Leaderboard

Hackers taking advantage of the video conferencing apps like Zoom to infect systems with malicious routines. Security researchers from Trend Micro observed two malware samples that pose as Zoom installers but when decoded it contains malware. The malicious fake installer not distributed through official distribution channels. Fake Zoom Installers With the two malware samples, one found installing a backdoor that allows attackers to gain access remotely, another one is the Devil Shadow botnet in devices. The malicious installer resembles closer to the official version, it contains encrypted files that will decrypt the malware version. The malware kills all the running remote utilities upon installation and opens TCP port 5650 to gain remote access to the infected system. Another sample observed by researchers installs Devil Shadow Botnet, the infection starts with the malicious installer with the file named pyclient.cmd which contains malicious commands. With this sample also the threat actors include a copy of the official Zoom installer to deceive the victims. The tampered app installer deploys malicious archive and codes, and the commands for persistence and communication. The malware used to send gathered information to its C&C every 30 seconds every time the computer is turned on. In another campaign, attackers repackaged the legitimate zoom installer with WebMonitor RAT. The infection starts with downloading the malicious file ZoomIntsaller.exe from malicious sources. Due to coronavirus pandemic, many companies around the world asked employees to work from home, which increases the usage of video conferencing apps and it is heavily targeted by attackers. Via gbhackers.com

@Massaro se verifica pana intr un punct.. poti blinda inelu in foita, aia ii face o mica taietura si o sa dea tot de.. haur.. daca o dai smechereste, sau in termeni stiintifici - inginerie sociala :)), o poti face sa taie unde vrei tu. Asta insemnand ca te duci la amanet de cartier, nu la dinalea smechere unde ti l inunda in substante, acolo te arzi.

Never-before-seen PipeMon hit one developer's build system, another's game servers. One of the world’s most prolific hacking groups recently infected several Massively Multiplayer Online game makers, a feat that made it possible for the attackers to push malware-tainted apps to one target’s users and to steal in-game currencies of a second victim’s players. Researchers from Slovakian security company ESET have tied the attacks to Winnti, a group that has been active since at least 2009 and is believed to have carried out hundreds of mostly advanced attacks. Targets have included Chinese journalists, Uyghur and Tibetan activists, the government of Thailand, and prominent technology organizations. Winnti has been tied to the 2010 hack that stole sensitive data from Google and 34 other companies. More recently, the group has been behind the compromise of the CCleaner distribution platform that pushed malicious updates to millions of people. Winnti carried out a separate supply-chain attack that installed a backdoor on 500,000 ASUS PCs The recent attack used a never-before-seen backdoor that ESET has dubbed PipeMon. To evade security defenses, PipeMon installers bore the imprimatur of a legitimate Windows signing certificate that was stolen from Nfinity Games during a 2018 hack of that gaming developer. The backdoor—which gets its name for the multiple pipes used for one module to communicate with another and the project name of the Microsoft Visual Studio used by the developers—used the location of Windows print processors so it could survive reboots. Nfinity representatives weren't immediately available to comment.. A strange game In a post published early Thursday morning, ESET revealed little about the infected companies except to say they included several South Korea- and Taiwan-based developers of MMO games that are available on popular gaming platforms and have thousands of simultaneous players. The ability to gain such deep access to at least two of the latest targets is one testament to the skill of Winnti members. Its theft of the certificate belonging to Nfinity Games during a 2018 supply-chain attack on a different crop of game makers is another. Based on the people and organizations Winnti targets, researchers have tied the group to the Chinese government. Often, the hackers target Internet services and software and game developers with the objective of using any data stolen to better attack the ultimate targets. Certified fraud Windows requires certificate signing before software drivers can access the kernel, which is the most security-critical part of any operating system. The certificates—which must be obtained from Windows-trusted authorities after purchasers prove they are providers of legitimate software—can also help to bypass antivirus and other end-point protections. As a result, certificates are frequent plunder in breaches. Despite the theft coming from a 2018 attack, the certificate owner didn’t revoke it until ESET notified it of the abuse. Tudor Dumitras, co-author of a 2018 paper that studied code certificate compromises, found that it wasn’t unusual to see long delays for revocations, particularly when compared with those of TLS certificates used for websites. With requirements that Web certificates be openly published, it’s much easier to track and identify thefts. Not so with code-signing certificates. Dumitras explained in an email: The number of MMO game developers in South Korea and Taiwan is high, and beyond that, there’s no way to know if attackers used their access to actually abuse software builds or game servers. That means there’s little to nothing end users can do to know if they were affected. Given Winnti’s previous successes, the possibility can’t be ruled out. Via arstechnica.com

La amanet nu se verifica ce se primeste? Pula mea, is betiv rupt de soarta, imi bag inelul de care eu nu stiu daca-i de aur sau nu, ma duc la amanet, aia zice ca-i de aur, imi da banii. Pula mea, norocul meu. Dupa isi dau seama ca nu era de aur? Te caci la mine-n casa pe covor si dupa-ti ceri scuze hahahaha, eu asa o vad. Nu ca incurajez. Sau daca-i zic ca-i smarald imi da cati bani vreau eu?

Welcome. * Arunca si tu meniul ala cu GDPR in footer. Nu e serviciu de vanzare sa-l promovezi in meniul principal