WordPress Sites Exploited To Brute-Force Passwords Via Browsers

andreasc
-
0
WordPress Sites Exploited To Brute-Force Passwords Via Browsers
[ad_1]

According to a recent post from Sucuri, their website scanner detected an active distributed brute-force attack exploiting WordPress sites to steal other sites’ passwords. The attackers inject malicious scripts into the target websites, which execute whenever a visitor reaches those sites. Then, the scripts lure users into performing the action as directed, convincing them to hand over their data.

As explained, the researchers found this tactic in use for some time, attracting Sucuri’s attention for injecting crypto wallet drainers. The researcher followed the initial malware campaigns, observing two iterations. Even since February 2024, they found over 1200 websites infected with malware injected via cachingjs/turboturbo.js script.

Following this campaign, the researchers observed a shift in the attackers’ target, switching from injecting crypto drainers to brute-force scripts. So, when a visitor reaches the compromised website, the script hijacks the visitor’s browser and brute force passwords for other websites.

For this, the scripts are loaded to the browsers via https://dynamic-linx[.]com/chx.js. Once the victim browser connects to the attacker’s server, it receives brute-force tasks from the server https://dynamic-linx[.]com/getTask.php. This task arrives as a JSON file that includes all bruteforce parameters, such as the target site’s URL and a list of passwords to try. Upon successful brute-force of credentials, the browser sends the task completion intimation to the attackers’ server, asking for the next task.

The researchers have shared a detailed technical analysis of this campaign in their post. Since the attack happens sneakily, it gets difficult for the victim users to protect their passwords. Nonetheless, as the researchers suggested, users can still prevent the threat by setting up strong passwords for their accounts. Likewise, WordPress admins may restrict their sites’ login interface to trusted IPs only.

Let us know your thoughts in the comments.


[ad_2]
Source link

Porsche Design HONOR Magic6 RSR will launch on March 18

andreasc
-
0
Porsche Design HONOR Magic6 RSR will launch on March 18
[ad_1]

Last month, HONOR confirmed that the Porsche Design HONOR Magic6 RSR is coming. In a separate announcement, the company also said it’s coming in March. Well, now we know its launch date. The Porsche Design HONOR Magic6 RSR will launch on March 18.

The Porsche Design HONOR Magic6 RSR launch date has been revealed

This confirmation comes from HONOR China, via Weibo (China’s social media network). So, it’s safe to say that the launch will occur in China. That phone is expected to become available globally too, however.

Porsche Design HONOR Magic6 RSR launch date

This device will become the second Porsche Design device that was announced this year. It’s also the second device that Porsche Design and HONOR delivered in general. The Porsche Design HONOR Magic V2 RSR arrived not long ago.

The device will have a different back side than the HONOR Magic6 Pro

The Porsche Design HONOR Magic6 RSR is expected to have a different backplate than the HONOR Magic6 Pro (including the camera island design). Other than that, the two phones will probably be the same.

We are expecting the same specifications under the hood. Well, the Porsche Design model could end up offering more RAM, or something of the sort, but all the rest of its specs are expected to remain the same.

The ‘Ultimate’ version could have the same design

We are expecting the design to be the same or at least similar to what the HONOR Magic6 Ultimate will deliver. That phone is coming on the same date, by the way, March 18. It will also launch during the same event, so… there you go. You can check out the expected camera design and backplate finish below.

HONOR Magic6 Ultimate Edition teaser featured

The Porsche Design HONOR Magic6 RSR will be fueled by the Snapdragon 8 Gen 3 processor. A 6.8-inch 2800 x 1280 LTPO OLED display will be in use, and that will be a 120Hz panel. Android 14 will come pre-installed along with MagicOS 8.0. Advanced facial scanning will also be a part of the package, along with 80W wired, and 66W wireless charging. You can read our HONOR Magic6 Pro review for more information.


[ad_2]
Source link

Russian hackers stole Microsoft’s source code repositories

andreasc
-
0
Russian hackers stole Microsoft’s source code repositories
[ad_1]

Microsoft is grappling with the aftermath of a nation-state attack, revealed earlier this year, perpetrated by the group known as Midnight Blizzard or Nobelium. Initially targeting the company’s corporate email systems, the attack has now extended to compromising source code repositories and internal systems, Microsoft disclosed in a recent blog post. This breach poses significant concerns as hackers exploit exfiltrated data from Microsoft’s corporate email systems to gain or attempt to gain unauthorized access. Reportedly, this includes access to some of the company’s source code repositories and internal systems.

