Beware of Weaponized TeamViewer Installer that Delivers njRAT

andreasc
-
0
Beware of Weaponized TeamViewer Installer that Delivers njRAT
[ad_1]

Threat actors relying on legitimate, well-known software TeamViewer for exploitation has been a very common scenario.

There have been several cases where threat actors used well-known software to deliver malware to the victims.

Similarly, a recent report from Cyble Research & Intelligence Labs stated that the most popularly used remote desktop support software, “TeamViewer” has been exploited by threat actors to deliver njRAT malware.

Other software that was delivering njRAT malware include Wireshark, Process Hacker, etc.,

njRAT is a remote access trojan that can perform keylogging, password stealing, data exfiltration, accessing webcams, and microphones, downloading additional files, and many others.

It was first discovered in 2012 and was attacking organizations in Middle Eastern nations. 

Weaponized TeamViewer Installer

The Initial level of compromise for njRAT involves traditional methods like phishing campaigns, cracked software on file-sharing websites, and drive-by downloads. In addition to this, the malware is now being distributed via trojanized applications.

njRAT malware dropped on the Windows Folder (Source: Cyble)

Once the malware is executed, it drops two files on the C:\Windows folder in which, one of them is the njRAT malware.

The Installer then triggers the malware “TeamViewer Starting.exe” and eventually launches the legitimate “teamviewer.exe” application.

During the installation of TeamViewer, njRAT simultaneously starts the installation by copying itself to the \AppData\Local\Temp folder with the name “system.exe.”

It then executes the newly dropped file, and njRAT creates a mutex.

Post Exploitation and Persistence

njRAT modifies the “SEE_MASK_NOZONECHECKS” environment variable in Windows, which prevents security warning prompts or dialog boxes from being presented to the user, thereby operating without any hindrance.  

njRAT autorun entries in System Registry (Source: Cyble)

Furthermore, the malware also changes the Firewall regulation to allow communications with the C2 (Command and Control) server. 

The malware creates two autorun entries in the system registry to maintain persistence in the system. 

The malware then collects information about Keystrokes, Windows OS version, service pack, webcam information, the current date, username, system architecture, and specific registry keys.

It stores all of this information in the “%appdata%/temp” folder under the filename “System.exe.tmp”.

Indicators of Compromise

Indicators Description 
224ae485b6e4c1f925fff5d9de1684415670f133f3f8faa5f23914c78148fc31Trojanized Teamviewer
9b9539fec7d0227672717e126a9b46cda3315895
11aacb03c7e370d2b78b99efe9a131eb
9bcb093f911234d702a80a238cea14121c17f0b27d51bb023768e84c27f1262asystem.exe/ TeamViewer Starting.exe
b2f847dce91be5f5ea884d068f5d5a6d9140665c
8ccbb51dbee1d8866924610adb262990
hxxp://kkk[.]no-ip[.]biz                      C&C

[ad_2]
Source link

Worried about Android OS updates? Google has a solution

andreasc
-
0
Worried about Android OS updates? Google has a solution
[ad_1]

Every year, a new version of Android comes out, but not all of us are quick to install it. Some people really want to know what they’re getting themselves into when they tap Install. Well, Google is working on an Android upgrade invite system that will better show you what features you’ll be getting.

Most people in the tech world hear about all of the rumored features and additions coming with a new Android version. However, that’s not the case for everyone. Some don’t know what’s coming with the new version, so it can be a bit of a shock when something changes that they don’t like.

This is where the Android upgrade invite program comes in

This program will make it easier for OEMs to show what features they’re bringing in the latest update. Currently, the user will see a changelog for the update. While that’s useful, some people would like a more visual representation.

When an update is pending, the OEM will be able to send a notification to the user’s phone. When they tap on this notification, they’ll get a visual representation of the new features rather than just text. Mishaal Rahman posted a screenshot of the user flow that this could involve.

When you tap on the notification, you’ll see an intro screen- most likely saying something like “See what exciting features are in Android…”. After that, you might get a succession of screenshots showing you the new features that are present in the new version. After that, you’ll get an outro screen. You might actually be able to install the update from the notification.

This program is part of Google Play Services, so it’s only available on devices with Google Mobile Services. That’s something to keep in mind.

Another thing to keep in mind is that, while Google is distributing this, it’s dependent on the OEM. So, depending on the OEM, you might not see this feature. Also, it will look or behave differently depending on the OEM.


