Hackers use Popular Tools to Deliver Blackcat Ransomware

andreasc
-
0
Hackers use Popular Tools to Deliver Blackcat Ransomware
[ad_1]

The cybersecurity researchers at Trend Micro recently identified that the Blackcat Ransomware (aka ALPHV) actors are using malvertising tricks to spread fake WinSCP installers via Targeted Attack Detection (TAD) service.

In these advertising campaigns, the threat actors lured their victims by using the cloned web pages of legitimate organizations.

CSN

Google Ads boosts sales by targeting audiences with tailored ads, driving traffic for businesses. 

While in this case, threat actors make use of these platforms to launch malvertising campaigns that exploit keyword hijacking to trap search engine users with malicious ads and distribute malware stealthily.

Blackcat Ransomware Infection Chain

Delaying intervention would have severely impacted the enterprise, considering the threat actors’ acquisition of domain admin privileges and establishment of backdoors, leading to significant consequences.

Infection Chain
Infection chain (Source – Trend Micro)

Upon searching “WinSCP Download” on Bing, the user encounters a deceptive ad promoting the application positioned above the organic search results. Clicking the ad redirects to a suspicious website featuring a tutorial on automated file transfers via WinSCP.

Suspicious site (Source – Trend Micro)

After landing on the initial page, the user is sent to a cloned WinSCP download site:- 

Clicking “Download” initiates an ISO file download from an infected WordPress page:-

  • hxxps://events[.]drdivyaclinic[.]com

While the final payload URL was later switched to the file-sharing service 4 shared by the malicious actor.

Malicious Download Site

Once the victim clicks, they get an ISO file with “setup.exe” and “msi.dll” – the former tempts the user to open it, while the latter acts as the triggered malware dropper.

Malicious Download Site
Download site (Source – Trend Micro)

Upon executing setup.exe, it triggers msi.dll, extracting a Python folder from the DLL RCDATA section, and also functioning as the genuine WinSCP installer for installation.

The process includes installing a trojanized python310.dll and establishing persistence through a run key named “Python” with the following value:-

  • C:\Users\Public\Music\python\pythonw.exe
The run key (Source – Trend Micro)

A modified obfuscated python310.dll file is loaded on successful execution of pythonw.exe. The python310.dll file includes a Cobalt Strike beacon, which establishes a connection to a C2 server.

With Cobalt Strike operational, executing scripts, retrieving tools for lateral movement, and intensifying the compromise becomes effortless.

Tools used

Here below we have mentioned all the tools that are used by the Blackcat Ransomware (aka ALPHV):-

  • Curl
  • PsExec
  • PowerShell commands
  • PowerView
  • BitsAdmin
  • AdFind
  • AccessChk64
  • Findstr
  • PuTTY Secure Copy
  • AnyDesk
  • Python scripts
  • KillAV BAT

Apart from this, ALPHV also employed SpyBoy “Terminator,” it’s a tool that disables EDR and antivirus solutions.

Recommendations

Here below we have mentioned all the recommendations offered by the researchers:-

  • Take necessary steps to educate employees on recognizing and avoiding phishing attacks.
  • Keep a close watch on activities and maintain detailed logs.
  • Set specific criteria to determine what qualifies as regular network traffic for day-to-day operations.
  • Focus on enhancing incident response procedures and improving overall communication efforts.
  • Collaborate with experienced cybersecurity researchers and professionals to get more advanced security improvement ideas.

“AI-based email security measures Protect your business From Email Threats!” – Request a Free Demo.


[ad_2]
Source link

Szymon Mordasiewicz Panelem Gospodarstw Domowych GfK

andreasc
-
0

gfk panel gospodarstw domowych

Twoje gospodarstwo domowe używając aplikacji skanuje codzienne zakupy.

gfk panel gospodarstw domowych

Zdarza się, że nasi dostawcy przedstawią nam jakiś bardzo atrakcyjny produkt w trakcie trwania danej edycji katalogu albo kiedy prace nad nią zostały już zakończone. Wtedy taki upominek zamieszczamy https://www.investorynews.com/zloto-dips-on-profit-podejmowanie-handel-niepewnosc-straty-cap/ w osobnej ofercie prezentowanej najczęściej wyłącznie stronie internetowej. Instytut GfK Polonia jest jedną z największych firm badawczych, działającą na polskim rynku od 1990 roku.

