Hacker Using Google and Bing ads to Deliver Weaponized IT tools

0
[ad_1]

The latest research discovered malvertising campaigns abusing Google and Bing ads to target users seeking certain IT tools and deploying ransomware.

This campaign targets several organizations in the technology and non-profit sectors in North America. 

This campaign exhibits similar features of the infection chain that are related to the BlackCat (aka ALPHV) ransomware infection.

Sophos X ops researchers have found that a new variant of malware named Nitrogen was employed to trick users into downloading Trojanized ISO installers.

Attack Execution:

Initially, the threat actor targets users who visit advertisements on Google and Bing to obtain software tools and then redirects them to a malicious website hosted by the threat actor.

This campaign specifically targets IT professionals, as the advertised websites pose as prominent software installers such as AnyDesk, WinSCP, and Cisco AnyConnect VPN

For instance, when a user queries Google for WinSCP, a Google Ad referencing ‘Secure File Transfer – For Windows’ on the site softwareinteractivo[.]com

This site is a phishing page that impersonates a system administrator advice blog. 

Attack Chain

Once a user downloads a trojanized installer, ISO images are dropped on the compromised computer. 

These files are then mounted in Windows Explorer and can be transferred to a drive, where their contents are accessible.

When executed, the renamed msiexec.exe file sideloads the NitrogenInstaller file contained within the same image.

This Sideloading dynamic link libraries (DLLs)  technique is used by threat actors to disguise malicious activity as a legitimate process. 

In addition, they employ DLL proxying technique by forwarding exported functions to the legitimate msi.dll file in the system directory. 

Once executed, this NitrogenInstaller, drops a clean installer for the legitimate counterfeit application (e.g., Inno installer for WinSCP) 

In addition to that, it drops two Python packages: a legitimate Python archive and a NitrogenStager.

NitrogenInstaller attempts to gain elevated privileges by bypassing the User Access Control (UAC) with the CMSTPLUA CLSID. 

And Nitrogenstager creates a Meterpreter reverse TCP shell, enabling threat actors to execute code on the compromised system remotely.

Keep yourself informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.


[ad_2]
Source link

Smartphone shipments are falling, but Pixels are rising

0
[ad_1]

The smartphone market has been in a tough spot over the past few years due to several reasons. People just aren’t as inspired to buy phones nowadays. While this is the case, Google’s Pixel phones seem to be one of the stars of smartphone shipments in Q2 2023, according to CounterPoint Research.

This isn’t a big shocker. Google was able to create a community around its phones and other devices. With the launch of the Pixel Tablet and Pixel Fold, it’s finally established its ecosystem. We’re only months away from the Pixel 8 phones, and those look to be pretty stellar devices.

Here are the smartphone shipments from Q2 2023

Here’s the quarterly smartphone market progress report, and the numbers aren’t great. The smartphone market, as a whole, saw a 24% drop. According to a previous Counterpoint report, the total number of smartphones shipped in Q1 2023 was about 280.2 million. Taking 24% from that, we get a ballpark figure of about 213 million units sold in Q2 2023.

Companies like Apple (-6%), Samsung (-37%), Motorola (-17%), and Alcatel (-69%) all saw a notable drop in their shipments compared to Q2 2022 (April 2022- June 2022). While Apple saw a 6% drop in shipments, the overall market shrunk, so its share of the smartphone market actually grew by 10%. Also, Motorola’s share managed to remain the same thanks to the shrinkage.

However, one underdog actually saw significant growth last quarter. Google’s Pixel phones saw a 48% jump in shipments. This led it to grab 3% of the market which is up from 1% during the same time last year. It’s all about timing, to be honest. The Pixel 7a launched last quarter along with the Pixel Fold. The rush of purchases on launch day is what propelled Google’s shipments.

We expect to see a similar surge in shipments when the Pixel 8 launches in the final quarter of the year. This is going to be the story for the other companies. When Apple releases the iPhone 15, we’ll see its numbers soar. Also, Samsung just announced its latest duo of foldable phones. We expect to see its numbers rise in the third quarter of the year.


