Active since 2015, Mekotio is a Latin American banking trojan specifically designed to target financial data in regions like Brazil, Chile, Mexico, Spain, and Peru. It exhibits links to the recently disrupted Grandoreiro malware, both likely originating from the same source.
Mekotio utilizes phishing emails as its primary infection vector. These emails incorporate social engineering tactics to manipulate users into interacting with malicious links or opening attachments.
Once compromised, a system employs various techniques to steal banking credentials, including logging keystrokes, capturing screenshots, and pilfering clipboard data.
Mekotio uses persistence mechanisms to guarantee its presence on the infected machine.
Mekotio attack chain
A banking trojan targets users through phishing emails disguised as tax agency notifications, which contain ZIP attachments or malicious links.
Once a user interacts, a PDF attachment opens a malicious link that downloads and executes Mekotio, and upon execution, it gathers system information and connects to a command-and-control server for instructions and tasks.
Mekotio targets financial information after gaining access to a system, and utilizes phishing tactics to steal credentials through fake login pop-ups designed to mimic legitimate banking websites.
Mekotio has keylogging, screenshot capture, and clipboard data theft functionalities to gather even more sensitive data.
The malware also implements persistence mechanisms to maintain its foothold by adding itself to startup programs or creating scheduled tasks.
Banking trojans exploit user trust by mimicking legitimate banking websites, and once a user interacts with the malicious content, the malware steals login credentials and injects them into a real banking website.
The attackers’ command-and-control (C&C) server, which serves as a central hub and receives the stolen credentials and potentially additional malware instructions, then exfiltrates this information back to it.
With this stolen banking information, attackers can perform unauthorized actions on the victim’s account, such as initiating fraudulent transactions.
Users can employ email security practices to mitigate email-borne threats, which include sender verification through email address scrutiny, grammar and spelling checks, and subject line analysis, while links and attachments should be avoided unless the sender is confirmed.
If suspicious, contact the sender via known channels to confirm the email’s legitimacy. Organizations should utilize up-to-date spam filters and security software, and users should report phishing attempts.
According to Trend Micro, it is essential to provide employees with regular security awareness training in order to instill in them an understanding of phishing and social engineering techniques.
"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo
According to some new information shared by a trusted source, the OnePlus 13 will include a much larger battery than its predecessor. This information comes from Digital Chat Station, a well-known tipster.
The OnePlus 13 to include a larger battery, much larger
He went to Twitter to kind of confirm that the OnePlus 13 will include a 6,100mAh or a 6,200mAh battery. He did not specifically mention the model, but based on everything he wrote, everything points to the OnePlus 13.
The OnePlus 12 included a 5,400mAh battery pack. That was a large battery and ensured that the phone provides great battery life. Well, the one in the OnePlus 13 will offer a lot more capacity, it seems, so we’re having great expectations for that phone’s battery life.
In one of the tipster’s posts, he also talked about a 6,500mAh battery. It seems like Both OPPO and OnePlus are preparing a phone with a 6,500mAh battery. That could be the OnePlus Ace 4 Pro, which will launch in mid-2025.
The phone will launch this year, but its global variant could arrive in January 2025
The OnePlus 13 is coming later this year. Its global launch may have to wait until January next year, though, nothing is confirmed yet. We still don’t know what will the device look like, but a redesign is tipped.
What we do know is what specs to expect, as they leaked recently, from the same source that brought us the battery info. Based on that info, the phone will be fueled by the Snapdragon 8 Gen 4 chip, as expected. That processor is coming in October, by the way.
The phone will feature a 2K “iso-depth micro-curved display”. It will likely be a 6.8-inch panel once again. 100W wired charging has been tipped, and wireless charging will be on offer too, probably 50W wireless charging, the same as its predecessor.
You can expect to see three cameras on the back once again. Three 50-megapixel units will be in use, and hopefully, the main one will be of a 1-inch type. Hasselblad will once again be a part of the package. The OnePlus 13 will be IP68/IP69 certified, which is an improvement.
