Nim-Based Malware Delivered via Weaponized Word Document

0
[ad_1]

Hackers use weaponized Word documents to deliver malicious payloads through social engineering. 

By embedding malware or exploiting vulnerabilities in these documents, attackers trick users into opening them and leading to the execution of malicious code. 

While leveraging the familiarity and trust associated with such file format, this tactic is effective for several illicit purposes:-

  • Spreading malware
  • Gaining unauthorized access
  • Initiating other cyber attacks

Recently, cybersecurity researchers at Netskope identified a new Nim-based malware, which was delivered via weaponized Word documents by the threat actors.

Nim is a new language that sees a rising malware trend, and experts at Netskope Threat Labs note growing Nim-based threats, anticipating further popularity. 

Among them, the most notable one is “Dark Power” ransomware, which is also a variant of the Nim-based family that surfaced recently.

Nim-Based Malware via Word Document

The malicious Word doc drops the Nim backdoor, which is sent as an email attachment by a fake Nepali official. 

Despite macro security, APT malware, like Menorah, which used a similar tactic months ago, still leverages macros for payload delivery. 

Malicious Word file prior to enabling macro
Malicious Word file prior to enabling macro (Source – Netskope)

Besides this, opening the file shows a blank doc, prompts macro to enable, and then the clicking triggers the:-

  • Auto-routine
  • Code execution

VBA project uses passwords and obfuscation to dodge AV solutions. At the same time, the macros employ Chr( ) and string concatenation. 

Apart from this, the code is divided into four subroutines, and here below we have mentioned them:-

  • sch_task
  • hide_cons
  • read_shell
  • vb_chain

Word doc deploys Nim-based ‘conhost.exe’ backdoor on September 20, 2023. Nim is a versatile language that compiles the following languages together with Pythonic syntax:-

Backdoor operates with user’s privileges, mimicking Nepali authority to deceive users. C&C server imitates government domains ([.]govnp[.]org).

Nim Backdoor
Nim Backdoor (Source – Netskope)

Nim backdoor checks for analysis tools and terminates if found. Then, it fetches the hostname and encrypts it with the ‘bakery’ function.

Processes the backdoor avoids
Processes the backdoor avoids (Source – Netskope)

The encrypted hostname double-base64 encoded, which was:-

  • Spliced with C&C server URL
  • Suffixed with ‘.asp’

The C&C server issues the commands via HTTP GET, the response is decrypted by the ‘confectionary’ function, executed with cmd /c, and then the result is sent back to the server. 

Besides this, for encryption and decryption, “NPA” was used as the key, potentially Nepal Agent.

Here below, we have mentioned all the C2 hosts that were contacted:-

  • mail[.]mofa[.]govnp[.]org
  • nitc[.]govnp[.]org
  • mx1[.]nepal[.]govnp[.]org
  • dns[.]govnp[.]org

The VBscript ‘OCu3HBg7gyI9aUaB.vbs‘ in the startup folder ensures access. Confirms internet connection, pings Google. 

On success, it runs ‘8lGghf8kIPIuu3cM.bat,’ and the batch file drops the files and creates tasks for payload. 

Meanwhile, the ‘d.bat’ establishes the persistent execution with the scheduled task ‘ConsoleHostManager.’

Scheduled Task
Scheduled Task (Source – Netskope)

Malware in rare languages challenges security experts, and the cross-compilation in Nim aids hackers in creating obstacles for security analysts.