Instytut GfK Polonia

Wcześniej (do końca 2009 roku) osoby uczestniczące w badaniu zapisywały swoje zakupy w papierowych dzienniczkach. Od początku 2010 roku sposób rejestracji stopniowo ewoluował. Dzięki temu urządzeniu badanie jest prostsze i nowocześniejsze Nasdaq Nosedive – Gdzie dalej niż jego poprzednia forma. Paneliści – uczestnicy badania Panel Gospodarstw Domowych – to reprezentatywna próba mieszkańców Polski. Wystarczy tylko zarejestrować się i cierpliwie poczekać na kontakt z naszej strony.

gfk panel gospodarstw domowych

Jeżeli to nie nastąpi natychmiast, to nic straconego – rekrutujemy do badania bez przerwy i jest duża szansa, że w ciągu kilku tygodni przekażemy informacje o kolejnych etapach rekrutacji. Informacje o kupionych produktach, pozyskiwane dzięki nim pozwalają nam określać wzór nawyków zakupowych polskich obywateli. Wystarczy tylko wypełnić formularz zgłoszeniowy i cierpliwie poczekać na kontakt z naszej strony. We wszystkich prowadzonych przez nas projektach wykorzystujemy „jakieś” dane, dlatego chronimy je i skutecznie zapobiegamy ich wyciekowi.

Samsung QN700B 8K Smart TV Now Just $999: Save $600

andreasc
-
0
Samsung QN700B 8K Smart TV Now Just $999: Save $600
[ad_1]

Best Buy has a pretty incredible deal on the Samsung QN700B 8K TV right now, where you can pick it up for only $999. That’s the cheapest we’ve seen an 8K TV ever, so now is a really great time to pick one up. This is a Neo QLED 8K TV, so it’s a pretty good one to grab.

Samsung QN700B QLED 8K TV – Best Buy

Why you should buy the Samsung QN700B

The Samsung 55-inch QN700B Neo QLED 8K Smart TV is a great option for anyone looking for a high-end TV. It’s currently on sale for $1,499, which is a great deal for a TV of this caliber.

Here are some of the reasons why you should buy the Samsung QN700B:

  • 8K resolution: The QN700B has a 8K resolution, which means that it can display images with up to 33 million pixels. This means that you’ll be able to see even the smallest details in your favorite movies and TV shows.
  • Neo QLED technology: The QN700B uses Neo QLED technology, which provides better contrast and color accuracy than traditional LED TVs. This means that you’ll get a more immersive viewing experience.
  • Smart TV features: The QN700B is a Smart TV, which means that you can access streaming apps like Netflix, Amazon Prime Video, and Disney+. You can also use the TV’s voice assistant to control it with your voice.
  • Design: The QN700B has a sleek and stylish design. It’s made of a thin bezel that makes the TV look more immersive.

If you’re looking for a high-end TV with stunning picture quality, the Samsung QN700B is a great option. It’s currently on sale for $1,499, so don’t miss out on this great deal.

Here are some additional reasons why you should buy the Samsung QN700B:

  • It has a wide viewing angle, so you can enjoy the picture quality from anywhere in the room.
  • It’s compatible with HDR10+ and Dolby Vision, which means that you can enjoy HDR content with the best possible picture quality.
  • It has a built-in soundbar, so you don’t need to buy a separate sound system.
  • It comes with a remote control that has voice control capabilities.

Overall, the Samsung QN700B is a great choice for anyone looking for a high-end TV with stunning picture quality and a wide range of features. If you’re in the market for a new TV, I recommend taking a look at the Samsung QN700B.

Samsung QN700B QLED 8K TV – Best Buy


[ad_2]
Source link

Apple’s future AirPods could monitor your hearing

andreasc
-
0
Apple’s future AirPods could monitor your hearing
[ad_1]

AirPods have been a huge success for Apple, since debuting in 2017. In fact, if Apple broke out the AirPods business, it would be a larger business than a majority of the S&P 500 companies. That’s just insane. And now, Apple is looking to break into the $10 billion/year hearing aid market.

According to Mark Gurman’s latest newsletter for Bloomberg, Apple is looking to release a new pair of AirPods in 2025, that would help monitor the user’s hearing. This would measure the body temperature of the person that is wearing the earbuds, and the test would also emit different tones that can help it determine how well a person can hear.

Apple is also looking to enter the hearing aid market, and a ruling from the FDA last year, makes that even easier. The FDA ruled that consumers can now buying hearing aids from retail stores without an exam or prescription.