In a recent cyberattack, hackers successfully compromised Ethereum’s mailing list, attempting to drain users’ crypto funds through a sophisticated phishing campaign.
The breach has raised significant concerns within the cryptocurrency community, prompting immediate action from Ethereum’s internal security team.
A phishing email was sent out to 35,794 email addresses by [email protected] with the following content
The Attack Unfolds
The attack was executed through a malicious website that ran a crypto drainer in the background.
Users who initiated their wallets and signed the transaction requested by the website found their wallets drained of funds.
The attackers managed to import a large email list into Ethereum’s mailing list platform and used it to launch the phishing campaign.
Ethereum’s internal security team quickly identified the breach and launched an investigation to determine the scope and impact of the attack.
Initial findings revealed that the threat actor had exported 3,759 email addresses from the blog mailing list, including 81 addresses previously unknown to the attacker.
Upon discovering the breach, Ethereum’s security team swiftly mitigated the damage and prevented further attacks.
The initial steps included:
Preventing Further Emails: The threat actor was blocked from sending additional emails through the compromised mailing list.
Public Notifications: Notifications were sent out via Twitter and email, warning users not to click on the malicious link.
Closing Access Paths: The malicious access path used by the threat actor to gain entry into the mailing list provider was shut down.
Blacklisting Malicious Links: The malicious link was submitted to various blacklists and subsequently blocked by the majority of web3 wallet providers and Cloudflare.
Despite the severity of the breach, Ethereum’s investigation showed that no victims lost funds during this campaign.
On-chain transaction analysis indicated that the malicious domain was blocked before significant damage occurred.
Ongoing Investigation and Future Measures
As the investigation continues, Ethereum has taken additional measures to enhance security and prevent future incidents.
These steps include migrating mail services to other providers to reduce the risk of similar attacks.
The company is also working closely with external security teams to further address and investigate the incident.
In a statement, Ethereum expressed deep regret over the incident and reassured users that they are working diligently to resolve the issue.
“We are deeply sorry that this incident occurred,” the statement read.
“We are working diligently with both our internal security team as well as external security teams to help address further and investigate this incident.”
The attack on Ethereum’s mailing list highlights the ongoing challenges and vulnerabilities in the cryptocurrency space.
As digital assets grow in popularity, the need for robust security measures becomes increasingly critical.
Ethereum’s swift response and transparency in handling the breach serve as a reminder of the importance of vigilance and proactive security practices in the ever-evolving world of cryptocurrencies.
"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo
The OnePlus Nord 4 design & colors get confirmed via promo image
Why do I say properly confirmed when we’ve already seen a real-life image? Well, in all honesty, that real-life image looks more like a prototype of the device, as that specific combo looks very weird.
The image you can check out below, however, reveals a much more aesthetically appealing device. You can see three different combinations here. Silver is combined with green, white with silver, and black with dark gray.
OnePlus opted for a two-tone design this time around, and the phone does look quite appealing, at least in this promo image. Its sides are flat, while a flat display sits on the front with a centered display camera hole. The bezels are quite thin too.
All of its physical buttons are located on the right side. The thing is, there is an alert slider on the left. The phone does seem to have an IR blaster at the top too, though we can’t be sure.
OnePlus opted for a two-tone design this time around
You’ll notice that the top one-quarter of the phone’s back is reserved for one design language, and the three bottom quarters reveal something else entirely. Based on OnePlus’ invite, the bottom part of the backplate is actually metal-clad. The top portion is covered by glass.
Two horizontally-aligned cameras sit in the top-left corner, with an LED flash next to them (top-right corner). OnePlus’ logo is centered on the phone’s back.
The OnePlus Nord 4 will become official on July 16. The launch event will be held in Milan, Italy, and it will kick off at 3 PM CEST / 9 AM EST / 6 AM PST / 2 PM BST.