IOCs

MD5

  • e2a3edc708016316477228de885f0c39
  • 777fcc34fef4a16b2276e420c5fb3a73
  • EF834A7C726294CE8B0416826E659BAA
  • 32C5141B0704609B9404EFF6C18B47BF

SHA-1

  • 3aa803baf5027c57ec65eb9b47daad595ba80bac
  • 5D2E2336BB8F268606C9C8961BED03270150CF65
  • 4CAE7160386782C02A3B68E7A9BA78CC5FFB0236
  • 0599969CA8B35BB258797AEE45FBD9013E57C133

SHA-256

  • b5c001cbcd72b919e9b05e3281cc4e4914fee0748b3d81954772975630233a6e
  • 696f57d0987b2edefcadecd0eca524cca3be9ce64a54994be13eab7bc71b1a83
  • 88FA16EC5420883A9C9E4F952634494D95F06F426E0A600A8114F69A6127347F
  • 1246356D78D47CE73E22CC253C47F739C4F766FF1E7B473D5E658BA1F0FDD662

Network

  • mail[.]mofa[.]govnp[.]org
  • nitc[.]govnp[.]org
  • mx1[.]nepal[.]govnp[.]org
  • dns[.]govnp[.]org

[ad_2]
Source link

National Amusements Reveals Data Breach Affecting 82,000+

0
[ad_1]

Paramount and CBS’s parent company, National Amusements, took months to reveal the data breach that has impacted more than 82,000 people, including customers and potentially employees as well.

National Amusements, the parent company holding a controlling stake in entertainment giants Paramount, CBS, and numerous theatres across the United States, has come under scrutiny for delaying the disclosure of a major data breach that occurred late last year. The breach impacted 82,128 individuals, comprising both customers and potentially National Amusements employees.

The breach, which went unnoticed for months, was finally reported to the Maine Attorney General. According to the company’s statement, an “unauthorized individual” accessed the company network on December 13, 2022. However, National Amusements only became aware of the intrusion two days later.

Regarding the data affected in the breach, it includes information like name or other personal identifiers combined with financial account number or credit/debit card number (along with the security code, access code, password, or PIN for the account).

National Amusements Reveals Data Breach Affecting 82,000+ Amid Backlash
The data breach notification was submitted to the Maine Attorney General.

The company enlisted the services of a third-party firm to investigate the breach, a process that concluded “recently.” Curiously, the data breach was only officially acknowledged on August 23 of this year, possibly aligning with the completion of the external investigation.

Despite attempts from the media to seek clarification from National Amusements, the company has maintained near-radio silence, leaving questions about the delayed disclosure unanswered.

Currently, the company asserts that there have been no reports of stolen data being exploited by third parties or leaked online. Nevertheless, National Amusements has proactively taken measures to mitigate the aftermath, providing those affected with complimentary credit monitoring services through Experian for varying durations.

If you’re an employee of National Amusements or one of its customers, be cautious about phishing emails. Cybercriminals might impersonate the company to discuss the recent data breach, but their real intention could be to gather additional information, including your financial details. Stay vigilant and verify the legitimacy of any communication you receive related to the incident.

  1. OurMine hackers hack Marvel and Netflix Twitter accounts
  2. Best legal, free online streaming sites for movies, TV shows
  3. Hackers Leak First 8 Episodes of Steve Harvey’s “Funderdome”
  4. Soap2day Shuts Down Permanently – Free Legal, Paid Alternatives
  5. Potential 500GB Nickelodeon Leak: Unreleased Shows, Scripts at Risk

[ad_2]
Source link

200MP camera with 10x optical & 200x digital zoom

0
[ad_1]

The Vivo X100 series launched not long ago. The Vivo X100 Pro is already a true camera powerhouse, but the upcoming Vivo X100 Pro+ is looking to up the ante even more. According to a new rumor, the Vivo X100 Pro+ will not only feature a 200MP periscope telephoto camera, but also some great zoom capabilities as part of it.

The Vivo X100 Pro+ to come with a 200MP camera that enables up to 200x digital zoom

The new rumor says that 10x optical zoom will be enabled on the phone, which is not something you see often. Also, that camera will be able to provide 200x digital zoom. The quality of that digital zoom probably won’t be great, but still, it’s quite impressive to see.