[ad_2]
Source link

The iPhone 15 could be the most AI-oriented iPhone Apple has ever released

andreasc
-
0
The iPhone 15 could be the most AI-oriented iPhone Apple has ever released
[ad_1]

While Apple will never come out and say “AI”, it has been using AI in its products and services for quite some time. In fact, it’s now using a LLM for autocorrect in iOS 17 (and it’s a huge upgrade!). Now, moving onto the iPhone 15 and the Health app in iOS 17, Apple could be using a whole lot of AI.

This comes from industry insider, Dan Ives, who claims that Apple is going to emphasize the role of artificial intelligence on the iPhone 15 a whole lot more. Though, don’t expect Apple to say that it is using artificial intelligence. Apple tends to not use names of things that other companies use. Like 120Hz, AI, Machine Learning, and even VR on the new headset it debuted at WWDC.

There’s hints that AI is coming to the Health app as well, and it could be a game-changer, says the insider. Basically, after enough time and number of interactions between the user and machine, AI would be able to give personalized recommendations about the person’s everyday life. For example, how you workout and even the ability to suggest a diet. And these plans would be based on collected information such as heart rate, sleep, and breathing data. Things that Apple Health already has.

iPhone 15 could use AI to get to know your moods

One thing that the iPhone 15 could do is, using AI to get to know what mood you’re in. This could be possible on the iPhone 15 due to the phone tracking a user’s speech and/or text messages. It’s still unclear how else this would work, or why it could be limited to the iPhone 15.

While the iPhone 15 is likely going to look the same on the outside, it looks like there’s going to be a lot of changes internally that could make this the year to upgrade to a new iPhone.


[ad_2]
Source link

BreachForums’ Pompompurin Pleads Guilty to Holding Child Abuse Content

andreasc
-
0
BreachForums’ Pompompurin Pleads Guilty to Holding Child Abuse Content
[ad_1]

The court document described the disturbing content as “videos depicting prepubescent minors and minors who had not attained 12 years of age engaging in s**ually explicit conduct.”

Conor Brian Fitzpatrick, known by his online aliases Pompompurin and Pom, a 2021 graduate of Peekskill High School, was arrested in March 2023, for his involvement in operating the notorious hacker and cybercriminal platform called BreachForums. The arrest has also revealed a disturbing link to another illegal activity involving child abuse images.

Court documents (PDF) seen by Hackread.com shed light on the dark secrets hidden within Fitzpatrick’s digital possessions. It has been discovered that his devices contained over 600 explicit images of child abuse, leading him to plead guilty in court.

The court document described the disturbing content as “videos depicting prepubescent minors and minors who had not attained 12 years of age engaging in sexually explicit conduct.”

BreachForums Admin Pompompurin Pleads Guilty of Holding 600 Child Abuse Images

This new development was first reported by Dissent Doe of the Databreaches blog. It then went viral on Twitter when vx-underground, an online library for malware samples, tweeted about it.

BreachForums Admin Pompompurin Pleads Guilty of Holding 600 Child Abuse Images

The trial for Pompompurin, as he is known online, is scheduled to commence on November 17th. However, he is subject to strict restrictions, including no access to computers, no contact with minors, no browsing of websites focused on data leaks and no usage of virtual private networks (VPNs).

It is worth noting that the arrest of Fitzpatrick came in the wake of the apprehension of Diogo Santos Coelho, the owner and administrator of Raid Forums in the United Kingdom. BreachForums, which emerged as a reincarnation of Raid Forums, was seized by the FBI (Federal Bureau of Investigation) in their crackdown against cybercriminal activities.

Despite the intervention, a new version of BreachForums has recently resurfaced, now under the control of the infamous ShinyHunters group.

BreachForums and its predecessor, Raid Forums, have long been known as platforms where hackers and cybercriminals gather to exchange stolen data, hacking techniques, and illicit tools.

These forums have been a cause of concern for law enforcement agencies worldwide due to their role in facilitating various cybercrimes, including data breaches and identity theft.

The emergence of a new incarnation of BreachForums, led by the notorious ShinyHunters group, raises alarm bells for cybersecurity experts. The ShinyHunters group has been involved in high-profile cyberattacks, often targeting corporations, government entities, and financial institutions. Their expertise and influence within the hacking community make them a formidable force to reckon with.

As the trial of Conor Brian Fitzpatrick approaches, many await the legal proceedings with a sense of urgency. The case not only highlights the dangers posed by cybercriminal forums but also sheds light on the dark underbelly of illegal activities involving child abuse imagery.

Hackread.com will continue to closely follow this case and provide updates as more information becomes available.