Tesla managed to ink many partnerships with important software developers to have their apps ported to its cars. As people spend more and more time in their cars, the technology inside vehicles has advanced to allow drivers to connect to the other ecosystem they typically use while outside their cars.Android, iOS, Windows, and Mac OS are just some of the operating systems that provide access to various apps and services. However, Elon Musk-owned Tesla is not using any of the ecosystems related to these operating systems like Android Auto and Apple CarPlay.
But that doesn’t seem to be an issue for the Tesla OS, which already offers Tesla drivers access to almost all the important apps and services that the other operating systems offer.
Unfortunately, there were two services that were missing until recently, Amazon Music and YouTube Music. But that’s about to change as Not a Tesla App (via Android Authority) reports that both music streaming services are coming to Tesla EVs.
Apparently, several Tesla models are getting a new update, which adds support for Amazon Music and YouTube Music among other things. Specifically, the Tesla S, Tesla 3, Tesla X, and Tesla Y are eligible for this update, which is expected to be rolled out very soon.
Although Tesla drivers could access YouTube Music in their cars by connecting their phones via Bluetooth, the experience is limited because it misses many features that are otherwise available in the native app.
More importantly, YouTube Music allows users to build and listen to their own playlists without having to pay a subscription like other music streaming services. This means that Tesla drivers will save a lot of money if they’re already subscribed to a different music streaming service (i.e. Spotify).
The bad news is we have no idea when the new update will drop, but we suspect it won’t be long now since the changelog has been leaked.
HONOR has officially revealed and shown us the Magic V3 color options. As many of you know, the Magic V3 is the company’s upcoming book-style foldable. This one will be even thinner and lighter than last year’s model, allegedly. More on that later.
The HONOR Magic V3 color options have been shown by the company
Let’s focus on the colors first. If you take a look at the gallery below the article, you’ll see all four color options. HONOR says that these colors are inspired by nature. Three out of four of these variants have glass panels, while the fourth one has vegan leather on the back.
To be more accurate, black, green, and white models have glass on the back. The first two devices have a frosted matte backplate, while the white model has an interesting pattern on the back, and the look will change based on how the light hits the device.
The ‘dark orange’ model comes with a vegan leather backplate and gold accents. We’ve seen that variant before, as it was the first model that HONOR revealed. That model will also be the lightest, as vegan leather is lighter than glass.
You can see a camera setup similar to the one on the HONOR Magic6 Pro, at least in terms of camera placement. It remains to be seen what cameras exactly will be used by HONOR. One thing is for sure, the top camera will be a periscope telephoto unit.
The device will be both thinner & lighter than the Magic V2
The HONOR Magic V3 will measure only 9.Xmm when folded. It will be thinner than even its predecessor, the Magic V2. It will weigh 22X grams, so it’ll be lighter too. The HONOR Magic V2 models measured 231 and 237 grams, depending on the model.
The device will be fueled by the Snapdragon 8 Gen 3, and its launch date has been announced already. The device is coming on July 12, and it will launch alongside the Magic Vs3, and a couple of other devices.
A threat actor has claimed that there is a vulnerability in the HackerOne Bug Bounty Platform that allows 2FA to be bypassed. This vulnerability requires only a username and password without user interaction or… pic.twitter.com/CyxwP8Hrtz
HackerOne, a leading platform that connects businesses with cybersecurity experts to identify and fix vulnerabilities, has yet to release an official statement regarding the alleged 2FA bypass vulnerability.
The platform is known for its robust security measures, including mandatory 2FA for all users, which makes this claim particularly alarming.
Experts suggest that if the vulnerability is confirmed, it could have significant implications for the platform’s users and the broader cybersecurity community.
“We are aware of the claims made on social media and are actively investigating the matter. Our priority is the security of our users and the integrity of our platform,” a HackerOne representative stated in a preliminary response.
The cybersecurity community has reacted with a mix of skepticism and concern.