Just to be clear, this information comes from Digital Chat Station, one of the most prominent tipsters out there. That fact alone gives it a lot of credibility, so that’s what we’re expecting now.

That phone will almost certainly be fueled by the Snapdragon 8 Gen 3 chip. Its sibling, the Vivo X100 Pro, comes with the MediaTek Dimensity 9300 chip. In addition to that, a QHD LTPO AMOLED display is also expected.

The Sony LYT-900 camera sensor is expected for the main camera

The Sony LYT-900 camera sensor is said to be used for the main, 50-megapixel camera on the device. The same camera sensor OPPO will use in the OPPO Find X7 Pro flagship. The phone’s ultrawide camera is also expected to be quite compelling. It could be the same as on the Vivo X100 Pro, though.

The Vivo X100 Pro+ could be more appealing to some consumers due to a new chip. The MediaTek Dimensity 9300 has proven to be quite a capable chip, but it also does heat up quite a bit.

The Vivo X100 and Vivo X100 Pro initially launched in November. They landed about a month later, in December, in global markets. The Vivo X100 Pro+ is expected to land in Q1 next year, but nothing has been confirmed yet.


[ad_2]
Source link

The New York Times is suing OpenAI and Microsoft for ‘Billions’ of dollars

0
[ad_1]

Generative AI is just one year into the public, and there have been a ton of lawsuits thrown around regarding this technology. Two of the biggest players in the AI game are now being sued by one of the biggest publication companies. The New York Times is now suing OpenAI and Microsoft over copyrighted material.

This is one of many lawsuits going around nowadays. Several artists, writers, musicians, celebrities, etc. are taking AI companies to court for using their material without their consent. In order to train AI, companies need to scrape a ton of data from thousands of websites. This data could be in the form of pictures, text, music, vocal samples, and so on.

Then, AI companies use the stolen material in their services. Image generators create pictures using image data scraped from artists. That’s just one example. The lawsuits are just going to keep flowing in as AI companies continue to scrape data.

The New York Times is suing OpenAI and Microsoft

When an AI chatbot gives you information on a major legal case that occurred in recent history, you’re likely to see excerpts from news articles. Guess what, you’re probably looking at an excerpt from a copyrighted and paywalled article from the New York Times. The NY Times is one of the major forces in American journalism, and it’s not too happy with OpenAI.

OpenAI’s ChatGPT is the most popular chatbot on the market, and it’s a reservoir of a metric ton of scraped data. Well, The New York Times says that the company scraped millions of articles from the publication. This, according to the company, resulted in billions of dollars in damages. Whether or not that equates to billions of dollars, we don’t really know.

According to the report, The New York Times tried to reach out to the companies in order to come to some sort of accord, but that fell through. So, this seems to be the only course of action left.

When it comes to big cases like these, there’s no telling what could happen. It seems unlikely that the companies will lose billions of dollars in the suit. There’s always the chance that the entities will settle behind closed doors. We’ll need to wait for more information on this matter as it comes out.


[ad_2]
Source link

Possible Data Exfiltration by Hackers

0
[ad_1]

Ubisoft, the renowned video game developer behind iconic franchises like Assassin’s Creed and Far Cry, narrowly escaped a potentially devastating data breach. 

On December 20th, an unidentified threat actor infiltrated their systems, gaining access for approximately 48 hours before Ubisoft’s eagle-eyed security team detected the anomaly and revoked access.

The precise nature of the attack remains shrouded in mystery. 

Details regarding the initial access vector, the attacker’s tools and techniques, and the specific vulnerabilities exploited are still under investigation. 

However, what is known is that the individual gained access to Ubisoft’s internal network and embarked on a brazen attempt to exfiltrate a staggering 900 gigabytes of data.

Malware collective vx-underground shared screenshots provided by hackers of Microsoft Teams accounts and other access points to Ubisoft.

The news was posted on the @vxunderground Twitter page.
The news was posted on the @vxunderground Twitter page.

