Repair Excel file with Wondershare Repairit online and offline

0
[ad_1]

Students use Excel files to enter data and create graphs for keeping records. However, they can get corrupted due to a virus attack on their computer system, making the file unreadable. Wondershare Repairit helps students repair corrupt Excel files and make them readable. With this ultimate solution, you can repair Excel file online and offline to get back your essential data file. This article will discuss both methods to repair Excel files via Repairit.

Part 1: How to Repair Excel Files via Wondershare Repairit Online

Repairit Online is a renowned tool that assists users in restoring the original data of several document types. With its over-the-top features, you can also repair various Excel corruption errors. The format becomes unrecognizable when a file gets corrupted, which this tool can quickly solve. This file repair tool allows you to repair multiple Excel files in a single process.

Also, it makes unreadable data and graphs of Excel files readable. Repairit enables you to repair the damaged file quickly with advanced features. The acceptable size of the file for repairing a corrupted file is 5 MB. To repair an Excel file online, follow these easy-to-follow steps:

Step 1: Access the Excel Repair Online Tool

Start the online process of Excel file repairing by accessing the Repairit website on your browser. Then, click the “Product” option on the main interface to open the drop-down list. After this, choose “Online File Repair” from the drop-down menu to access the new window.

Wondershare Repairit image 5

Step 2: Upload the Corrupted Excel File for Repairing

On this new open window, press the “Add” button. Then, upload the Excel file that has a corruption error for repair.

Wondershare Repairit image 4

Step 3: Preview and Save Repaired Excel File

Once the Excel file gets uploaded, hit the “Repair” button to repair the corrupted Excel file online. Now, the successful completion of the process will be confirmed by the progress bar. Next, click “Download All” to save the repaired Excel file in your system.

Wondershare Repairit image 7

Part 2: How Can You Perform Excel File Repair through Repairit Offline?

As we have discussed, users can use the online service of this file repair tool to repair Excel files. However, the online service Repairit has files and size limitations while repairing the damaged file. If you want no limit on the number and size of Excel files, the tool offers an offline service. Additionally, users do not need to be worried about the internet connection to use this file repair software.
It supports all versions of Excel, ranging from 2007 to 2019, and Office 365 for repair. In addition to that, it offers the option to preview Excel files before repairing them. In addition to that, you can regain the Excel file content with this desktop-based file-repairing software. The step-by-step guide to effortlessly repair the Excel file on your desktop has been discussed below:

Step 1: Launch and Access the Repairit Software

Initiate the process by downloading and launching this Excel file repairing software in your system. Now, open it and click the “More Types Repair” option from the main interface. Then, choose the “File Repair” option to get access to the new window.

Wondershare Repairit image 6

Step 2: Upload Excel File with Corruption Error to Repair

After this, hit the “Add” button to upload the corruption error containing the Excel file. Next, the Excel file will appear in the “Unrepaired Files” section after it gets uploaded. Later, press the “Repair” button to begin the file repairing process.

Wondershare Repairit image 2

Step 3: Preview and Save the Excel File

Following this, a notification will appear after the Excel file gets repaired. Afterward, hit the “Preview” button to preview the file for confirmation. Finally, click the “Save” button to save the repaired Excel file on your device.

Wondershare Repairit image 1

Part 3: Some Common Reasons for Excel File Loss

Through this Excel file repair tool, you can regain the corrupted file content with ease. However, it is advisable to avoid the reasons that cause the corruption of Excel files. To prevent file corruption, consider the following reasons that cause Excel file corruption:

1. Disk Errors: The error on the disk that contains your important data file causes the file to be corrupted or lost. Moreover, bad sectors on disk can also affect the Excel file and make it inaccessible.

2. Virus or Malware Attack: Excel files become corrupted due to virus attacks on the user’s system. Furthermore, some malicious software can encrypt the Excel file and make data unreadable for users.

3. Sudden Shutdown: Due to overheating, the system can shut down without warning, affecting the file. Additionally, this shutdown damages the Excel workbook on which you are working.

4. Software Update: Your Excel file can become corrupt due to incompatibility issues with the Excel file version. If you open the old version file, it does not recognize the updated software, causing an error in the Excel file.