Midnight Blizzard attempted to leverage shared secrets between Microsoft and its customers

The attack, attributed to Midnight Blizzard, has evidence that suggests attempts to leverage stolen information. It includes shared secrets between Microsoft and its customers. Microsoft emphasizes that while there is no evidence of compromise to customer-facing systems, the breach underscores the importance of proactive security measures from the company.

Password spray attacks have seen a 10-fold increase in volume since the attack in January. As HYPR notes, this is a type of brute force attack. Threat actors utilize a large dictionary of potential passwords for this purpose. They attempt a single password on many accounts. Then they move on to the next one and repeat the process.  In the context of the Windows maker, it indicates a sustained and coordinated effort to infiltrate the company’s infrastructure.

Despite ongoing investigations into Midnight Blizzard’s activities, the threat landscape remains challenging. Microsoft acknowledges the unprecedented scale of the global threat landscape. The company notes, “It [Midnight Blizzard] may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so.”

Microsoft says they are taking measures to improve their security infrastructure

Microsoft’s response to the ongoing attack includes bolstering security controls, detection mechanisms, and monitoring capabilities across its infrastructure. “Across Microsoft, we have increased our security investments, cross-enterprise coordination, and mobilization, and have enhanced our ability to defend ourselves and secure and harden our environment against this advanced persistent threat,” notes Microsoft in a recent blog post. “We have and will continue to put in place additional enhanced security controls, detections, and monitoring.”

The company also remains committed to sharing insights from its investigations to enhance industry-wide resilience against cyber threats.

While details of the compromised source code and internal systems remain undisclosed, the breach highlights the need for organizations to prioritize cybersecurity readiness. Microsoft’s experience serves as a stark reminder of the ever-present threat posed by determined adversaries. It necessitates a proactive approach to safeguarding sensitive data and critical infrastructure.


[ad_2]
Source link

Is your WhatsApp chat secure? New feature will tell you

andreasc
-
0
Is your WhatsApp chat secure? New feature will tell you
[ad_1]
WhatsApp, as one of the world’s most popular messaging apps, is constantly striving to enhance user experience with regular updates and new features. Now, a modest yet handy feature is in the pipeline.

As per WABetaInfo, the reliable source for WhatsApp updates, the Meta-owned app is introducing a feature to indicate end-to-end encrypted conversations. This new feature was discovered in the latest WhatsApp beta for Android 2.24.6.11 update, currently accessible on the Google Play Store.

The purpose of this feature is to make it simple for you to identify which chats are end-to-end encrypted, assuring you that your conversations are secure.

In the screenshot, you can notice a new label under the contact or group name in chats, highlighting the end-to-end encryption status. This feature ensures you always know when your chats are securely encrypted using the Signal protocol. It’s a visual cue that your messages and calls are safe from prying eyes and ears.

Keep in mind that this caption is temporary. According to WABetaInfo, it will only be visible for a short time before being replaced by the last-seen indicator.

This feature, signaling end-to-end encryption in chats, is currently available to beta testers who install the latest updates of WhatsApp beta for Android from the Google Play Store. The rollout is expected to extend to more users over the next few weeks.

Encryption plays a crucial role in modern messaging apps, ensuring that conversations remain protected and secure. End-to-end encryption (E2EE) is a security method that scrambles data between two communicating devices, such as smartphones. The data is only unreadable gibberish (ciphertext) to anyone who doesn’t have the special key to unscramble it (decrypt) into its original form (plaintext).


[ad_2]
Source link

Matanbuchus Malware Weaponizing XLS files to Hijack Windows

andreasc
-
0
Matanbuchus Malware Weaponizing XLS files to Hijack Windows
[ad_1]

The Matanbuchus malware has been reported to initiate a new campaign, exploiting XLS files to compromise Windows machines.

This sophisticated threat, known for its loader-as-a-service model, has been active for several years and poses a risk to users worldwide.

Matanbuchus, a name that has become increasingly familiar among cybersecurity experts, has found a new method to infiltrate systems.

By leveraging malicious XLS files, the malware fetches a JavaScript (JS) file, which subsequently downloads a malicious Dynamic Link Library (DLL), marking the beginning of a potential cascade of infections.

This technique underscores the evolving nature of cyber threats and the continuous need for vigilance.

A Closer Look at Matanbuchus

Originally surfacing in 2021, Matanbuchus has not only persisted but evolved, showcasing the adaptability and persistence of cybercriminals.