Detection and Response

While the exact size and nature of the targeted data remain undisclosed, the sheer volume – roughly equivalent to the storage capacity of 1800 standard DVDs – suggests the attacker sought to acquire a substantial trove of sensitive information. 

This could potentially include source code, game assets, player data, or even internal company documents.

Fortunately, Ubisoft’s security team swiftly identified the suspicious activity, acting commendably and decisively. Within 48 hours of the initial infiltration, they managed to sever the attacker’s access and prevent data exfiltration. 

This swift response undoubtedly saved the company from a potential public relations nightmare and potentially devastating financial losses.

Aftermath and Unanswered Questions

While the immediate threat has been neutralized, the incident leaves a lingering shadow of uncertainty. 

Ubisoft is currently conducting a thorough investigation to uncover the full scope of the attack, identify the vulnerabilities exploited, and implement additional security measures to prevent similar incidents in the future.

The gaming community awaits further details with bated breath. 

Speculation swirls regarding the attacker’s motives, the specific data targeted, and the potential consequences had the exfiltration been successful. 

Ubisoft has assured players that no personal information was compromised.


[ad_2]
Source link

Samsung Wallet adds support for mobile driver’s licenses

0
[ad_1]

In October, Samsung announced that it will soon bring mobile driver’s licenses and state IDs to its Samsung Wallet app. The company said Arizona and Iowa will be the first US states to let residents carry a mobile version of their driver’s license. It appears the rollout has begun, at least in Arizona. The Korean firm recently sent emails to Wallet users notifying them about the new feature.

Samsung Wallet users can now add their driver’s license to the app

In its official announcement in October, Samsung said Wallet will add support for mobile driver’s licenses in Arizona and Iowa “later this year.” The company didn’t specify a more precise timeline. However, we recently received an email from it saying that the Mobile Driver’s License feature “is now live” in the Wallet app. The email suggested the rollout has begun in Arizona, so users in Iowa might have to wait longer.

Once the feature is available, Arizona’s driver’s license or state ID holders can add a digital copy of the physical card to Samsung Wallet. To add, open the app, go to the Quick access tab, click on the ‘+’ button, select ‘Digital IDs’, and click on the ‘Driver’s License/State ID’ option. You will now be asked to scan the front and back of your ID. When completed, tap “Next.”

You have to then verify your identity with a face scan. Samsung says this is to verify that you are “the rightful holder of the driver’s license or state ID, and is for verification purposes only.” After scanning the face, tap “Submit” to complete the process. It will ask for a fingerprint or PIN authentication on your phone. This ensures that only you can access the digital ID when required.

Your driver’s license or state ID is now safely stored in Samsung Wallet in encrypted form. You can use the digital copy at participating TSA checkpoints. If a TSA checkpoint has a TSA digital identity reader, you can tap your phone near the NFC reader or select the digital ID in the app and scan it on the QR code reader. You don’t require to pass the physical ID to a TSA officer.

Samsung plans to expand the feature to more states

The new Samsung Wallet feature makes it convenient for Arizona and Iowa residents to verify their identity at airports. However, it doesn’t work at all airports. Thankfully, Samsung plans to change that soon. It also plans to expand the feature to more use cases beyond TSA checkpoints and bring it to other US states. The company hasn’t specified any names, though. We will let you know when we have more information.

Samsung Wallet mobile drivers license Arizona rollout 2


[ad_2]
Source link

Sam Altman, Jony Ive, and now Tang Tan are working on an AI device

0
[ad_1]

With Humane’s AI Pin, artificial intelligence took a very important step into the real world, whether we like it or not. More companies are looking to create AI-powered hardware, and LoveFrom is one of them. The company is working on an AI device, and it’s spearheaded by its CEO Jony Ive, OpenAI CEO Sam Altman, and now, iPhone designer Tang Tan.