[ad_2]
Source link

Intel CEO says they will incorporate AI in all platforms

0
[ad_1]

In this ongoing AI revolution, it’s no secret that many companies are trying everything at their disposal to integrate AI into their products and services. As part of these efforts, Intel has now unveiled its new ambitious plans to incorporate artificial intelligence (AI) into every product it creates.

This announcement comes just months before the upcoming Intel Meteor Lake chips, which could reportedly feature a built-in neural processor specifically designed for handling machine learning tasks. Additionally, when discussing the potential reach of AI in Intel’s products, Geslinger stated that the company would take a more comprehensive approach, with the expectation that AI will eventually become a ubiquitous feature in all Intel products, serving a wide range of use cases and customers.

“Today, you’re starting to see that people are going to the cloud and goofing around with ChatGPT writing a research paper and, you know, that’s super cool, right? And kids are, of course, simplifying their homework assignments that way, but you’re not going to do that for every client — because becoming AI enabled, it must be done on the client for that to occur, right? You can’t go to the cloud. You can’t round trip to the cloud,” said Geslinger.

Furthermore, Geslimger predicted that AI would eventually permeate all business domains, including the client-facing consumer electronics market, enterprise data centers, and even manufacturing. Additionally, he playfully mentioned that even personal devices like hearing aids will soon have AI built-in, including his own.

AI integration in Windows 12

Although Intel isn’t the one developing Windows, Geslinger also hinted that AI could play a significant role in the next iteration of Windows, opening up a new era for AI-powered computing and transforming how users interact with their devices. And as part of these efforts, Microsoft has already unveiled the co-pilot for Windows 11, allowing users to type questions and perform specific actions, such as adjusting settings to enhance focus or carrying out other tasks on the PC.


[ad_2]
Source link

Malvertising Attack Drops BlackCat Ransomware via Fake Search Results

0
[ad_1]

IN SUMMARY

  • The attack lures users into downloading malicious versions of well-known apps through Google Search results.
  • These apps include AnyDesk, AnyConnect, WinSCP, Treesize, Cisco, Slack, and more.
  • Once a system is infected, attackers install BlackCat ransomware (also known as ALPHV).

A new malvertising attack has been tracked whose prime target is businesses. According to the latest research report from Bitdefender, threat actors are luring users via advertisements to download malicious versions of popular applications, including AnyDesk, AnyConnect, WinSCP, Treesize, Cisco, Slack, etc.

Malvertising Attack Drops BlackCat Ransomware via Fake Search Results
Fake AnyDesk result on top of actual AnyDesk app on Google (Image cited by Bitdefender – It was originally identified by @mithrandir

Report authors Victor VRABIE and Alexandru MAXIMCIUC explained that in this campaign, hackers rely on DLL sideloading to inject malicious code into the fake versions to gain access to the victim’s computer.

Once invaded, they can perform a wide range of activities on the device, such as stealing credentials, exfiltrating data for extortion, establishing persistence, and installing BlackCat ransomware.

For your information, BlackCat ransomware is distributed by RaaS (ransomware-as-a-service) operators. Also called ALPHV, this ransomware is written in Rust programming language and targets Windows and Linux-based devices.

The Case of Malicious ISO Archive

In a blog post, the company wrote that cybercriminals are using a malicious ISO archive with attractive offers to lure business users. Apart from the promised software, a ZIP archive is part of the package. This file contains a Python executable (python.exe) and its dependencies, which launch the malicious code as a Meterpreter stager to let threat actors access the device and achieve their nefarious objectives.

Further probing revealed that the campaign has been active since May 2023, and organizations in North America are the prominent targets, particularly businesses in the US and Canada. So far, Bitdefender researchers have detected six organizations targeted in the US and one in Canada.

Why are Malvertising Attacks on the Rise?

Bitdefender researchers highlight that in the past few years, they have observed cybercriminals developing a preference for targeting businesses with malicious versions of commonly used business apps because it is relatively easier to exploit their popularity.

These bogus apps are distributed in ads promoted through malicious websites. First, attackers create fake websites containing malicious downloads for high-interest apps and make sure these sites appear on top of the search engine results through ads. Innocent users click on these ads and get their devices infected when downloading the fake app.

The complete list of indicators of compromise for this malvertising attack is available here (PDF).