Part 4: Other File Formats You Can Repair With Wondershare Repairit

Repairit allows you to repair Excel files with online and offline methods. In addition to that, you can repair other file formats such as Word, Excel, and PDF with this tool. This makes it a versatile and flexible tool for all users to repair files. Whatever the reason for this file format corruption, you can repair the file easily to regain it:

1. PDF Repair

Students and professionals usually use the PDF format to preserve the formatting of content. However, the malware attack on their computer can corrupt PDF files. With the PDF Repair feature, they can repair all components of a PDF file. Moreover, they can fix the watermarks, hyperlinks, forms, and text of corrupt PDF files.

2. Word Repair

People make their assignments and generate cover letters on Word files. In case of hardware issues in the system, the assignment’s Word file can get damaged. The Word Repair option of the tool enables people to regain all the content of the PDF without modifying the original one. Furthermore, the tool is compatible with all new and earlier versions of Word files.

3. PowerPoint Repair

PowerPoint presentation files of employees might get corrupted due to unforeseen reasons. Employees can use this tool to repair the presentation file for presenting in meetings. This file repair feature helps them fix tables, charts, and other file content. Also, this user-friendly tool can repair multiple corrupt PowerPoint files simultaneously.

4. Adobe Files Repair

In addition to these files, Repairit can repair Adobe files such as PSB, PSD, and AI files in Illustrator. It helps to save graphic designers the effort of spending time creating such files. Graphic designers can fix corruption issues in all versions of AI files in Illustrator. Additionally, you can repair image resources and channels of corrupted Photoshop files.

Conclusion

Therefore, you can repair the damaged Excel file with this file repair tool. Repairit offers online and offline services to users for repairing files efficiently. Plus, it supports all versions and formats of the file to regain their content. Its versatility makes it a perfect option for repairing important files.

Wondershare Repairit Free Download:
Click below to download Wondershare Repairit.


[ad_2]
Source link

Hackers Target Ivanti Users Despite Patches

0
[ad_1]

The Shadowserver Foundation reports that a zero-day vulnerability, CVE-2024-21893 (CVSS score 8.2), disclosed by Ivanti on 31 January 2024, is now being actively exploited in the wild. Rapid7 noted a surge in attacks exploiting CVE-2024-21893 since February 2, before they released a proof-of-concept exploit for the issue. 

The non-profit claims to have seen over 170 discrete IP addresses involved in attempted attacks. The flaw is in the SAML component of Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA, allowing attackers to access restricted resources without authentication.

For your information, Hackread reported last month that VPN appliances had multiple zero-day vulnerabilities, allowing remote attackers to execute commands and even load a Rust-based malware called KrustyLoader. Two of the vulnerabilities tracked CVE-2023-46805 and CVE-2024-21887, impacted all supported versions of Ivanti Connect Secure and Ivanti Policy Secure gateways. 

The latest reports suggest a total of four vulnerabilities impacting Ivanti products. This analysis is based on the report that Ivanti has released patches for four vulnerabilities. The fourth one is tracked as CVE-2024-21888. The company also released a second mitigation to help organizations build resilience against attacks chaining CVE-2024-21893 with CVE-2024-21887 to compromise Ivanti devices.

However, Rapid7 principal security researcher Stephen Fewer posted on X that CVE-2024-21893 is not a new vulnerability, but an already discovered n-day in the xmltooling library tracked as CVE-2023-36661 and patched out in June 2023. 

Attacks exploiting Ivanti zero-days have been rising rapidly since their disclosure. In late January threat intelligence firm Volexity reported a surge in attacks exploiting two Ivanti zero-days, particularly by a group UTA0178, linked to China. At least 20 organizations using Ivanti Connect Secure VPN appliances were compromised, with Volexity confirming that the number of compromised systems to likely higher than what was discovered.

Reportedly, UTA0178 was exploiting CVE-2024-21893 to bypass Ivanti’s initial mitigation for two zero days. The hackers were using CVE-2023-46805 and CVE-2024-21887 in a chain to compromise Ivanti Connect Secure VPN and Policy Secure network access control.