While some experts are waiting for official confirmation and details from HackerOne, others are already speculating about the potential impact of such a vulnerability.
If the 2FA bypass is real, it could allow unauthorized access to sensitive information and reports submitted by ethical hackers, undermining the trust in the bug bounty process.
“This could be a significant setback for the bug bounty ecosystem if proven true. It highlights the need for continuous vigilance and improvement in security measures, even for platforms dedicated to cybersecurity,” commented Jane Doe, a cybersecurity analyst.
As the investigation unfolds, users of the HackerOne platform are advised to stay vigilant and follow any security recommendations issued by the platform.
The cybersecurity community eagerly awaits further updates on this developing story.
"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo
Using mapping and navigation apps like Apple Maps, Google Maps, and Waze are great reasons to buy a smartphone. Those of you old enough to remember writing down directions or using a map to get from point “A” to point “B” safely are probably still amazed at how we can type in our destination in one of the aforementioned trio of apps and quickly have a route to follow on our phone screens.
It feels like magic and even more so when a route change is forced on the driver due to roadwork, police action, a surprising change in the weather, or a traffic problem. Perhaps the most amazing thing is that Google Maps has been providing mobile phone owners with free turn-by-turn directions ever since the Motorola DROID became the first phone released with Android 2.0 in November 2009.
Google has been quietly adding a new feature to the iOS version of Google Maps only in certain regions and to a limited number of users. That feature is a speedometer which is already available to many of those using the Android version of Google Maps and both variants of Waze. The speedometer on a mapping and navigation app that uses GPS is more accurate than the one on your car’s dashboard according to autoevolution. And since some drivers glance at the directions on their navigation app while driving (more on that later), they can check out these directions while seeing how fast they are going all at the same time.
Setting the speedometer feature in Waze
It appears that Google is testing the appearance of a speedometer for the iOS version of Google Maps and for CarPlay, and this is being confirmed by the feature showing up intermittently on some iPhone handsets. As recently as two days ago, a post was left on Reddit from an iPhone user that stated, “I was going to work today and using google maps on my work phone (iPhone 14 pro) and noticed the exclusive android speedometer feature was visible. However upon testing on another phone (iPhone 14 Pro Max) the feature was nowhere to be seen.”
In some states, a driver won’t have the legal right to view his speed as it appears on Google Maps as holding a smartphone while behind the wheel in these jurisdictions is against the law. If you’re not driving in such a state, Waze will show you how fast you’re going and can even alert you when you’re speeding. Open the Waze app and tap the three-line hamburger menu in the upper left corner of the screen.
Tap on Settings > Speedometer and toggle the settings the way you want them. You can have your speed appear on the map, show the current speed limit when you’re driving faster than the limit, show it all the time, or never show it. You can also arrange to hear an alert when you’re driving at the speed limit, or driving 5 MPH, 10 MPH, 15 MPH, or 20 MPH above the limit, or if you’re 5%, 10%, 15%, or 20% above the limit.
An unauthenticated endpoint vulnerability allowed threat actors to identify phone numbers associated with Authy accounts, which was identified, and the endpoint has been secured to prevent unauthorized access.
No evidence suggests the attackers gained access to internal systems or other sensitive data, but as a precaution, it’s crucial to implement additional security measures to mitigate potential phishing attacks that could exploit the leaked phone numbers.
An unauthenticated endpoint in Twilio’s Authy app allowed malicious actors to identify user phone numbers. While no evidence suggests a broader system intrusion or sensitive data exposure,
They urge all Authy users to update their Android and iOS apps to address the vulnerability, which mitigates the risk of threat actors exploiting the exposed phone numbers for phishing and smishing attacks.
Authy users should maintain vigilance and carefully examine any text messages that appear to be suspicious.
A new software update is available for both Android and iOS devices, which addresses various bug fixes, including security vulnerabilities.
It is imperative to install this update promptly to preserve the device’s functionality and integrity.