  1. Royal Ransomware Use Google Ads to spread infection
  2. Fake Ads Manager Software Target Facebook Accounts
  3. Google Ads Malware Wipes NFT Influencer’s Crypto Wallet
  4. Fake Facebook Profiles, Google Ads Pushing Sys01 Stealer
  5. Google Ads drop FatalRAT malware from fake browser apps

[ad_2]
Source link

Hackers Attack Apache Tomcat Servers to Deploy Malware

0
[ad_1]

Apache Tomcat, a free and open-source server, supports Jakarta Servlet, Expression Language, and WebSocket technologies, providing a “pure Java” HTTP web server environment.

Apache Tomcat dominates with nearly 50% developer adoption, and it’s widely used in the following developments:-

Aqua’s cybersecurity researchers found a new campaign exploiting misconfigured Apache Tomcat servers to deliver Mirai botnet malware and cryptocurrency miners.

Technical analysis

Over two years, Aqua identified 800+ attacks on its Tomcat server honeypots, 96% linked to the Mirai botnet.

Among the attacks, 20% (152) used the “neww” web shell script, sourced from 24 IPs, and 68% came from 104.248.157[.]218.

IPs initiating the attack (Source – Aqua)

The threat actor launched a brute force attack against the scanned Tomcat servers to access the web application manager through various credential combinations.

After successful entry, threat actors deploy a WAR file with ‘cmd.jsp’ web shell, enabling remote command execution on the Tomcat server that is compromised.

The whole attack chain involves the “downloading and running” of “neww” shell script, which is then deleted using the “rm -rf” command. The script then fetches 12 binary files tailored to the attacked system’s architecture.

Attack Flow (Source – Aqua)

The WAR file holds essential files for web applications, including:-

While all these elements efficiently streamline the web app deployment on compromised Tomcat servers.

The last-stage malware is a Mirai botnet variant, utilizing infected hosts for orchestrating distributed denial-of-service (DDoS) attacks.

Threat actor infiltrates web app manager with valid credentials, uploads disguised web shell in WAR file, executes commands remotely and initiates the attack.

The findings highlight cryptocurrency mining‘s lucrative growth, with a 399% increase and 332 million cryptojacking attacks globally in H1 2023.

Recommendation

Cybersecurity analysts recommended the following recommendations to mitigate such attacks:-

  • Make sure to configure all your environments properly.
  • Make sure to frequently scan your environments for unknown threats.
  • Empower your developers, DevOps, and security teams with cloud-native tools for scanning vulnerabilities and misconfigurations.
  • Make sure to use runtime detection and response solutions.

Keep yourself informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.


[ad_2]
Source link

Older Galaxy device will get these Fold 5, Flip 5 camera features

0
[ad_1]

Samsung recently launched the Galaxy Z Fold 5 and Galaxy Z Flip 5 foldable smartphones with Android 13-based One UI 5.1.1 onboard. Among other things, the foldables bring new and improved camera features. The company has now announced that some of those features will roll out to older Galaxy devices, including the Galaxy S23 series.

According to a Samsung Community moderator in charge of camera-related developments, the Galaxy Z Fold 5 and Galaxy Z Flip 5 offer improved digital zoom when shooting in the Photo mode with the rear cameras. These improvements will trickle down to the Galaxy S23 series with a future update. The company is currently working on the update and doesn’t have a release timeline to share with its customers.

The Galaxy Z Fold 5 brings a usability improvement that allows you to select multiple photos in the Capture View. You can easily share and delete them at once. The new foldable also lets you adjust various camera settings in Pro/Pro Video mode. Samsung plans to roll out these improvements to the Galaxy Z Fold 4, Galaxy Z Fold 3, and Galaxy Z Fold 2. Once again, we don’t have a release timeline for the update.

Another handy camera feature that Samsung added to its latest foldables comes into play when scanning documents. You can choose to sharpen the text and erase distractions such as fingers from documents with ease. If you’re holding a document with one hand and capturing with the other, there’s a chance that your hand will shake or the photo will contain your fingers. The new feature helps fix those issues. The Galaxy S23 series will get it with the Android 14-based One UI 6.0 update.