If you don’t know what the AI Pin is, it’s a pretty revolutionary device that aims to replace the smartphone in the near future. It’s a pin that you attach to your shirt. It has a camera and a microphone that it can use to observe the world. You can ask it questions, and it can give you audible feedback using generative AI. You can read more about the AI Pin to see if you want this $700 device.

Jony Ive is looking to create an AI device

So, what will this device be? Your guess is as good as ours. It’s likely in the concept and planning stage for the time being. Maybe it’s still a hasty drawing on a restaurant napkin, as is the origin story of many great inventions. So, there’s no telling when we’ll see any sort of hardware come to light. In all reality, it could possibly be years until we see anything.

In any case, we know that there’s some serious brain power behind this device. The company behind this is LoveFrom, Jony Ive’s company. Ive will work with OpenAI CEO Sam Altman for his software expertise. According to a new report, Apple’s iPhone designer, Tang Tan, is also joining the team, joining Ive in developing the hardware for this product.

While we don’t know what this product will be, sources point to it being called the iPhone of AI. As cheesy a title as that is, it gives us a little bit of insight into what we could be looking at. The device could be pocketable, premium, and as useful for everyday tasks as an iPhone (or any smartphone for that matter).

A device like this can’t only materialize from a dream and three geniuses; money also plays a pretty big factor. Softbank, the company that previously owned Sprint, has decided to fund this project. so, with that in place, the company is set to get working on this “iPhone of AI”. We’re all excited to see what’s going to come of this project.


[ad_2]
Source link

Get Ready to Pay Your Taxes with $44 off TurboTax Home & Business 2023

0
[ad_1]

It’s now tax season, which most of us hate – unless you are getting a tax return.TurboTax makes filing taxes more manageable than ever. Whether you are an individual, own a business, trade some stocks, or anything else. And right now, Amazon has TurboTax Home & Business 2023 on sale for just $75.99 – that’s $44 off of its regular price. That will make filing your taxes more effortless than ever, and you can save some cash, too.

This particular version of TurboTax is recommended if you worked as a 1099 employee or were self-employed in 2023. Which can be the trickiest to file taxes for; thankfully, TurboTax does make it easier. 

TurboTax makes your tax returns super easy, especially if you are a 1099 employee. That means that if you earned money from TikTok, Instagram, YouTube, or really anywhere else as a content creator, this is the version of TurboTax you’re going to want. Keep in mind that if you didn’t pay your quarterly taxes, then you’re going to have a pretty big tax bill due on April 15.

With TurboTax Home and Business 2023, the software makes it super easy to create and e-file W-2s and 1099s for employees and contractors using Quick Employer Forms. I’ve been using TurboTax for the past decade or longer to file my taxes, and it really doesn’t get any easier than TurboTax. Everything is very straightforward, and the software does keep up with the ever-changing tax code. So you can rest assured that you’re getting the best and biggest return (if available) for you. So you’re not leaving any money on the table.

You can pick up TurboTax Business 2023 from this Amazon sale for only $75.99.

Buy at Amazon


[ad_2]
Source link

Mint Mobile discloses new Customer Data Breach

0
[ad_1]

Mint Mobile has recently disclosed a data breach that compromised the personal information of its customers. Mint Mobile discovered and resolved the breach that exposed customer data that threat actors could potentially use for SIM swap attacks. It is one of the most concerning security incidents for the mobile carrier and its users. Notably, Mint Mobile does not store credit card numbers, and it claims to protect passwords with “strong cryptographic technology”.

In an email sent to customers titled “Important information regarding your account,” Mint Mobile informed users about the security incident, stating that an unauthorized actor obtained limited types of customer information. The exposed data includes customers’ names, telephone numbers, email addresses, SIM serial numbers, and IMEI numbers, along with a brief description of the service plan purchased. While the company assured customers about the security of their credit card numbers, it did not explicitly mention whether the hackers accessed hashed passwords or not.

