Experts Uncover Several C&C Servers Linked to WellMess Malware
thehackernews.com/2021/07/experts-uncover-several-c-servers.html Cybersecurity researchers on Friday unmasked new command-and-control (C2) infrastructure belonging to the Russian threat actor tracked as APT29, aka Cozy Bear, that has been spotted actively serving WellMess malware as part of an ongoing attack campaign. More than 30 C2 servers operated by the Russian foreign intelligence have been uncovered, Microsoft-owned cybersecurity subsidiary RiskIQ said in a report shared with The Hacker News.
Justice Department says Russians hacked federal prosecutors
apnews.com/article/technology-europe-russia-election-2020-5486323e455277b39cd3283d70a7fd64 The Russian hackers behind the massive SolarWinds cyberespionage campaign broke into the email accounts of some of the most prominent federal prosecutors’ offices around the country last year, the Justice Department said Friday.
Some ransomware gangs lose interest in extortion sites
therecord.media/some-ransomware-gangs-lose-interest-in-extortion-sites/ In late 2019, the ransomware group known as Maze pioneered a tactic that soon spread throughout the cybercrime underground: steal encrypted data and threaten to release it publicly unless a ransom is paid. But according to data collected from the sites these groups operate, the practice that’s sometimes referred to as “double extortion” appears to be declining.
Hackers leak full EA data after failed extortion attempt
therecord.media/hackers-leak-full-ea-data-after-failed-extortion-attempt/ The hackers who breached Electronic Arts last month have released the entire cache of stolen data after failing to extort the company and later sell the stolen files to a third-party buyer. The hackers said they used the authentication cookies to mimick an already-logged-in EA employee’s account and access EA’s Slack channel and then trick an EA IT support staffer into granting them access to the company’s internal network.
Google shuts down malicious ad posing as Brave browser but delivering malware
therecord.media/google-shuts-down-malicious-ad-posing-as-brave-browser-but-delivering-malware/ Internet surfers looking to download a copy of the Brave browser were fooled this week by a cleverly disguised ad that redirected them to a malicious website where they infected their systems with malware.
Cisco researchers spotlight Solarmarker malware
www.zdnet.com/article/cisco-researchers-spotlight-solarmarker-malware/ A new report said the Solarmarker campaign is being conducted by “fairly sophisticated” actors focusing their energy on credential and residual information theft.
Infected With a.reg File
isc.sans.edu/diary/rss/27692 Yesterday, I reported a piece of malware that uses archive.org to fetch its next stage. Today, I spotted another file that is also interesting: A Windows Registry file (with a “.reg” extension). Such files are text files created by exporting values from the Registry (export) but they can also be used to add or change values in the Registry (import). Being text files, they don’t look suspicious.
“Beijing One Pass” Employee Benefits Software Exhibits Spyware Characteristics
www.recordedfuture.com/beijing-one-pass-benefits-software-spyware/ During preliminary analysis, Insikt Group found that the “Beijing One Pass” PC client exhibits behaviors similar to spyware applications. The software contains built-in functionality that, taken in aggregation, raise considerable suspicions about the implication of its data collection capabilities:
An Incredibly Simple Trick Can Help Make Your Phone More Secure
www.forbes.com/sites/leemathews/2021/07/31/an-incredibly-simple-trick-can-help-make-your-phone-more-secure/ Ready? Here it is. Turn your phone off and then turn it back on. Turning your phone off and on may not be enough to thwart the likes of Israel’s secretive NSO Group or sophisticated state-sponsored hackers. But since the process requires zero technical ability, only takes a minute or two and has the ability to expel common threats from your phone’s memory banks… why not make regular phone restarts a part of your security regimen?
Linux eBPF bug gets root privileges on Ubuntu – Exploit released
www.bleepingcomputer.com/news/security/linux-ebpf-bug-gets-root-privileges-on-ubuntu-exploit-released/ A security researcher released exploit code for a high-severity vulnerability in Linux kernel eBPF (Extended Berkeley Packet Filter) that can give an attacker increased privileges on Ubuntu machines.
Google to block logins on old Android devices starting September
www.bleepingcomputer.com/news/google/google-to-block-logins-on-old-android-devices-starting-september/ Google is emailing Android users to let them know that, starting late September, they will no longer be able to log in to their Google accounts on devices running Android 2.3.7 (Gingerbread) and lower.
Public print server gives anyone Windows admin privileges
www.bleepingcomputer.com/news/microsoft/public-print-server-gives-anyone-windows-admin-privileges/ To illustrate his research, Delpy created an Internet-accessible print server at \\printnightmare[.]gentilkiwi[.]com that installs a print driver and launches a DLL with SYSTEM privileges.