  1. APTs Exploiting WinRAR 0day Flaw Despite Patch Availability
  2. CACTUS ransomware evades exploits VPN flaws to hack networks
  3. UAC-0099 Hackers Using Old WinRAR Flaw in Cyberattack on Ukraine
  4. Flashpoint Uncovers 100K+ Hidden Vulnerabilities, Including Zero-Days
  5. Windows Defender SmartScreen Flaw Exploited with Phemedrone Stealer

[ad_2]
Source link

Galaxy S24 users are not happy with their phones’ cameras

0
[ad_1]

Samsung replaced its signature 10x telephoto camera with a ‘downgraded’ 5x one for the Galaxy S24 Ultra. However, this isn’t the only factor that is facing user complaints. Many people are also reporting “blurry” or simply poor camera quality of the Galaxy S24 series devices.

Samsung is opting for relatively less aggressive image processing with the Galaxy S24 series

One user commented on the Samsung community (Korean) “I’m stressed because the picture quality is lower than my previous phone, the S20.” He noted that textures and other detailed parts appear completely blurry to him. The user seeks confirmation from Samsung about whether a future software update will address the inconsistencies with the imaging capabilities he is experiencing. Another user noted that her two-year-old predecessor appears to offer more visually appealing images than the Galaxy S24.

According to the moderator’s response, Samsung has opted for a more natural-looking output. Samsung devices generally increase the saturation to make it eye-pleasing. Other than that, sharpening the images digitally is something almost every smartphone brand does. But, no solution will please everyone’s eyes. In this case, the slightly less saturated colors and possibly a less aggressive image processing overall are the reasons behind the above-mentioned comments.

The moderator also noted that Samsung cares about user feedback and will strive to match the needs. To do so, users are encouraged to share the “problematic” photos with the company through the Send Error menu in Members. Samsung will try to analyze the problem in the images and include corrections in future firmware updates.

The series is also facing challenges with its displays

Aside from the camera, the 2600-nit display is also having some issues. Initially, the Galaxy S24 series’ AOD appeared to have a yellowish tone, then a Galaxy S24 Ultra surfaced with a green line on the display. It isn’t the first time we are seeing this particular issue on a phone and it may be an issue with that particular unit as well. Nonetheless, we hope this issue does not become widespread and that Samsung manages to meet the expectations of as many users as possible.


[ad_2]
Source link

OnePlus jumps on the AI train with some exciting new features

0
[ad_1]

Google has AI features in its phones, Samsung has AI features in its phones, Apple is working on bringing AI features to its phones; AI is kind of a big thing nowadays. We have to admit that the tech world is going to pivot towards more AI integration as opposed to better hardware going forward. Not to be outdone, OnePlus just announced some new AI features coming to its phones.

It’s apparent that OnePlus is returning to its roots, as the OnePlus 12 brought an insane level of power and usability for the price of $799. It’s been reviewed very positively across the tech community and earned a 5/5-star rating in our review. Be sure to read our OnePlus 12 review to learn more about this device and see if it should be on your list. Also, check out our OnePlus 12R review if you want a more cost-effective device.

Oneplus is bringing new AI teachers to its phones

OnePlus is a major smartphone company, so it was only a matter of time before it started bringing advanced AI features to its phones. According to the report, these new features are coming for the OnePlus 11 and the OnePlus 12. We’re not certain if they are coming to the OnePlus 12R. Hopefully, they do, as both the OnePlus 11 and OnePlus 12R are using the same SoC.

So, what are these AI features? The first feature is called AI GC remover. This is an AI-powered image editing tool that will make it easier to alter your photos. It’s similar to Google’s Magic Editor.

Next up, we have Article Summaries. This tool is pretty self-explanatory; it’s a feature that will use generative AI to summarize articles. It’s for those times when you want a TLDR of an article.

Lastly, and probably the most powerful of the tools, is the AI Summarizer. Going by the description, it seems that this tool will be able to summarize phone calls for you. So, if you were in a long call that was chock full of information, the tool will be able to give you a summary of everything discussed in the call.

The update should be rolling out currently. In China, the OnePlus 11 is currently getting the update along with Android 14. As for the OnePlus 12, this phone should also be getting these features.


[ad_2]
Source link

Safer Internet Day, or why Brad Pitt needed an internet bodyguard

0
[ad_1]

February 6, 2024 is Safer Internet Day. When I was asked to write about the topic, I misunderstood the question and heard: “can you cover save the internet” and we all agreed that it might be too late for that. While we laughed about it, it made me think.