Mint Mobile said that customers do not need to take immediate action in response to the new data breach

The exposed data is particularly worrisome as it contains information that could facilitate SIM swap attacks. With details like SIM serial numbers and IMEI numbers in hand, threat actors could attempt to port a person’s phone number to their device, potentially gaining unauthorized access to online accounts. Hackers commonly use this technique to breach accounts at cryptocurrency exchanges, where attackers exploit the compromised number to perform password resets and bypass multi-factor authentication.

Mint Mobile emphasized that customers do not need to take any immediate action in response to the data breach. However, the company set up a dedicated customer support number (949-704-1162) to address any questions or concerns related to the incident. A Mint Reddit moderator confirmed the legitimacy of the communication, assuring users that the company has provided the Customer Care number specifically to handle inquiries about the recent data breach.

While Mint Mobile did not disclose the specifics of how the breach occurred, reports from July 2023 suggested that a threat actor attempted to sell data on a hacking forum, claiming it was stolen from Mint Mobile and Ultra Mobile. The data allegedly included the last four digits of customers’ credit cards. It remains unclear whether this incident is connected to the recently disclosed breach.

This is not the first time Mint Mobile has faced such security challenges. In 2021, the company experienced a data breach where an unauthorized individual accessed subscribers’ account information and ported phone numbers to another carrier. Additionally, Mint Mobile’s parent company, T-Mobile, encountered substantial data breaches in January and May 2023, impacting millions of accounts. As Mint Mobile addresses this latest incident, it underscores the ongoing threats faced by companies in the telecommunications sector and the importance of robust cybersecurity measures.

mint mobile data breach email


[ad_2]
Source link

Hackers Stolen Over $58 Million Crypto Via Malicious Google Ads

0
[ad_1]

Threat actors targeting crypto wallets for illicit transactions have been in practice for quite some time.

Threat actors have been using Wallet Drainers for such cybercrime activities, which have seen great success in recent years. 

Several techniques were used for draining, which include phishing ads, supply chain attacks, Airdrop phishing, DNS attacks, and many others. These attacks result in much loss for victims due to crypto wallet stealing. 

However, one wallet drainer has been used predominantly in over 60% of the phishing ads used by threat actors.

Google Search & Twitter (X) Ad Phishing

According to the reports shared with Cyber Security News, 10,072 phishing sites account for $58.98 million in crypto wallets draining from 63,210 victims. This particular wallet drainer was first detected in March and again at the end of April.

Source: ScamSniffer
Source: ScamSniffer

As for Google Ad phishing, many campaigns were spotted that were related to Zapper, Lido, Stargate, Defillama, Orbiter Finance, and Radiant. As of Twitter, the phishing ads were called “Ordinal Bubbles,” and all of them were using the same drainer.

Twitter ads
Twitter ads (Source: ScamSniffer)

Ad Audit Bypass

To bypass the ad audits of these campaigns, threat actors have been using many methods, such as targeting specific regions, which will display the phishing page only to people from a specific region.

The page that can be seen when opening the link directly will be different from the one that is opened from the ad link.

In addition, redirect deception was also used in which the ad appears to be from the official domain, but the final redirected site is the phishing site.

The biggest victim of these phishing campaigns was a wallet address 0x13e382dfe53207e9ce2eeeab330f69da2794179e, which lost $24 million in September.

Drainer Analysis

The drainer, used in 60% of the phishing campaigns, was sold in a forum and is fully managed with a charge fee of 20%.

The sellers of this drainer share the source code and additional value-added modules to the drainer. 

Several features, such as adding a malicious signature for blur for phishing, will cost more and must be purchased from them. The developer of this drainer has been changed from pakulichev to Phishlab.

Furthermore, a complete report about these phishing campaigns and wallet drainers has been published, providing detailed information about the threat actors, the wallet drainers, and others.

It is recommended that users be extra cautious when viewing ads and be vigilant before entering their wallet details on a website.


[ad_2]
Source link