BBTok Malware Returns, Targeting Over 40 Banks in Brazil and Mexico

0
[ad_1]

KEY FINDINGS

  • Check Point Research shared details of a newly discovered BBTok banking trojan variant.
  • This malicious variant can spoof the interfaces of over 40 Banks in Brazil and Mexico.
  • The malware operator aims to compromise PCs and steal bank card numbers or 2FA authentication codes.
  • Phishing emails serve as the primary lure in this campaign, where attackers have used sophisticated techniques to make them believable and relied on multiple file types, including ISO, ZIP, LNK, DOCX, JS and XLL, to distribute BBTok.
  • The campaign is still active, targeting Brazilian and Mexican users through multi-layered geo-fencing.

BBTok malware, first detected in 2020, has resurfaced in a brand-new, far more sinister avatar mainly targeting users in Latin America, reported Check Point Research’s cybersecurity researchers in their latest blog post published on 20 September 2020.

Researchers claim that since 2020, they have observed significant improvement in the TTPs (techniques, tactics, and procedures) adopted by BBTok malware operators as they have added multiple obfuscation layers and downloaders. This helps them avoid detection.

For your information, BBTok malware is a banking malware. Its new variant replicates the interfaces of over 40 banks, all located in Mexico and Brazil. The campaign involves a unique infection chain with a combination of LOLBins (living off the land binaries). Hundreds of users have been targeted so far in this active campaign.

This is a financially motivated campaign where attackers send phishing emails to unsuspecting users in Brazil and Mexico to lure them into entering the two-factor authentication codes of their bank accounts or giving away payment card numbers.

A malicious link in that email contains a .LNK file that initiates the infection chain, deploys the malware, and launches a decoy document. Further probing revealed that attackers maintain diverse infection chains for different Windows OS versions.

These chains use many file types to deploy malware, including ISO, ZIP, LNK, DOCX, JS and XLL. A rare feature of this attack is that a custom server-side application generates unique payloads for every victim after identifying their location and OS.

BBTok malware allows its operators to execute remote commands and inhabits almost all signature banking trojan capabilities, apart from replicating the interfaces of Latin American banks. Some of the banks it targets include Citibank, Scotiabank, Banco Itaú and HSBC.

These fake interfaces are designed so cleverly that victims cannot detect foul play and willingly enter their security codes or token numbers for 2FA, after which it is quite easy for attackers to hijack their bank accounts. Sometimes, the victims may be lured to enter payment card data.

BBTok Malware Returns, Targeting Over 40 Banks in Brazil and Mexico
Fake interfaces embedded within the BBTok Banker and Database with victims’ information (Images: CPR)

Regarding this new threat, Check Point’s threat intelligence group manager, Sergey Shykevich, stated that banking malware remains a significant issue of concern in Latin America because its primary objective is to steal the victim’s financial details.

“While worldwide we see a consistent trend of multipurpose malware which is able to do a variety of different activities (stealing data and credentials, pushing ransomware, etc.), in Latin America we still see a dominance of banking malware which only goal is to steal victims’ financial information.”

“Cyberattacks have increased 8% this year and show no signs of slowing down. We urge everyone to stay vigilant and be wary of suspicious emails with attached files and pay extra attention to where they enter their banking credentials and payment card information,” Shykevich noted.

BBTok banking malware is a product of fileless attacks that took place in Latin America back in 2020 and features a broad range of functionalities, including killing/enumerating processes, clipboard content manipulation, keyboard/mouse control, and trademark banking malware features such as simulating fake login interfaces.

It has continually been evolving, making it essential to adopt necessary security practices to avoid becoming victims of phishing attacks. Ignore password resetting emails if you cannot recall any attempts to change passwords, note the email’s content and sender before opening, and avoid sharing credentials on any platform without verifying the web address.