Document
Integrate ANY.RUN in your company for Effective Malware Analysis

Malware analysis can be fast and simple. Just let us show you the way to:

  • Interact with malware safely
  • Set up virtual machine in Linux and all Windows OS versions
  • Work in a team
  • Get detailed reports with maximum data
    • If you want to test all these features now with completely free access to the sandbox:

As a loader, its primary function is to facilitate the download and execution of other malicious payloads, effectively acting as a gateway for further exploitation.

Its capabilities are notably sophisticated, allowing for direct memory execution of .exe or .dll files, task schedule modifications, custom PowerShell command execution, and standalone executables to load additional malicious DLLs.One of the more alarming aspects of Matanbuchus is its association with Cobalt Strike beacons.

While a legitimate penetration testing tool, Cobalt Strike has been co-opted by threat actors for malicious purposes.

The malware’s ability to drop these beacons on compromised machines significantly enhances the threat actors’ control over the infected system, enabling a wide range of malicious activities.

Broadcom has recently disclosed the Matanbuchus campaign, which involves the use of a malicious XLS file.

This campaign is designed to exploit vulnerabilities in Microsoft Excel and potentially allow threat actors to execute malicious code on target systems.

Specific identifiers such as ACM.Ps-Rd32!g1, Scr.Malcode!gen, Trojan.Gen.MBT, and Trojan. Mdropper, among others, has been deployed to recognize and neutralize threats posed by Matanbuchus.

The Importance of Vigilance

The resurgence and evolution of Matanbuchus underscore the dynamic and persistent nature of cyber threats.

Users and organizations are urged to stay informed about the latest cybersecurity developments and to adopt robust security measures to protect against such sophisticated threats.

Regular updates, cautious email handling, and the use of reputable security solutions are fundamental to maintaining a strong defense against the ever-changing tactics of cybercriminals.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


[ad_2]
Source link

A week in security (March 4 – March 10)

andreasc
-
0
A week in security (March 4 – March 10)
[ad_1]
VMWare logo

March 8, 2024 – The flaws could allow an attacker with privileged access to a guest VM to access the hypervisor on the host.

TeamCity logo

March 8, 2024 – Users of JetBrains TeamCity on-prmises server need to deal with two serious vulnerabilities.

PetSmart logo

March 7, 2024 – Pet retail company PetSmart has emailed customers to alert them to a recent attack that used reused passwords.

pointing Intellexa to the door

March 7, 2024 – The US Treasury Department has sanctioned Predator spyware vendor Intellexa Consortium, and banned the company from doing business in the US.

ALPHV

March 6, 2024 – The ALPHV gang’s attempt to cover up an exit scam isn’t going well.


[ad_2]
Source link

WhatsApp is ready to interoperate with third-party messengers

andreasc
-
0
WhatsApp is ready to interoperate with third-party messengers
[ad_1]

In a recent blog post, Meta has explained how third-party messengers will interlink with Messenger and WhatsApp. The company’s initiation into this venture follows the release of the Digital Markets Act (DMA) by the European Union, a regulation that takes effect this week. Meta says it will use its existing client/server architecture to achieve interoperability.

Meta explains how third-party messengers will safely integrate with WhatsApp

The firm claimed that this method not only meets the DMA’s requirements but also offers user security and privacy for other providers integrating with Meta. The interoperability framework has been in the works in collaboration with the European Commission for over two years.

Engadget notes that Meta will initially keep the system limited to text-based messaging, sharing images, voice notes, videos, and other document files. Group chats, calling features, and third-party app interoperability may come later.

Third-party developers looking to connect with Messenger and WhatsApp will likely have to use the Signal protocol for now. Meta currently uses Signal for end-to-end encryption (E2EE) in both apps as it is considered an industry standard. Developers may use compatible protocols if they can show they offer equivalent security guarantees to Signal.

Meta recommends caution and explains when messages remain within either the WhatsApp or Messenger ecosystems, the company controls both sending and receiving clients. This way, Meta ensures content is visible only to intended recipients. However, when messages go through third-party apps from other endpoints outside these ecosystems, Meta does not control them and cannot guarantee security.

Developers will face these limitations before crossing with WhatsApp

To integrate their apps with Messenger and WhatsApp, developers must host media files they send on their servers; WhatsApp or Messenger will then download these files via a Meta proxy service. The makers of a third-party messaging app must sign an agreement with Meta to enable interoperability.

The company commits that once it has received an onboarding request from a developer, it will try to activate interoperability with that service within three months. However, the functionality could take longer before going official publicly. Meta plans on enabling a seamless connection between its messaging apps and those from other developers while prioritizing user privacy and security. By including interoperability within its ecosystem, developers and users will have more opportunities at their disposal.