For Android users, a link has been provided to download the update, while iOS users can acquire the update through the standard software update process on their devices.
Twilio recognizes a security incident and apologizes for the disruption, as their Security Incident Response Team (T-SIRT) is currently investigating the issue and will provide updates as the situation evolves.
This incident underscores the critical role of T-SIRT in proactively identifying security vulnerabilities, implementing preventative measures to mitigate risks, and taking corrective actions in the event of a breach.
T-SIRT’s swift response and ongoing communication are essential to minimizing the impact of security incidents and maintaining customer trust.
If users are unable to access the Authy account due to login issues or lost access to the registered phone number, contacting Authy support is the recommended course of action.
Their specialists will address the request and collaborate to restore functionality to the Authy account, which may involve troubleshooting login problems or initiating a phone number change procedure.
"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo
The ShinyHunters hacker group claims the Ticketmaster breach is far bigger than previously anticipated, stealing 193 million barcodes, including 440,000 Taylor Swift tickets. Valued at $22 billion, they now demand $8 million from LiveNation!
In May 2024, the notorious hacker group ShinyHunters breached Ticketmaster – LiveNation, as we know it. However, the hackers have now released new details about the extent of their breach. These details have been published on the infamous cybercrime and hacker platform Breach Forums titled “Ticketmaster event barcodes ‘Taylor Swift’ pt 1/65000.”
ShinyHunters on Breach Forums (Screenshot: Hackread.com)
The Breach Unveiled
ShinyHunters marked the Fourth of July with a disturbing announcement: they claim to have stolen 440,000 tickets for Taylor Swift’s Eras Tour. In a symbolic twist, they suggest that instead of Swift performing on her tour, she will be “performing in front of Congress,” indicating this breach’s severity and public exposure.
The Staggering Numbers
The hackers provide an extensive breakdown of their hack:
Total Exfiltrated Barcodes: 193 million
Total Value of Stolen Tickets (TKT_FACE_VAL_AMT): $22,695,713,141.00 USD
A Shift in Negotiations
According to ShinyHunters, the hackers initially accepted a rushed $1 million offer from LiveNation to keep the breach under wraps. However, realizing the true value of the data they possess, they have escalated their demand to $8 million. They justify this increase by pointing out that they have found ways to make the breach more costly and complicated for the affected company.
Expanded Scope
In addition to the Taylor Swift tickets, ShinyHunters claims to have:
30 million tickets for 65,000 events: Similar to the Swift tickets, valued at $4,665,615,212.00 USD
Data at Risk
The hackers have detailed the extensive nature of the stolen data, which includes:
980 million sales orders
680 million orders detail
1.2 billion party lookup records
440 million unique email addresses
4 million uncased and deduped records
560 million AVS (Address Verification System) detail records
400 million encrypted credit card details with partial information
They boast that this breach is the largest publicly disclosed non-scrape breach of customer Personally Identifiable Information (PII) to date.