  1. Payoro: A Glimmer of Disruption in the Banking Sector
  2. Hackers using Google Sites to spread banking malware
  3. Brazilian Hackers Hit Portuguese Banks in Malware Attack
  4. SpyNote Spyware Returns with SMS Phishing Against Banks
  5. Brazil’s Escort Service Exposes Millions of Escort, Client Data

[ad_2]
Source link

How to pre-order Microsoft’s Surface Laptop Studio 2 & Go 3

0
[ad_1]

Microsoft held its annual fall event today, where it normally announces a slew of new Surface products. But this year, it was rather light. Coming in with just two new products this year. That’s the new Surface Laptop Studio 2 and Surface Laptop Go 3.

These laptops mostly saw processor and graphics upgrades this year. There’s not a lot of changes here for the design and such. But that’s expected with a laptop. Companies aren’t going to totally redesign their laptops every year, or even every few years.

So now the big question is, how can you pre-order them? Here’s how.

Surface Laptop Studio 2

As expected, the Surface Laptop Studio 2 is the higher-end model here, and it comes with quite the specs. We’re looking at 13th-Gen Intel Core i7 H-class processor, with NVIDIA RTX 4050 or 4060 GPUs here. And it can even be optioned to have the enterprise-level RTX 2000 Ada Generation graphics too.

The Surface Laptop Studio 2 also comes with a 14.4-inch touchscreen which is also a high-refresh rate display at 120Hz. Making it perfect for gaming, alongside those NVIDIA graphics. Microsoft is also adding in up to 64GB of RAM and 2TB of storage, for those that need the most out of this laptop.

You can pre-order the Microsoft Surface Laptop Studio 2 today, with orders shipping on October 3. It will start at $1,999 and the highest-end model is going to cost you $3,699.

Surface Laptop Studio 2 – Microsoft

Surface Laptop Go 3

The other laptop that Microsoft announced today was the Surface Laptop Go 3. This is a slightly lower-end laptop, but stil quite powerful. It comes in at under 2.5 pounds, and has a 12.4-inch touchscreen. It also has a fingerprint power button available for Windows Hello, and Microsoft says that it is about 88% faster than its predecessor.

Microsoft is offering this one in just two configurations. That’s an Intel Core i5 with 8GB of RAM and 256GB SSD, or with 16GB of RAM. It does come in four colors though: Platinum, Ice Blue, Sage and Sandstone.

The Surface Laptop Go 3 is available to buy now, and ships today as well. There’s no pre-order phase for this one. It starts at $799, and you’ll pay another $200 to double the RAM.

Surface Laptop Go 3 – Microsoft


[ad_2]
Source link

The Surface Laptop Go 3 here, and it’s $799

0
[ad_1]

Microsoft just held its Surface event today where it announced some neat news about its new software and hardware products. Among the announcements, the company gave us a glimpse of the upcoming Surface Laptop Go 3 (via Engadget).

Microsoft also announced some exciting news on the AI front. Its AI platform called Copilot is finally making its way to more places. This will use generative AI to assist the user while using Windows, Microsoft’s Office products, Edge, and other products. It will be deeply integrated into these services, so it will be just like an actual copilot. Microsoft will officially launch this on September 26th.

Microsoft unveiled the Surface Laptop Go 3

It’s not a Surface event without some surface devices. Along with some more pricey and powerful devices, Microsoft showed off the more affordable Surface Laptop Go 3. This laptop is for people who are looking more for value. They’re not planning on doing a ton of heavy work or gaming on it.

This computer has a 12.4-inch display touch screen with a resolution of 1,536 x 1,024. That’s a decent resolution, and it has an aspect ratio of 3:2. This gives it a more square design than most other laptops.

Under the hood, this computer is running the 12th-gen Intel Core i5 processor, which will give it upper-mid-range performance. So, you can plan on using it for writing content creation, and other moderate tasks. Backing that up, we have up to 16GB of RAM and up to 512GB of storage. That’s the upper-tier model, however, and it will cost more than the start price of $799.

The Surface Laptop Go 3 has a 720p front-facing camera for video calls. As for the ports, it sports a USB-C 3.2 port, a USB-A 3.1 port, a Surface Connect port, and a 3.5mm headphone jack.