Apple expected to release a USB-C version of AirPods Pro this year

Quite a bit of news this weekend about AirPods. And now moving over to the AirPods Pro, Apple is planning to release an USB-C model later this year. They will likely release alongside the iPhone 15 series in September.

This is part of the EU’s demands for every piece of tech to use USB-C by 2025. And since Apple just released a new version of AirPods Pro late last year, we don’t expect to see a new model for at least another year or so. That means a mid-cycle upgrade that adds USB-C.

On top of that, Apple is also reportedly considering adding a cheaper version of AirPods to the line. There’s not much known about this cheaper version of the AirPods, but we’d expect it to be like an AirPods SE. Though the AirPods can already be picked up pretty cheap, when they are on sale. It’d be interesting to see how much cheaper this could get for Apple.


[ad_2]
Source link

Critical Command Injection Vulnerability Caught In Zyxel NAS

andreasc
-
0
Critical Command Injection Vulnerability Caught In Zyxel NAS
[ad_1]

Heads up, Zyxel users! The vendors have recently released patches for a serious security vulnerability affecting Zyxel NAS products. Exploiting the vulnerability could allow executing arbitrary commands on the target devices. Users must rush to update their devices with patched firmware releases to avoid potential attacks.

Zyxel NAS OS Command Injection Vulnerability

According to a recent advisory from the networking technology giant Zyxel Networks, their NAS devices had a critical security vulnerability.

Zyxel offers a range of NAS (Network Attached Storage) devices for personal and professional users to store their data securely. These cloud-enabled devices empower the users to store and access their data from the NAS at any time without fearing third-party breaches. All it takes is a WiFi connection to transfer photos, videos, and other personal or business stuff to the NAS device.

While that sounds helpful and less risky, any vulnerabilities affecting these devices directly make the users’ data vulnerable.

As explained in the advisory, the vendor addressed an OS command injection vulnerability affecting its NAS devices’ firmware. The vulnerability could allow an unauthenticated adversary to execute remote OS commands on the target devices by sending maliciously crafted HTTP requests.

The vulnerability affects three different Zyxel NAS models, which include the following.

  • NAS326 – V5.21(AAZF.13)C0 and earlier
  • NAS540 – V5.21(AATB.10)C0 and earlier
  • NAS542 – V5.21(ABAG.10)C0 and earlier

After detecting the flaw, the vendor quickly worked on patching the bug, releasing the fix with the following updates.

  • NAS326 – V5.21(AAZF.14)C0
  • NAS540 – V5.21(AATB.11)C0
  • NAS542 – V5.21(ABAG.11)C0

This pre-authentication OS command injection vulnerability (CVE-2023-27992) received a critical severity rating with a CVSS score of 9.8. Zyxel acknowledged Andrej Zaujec from the National Cyber Security Centre Finland (NCSC-FI), and Maxim Suslov for reporting the flaw.

Although the vendor has currently not mentioned anything about detecting active exploitation of the vulnerability. Yet, they urge the users to update their respective devices with the latest firmware updates to receive the bug fixes in time.

Let us know your thoughts in the comments.


[ad_2]
Source link

Save $200 on this Powerful Robot Vacuum

andreasc
-
0
Save $200 on this Powerful Robot Vacuum
[ad_1]

Amazon has a great deal right now on the Roborock Q7 Max, which will allow you to buy it for just $399. You’ll need to clip the $200 off coupon on the page to get it down to that price. This does represent an all-time low for the Q7 Max.

Roborock Q7 Max – Amazon

Why you should buy the Roborock Q7 Max

The Roborock Q7 Max is a powerful and versatile robot vacuum that can clean your home effectively and efficiently. It has a maximum suction power of 4200 Pa, which is more than enough to pick up dirt, dust, and debris from carpets, hard floors, and even pet hair. The Q7 Max also features a mopping function, so you can use it to clean up spills and messes.

In addition to its powerful suction, the Q7 Max also has a number of other features that make it a great choice for home cleaning. These features include:

  • LiDAR navigation: The Q7 Max uses LiDAR navigation to map your home and create a cleaning plan. This ensures that the vacuum cleans every inch of your home thoroughly.
  • Self-emptying dock: The Q7 Max comes with an Auto-Empty Dock Pure, which automatically empties the vacuum’s dustbin after each cleaning. This means that you don’t have to empty the dustbin yourself, which saves you time and hassle.
  • App control: The Q7 Max can be controlled using the Roborock app. This allows you to start and stop cleaning sessions, schedule cleanings, and create no-go zones.
  • Voice control: The Q7 Max is also compatible with Amazon Alexa and Google Assistant, so you can control it using voice commands.