The internet has been around for quite some time now, and most of us wouldn’t know what to do without it. Personally speaking, I would not have this job, I would not be able to work from home, I would not have met a great many online friends, and I would have to go shopping in person a lot more.

When I started actively using the internet in 1996, it looked completely different than it does today. There were no social media sites to speak of, companies were selling antivirus and anti-Trojan solutions, but nobody cared about adware, PUPs, and assorted nuisances. Firewalls on the other hand were considered a lot more important back then.

The reasons why people get infected with malware have not changed that much though:

  • Free stuff. Why pay when you can get it for free? Well, basically, because you always end up paying a price. Whether that free version displays ads or comes bundled with other software which you didn’t want. Or maybe because it’s not even what they promised it would be: not the game, movie, TV show, or software you were looking for.
  • Fear. Alarming messages on the screen make us think that we must be doing something wrong and convince us to install fake security software or fall prey to tech support scammers.
  • Phishing emails. Emails telling us that we urgently need to respond to prevent something or get rich, healthy, and happy, so we feel we have to click that link or open that attachment.

But in our defense, criminals have gotten a lot better at convincing us to do the “wrong” things. Social engineering has become a science that cybercriminals are masters at, although the Nigerian prince that keeps telling me about the blocked fortune he has waiting for me is still around.

With the help of Artificial Intelligence (AI) these techniques will become even better and can be fine-tuned so they can be adapted to the intended victim and become more targeted. Only recently we learned about a finance worker that paid out $25 million after a supposed video call with his chief financial officer, that turned out to be a deepfake. After reading that story, I felt very sorry for that finance worker. Even knowing that almost everyone would have fallen for that setup, probably doesn’t relieve you of the guilty feeling.

Social media has gone from a way to keep in touch with distant friends to gigantic money making machines that are all about advertising and algorithms that keep you busy on the platform for as long as they possibly can. Governments are now scrambling to protect at least the children of this generation against the ruthless environment that these social media platforms have become.

At some point, celebrities like Angelina Jolie and Brad Pitt hired online bodyguards to monitor the internet and social media content that their children, who ranged from ages 6 to 13 at the time, encounter. Unfortunately, we don’t all have the funds to follow their example, so we have to be our children’s internet guardians.

Other government actions concerning the internet and social media are more focused on trying to limit the power of the tech giants, rather than on our online safety and privacy.

For now, it seems we have to rely on our own solutions to guard our online privacy and protection. For some pointers, check out our internet safety tips. You may find some useful nuggets that you hadn’t come up with yourself.

Safer Internet Day takes place on the same day in February each year to raise awareness about a safer and better internet for all, and especially for children and young people. Let’s make the internet a safer place. If not for us, then for our children.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


[ad_2]
Source link

Google Pixel Fold 2 to Forgo Tensor G3 Chipset

0
[ad_1]

It’s February, so it’s time for some juicy Google Pixel Fold 2 rumors. This one comes from Android Authority, which says that the Pixel Fold 2 could launch with the Tensor G4 chipset instead of the Tensor G3, and it also comes with even more RAM. We’re looking at up to 16GB of RAM this time around. That would be the most RAM ever shipped in a Pixel device.

Despite the lack of rumors and leaks regarding a Pixel Fold 2, many people speculated that it might not be launched this year, especially when compared to the Pixel 9 and Pixel 9 Pro. However, recent reports suggest that this speculation is untrue, and we might see a Pixel Fold 2 launching alongside the Pixel 9 series in the fall instead of a mid-year release at Google I/O, like last year.

According to Android Authority’s source, the Pixel Fold 2 was initially being tested with the Tensor G3 chipset, using the codename “zuma”. However, recently, prototypes have shifted to using the Tensor G4 chipset, with a new codename of “zumapro”. This suggests that Pixel Fold 2 could come with Tensor G4 instead of G3. This change has happened before, with the Pixel Tablet, which moved from “tangor” to “tangorpro”.

A fall release makes much more sense

Google released their foldable in May, only for a new chipset and better hardware to come out a few months later in October; it just didn’t make sense last year. What a way to make the early adopters who spent $1700 on your foldable feel obsolete in a few month’s time. Moving the launch to the fall makes more sense; however, this could overshadow the Pixel 9 and Pixel 9 Pro launches as well. It’s a tough decision for Google – and well, any OEM – to make.