Note: Hackread.com encourages readers to report any suspicious online activities related to child abuse imagery to the appropriate law enforcement authorities.

  1. 5 Ways to Ensure Your Child’s Online Safety
  2. Authorities seize world’s biggest dark web child abuse site
  3. Data Breach at New BreachForums: 4,000 members’ data leaked
  4. Gender Diversity in Cybercrime Forums: Women Users on the Rise
  5. Raidforums Database Leak: Data of 460,000 Users Dumped Online

[ad_2]
Source link

Here’s the new emoji coming to iPhone and Google Pixel in 2024

andreasc
-
0
Here’s the new emoji coming to iPhone and Google Pixel in 2024
[ad_1]

There’s new emoji heading to a smartphone near you in 2024. The new Emoji 15.1 specification from the Unicode Consortium has just been announced and will be improved around September. That means that they will likely be part of iOS 17, and potentially a feature drop for Android phones later this year or next year – more likely, next year.

The emoji that’s listed by Emojipedia are currently proposed and under consideration, however it’s important to note that most emoji that make it to this stage, are eventually approved and make it into the official release. There are some sample designs of the proposed emoji, which is what you see in the picture above. So these are very likely not going to be the final versions.

108 new directional emoji are coming

As if we didn’t have enough emojis already, there are 108 new directional emojis on the way. Now most of these consist of people emoji with different skin tones. The emoji build on existing person walking, person running, person kneeling, person with white cane, person in manual wheelchair, and person in motorized wheelchair emoji. There’s also adding orientation directions like left and right.

Once the Emoji 15.1 characters are finalized in September of 2023, other smartphone manufacturers like Apple, Google, Samsung, etc, with adapt them through software updates. We’ve seen this before with both Google and Apple. Google will typically add them onto the Pixel through a Feature Drop. Other OEMs will need to add them, in their software updates. So not all Android devices will get them at the same time.

The last set of approved emojis came to the iPhone with iOS 16.4 in February 2023. And the last set landed on the Google Pixel in January with QPR3 Beta 2, and later was made available to all Pixel devices in March. When that feature drop was made available.


[ad_2]
Source link

Disney reportedly in talks to sell ABC & Disney Channel

andreasc
-
0
Disney reportedly in talks to sell ABC & Disney Channel
[ad_1]

Disney’s CEO, Bob Iger was speaking with CNBC earlier this week, at the Allen & Company Sun Valley Conference in Sun Valley, Idaho. And talked about how its linear channels – ABC, Disney Channel, and Freeform – may not be core to the company’s business moving forward.

While not explicitly stating it, it does sound like Iger is hinting that those channels might get sold off. Iger has acknowledged the rise in cord cutting and stating that linear television is a “no-growth business”. He also conceded that linear television is indeed “broken” right now, Iger did clarify that live sports remained different than other TV genres. This is because of the pull that they have on fans, and the appointment nature of the broadcasts, live sports “stands tall: in comparison with the rest of traditional TV programming.

Disney is looking to launch a standalone ESPN streaming service

At the same time, Iger has also noted that Disney has had conversations with potential “strategic partners” about working together to launch a standalone direct-to-consumer (DTC) streaming service for its ESPN family of networks.

While Disney does have ESPN+ already, it’s mostly an after thought. It basically shows all of the sports that other networks (including ESPN) didn’t want. But if they were to transition that into a DTC product, that could change. Since ESPN does have the rights to a whole lot of sports content. And it should, at least in theory, do better than Bally Sports+. That’s because ESPN would not be limited to only showing a couple of teams in each market.

Disney and ESPN executives have been discussing the possibility of putting all of ESPN’s programming under one streaming umbrella for quite some time. But these conversations have ramped up quite a bit over the past few months. However, Iger said back in February that the company was “just not there yet” when it came to making that big move.

However, we have heard that Disney has been working with cable and satellite providers to renegotiate their carriage deals, which would allow for a full streaming version of ESPN.


[ad_2]
Source link

Viber launches its premium service with exclusive features in the United States

andreasc
-
0
Viber launches its premium service with exclusive features in the United States
[ad_1]

Rakuten Viber has just announced the availability of its premium service, Viber Plus, in the US. The monthly subscription service, which was initially introduced back in May, promises to offer a premium messaging experience without ads for just $1.99 per month.

None of the standard features previously available for all Viber users have been moved behind the paywall, so everyone can continue to use them without paying for Viber Plus. What the premium service does is completely remove the ads and offer some extra features that are otherwise unavailable.