Other specs include a fingerprint scanner, Wi-Fi 6, and Bluetooth 5.1. It will come with Windows 11 out of the box and it will be supercharged with the Copinot integration. If you’re looking for a great Windows experience, and you don’t really want to pay a premium price, then the Surface Laptop Go 3 is the perfect choice. It’s going to officially launch on October 6th.


[ad_2]
Source link

System Admin Pleads Guilty for Selling Pirated Business Phone

0
[ad_1]

For taking part in a large international scheme to earn millions of dollars by selling pirated business telephone system software licenses, a computer system admin and his spouse pled guilty.

Software licenses with a retail value of over $88 million are said to have been sold as a result of the whole operation.

The U.S. Department of Justice reported that in a scheme that involved creating and selling fake Avaya Direct International (ADI) software licenses, Brad Pearce, 48, and Dusti O.

Pearce, 45, of Tuttle, Oklahoma, allegedly teamed up with Jason M. Hines, aka Joe Brown, Chad Johnson, and Justin Albaum, 43, of Caldwell, New Jersey, to commit wire fraud.

The ADI software licenses were then used to unlock the capabilities of a popular telephone system used by thousands of businesses worldwide. Since then, the ADI software licensing system has been shut down.

Document
FREE Demo

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

Massive Scheme of Pirated Software Licenses

Avaya Holdings Corporation, a worldwide corporate communications firm headquartered in California, sold an IP Office product. This phone system is utilized by several midrange and small enterprises both domestically and internationally. 

Customers had to buy software licenses from an authorized Avaya distributor or reseller to enable extra features of IP Office, such as voicemail or telephones, created by Avaya.

Avaya utilized software license keys to restrict access to its copyright-protected software and ensure that only customers who had paid for it could use it.

Long-time Avaya customer service employee Brad Pearce created tens of thousands of ADI software license keys using his system administrator rights, which he then sold to Hines and other clients, who then sold them to resellers and end users worldwide. 

Each Avaya software license had a selling value that ranged from less than $100 to thousands of dollars. For the unlawful business, Dusti Pearce was in charge of accounting.

Hines, who purchased more than 55% of the stolen licenses, was by far the Pearces’ biggest client and had a big impact on how the program was run.

Additionally, Brad Pearce used his system administrator rights to access former Avaya workers’ accounts and steal their license keys for the ADI software.

“Furthermore, he used these privileges to alter information about the accounts to conceal the fact that he was generating ADI license keys, preventing Avaya from discovering the fraud scheme for many years,” DOJ said.

The Pearces moved their illicit profits from many bank accounts to numerous additional investment and bank accounts using a PayPal account that was established under a fictitious name to conceal the kind and source of the funds. 

They also bought a lot of gold bullion and other expensive things.

Sentencing

Dusti and Brad Pearce admitted to conspiring to conduct wire fraud. The maximum sentence for both of them is 20 years in jail. 

According to the plea deal, Brad and Dusti Pearce must give up a car, cash, gold, silver, rare coins, cryptocurrencies, and a money judgment of at least $4 million. They must also compensate their victims in full.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.


[ad_2]
Source link

You spend more time on YouTube than any other website

0
[ad_1]

If we asked you which website you spend the most time on, what would the answer be? Google? YouTube? Maybe Facebook? It’s actually YouTube.

This is coming from Productivity Spot which analyzed web traffic from SimilarWeb for more than 1,000 of the most popular websites in the world. And they found that YouTube is where you spend the most time. Now, on the one hand, this makes sense. Since you’re likely watching a video or two, and it’s probably a longform video too.

According to the data, YouTube got 33.57 billion visits per month, which makes it the second most trafficked website, behind only Google.com. Users spent about 20 minutes and 22 seconds on YouTube.com. That’s double what the other sites had, for amount of time per visit. Now this number is just per visit. So each time you open the app, or head to the website. Not total time, which would likely be much larger.

Google and Facebook saw average time spent per visit at just over 10 minutes. While Instagram was a little over 8 minutes and Wikipedia was far lower at just under 4 minutes.

Why do we spend so much time on YouTube?

The real question here is, why are we spending so much time on YouTube these days? Well, it’s actually quite simple. YouTube has become “cable TV” for a lot of millennials and Gen-Z, and even older generations. Cable TV has gotten so expensive in the past decade or so, while YouTube is free (or $14/month with YouTube Premium), and has loads of content available. Including old shows and movies that are often times free too.