Older Galaxy S flagships and foldables will get more camera features

The latest Samsung foldables let you copy editing effects such as filters and color tones from one photo and apply them to another. You can find that option in the More section of the Photo Editor menu in the Gallery app. The Korean firm will push this feature to all of its foldables launched in 2020 and beyond, including the original Galaxy Z Flip. The Galaxy S21, Galaxy S22, and Galaxy S23 phones will also get it.

All of these Galaxy devices are also in line to get Samsung’s improved Photo Remaster tool. The community moderator touts improvements in removing fingerprints and erasing foreign objects. The after-before comparison tool has been improved too. Last but not least, Samsung will update these phones to give users an improved video editor. You can make bright areas brighter and dark areas darker. We will let you know when these updates roll out.


[ad_2]
Source link

iPhone 15 & 15 Plus won’t get iPhone 14 Pro’s 48MP camera

0
[ad_1]

We’ve seen a lot of reports regarding the upcoming iPhone 15 series. Some of them suggested that the iPhone 15 and 15 Plus will get the iPhone 14 Pro’s 48MP camera, but that may not be the case.

The vanilla iPhone 15 models won’t get iPhone 14 Pro’s 48MP camera

Based on a new report by Digital Chat Station, a well-known tipster, the iPhone 15 and 15 Plus will still get a 48-megapixel main camera, but not the one you’re expecting.

The iPhone 14 Pro has a 1/1.28-inch main camera with a 1.22um pixel size. The iPhone 15 Pro will retain that camera, but add some other improvements, like the hybrid lens design and a larger aperture.

The vanilla iPhone 15 and 15 Plus, on the other hand, are tipped to utilize a 1./1.5-inch 48-megapixel main camera. That would certainly be an improvement over the iPhone 14 Pro’s 12-megapixel (1/1.7-inch) shooter, but not as good as the camera on the Pro models.

This is not exactly surprising

Many would say this is not exactly surprising. Apple wants the ‘Pro’ models to have a proper advantage over the vanilla models, and the cameras are usually the way to make that happen.

The iPhone 15 Pro series will have a more powerful camera that will be able to gather more light, and thus provide sharper and better pictures. Well, that’s at least what’s expected here.

The iPhone 15 Pro Max may get some additional benefits over the regular ‘Pro’ variant, however. That is not something we’re used to seeing, but it will happen with the iPhone 15 Pro series.

The Pro Max model will include a periscope telephoto camera on the back, unlike the regular ‘Pro’ model. Well, at least based on rumors. We’ll have to wait and see. The iPhone 15 series is tipped to arrive in September, though a recent report claims that the launch may be delayed until October.


[ad_2]
Source link

New Zenbleed Attack Threatens AMD Zen2 CPUs – Patch released

0
[ad_1]

AMD recently addressed a critical vulnerability affecting its Zen2 CPUs. Named “Zenbleed,” the researcher who discovered the vulnerability devised an attack strategy that leaks sensitive data from AMD Zen2 processors. Following this discovery, the tech giant patched the vulnerability with a microcode update released for the affected systems.

About Zenbleed Attack

The researcher Tavis Ormandy of Google Project Zero recently shared insights about a severe security flaw threatening AMD processors.

Specifically, he discovered a side channel vulnerability affecting AMD Zen2 CPUs that allows an adversary explicit access to sensitive data. The researcher then demonstrated the exploit via Zenbleed – a dedicated attack strategy targeting this AMD Zen2 vulnerability.

As explained, the vulnerability, CVE-2023-20593, exists due to improper handling of vzeroupper instructions during speculative execution by the processor. Consequently, an attacker may exploit the vulnerability to access sensitive data from the CPU.

Summarizing the steps in the Zenbleed attack, the researcher stated that an attacker first needs to trigger XMM Register (the 128-bit vector registers in standard x86-64 CPUs) Merge Optimization. Then, performing register renaming followed by a mispredicted vzeroupper within a specific time window will let the adversary execute the attack. As described, an adversary may even “spy” on basic operations like strlenmemcpy and strcmp that use the vector registers, even if these operations happen on virtual machines or sandboxes.

The researcher has shared a detailed technical analysis of the flaw and the Zenbleed attack in a separate write-up.