For example, Viber Plus subscribers will get multiple app icon styles, personalized 1-on-1 support, as well as unlimited stickers. More exclusive features for Viber Plus will be added in the coming months, the company stated.

Here are the main highlights of the newly launched Viber Plus service, which available since launch:

  • No ads: Use the Viber app without seeing any ads
  • Unlimited stickers: Download sticker packs for free
  • Unique app icons: Change the mobile or desktop Viber app icon to a unique icon such as unicorn, night, or sparkle-themed
  • Live support: Initiate live support chats with just one click at any time of day
  • Verification Badge: Verification badge exclusive to subscribers

In addition to the exclusive features above, Viber Plus will be getting Voice to Text, allowing users to transcribe received voice messages into text, and Invisible Mode, which will enable users to browse privately reading messages and seeing who’s online without them knowing.
Viber users in the United States who wish to check out the premium service can do so by clicking “More” in the bottom right corner of the app.

Besides the US, Viber Plus service is available in Czech Republic, Montenegro (iOS only), Switzerland, Kuwait, Australia, Tuvalu, Israel, Sweden, Austria, India, and Italy. More countries will be getting Viber Plus in the coming months.


[ad_2]
Source link

Rockwell Automation ControlLogix Flaws Expose ICS Devices

andreasc
-
0
Rockwell Automation ControlLogix Flaws Expose ICS Devices
[ad_1]

Rockwell Automation ControlLogix EtherNet/IP (ENIP) communication module models have two security issues that might be utilized to carry out remote code execution and cause a denial of service (DoS).

The ControlLogix system’s impacted communications modules are found in several industrial sectors, including manufacturing, electric, oil and gas, and liquified natural gas. They are also a component of the ControlLogix system.

Depending on how the ControlLogix system is configured, the outcomes and impact of exploiting these vulnerabilities vary.

Nevertheless, Dragos reported that they may result in denial or loss of control, denial or loss of view, theft of operational data, or manipulation of control with disruptive or harmful effects on the industrial process for which the ControlLogix system is responsible.

Flaws Identified

CVE-2023-3595 (CVSS score: 9.8):

It permits arbitrary firmware memory manipulation, which may result in loss of control, loss of vision, theft of operational data, and/or manipulation of control and view with disruptive or damaging effects.

This vulnerability exists in the Rockwell Automation ControlLogix communication products 1756 EN2* and 1756 EN3*.

CVE-2023-3596 (CVSS score: 7.5) :

A malicious user may be able to create a denial of service by asserting the target system using maliciously crafted CIP messages. This vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products.

Impacted Products

Rockwell Automation ControlLogix 1756 EN2*, 1756 EN3*, and 1756 EN4* EtherNet/IP (ENIP) communication module series are affected by these flaws.

Additional ICS/OT effects would depend on how the ControlLogix system is configured and how the process is set up to operate.

The company says that the type of access made available by CVE-2023-3595 is comparable to that made available by XENOTIME’s zero-day in the TRISIS attack.

Both allow for arbitrary firmware memory manipulation, whereas CVE-2023-3595 specifically targets a communication module that processes network commands. Their combined effect is the same, though.

Industrial control systems (ICS) malware known as TRISIS, commonly referred to as TRITON, has been seen in the past attacking Triconex safety instrumented system (SIS) controllers from Schneider Electric that are utilized in oil and gas facilities.

“An unreleased exploit capability leveraging these vulnerabilities is associated with an unnamed APT (Advanced Persistent Threat) group”, Dragos said

“As of mid-July 2023, there was no evidence of exploitation in the wild and the targeted victim organizations and industry verticals were unknown”.

Recommended Read: Most Important Consideration for Industrial Control System(ICS) Cyber Defense

Recommendation

For all impacted products, including hardware models that were no longer supported, Rockwell Automation has released updates. Additionally, detection rules have been offered.

Update the firmware to the newest version. It is necessary to update the 1756-EN2* and EN3* models to at least version 11.004 or 5.029, depending on the series. Models of the 1756-EN4* will require a firmware update to version 5.002.

Defenders should understand what normal looks like in their ICS/OT settings and use ICS/OT protocol-aware technology to check for changes in network activity regularly.


[ad_2]
Source link

Google is giving a glow-up to the Google Assistant in the latest Android Auto update

andreasc
-
0
Google is giving a glow-up to the Google Assistant in the latest Android Auto update
[ad_1]
If you own a car that supports Android Auto, then you might have not realized that Google recently updated it to the new software version 10.0. If that indeed is the case, then don’t worry, as there is little notable about the latest firmware and even less to be noticed.