But as for the amount of time on YouTube per visit? That’s the amount of time you’re spending looking for a video and actually watching it. It shows that either people are watching lots of shorts or shorter videos, or watching longer videos like 10-20 minutes long.


[ad_2]
Source link

Microsoft Co-Pilot is only days away

0
[ad_1]

Microsoft has been working on making AI a core part of the Microsoft experience. Over the past several months, the company has been building and testing out the generative AI brainchild called Copilot. It’s been pretty limited in its availability, but that’s about to change, according to the company. During its latest Surface event, Microsoft announced when Copilot is going to launch (via Engadget).

When OpenAI unveiled ChatGPT, Microsoft was quick to invest in the company and use its AI prowess. Since then, we’ve gotten a glimpse of what the company wants to do with generative AI, and it’s not far from what Google is doing with AI.

It’s using Copilot to be true to its namesake and be a copilot for you when you’re working. When you’re using one of Microsoft’s business products or Windows, it will be there as an assistant to help you with what you’re doing.

Microsoft just announced when Copilot is going to launch, and it’s soon!

“It’s kind of like your PC now it’s kind of becoming your CP.”, said Microsoft CEO Satya Nadella about what Copilot will be. The thing is that Copilot was available in a limited capacity across Microsoft 365, Windows, and the Edge browser. The company was testing it out among its users.

However, on September 26th, that will change. On that day, Microsoft will take Copilot to new heights and implement it as a unified AI experience across all of Microsoft’s products. So, you’ll be able to use it while using any of the company services like Office, Windows, Edge, etc.

Microsoft is one of the few companies that can actually pull this off. It has a large collection of services that people rely on for their work, school, and casual lives. The company believes that Copilot will improve the experience for all of its users


[ad_2]
Source link

LUCR-3 Attacking Fortune 2000 Companies Using Victims’ Own Tools

0
[ad_1]

A new financially motivated threat group named “LUCR-3” has been discovered targeting organizations to steal intellectual property for extortion. This threat actor surpasses Scatter Spider, Oktapus, UNC3944, and Storm-0875.

LUCR-3 is targeting Fortune 2000 companies in various sectors, which include Software, Retail, Hospitality, Manufacturing, and Telecoms. The threat actor uses existing identities for initial access instead of relying on Malware.

Document
FREE Demo

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

Attributes of LUCR-3

As part of the initial access, the threat actor performs recon on the victim identities to choose the user who will have necessary access for their exploitation.

More often, they rely on social engineering, smashing, or buying the credentials that are available on the deep web marketplace. Most of their victims have been identified as Admins, Developers, Engineers, and the Security team.

LuCR-3
AWS Attacker Lifecycle (Source: Permisio)

The credentials they use are legitimate for connecting to the target network and applications. With these credentials, they perform MFA bypass using various techniques like SIM Swapping, Push Fatigue, Phishing attacks, or buying a social engineer access through insider threats. They also modify MFA settings by registering a new device or adding alternative MFA options. 

R-SaaS & R-AWS (Recon SaaS & Recon AWS)

Moreover, this threat actor has a unique way of understanding the organizations by following a regular employee method – Viewing and searching the documents available on SharePoint, OneDrive, knowledge applications, ticketing solutions, and chat applications that provide in-depth knowledge about the victim organization. This method is carried out in the case of SaaS applications.

In the case of AWS, they leverage the billing and AWS management console for understanding the cloud infrastructure.

They also use Systems Manager (SSM) to run AWS-GatherSoftwareInventory, which will provide complete information about all the EC2 instances and the software running on them.

Persistence in all environments

For gaining persistent access into the compromised systems, the threat actor relies on previously available tools like device registration, alternate MFA, and strong authentication type (from 6 [PhoneAppOTP] to 7 [OneWaySMS]). 

In the case of AWS, the threat actor creates a user, access, and login profile (or updates a login profile). A complete report about this threat actor has been published by Permisio, which provides detailed information about the infiltration, extraction, and other details. 