[ad_2]
Source link

MediaTek partnered with every Android brand, but one

andreasc
-
0
MediaTek partnered with every Android brand, but one
[ad_1]

To show its prowess in the Android chipset market, MediaTek has now successfully partnered with every Android brand in the industry except Google. The Taiwanese semiconductor manufacturer has garnered its reputation with mid-range and budget Helio chipsets. Now, the company is shifting priorities, focusing mainly on high-end 5G-enabled SoCs.

MediaTek has successfully partnered with every Android manufacturer, except for Google

With previous doubts about their ability to compete against Qualcomm in the flagship market, a new report from the Economic Times suggests MediaTek’s comeback. With 15 different chipset designs created specifically for Android manufacturers (an expanded portfolio), MediaTek looks set to give Qualcomm a run for its money, especially at its most expensive prices.

Anku Jain, the Managing Director of MediaTek India, says that they now have deals with Samsung and Nothing. The only exception is Google. According to reports, Google itself is currently developing its in-house chipset called Tensor G4, which looks to be a prime component for the Pixel 9 series. However, this hasn’t stopped MediaTek’s ambition or belief that they can replace Qualcomm as the top dog.

MediaTek had an impressive first quarter of this year outpacing Qualcomm in terms of chips shipped according to a report by Economic Times. On top of that, they’re also working on a Dimensity 9400 Chipset, which should pose a serious threat to Qualcomms Snapdragon 8 Gen 4 when it launches.

Qaulcomm’s hiking prices may cause MediaTek to leap ahead in the competition

Earlier, an X leak reported that Qualcomm may be raising prices for its new chipset set to launch early next year. Resultantly, this price hike opens the door further for MediaTek’s new Dimensity 9400 Chipset, which is due for launch later this year and could offer better value for money than Qualcomm’s Snapdragon 8 Gen 4.

Morgan Stanley analyst speculates that about 35% of global smartphone chipsets will be powered by MediaTek by 2024. So it appears that Qualcomm might face some tough competition in the near future. The new entrant in the market seems to be worth considering, and it might make Qualcomm rethink its strategies.


[ad_2]
Source link

Opera One is getting an AI Features Drop program

andreasc
-
0
Opera One is getting an AI Features Drop program
[ad_1]
Artificial intelligence seems to have become the main focus of many tech companies. Everyone has a chatbot these days and while this is certainly not a bad thing, it’s probably going to take some time before the AI will be used for truly meaningful tasks like discovering treatments for diseases or solutions to prevent global warming.Opera is one of the companies that invested heavily in AI. Opera One, its rather new AI-focused browser, is an attempt to offer users an innovative experience to those looking for such a product.

Over the weekend, Opera announced it’s starting an AI Feature Drops program to provide users with even more AI-powered features. Opera One’s developer version will allow users to test new AI features on a bi-weekly basis thanks to this new AI Feature Drops initiative.

Video Thumbnail

AI is moving fast and so are we. We’ve started the AI Feature Drops Program to allow people to test our newest AI explorations that either will or won’t make it to the official version of Opera One. We are excited to let our most engaged users test and share their feedback and suggestions with us

Unlike other AI-centric browsers, Opera One features a native browser AI, which promises to improve the users’ browsing experience without the need for additional paid services or extensions.

Dubbed Aria, the Opera One integrated native AI offers free access to a GPT-based solution and real-time web data. Aria can also be trained to write in the user’s unique style.


[ad_2]
Source link

Dropbox Abused in New Phishing, Malspam Scam to Steal SaaS Logins

andreasc
-
0
Dropbox Abused in New Phishing, Malspam Scam to Steal SaaS Logins
[ad_1]

Beware of phishing and malspam scams targeting your Software-as-a-Service (SaaS) logins! Cybercriminals are using fake Dropbox emails to steal login credentials. Learn how to protect yourself from this new attack and keep your data safe.

Dropbox Emails Abused in New Phishing, Malspam Scam to Steal SaaS Logins

Cybersecurity firm Darktrace is warning users about a notorious new phishing and Malspam campaign targeting customers of popular Software-as-a-Service (SaaS) platforms by exploiting Dropbox emails.

Cambridge, UK-based cybersecurity firm Darktrace’s latest research reveals a new Dropbox phishing attack successfully bypassing MFA (multi-factor authentication) protocols. This exploit aims to trick users into downloading malware and exposing their login credentials.