Technically, the update’s main purpose was the addition of new features revolving around electronic vehicles, although the rollout seems to still be quite restricted with only some car models getting the new perks.

One tweak that is much more visible, however, is the new look for the Google Assistant in Android Auto, which now more closely resembles the one you see on your Android phone (via 9to5Mac).

Until recently, Android Auto displayed the Google Assistant in a black bar with the feature’s logo displayed at the left side of the bar. Now, the bar remains, but the logo is no more. Instead, you get a set of Google’s colors at the bottom, which glow while you are giving the assistant instructions.

Google is giving a glow-up to the Google Assistant in the latest Android Auto update

Admittedly, this is a very tiny change, but it is simply Google trying to make the software between its different services and products have a more holistic design, thus making it an easily recognizable experience for users. Basically, reaching that point when you see a certain UI element and immediately think — “Yep, that’s Google.”

The Google Assistant in Android Auto has gone through several visual changes throughout the years, but it finally seems like the search giant has reached a point where it is happy with the way it looks. From now on, we can expect it to change alongside tweaks on the company’s best Pixel phones, which are at the forefront when it comes to everything new Google wants to show off.

[ad_2]
Source link

ChatGPT for Penetration Testing

andreasc
-
0
ChatGPT for Penetration Testing
[ad_1]
ChatGPT for Penetration Testing

ChatGPT is one of the biggest and most sophisticated language models ever made, with a massive neural network of over 175 billion parameters.

Recent research has revealed how ChatGPT for penetration testing can enable testers to achieve greater success.

ChatGPT was launched by OpenAI in November 2022, causing significant disruption in the AI/ML community.

Sophisticated email attacks are on the rise, thanks to threat actors leveraging the power of Artificial Intelligence.

However, researchers are staying one step ahead by utilizing ChatGPT for threat analysis and penetration testing.

A recently published research paper by Sheetal Tamara from the University of the Cumberlands highlights the effective use of ChatGPT in Reconnaissance.

Recently an automated penetration testing tool PentestGPT released;

ChatGPT For Penetration Testing

The ChatGPT can be used in the initial reconnaissance phase, where the penetration tester is collection detailed data about the scope of assessment.

With the help of ChatGPT, pen-testers able to obtain reconnaissance data such as Internet Protocol (IP) address ranges, domain names, network topology, vendor technologies, SSL/TLS ciphers, ports & services, and operating systems.

This research highlights how artificial intelligence language models can be used in cybersecurity and contributes to advancing penetration testing techniques.

Pentesters can obtain the organization’s IP address using the prompt (“What IP address range related information do you have on [insert organization name here] in your knowledge base?”).

This prompt would deliver the possible IP addresses used by the organization.

“What type of domain name information can you gather on [insert target website here]?”

ChatGPT could provide the list of domain names used by the organization, such as primary domains, subdomains, other domains, international domains, generic top-level domains (gTLDs), and subsidiary domains.

“What vendor technologies does [insert target website fqdn here] make use of on its website?”

Answering this question, ChatGPT will provide various technologies, such as content delivery networks (CDNs), web servers, advertising engines, analytics engines, customer relationship management (CRM), and other technologies organizations use.

“Provide a comprehensive list of SSL ciphers based on your research used by [insert target website fqdn] in pursuant to your large corpus of text data present in your knowledge base.”

ChatGPT could provide the ciphers, SSL/TLS versions, and types of TLS certificates used, also, with this question, ChatGPT above to check the encryption standard used.

“Please list the partner websites including FQDN based on your research that [insert target website here] has direct links to according to your knowledge base.”

In response to the question, ChatGPT is able to provide a list of partner websites that are directly linked.

“Provide a vendor technology stack based on your research that is used by [insert organization name here].“

This prompt would extract the include application server type, database type, operating systems, big data technologies, logging and monitoring software, and other infrastructure-related information specific to the organization.

“Provide a list of network protocols related information that is available on [insert organization name here].”

ChatGPT will return a list of network protocols the target organization uses, including HTTPS, SMTP, NTP, SSH, SNMP, and others.

The research determined that “ChatGPT has the ability to provide valuable insight into the deployment of the target organization’s technology stack as well as specific information about web applications deployed by the target organization,” reads the paper published.

“The research performed on ChatGPT required trial and error in the prompting as certain requests can either be outright rejected or may result in responses that do not contain usable data for the reconnaissance phase of a penetration test.”


[ad_2]
Source link
1...1,0871,0881,089...1,476Page 1,088 of 1,476