If you’re looking for a powerful and versatile robot vacuum that can clean your home effectively and efficiently, the Roborock Q7 Max is a great option. It’s currently on sale for $399, which is a great deal for a vacuum of this caliber.

Here are some additional reasons why you should buy the Roborock Q7 Max:

  • It’s easy to use. The Q7 Max is simple to set up and use. You can control it using the Roborock app or voice commands.
  • It’s quiet. The Q7 Max is relatively quiet, so you can run it while you’re sleeping or working.
  • It’s long-lasting. The Q7 Max has a long battery life, so you can clean your entire home without having to worry about it running out of power.

Overall, the Roborock Q7 Max is a great choice for anyone looking for a powerful, versatile, and easy-to-use robot vacuum. If you’re interested in buying one, I recommend taking advantage of the current sale price of $399.

Roborock Q7 Max – Amazon


[ad_2]
Source link

New EU law could force Apple to simplify iCloud data transfers

andreasc
-
0
New EU law could force Apple to simplify iCloud data transfers
[ad_1]

Over the past few years, the European Union has been making efforts to reduce the influence of tech giants and foster a more competitive landscape for big and small companies alike. Now, in line with these efforts, the EU is reportedly developing a new act that aims to simplify the transfer of data between services, including popular platforms like Apple iCloud.

Introduced as part of the EU Data Act, the proposed legislation’s primary objective is to establish a framework that streamlines data transfers between service providers, such as Apple, thus allowing people greater flexibility in choosing alternative platforms for data processing.

“Tonight’s agreement on the Data Act is a milestone in reshaping the digital space…we are on the way of a thriving EU data economy that is innovative and open — on our conditions,” said EU industry chief Thierry Breton.

Ensuring data protection

While the act primarily focuses on ensuring seamless data transfers, it also places strict measures on cloud service providers to prevent unauthorized transfers, thus safeguarding the privacy and security of users’ data. Additionally, the act grants more control to customers and businesses regarding how companies utilize their data.

Furthermore, it also aims to promote interoperability standards that facilitate the seamless reuse of data across various industries, thus fostering healthy competition. However, it is important to note that this act is still in progress and must undergo several stages before becoming officially implemented as law.

Apple, the primary target

It’s no secret that Apple has always maintained a walled garden when it comes to its ecosystem, and iCloud is no exception. However, if this new act comes into law, the company would need to modify its iCloud services to simplify the data migration process to alternative platforms, such as Google’s cloud services. And although Apple has developed tools like the “Move to iOS” app to facilitate data transfers into their ecosystem, there is currently no equivalent tool available to assist users in transitioning away from Apple’s services.


[ad_2]
Source link

YouTube may block viewers from watching due to ad blocker usage

andreasc
-
0
YouTube may block viewers from watching due to ad blocker usage
[ad_1]
YouTube actively seeks ways to encourage more users to opt for its Premium subscription plan or refrain from using ad blockers on the platform.

According to reports from Bleeping Computer (via Engadget), YouTube is currently conducting experiments to warn users who employ ad blockers on their browsers to disable them. Failure to do so will result in a limitation of video access to just three videos on YouTube. This experiment applies to both desktop and mobile users.
Image Credit–Reddit_n_Me - YouTube may block viewers from watching due to ad blocker usage

Image Credit–Reddit_n_Me

Initially observed by a Reddit user, it quickly became apparent that numerous users were encountering this experiment. When users with ad blockers installed attempt to watch videos, a warning message appears, stating that video playback will be blocked unless YouTube is whitelisted or the ad blocker is deactivated.


The message also emphasizes that ads are vital for YouTube creators to earn income and if you prefer an ad-free viewing experience, you should subscribe to YouTube Premium.


When Bleeping Computer questioned the company about potentially blocking users with ad blockers, YouTube clarified that videos may not play for a short duration in certain cases. They stressed that this action is taken seriously and will only be implemented if viewers persistently ignore requests to watch ads on YouTube.


To avoid any inconvenience during this testing phase, users can disable their ad blockers, watch ads on YouTube, or opt for a YouTube Premium subscription. However, YouTube has not disclosed the number of users or specific locations involved in this experiment and receiving these warnings.


With around 2.5 billion monthly active users worldwide, from which only 80 million YouTube Premium subscribers, YouTube aims to increase its user base for paid subscriptions. This experiment indicates the platform’s determination to achieve that goal. Should this trial become a permanent feature, more individuals may be inclined to either subscribe to Premium or part ways with their ad blocker.


