North Korea Exploited VPN Flaw to Hack South’s Nuclear Research Institute
thehackernews.com/2021/06/north-korea-exploited-vpn-flaw-to-hack.html South Korea’s state-run Korea Atomic Energy Research Institute (KAERI) on Friday disclosed that its internal network was infiltrated by suspected attackers operating out of its northern counterpart. The intrusion is said to have taken place on May 14 through a vulnerability in an unnamed virtual private network (VPN) vendor and involved a total of 13 IP addresses, one of which – “27.102.114[.]89” – – has been previously linked to a state-sponsored threat actor dubbed Kimsuky.
Inside the Market for Cookies That Lets Hackers Pretend to Be You
www.vice.com/en/article/n7b3jm/genesis-market-buy-cookies-slack A representative for the hackers who breached EA said they bought the cookie from a site called Genesis Market. On Genesis, criminals don’t just buy one cookie; they buy exclusive access to a “bot, ” a compromised computer that is part of a botnet which could contain any number of login details. But more importantly, Genesis also lets customers essentially recreate a one-to-one replica of that victim’s browser, with their cookies and device fingerprints intact.
Klingon RAT Holding on for Dear Life
www.intezer.com/blog/malware-analysis/klingon-rat-holding-on-for-dear-life/ This is a technical analysis of an advanced RAT written in Go that we are calling Klingon RAT. The RAT is well-featured and resilient due to its multiple methods of persistence and privilege escalation. It was determined that the RAT is being used by cybercriminals for financial gain. It is important to stay on top of this threat as it will degrade Antivirus security through killing targeted processes and hiding communications through encrypted channels.
Easy Access to the NIST RDS Database
isc.sans.edu/forums/diary/Easy+Access+to+the+NIST+RDS+Database/27544/ When you’re facing some suspicious files while performing forensic investigations or analyzing malware components, it’s always interesting to know these files are legit or malicious/modified. One of the key sources to verify hashes is provided by NIST and is called the NSLR project (“National Software Reference Library”). They build “Reference Data Set” (RDS) of information that can be queried to verify a file hash. CIRCL, the Luxembourg CERT, has a good reputation to offer/participate in services like MISP, a passive DNS service, etc. They are now offering an API to query the NIST RDS via HTTP or DNS requests!
The researchers managed to identify and report the presence of Joker malware in 8 apps on Google Play Store
www.hackread.com/android-joker-malware-back-on-play-store/ The malware infects the user’s device after the infected application is downloaded and keeps collecting data secretly.
Podcast: Hyvä, paha govcoin mistä kansallisissa digivaluutoissa on kyse?
ulkopolitist.fi/2021/06/19/podcast-hyva-paha-govcoin-mista-kansallisissa-digivaluutoissa-on-kyse/ Lohkoketjuihin perustuvien kryptovaluuttojen rinnalle on noussut uusi ilmiö: “govcoinit” eli valtioiden omat digivaluutat. Mitä se merkitsee, ja onko ilmiöllä itse asiassa paljoakaan tekemistä kohuttujen kryptojen kanssa?