As part of Defense evasion, LUCR-3 uses GuardDuty disabling, stopping the logging and serial console access. In certain cases, they also send emails relating to helpdesk tickets, the creation of authentication keys, access tokens, and OAuth.

Indicators of Compromise

NameType
P0_AWS_ACCESSKEY_CREATED_1Alert
P0_AWS_CLOUDTRAIL_LOGGING_STOPPED_1Alert
P0_AWS_CLOUDTRAIL_TRAIL_DELETED_1Alert
P0_AWS_EC2_ROOT_USER_SSH_1Alert
P0_AWS_EC2_SERIAL_CONSOLE_ACCESS_ENABLED_1Alert
P0_AWS_GUARDDUTY_STATUS_CHANGED_1Alert
P0_AWS_NEW_USER_CREATED_1Alert
P0_AWS_S3_BROWSER_USERAGENT_1Alert
P0_AWS_SM_GETSECRETVALUE_CLOUDSHELL_1Alert
P0_AZUREAD_MFA_FACTOR_ROTATION_1Alert
P0_AZUREAD_MFA_FACTOR_ROTATION_BY_ADMIN_1Alert
P0_GIT_CLONE_ALLAlert
P0_IDP_MFA_DEVICE_DOWNGRADEAlert
P0_IDP_MFA_ECOSYSTEM_SWITCHAlert
P0_IDP_MFA_EXTERNAL_EMAILAlert
P0_IDP_MFA_MANYUSERS_1DEVICEAlert
P0_INTEL_LUCR3Alert
P0_OKTA_MFA_FACTOR_ROTATION_1Alert
P0_OKTA_MFA_FACTOR_ROTATION_BY_ADMIN_1Alert
P0_SAAS_CREDENTIAL_SEARCHAlert

Source: Permisio

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.


[ad_2]
Source link

Rounded Display and Blue Color Revealed

0
[ad_1]

Google hasn’t even announced the Pixel 8 yet, but here we are with the Pixel 8a already leaking out with full images. This leak comes courtesy of @yabhishekhd on X. Which shows off the new design that Google is using for the Pixel 8a. Remember, the Pixel 8a isn’t due to be released until next Spring. Likely at Google I/O in May.

The Pixel 8a has a pretty rounded display, at least according to these leaks. The corners are a lot more rounded than previous Pixel devices. Which is an interesting look for this device, and almost makes it look “cheap”. This particular model is a bright blue, which does look absolutely stunning.

On the back, there’s the usual camera bar, with what looks like still just two cameras. That’d be the wide and ultrawide sensors, similar to the current Pixel 7a. And the front is a flat display with a hole punch for the camera, as expected.

What to expect from the Google Pixel 8a

The Google Pixel 8a will likely debut next May. So we’re still many months out from it actually being announced – which means plenty more leaks. But there are a few things we already know about the device.

It will most definitely be running on the Tensor G3 processor. This is the processor that we will see debut in the Pixel 8 series in just a couple of weeks.

Now, it’s important to take this leak with a grain of salt, as we are over 8 months out from the official unveiling. So this could be one of the many prototypes that Google has done for the Pixel 8a. That’s very common for new smartphones, even those with such little design changes, get many different prototypes in the design process. And we’ve got quite some time to wait and see when it’ll be announced, and if it’s true.


[ad_2]
Source link

The New Microsoft Surface Laptop Studio 2: Specs, Performance and More

0
[ad_1]

Microsoft held its annual fall event today, where they introduced a couple of new Surface products, and talked a lot about AI. It introduced Microsoft Co-Pilot, as well as the new Surface Laptop Studio 2. This is a pretty high-end laptop from Microsoft, and it definitely has the specs for it.

The new Surface Laptop Studio 2 comes with the newest Intel chipsets, that’s the 13th Generation i7 H Class processor. And it also has NVIDIA’s latest RTX 4050 or 4060 GPUs. Obviously, these GPUs are more geared towards gaming and speed, but will also work well for creators.