Screenshot from the leaked file (Screenshot: Hackread.com)
Disclosure:
Hackread.com believes in transparency; therefore, we are publicly revealing that we used ChatGPT-4o to analyze the leaked data due to its complexity. Here’s the breakdown and conclusion:
The leaked data contains detailed information about ticket sales for Taylor Swift's Eras Tour event, specifically for a concert at Lucas Oil Stadium in Indianapolis, Indiana. Here is a breakdown of the key data fields present in the leak:
Event Details:
EVENT_ID_SRC_SYS_CD: Source system code for the event. EVENT_START: Date and time of the event. EVENT_KEY: Unique identifier for the event. EVENT_HEX: Hexadecimal representation of the event ID. EVENT_ID: Numeric ID of the event. EVENT_NAME: Name of the event (Taylor Swift | The Eras Tour). EVENT_TIMEZONE: Timezone of the event. EVENT_MULTIPLEDAYS: Indicator if the event spans multiple days. EVENT_VENUE_NAME: Venue name. EVENT_VENUE_COUNTRY: Country where the event is located. EVENT_VENUE_STATE: State where the event is located. EVENT_VENUE_CITY: City where the event is located. EVENT_VENUE_POSTCODE: Postcode of the event venue. EVENT_VENUE_ADDR1: Address line 1 of the venue. EVENT_VENUE_ADDR2: Address line 2 of the venue (if applicable). EVENT_VENUE_LONG: Longitude of the event venue. EVENT_VENUE_LAT: Latitude of the event venue. Ticket Details:
SALES_ORD_ID: Sales order ID. SALES_ORD_TRAN_ID: Transaction ID related to the sales order. BASE_TKT_TYPE_CD: Base ticket type code. EXTENDED_TKT_TYPE_CD: Extended ticket type code. TKT_BARCODE_VAL: Barcode value for the ticket. SECT_NAME: Section name where the seat is located. ROW_NUM: Row number of the seat. SEAT_NUM: Seat number. XNUM_CD: Additional numerical code related to the seat. VEN_ID: Venue ID. HOST_SYS_CD: Host system code. HOST_VAX_ACCT_NUM: Host VAX account number. HOST_ACCT_CREATE_DT: Date when the host account was created. TKT_FACE_VAL_AMT: Face value amount of the ticket. TRAN_VOID_FLG: Indicator if the transaction was voided. TRAN_VOID_DT: Date when the transaction was voided (if applicable). CPN_CAT_ID: Coupon category ID. CPN_PWD_PRIM_VAL: Primary value of the coupon password. QUALIFIER_NAME1/2/3: Qualifier names. QUALIFIER_COMBO_ID: Qualifier combo ID. EVENT_VENUE_KEY: Venue key.
Potential Uses of the Data
The barcode values (TKT_BARCODE_VAL) and seat details (section, row, seat numbers) can be used to create counterfeit tickets or resell tickets fraudulently. Identity Theft and Financial Fraud:
The data includes host account creation dates and VAX account numbers, which could be leveraged to identify and exploit user accounts. Phishing and Social Engineering Attacks:
With detailed personal information, attackers can craft convincing phishing emails or social engineering attacks targeting ticket buyers. Market Analysis and Competitor Intelligence:
Competitors can analyze the pricing (TKT_FACE_VAL_AMT), seating arrangements, and sales data to understand Ticketmaster's market strategies. Reputation Damage:
Public disclosure of this data can significantly harm Ticketmaster's reputation, causing loss of customer trust and future business.
The exposure of personally identifiable information (PII) might result in substantial fines from regulatory bodies and legal actions from affected customers.
Conclusion
The leaked data is highly sensitive and can be exploited in numerous malicious ways, from direct financial fraud to broader market implications and significant reputational damage for Ticketmaster. Immediate steps to mitigate these risks and protect affected customers are crucial.
Implications for Ticketmaster and Customers
This breach could have severe implications for Ticketmaster and its customers:
Financial Loss: The face value of the stolen tickets alone amounts to billions of dollars. Additionally, the potential costs of managing the breach, compensating affected customers, and potential fines could be astronomical.
Reputation Damage: Such a high-profile breach can severely damage Ticketmaster’s reputation, leading to loss of customer trust and future business.
Customer Impact: The stolen data includes highly sensitive information, such as encrypted credit card details and personal email addresses, putting millions of customers at risk of identity theft and financial fraud.
Increased Security Measures: This breach underscores the need for enhanced security measures within the company to prevent future incidents.
The ShinyHunters’ breach of Ticketmaster goes on to show the cybersecurity threat posed by cybercriminals. Although Ticketmaster previously acknowledged the breach, as the situation develops, it will be necessary for Ticketmaster to address the breach transparently, enhance its security protocols, and work towards restoring customer trust. Meanwhile, customers should remain alert and monitor their accounts for any suspicious activity.
For more updates on this developing story, stay tuned!