Samsung, for instance, launched its flagship Galaxy S model of phones in January (it used to be March, then February). Then, it launched its foldables in August (July last year) with the same chipset. Now, if Google wants to change when it launches the Tensor G4, that would also make sense. Launch it at Google I/O with the Pixel Fold 2, then launch the Pixel 9 and 9 Pro in the fall like usual. However, then we have the issue of the Pixel 8a launching at the same time as the Pixel Fold 2. On the flip side, it is using the Pixel 8 moniker, so it could make sense to ship it with Tensor G3.

The best bet for Google would be Pixel 8a around February at Mobile World Congress. Then, launch the Tensor G4 at Google I/O with Pixel Tablet 2 and Pixel Fold 2. And finally, the Pixel 9 and 9 Pro will be in the fall. Though this is Google, so anything can happen.


[ad_2]
Source link

OpenAI finally fixed ChatGPT’s sluggish behavior

0
[ad_1]

ChatGPT is extremely intelligent, but recently, it’s been an underachiever. People have been reporting that the chatbot has been rather lazy with its responses. Whatever, the company CEO, Sam Altman, announced that ChatGPT is now less lazy.

Yes, a large language model can show signs of laziness. People using GPT-4 Turbo, the fastest and most advanced version of the GPR-4 model, reported that it’s been getting rather lazy responses to their queries. Users will get responses that are either half-baked or incomplete. This didn’t happen all the time, but it happened with larger requests.

It can be very frustrating for people who are using gpt4 for major Enterprise tasks. However, the company recently acknowledged the issue and announced that I was working on it.

Well, ChatGPT is now less lazy

Laziness in AI technology is one of those phenomena just like hallucinations. It’s something that happens that can’t quite be explained. It’s an anomaly that AI companies need to work on. Well, OpenAI has been working on it ever since it became a big issue.

It seems to have only affected GPT-4 Turbo. People using GPT-3.5 haven’t really been experiencing this issue. If so, they’re probably not experiencing it on the scale to which people were experiencing it with GPT-4 Turbo. The latter is a much more powerful and complex language model, so the laziness might stem from the fact that it’s just so complicated.

In any case, the company CEO, Sam Altman, made a post saying “gpt-4 had a slow start on its new years resolutions but should be much much less lazy now!” It’s a more casual and comedic way of saying that the company finally rolled out the fix that will have GPT-4 give you better answers when presented with complicated tasks.

While this is good news, it’s not an indicator that AI laziness has been solved. It’s one of those issues, like AI hallucinations, that will probably never go away. In any case, we can rest assured that OpenAI and all the other AI companies will be hard at work trying to eliminate it


[ad_2]
Source link

Remember Bluesky? The social networking app is now open to everyone

0
[ad_1]
Bluesky, the open-source replacement to Twitter that launched in limited fashion last year, recently announced that it is getting rid of its waitlist, so now anyone can join its decentralized social media app. This new development is a big step forward for the project, which began as a Twitter internal project and later became its own separate company.
Launching first as a closed beta on iOS and then Android, Bluesky managed to gain some initial buzz in the midst of Elon Musk acquiring Twitter (Now called, “X”) and the controversy that brought. Twitter users that were unhappy with the changes happening within the app and its management, were desperately looking for an alternative, and Bluesky at the time seemed like the app that would fulfill that need.
However, Bluesky wasn’t available to all. You needed an invite code to get in, and once you were in, you realized the app was missing some very basic features. The initial absence of proper notifications (which it now has) was a big hurdle for many of the users to get over, and the app slowly became a more closed community of loyal users who were looking for something new in the world of social media.

Bluesky app on iOS and Android

Now at over 3 million users, Bluesky will feel very similar to people who are used to Twitter and Threads. Posts, which are also called “skeets,” are arranged in chronological order, and you can choose to watch feeds that have been hand-picked by other users.

Bluesky is committed to decentralization and aims to address the problems caused by the large tech companies’ power and impact in the way we interact online. CEO, Jay Graber, was quoted as saying that “The future of social media should be open and decentralized,” a mantra that the app has always lived by. Additionally, Bluesky plans to add an autonomous moderation system in order to allow separate groups to make their own “labeling services” for material.