It also comes with up to 2TB of storage and up to 64GB of RAM inside. It does have the adaptive touch-enabled trackpad and it also comes packed with a Surface Slim Pen 2. The overall size of the Surface Laptop Studio 2 is the same, coming in with a 14.4-inch touchscreen, that is also 120Hz.

Just how fast is the Microsoft Surface Laptop Studio 2?

It’s pretty fast. Microsoft did a demo at the event (which was not live streamed for some reason), and compared it to the M2 Max MacBook Pro wit a 38-core GPU, and it beat it out in Blender. Not by a little either. Which is quite impressive, seeing as Apple Silicon has been the holy grail since the M1 was released about three years ago. Also interesting that there’s no AMD version here, and Microsoft is sticking with Intel for its processors on the Surface Laptop Studio 2.

The new Surface Laptop Studio 2 will be available on October 3, but pre-orders are open right now. It will start at $1,999. That starting price does include a 13th Gen Intel Core i7, 16GB of RAM, 512GB of SSD and Intel Iris Xe graphics. To get dedicated graphics, you’ll need to spend another $400 to get the same configuration, but you get RTX 4050.

Microsoft Surface Laptop Studio 2 – Microsoft


[ad_2]
Source link

MOVEit Transfer SQL Injection Let the Attacker Gain Unauthorized Access

0
[ad_1]
MOVEit Transfer SQL Injection

MOVEit transfer service pack has been discovered with three vulnerabilities associated with SQL injections (2) and a Reflected Cross-Site Scripted (XSS). The severity for these vulnerabilities ranges between 6.1 (Medium) and 8.8 (High).

Progress-owned MOVEit transfer was popularly exploited by threat actors who attacked several organizations as part of a ransomware campaign. The organizations previously reported to be affected by MOVEit vulnerability include Shell, BBC, British Airways, CalPERS, Honeywell, and US government agencies.

CVE-2023-42660: MOVEit Transfer SQL Injection

This SQL injection vulnerability was discovered on the MOVEit Transfer machine interface, which could lead to gaining unauthorized access to the MOVEit Transfer database. A threat actor could exploit this vulnerability by submitting a crafted payload to the MOVEit Transfer machine interface. 

Successful exploitation could result in the modification and disclosure of MOVEit database content. However, a threat actor must be authenticated to exploit this vulnerability. Progress has given the severity of this vulnerability as 8.8 (High).

Products affected by this vulnerability include MOVEit Transfer, either MySQL or MSSQL DB, all versions. Users are recommended to upgrade to the September Service Pack to fix this vulnerability.

CVE-2023-40043: MOVEit Transfer SQL Injection

This other SQL injection vulnerability exists in the MOVEit Transfer web interface, which could possibly lead to gaining unauthorized access to the MOVEit Transfer database. A threat actor could exploit this vulnerability by submitting a crafted payload to the MOVEit Transfer web interface.

Successful exploitation could result in the modification and disclosure of MOVEit database content. The prerequisite for a threat actor to exploit this vulnerability includes access to a MOVEit system administrator account. Progress has given the severity of this vulnerability as 7.2 (High).

Products that are affected by this vulnerability include MOVEit Transfer, either MySQL or MSSQL DB, all versions. To prevent this vulnerability, users are recommended to Upgrade to the September Service Pack and limit sysadmin account access.

CVE-2023-42656: MOVEit Transfer Reflected XSS

This Reflected XSS vulnerability was found in the MOVEit Transfer’s web interface, which a malicious payload can exploit during the package composition procedure. A threat could craft a malicious payload and target MOVEit Transfer users. When interacting with the payload, the threat actor can execute malicious JavaScript on the victim’s browser.

Progress has given the severity of this vulnerability as 6.1 (Medium). Products affected due to this vulnerability include MOVEit Transfer, either MySQL or MSSQL DB, all versions. To prevent this vulnerability, users are recommended to Upgrade to September Service Pack and limit sysadmin account access.

A comprehensive list of vulnerable product versions, documentation, release notes, and fixed versions has been given below.

A security advisory has been released by Progress which includes a comprehensive list of the affected products and the vulnerabilities that have been identified.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.


[ad_2]
Source link