AMD Released A Microcode Fix

Ormandy explained that detecting vulnerability exploits is difficult since it requires no specific system calls or privileges. However, achieving real-world exploits is somewhat tricky since it requires an attacker to bear strong technical knowledge and physical access to the target system to exploit the flaw.

Following Ormandy’s report, AMD released a microcode patch for the following vulnerable Zen2 processors.

  • AMD Ryzen 3000 Series Processors
  • AMD Ryzen PRO 3000 Series Processors
  • AMD Ryzen Threadripper 3000 Series Processors
  • AMD Ryzen 4000 Series Processors with Radeon Graphics
  • AMD Ryzen PRO 4000 Series Processors
  • AMD Ryzen 5000 Series Processors with Radeon Graphics
  • AMD Ryzen 7020 Series Processors with Radeon Graphics
  • AMD EPYC “Rome” Processors

Hence, all users must update their systems with the latest BIOS/firmware releases to receive the patch.

Let us know your thoughts in the comments.


[ad_2]
Source link

Google is finally rolling out ‘unknown tracker alerts’ for Android users

0
[ad_1]

Ever since Apple introduced AirTags back in 2021 and disrupted the Bluetooth tracking market, there have been serious concerns about bad actors using them to invade others’ privacy. And although Apple devices receive alerts when an unknown AirTag is following them, Android users do not have such a feature. Now, in an effort to combat this issue, Google is finally rolling out the “unknown tracker alerts” feature, which aims to protect users from potential stalking attempts or unlawful activities involving Bluetooth tracking devices, including Apple AirTags.

Announced at the Google I/O in May, the “unknown tracker alerts” feature automatically sends alerts to users if their phone detects an unknown Bluetooth device travelling with them. This will not only help people identify potential stalking attempts or unauthorized surveillance but also empower them to take measures to safeguard their privacy. Additionally, users will have the option to make the accessory emit a sound, thus aiding in locating the device.

Furthermore, if a tracker raises suspicion, Google will provide clear instructions on how to deactivate it, ensuring that the owner will no longer receive updates from the device.

Manual scanning

In addition to automatic alerts, individuals can manually scan their surroundings for any nearby Bluetooth trackers if they suspect someone is following them. To do this, users need to go to the “Safety & Emergency” section in Android’s settings and select “Unknown tracker alerts.” From there, users can start a manual scan, and if an AirTag is nearby, Google will provide the necessary steps to deactivate it.

Google’s Find My Device network

To further assist users in locating their misplaced or stolen items, Google is bringing major updates to its Find My Device network, which would enable them to ring their devices or view their location on a map even when they are offline. However, the company has decided to delay the rollout of these updates until Apple implements its full unknown tracking protections into iOS.


[ad_2]
Source link

A couple did something horrific to buy the iPhone 14

0
[ad_1]

A couple from India did something truly horrific in order to buy the iPhone 14. Based on a report from DailyO, a couple from India’s West Bengal sold their 8-month-old baby in order to make it happen.

A couple from India did the most horrific things in order to buy the iPhone 14 & travel

Needless to say, that is truly horrific. To make things worse, they also attempted to sell their 7-year-old daughter, it is reported. They did that not only to get the iPhone 14, but also to travel and film Reels for Instagram.

Based on the report, the couple was first confronted by concerned neighbors, who noticed the absence of the baby. They also noticed the iPhone 14 was in their possession, despite the fact they had financial troubles.

The mother confessed already, but the father is still at large

The mother then confessed to selling the baby, and was arrested shortly after. The woman accused of buying the baby also got arrested, but the baby mother’s husband is still at large.

It remains to be seen how will this story unravel, but the act itself is unimaginable. The standard in India doesn’t allow most people to get ahold of Apple’s latest products, which is why we’re hearing truly odd stories from time to time.

In the past, people have been reported to sell their kidneys to get Apple’s products, and that’s only one example. That is bad enough, but selling your own child is inexcusable.

In case you’re wondering, the vanilla version of the iPhone 14 costs an equivalent of $975 in India. It’s considerably more expensive than in the US. We’re not sure what model the couple ended up getting, but that’s not really important here.

The Indian authorities are actively looking for the baby’s father, and will hopefully arrest him soon to answer for his crimes together with the baby’s mother.

 


[ad_2]
Source link