It remains to be seen if Bluesky will be able to stay in the competitive world of social media for a long time. While many find its dedication to decentralization and community moderation very appealing, the truth of the matter is that the platform needs to be able to attract a lot of users that can help make the ecosystem grow. We don’t know yet if this will become the Twitter alternative it was first thought to be, but we should definitely keep an eye on its growth.


[ad_2]
Source link

How to Extract Malware Configurations in a Sandbox

0
[ad_1]
Extract Malware Configurations in a Sandbox

Indicators of Compromise (IOCs) are the fuel that powers our cybersecurity defenses and keeps them effective. The most sought-after source of these indicators is malware configurations.

Accessing them is equal to exposing the attacker’s playbook. Hence, thousands of analysts spend dozens of hours uncovering them. But what exactly are these configs, and how do we get them faster? Let’s explore.

Malware Sandboxing Leader ANY.RUN handles the heavy lifting of phishing and malware analysis for SOC and DFIR teams and also helps 300,000 professionals use the platform to investigate incidents and streamline threat analysis.  

What is a Malware Configuration?

Malware configurations are essentially instructions provided by the attacker to the malware. They usually contain URLs used for connecting the Command-and-control (C&C) server, encryption keys, targeted OS, and functions performed by the malicious software. 

How Does It Work?

The behavior of individual malware stems from the configuration settings defined during its initial development. Its configuration parameters determine all of these.

For instance, a malicious program might transmit data via email, contact servers directly, leverage messaging applications such as Telegram, or a combination.

Why Do You Need a Malware Configuration?

Analyzing configurations provides insights into the malware’s operational capabilities and how it interacts with the target system. The information they offer helps unearth critical details that might otherwise go unnoticed. 

For instance, malware with multiple C&C servers typically communicates with the first IP address, leaving the rest hidden from network traffic monitoring.

Configuration extractors prove invaluable in such situations, revealing these concealed details without actively engaging with the malware.

Debugging is an essential process of manual configuration extraction

Here comes the hard part. Getting malware configurations is a laborious task that involves breaking through lines of heavily obfuscated code, delving into memory dumps of malware samples, reverse engineering and debugging.

The challenge is even greater with modern malware that uses modular architecture. Extracting the configurations of these modules adds complexity to the procedure.

This allows adding new components, such as keyloggers and miners, to the initial malware build, expanding its functionality and altering its behavior.

Thankfully, in most cases, hours of stressful and hard work to obtain configs have been already spent by professional analysts. To get them, you simply need to click a button.

Document
Analyse Shopisticated Malware with ANY.RUN

More than 300,000 analysts use ANY.RUN is a malware analysis sandbox worldwide. Join the community to conduct in-depth investigations into the top threats and collect detailed reports on their behavior..

How Malware Sandboxes Help us Extract Malware Configs

Remcos malware config provided by ANY.RUN

Sandboxes for malware analysis are one of the tools that let you easily access malware configurations of different threats. They enable instant retrieval of relevant information, significantly enhancing your productivity.

ANY.RUN is a prime example of such a service. The sandbox’s database features malware configurations for over 50 common malware families, including Remcos, RedLine, and Formbook, that can be accessed by simply clicking the “MalConf” button.

ANY.RUN effectively identifies all malware families within the sample, including all variants even if multiple builds of the same family exist.

The interface provides a concise description of the malware and offers the option to visit Malware Tracker for more details and the latest IOCs

Specialists can export the extracted data in JSON format for further analysis. A tooltip guide is available for further information, accessible by clicking the question mark icon.

Document
Analyse Shopisticated Malware with ANY.RUN

More than 300,000 analysts use ANY.RUN is a malware analysis sandbox worldwide. Analyze malware in interactive Windows VMs and get their configs in seconds. ..

Example of how ANY.RUN lets you get malware configs

Consider Trickbot, a malware known for its stalling tactics, employing lengthy mathematical computations to delay its execution.

While Trickbot may only initiate network activities, such as connecting to a C&C server, after a 300-second delay, tools like ANY.RUN can swiftly detect and extract its configurations in a mere 100 seconds. View this interactive session on ANY.RUN to see it yourself.

