacker’s playbook as it obviates the need to host their own servers, not to mention be used as a cloaking mechanism to evade detection by security solutions.

The use of trojanized USB devices for keystroke injection is not a new technique, even for FIN7. Typically the attack targets specific persons with access to the computer systems of the intended victim company. As FIN7 has recently ventured into ransomware, it makes sense for them to look for alternative avenues of infecting computers that are monitored by layers of protective systems, such as firewalls, email scanners, proxy servers, and endpoint security. The tactics and techniques involved in trojanized USB attacks enable FIN7 actors to avoid many of these network-level and endpoint protections by dispensing with malware transmission over the network, minimizing the use of files on disk and employing multiple layers of encoding of the malware’s scripts and executable code.

Pertinently, FIN7 recently created “Bastion Secure”, a fake information security company, and employed system administrators to unknowingly assist in system exploitation. It is possible that trojanized USBs are being constructed and used by these administrators for penetration testing. Alternatively, they might also be providing trojanized USBs to clients or prospective clients through some form of ruse (for example, telling the client it contains documentation on the fake company’s services). In either case, the clients or prospective clients could become victims of a trojanized USB attack, resulting in FIN7 gaining unauthorized remote access to systems within victims’ networks.

Gemini Advisory Mission Statement

Suspected Russian hackers left a message on the foreign ministry website, according to reports. It said: “Ukrainians! … All information about you has become public. Be afraid and expect worse. It’s your past, present and future.”

The message reproduced the Ukrainian flag and map crossed out. It mentioned the Ukrainian insurgent army, or UPA, which fought against the Soviet Union during the second world war. There was also a reference to “historical land”.

In a message to the Guardian, the foreign ministry’s spokesperson, Oleg Nikolenko, said: “As a result of a massive cyber-attack, the website of the ministry of foreign affairs and other government agencies are temporarily down.”

A 19-year-old said he’s found flaws in a piece of third-party software that appears to be used by a relatively small number of owners of Tesla Inc. cars that could allow hackers to remotely control some of the vehicles’ functions.