YouTube has some of the best content creators who make new videos every day. Because of this, YouTube will likely take bold steps to ensure creators are happy and convince more users to get premium YouTube subscriptions.


YouTube recently increased the price of its family subscription plan, leading many users to consider leaving the platform. Since then, YouTube has been working hard to keep its paid users happy and attract new subscribers by offering special features only available to premium members, such as loyalty badges and a new 1080p Premium option for better video quality.

[ad_2]
Source link

Thousands of Individuals were Rescued from Cybercrime Groups

andreasc
-
0
Thousands of Individuals were Rescued from Cybercrime Groups
[ad_1]

Around 2700 people were rescued in Manila who were involved in Human Trafficking for fraudulent online gaming sites and other cybercrime groups.

The latest news regarding nighttime rides shows Las Pinas City in metropolitan Manila has become the Hubspot for cybercrime syndicates.

CSN

After investigation, police found that these suspects had fallen into the trap and were not allowed to quit the job easily once they realized.

Unemployment, the need for money, and less user awareness make people fall into the trap of scams on the internet with fancy advertisements and excellent pay.

Cybercrime scams have become a significant issue in Asia, with reports of people from outside the region being enticed to take jobs in countries such as Myanmar and Cambodia, which are plagued by civil strife. 

Nevertheless, many of these workers are compelled to participate in internet-based scams and virtual servitude.

In May, leaders from the Association of Southeast Asian Nations agreed at a summit in Indonesia to tighten border controls and law enforcement and broaden public education to fight criminal syndicates that traffic workers to other nations, where they are made to participate in online fraud.

The team of police heads with Brig. Gen. Sydney Hernia said police armed with warrants raided and searched the buildings around midnight in Las Pinas and rescued 1,534 Filipinos and 1,190 foreigners from at least 17 countries, including 604 Chinese, 183 Vietnamese, 137 Indonesians, 134 Malaysians, and 81 Thais. 

There were also a few people from Myanmar, Pakistan, Yemen, Somalia, Sudan, Nigeria, and Taiwan.

In May, police raided another suspected cybercrime base at the Clark freeport in Mabalacat City, Pampanga province, north of Manila, seizing nearly 1,400 Filipino and foreign employees who were allegedly coerced into conducting cryptocurrency scams.

During investigations, the suspects confessed that they were not allowed to resign for unclear reasons. According to the AP news report, they were threatened to pay a hefty amount when attempting to leave.

“AI-based email security measures Protect your business From Email Threats!” – Request a Free Demo.


[ad_2]
Source link

HONOR highlights foldable evolution in new Magic V2 teaser

andreasc
-
0
HONOR highlights foldable evolution in new Magic V2 teaser
[ad_1]

HONOR recently announced that its next-gen foldable will launch on July 12. As expected, HONOR released a new teaser, which is not surprising considering that we’re getting closer to the launch event. HONOR is actually highlighting foldable evolution in this Magic V2 teaser.

HONOR highlights foldable evolution in its new Magic V2 teaser image

If you check out the image above the article, you’ll see the image the company shared. In it, you can see a part of the upcoming smartphone, even though this image does not say much about it.

You can actually see a cellphone placed in front of a smartphone (seemingly the iPhone 5 or a model that looks just like it). Behind both of those devices sits the HONOR Magic V2, presumably.

Based on this image, the frame of the phone will be similar to the HONOR Magic Vs. We won’t be getting flat sides here, but rounded ones. The phone’s frame will be made out of metal, of course.

The Magic V2 could be available in two SoC variants

The HONOR Magic V2 is actually rumored to arrive in both Snapdragon 8 Gen 2 and Snapdragon 8+ Gen 1 variants. We’re not sure if this will pan out, but that’s what’s expected.

The device is expected to be lighter than its predecessor, and also a bit thinner. We do hope that HONOR also found a way to further minimize the crease on the device.

It would also be nice to see wireless charging on the HONOR Magic V2. The Magic V and Vs did not offer such functionality. They also didn’t offer an IP certification for water and dust resistance, so that’s another wish for the Magic V2 to deliver.

It remains to be seen how many of these presumptions will pan out, though. The HONOR Magic V2 will launch in China on July 12. The Magic Vs did launch outside of China, though, so we’re hoping the same will happen with the Magic V2.

HONOR Magic V2 teaser image 2


[ad_2]
Source link
1...1,1221,1231,124...1,475Page 1,123 of 1,475