It’s been observed that attackers send seemingly harmless emails originating from a legitimate Dropbox address, containing a malicious link. On January 25, 2024, researchers detected a suspicious email sent to 16 internal users of the Darktrace SaaS environment, originating from a legitimate email address- ‘no-reply@dropboxcom’. 

Dropbox Abused in New Phishing, Malspam Scam to Steal SaaS Logins
Screenshot credit: Darktrace

The email contained a link to a PDF file hosted on Dropbox, possibly named after a Dropbox partner organization. The PDF file contained a suspicious link to a domain named ‘mmv-securitytop.’ Darktace’s email security tool detected and held the email, but a user received another email from a legitimate no-reply@dropboxcom on January 29, requesting to open the previously shared PDF file.

“Darktrace/Email moved the email to the user’s junk file and applied a lock link action to prevent the user from directly following a potentially malicious link,” but couldn’t prevent the damage because an employee clicked on the link.

Next, the user’s device got connected to a malicious endpoint, ‘mmv-securitytop’, leading to a fake Microsoft 365 login page. These credential harvesters, disguised as trusted organizations like Microsoft, increase the likelihood of stealing privileged SaaS account credentials. 

Dropbox Abused in New Phishing, Malspam Scam to Steal SaaS Logins
The fake Microsoft login page – Screenshot credit: Darktrace

Since January 31, Darktrace observed suspicious SaaS activity, including logins from unusual locations and endpoints associated with ExpressVPN, suggesting threat actors are using a VPN to mask their true location.

An interesting finding was that threat actors bypassed a customer’s MFA policy using valid tokens and meeting authentication requirements. An additional login was observed from 87.117.225155, using the HideMyAss VPN service.

According to Darktrace’s blog post, the actor created a new email rule, ‘….’, to move emails to the ‘Conversation History’ mailbox folder, a tactic used by threat actors during phishing campaigns. This generic name helps maintain undetected activity on target networks.

Dropbox exploitation is gaining popularity among threat actors, as it is difficult to detect foul play because emails are sent from legitimate addresses. In September 2023, Hackread.com reported a BEC 3.0 attack campaign leveraging Dropbox to send emails redirecting users to credential-harvesting pages.

Clicking on malicious links in phishing emails can lead to malware infections, stealing of sensitive data, and compromising login credentials. In business settings, a single employee’s account can allow attackers to access the entire SaaS environment, thereby disrupting operations.

Protection Against Phishing Attacks

While relying on common sense is typically the best defence against such attacks, scammers’ increasing sophistication can sometimes override our natural caution. Therefore, it’s crucial to proactively protect yourself. Here are 5 key points to help you recognize and safeguard against email phishing:

Suspicious Sender Addresses and Email Content:

  • Check sender email addresses carefully for typos or misspellings of legitimate companies.
  • Be wary of generic greetings or an impersonal tone.
  • Look for grammatical errors or unusual phrasing in the email body.
  • Watch out for emails with a strong sense of urgency or pressure to act quickly.

Malicious Links and Attachments:

  • Never click on links or open attachments in emails from unknown senders.
  • Hover over a link to see the actual destination URL before clicking. It might not match the displayed text.
  • Don’t download attachments you weren’t expecting, even from seemingly familiar senders.

Phishing for Information:

  • Phishing emails often try to trick you into revealing personal information like passwords or credit card details.
  • Legitimate companies will never ask for such information via email.

Multi-Factor Authentication (MFA) and Strong Passwords:

  • Although, in this case, scammers bypass MFA, it is still the most preferred way to protect suspicious logins.
  • Enable MFA on all your online accounts whenever possible. This adds an extra layer of security beyond just your password.
  • Use strong, unique passwords for all your online accounts and avoid using the same password for multiple accounts.

Staying Informed and Reporting Phishing Attempts:

  • Keep yourself updated on the latest phishing tactics by reading security blogs or news articles.
  • Report suspicious emails to your email provider or the platform it impersonates. This helps them track and block future phishing attempts.
  1. How Human Elements Impact Email Security
  2. Microsoft Teams Flaw Sends Malware to Employees’ Inboxes
  3. Employee Duped by AI-Generated CFO in $25.6M Deepfake Scam
  4. ALPHV Ransomware Used Vishing to Scam MGM Resorts Employee
  5. MoleRats using Facebook, Dropbox, Google Docs to spread malware
  6. A Tricky PayPal Phishing Scam That Comes From Official PayPal Email

[ad_2]
Source link
1...335336337...1,474Page 336 of 1,474