Try ANY.RUN for free 

Test the full range of features offered by ANY.RUN by requesting a 14-day free trial. Get to analyze malware in interactive cloud virtual machines (VMs) just like on your own computer. Collect IOCs, extract configs, and generate comprehensive threat reports in seconds to streamline your investigations.


[ad_2]
Source link

New ResumeLooters Gang Targets Job Seekers, Steals Millions of Resumes

0
[ad_1]

Since emerging in November 2023, ResumeLooters has exploited SQL injection and XSS vulnerabilities to compromise over 65 job-seeking websites.

In November 2023, Group-IB’s Threat Intelligence unit discovered a malicious campaign that targeted APAC (Asia Pacific region) employment agencies and retail companies. GroupIB dubbed the hackers behind the campaign as ResumeLooters.

Overall, 65 websites were targeted, using SQL injection attacks and injecting cross-site scripting (XSS) scripts, to steal sensitive user databases storing sensitive information like names, phone numbers, emails, and employment history. The stolen data was then sold on Telegram channels.

New ResumeLooters Gang Targets Job Seekers, Steals Millions of Resumes

Group-IB researchers discovered Cross-Site Scripting (XSS) infection on genuine job search websites, aiming to load malicious scripts and display phishing forms. The earliest attacks date back to early 2023, as per the file creation dates detected on the attackers’ servers.

The hackers stole more than two million unique email addresses, targeting users in India, Taiwan, Thailand, and Vietnam. SQLi attacks targeted back-end user databases, while XSS techniques were used to display phishing content on sites and visitors’ devices.

Group-IB has identified ResumeLooters as the second group conducting SQL injection attacks against companies in the Asia-Pacific region, following GambleForce, which has carried out over 20 attacks so far.

The latter group typically targets India, Taiwan, Thailand, and Vietnam, since over 70% of its known victims were located in the region. Researchers also identified compromised entities in Brazil, the USA, Turkey, Russia, Mexico, Italy, and other non-APAC countries.

It is worth noting that Group-IB had recently unmasked EagleStrike, a subgroup of the GambleForce hacker group, who exploited simple vulnerabilities. The group targeted 24 organizations across 8 countries, compromising websites in Australia, Indonesia, the Philippines, South Korea, China, India, and Thailand between September and December 2023.

According to the company’s blog post, ResumeLooters uses various penetration testing tools, including sqlmap, Acunetix, Beef Framework, X-Ray, Metasploit, ARL, and Dirsearch. Their main vector was SQL injection via sqlmap.

Analysis of stolen HTML files shows the malicious script was executed on at least four websites with some having XSS scripts embedded in the HTML code mainly on devices having administrative access. The attackers’ accounts and advertisements for data sale were discovered in hacking-themed Telegram groups having Chinese-speaking members.

The report highlights the vulnerability of SQLi and XSS attacks on websites, underscoring the need for businesses to implement best practices like web application firewalls and input validation. It also highlights the potential damage caused by these attacks, which are “fueled by poor security and inadequate database and website management” Group-IB researchers concluded.

New ResumeLooters Gang Targets Job Seekers, Steals Millions of Resumes
Screenshot shows source code of one of the authentic job sites containing ResumeLooters’ XSS script

There have been several surprising breaches involving the exposure of employee or job seekers’ data. In July 2022, a North Korean-backed Lazarus group of hackers, posing as IT freelancers, used a fake job offer to infiltrate Sky Mavis’ network.

More recently, in January 2023, Hackread reported independent security researcher Anurag Sen discovered a misconfigured server belonging to an Enterprise Resource Planning (ERP) Software provider in California.

The Elasticsearch server exposed the personal data of over half a million Indian job seekers, as well as the company’s employees and client records from companies like Apple and Samsung. The server had been publicly accessible without any security authentication or password since late December 2022.

  1. Teen hacked Apple twice hoping for a job
  2. Hackers used fake job website to scam jobless US veterans
  3. Fake LinkedIn job offers scam spreading More_eggs backdoor
  4. Fake LinkedIn Job Offer Used in Stealing $625M from Axie Infinity
  5. Interpol Busts Human Traffickers Luring Victims with Fake Job Ads

[ad_2]
Source link