Morning Tidings

Tag: hackers

  • Apache Log4j2 Vulnerability: Hackers Making Over 100 Attempts To Exploit a Critical Security, Warn Cyber Researchers

    New Delhi, December 13: Cyber security researchers on Monday warned that hackers are making over 100 attempts every minute to exploit a critical security vulnerability in the widely-used Java logging system called ‘Apache log4j2’, leaving millions of companies globally at cyber theft risk.

    Several popular services, including Apple iCloud, Amazon, Twitter, Cloudflare and Minecraft, are vulnerable to this ‘ubiquitous’ zero-day exploit, now dubbed as one of the most serious vulnerabilities on the Internet in recent years. ‘Apache Log4j’ is used in many forms of enterprise and open-source software, including cloud platforms, web applications and email services.

    According to cybersecurity researchers at Check Point, Since Friday (December 10), they “witnessed what looks like an evolutionary repression, with new variations of the original exploit being introduced rapidly- over 60 in less than 24 hours”. Online Fraud In Maharashtra: 24-Year-Old Thane Woman Duped Of Rs 92,509 By Cyber Fraudster Impersonating SBI Official; Case Registered.

    Apache Log4j is the most popular java logging library with over 400,000 downloads from its GitHub project. It is used by a vast number of companies worldwide, enabling logging in a wide set of popular applications.

    “Exploiting this vulnerability is simple and allows threat actors to control java-based web servers and launch remote code execution attacks,” cyber security researchers said in a blog post.

    Another cyber security company Sophos said that it is already detecting malicious cryptominer operations attempting to leverage the vulnerability, and there are credible reports from other sources that several automated botnets (such as Mirai, Tsunami, and Kinsing) have begun to exploit it as well.

    “Other types of attacks – and payloads – are likely to rapidly follow. While there are steps that server operators can take to mitigate the vulnerability, the best fix is to upgrade to the patched version, already released by Apache in Log4j 2.15.0,” Sophos said in a statement.

    However, rolling out an upgrade may not be all that simple – especially if organisations don’t know where it’s been deployed as a component.

    At present, most of the attacks focus on the use of cryptocurrency mining at the expense of the victims. However, under the auspices of the noise, more advanced attackers may act aggressively against quality targets. Cybersecurity Start-up CloudSEK Raises USD 7 Million in Series A Funding to Accelerate Global Expansion.

    Researchers at Microsoft have also warned about attacks attempting to take advantage of ‘Log4j’ vulnerabilities, including a range of crypto-mining malware.

    The Computer Emergency Response Team (CERT) for New Zealand, Deutsche Telekom’s CERT, and the Greynoise web monitoring service have also warned that hackers are actively looking for servers vulnerable to ‘Log4Shell’ attacks.

    “In the case of this vulnerability ‘CVE-2021-44228’, the most important aspect is to install the latest updates as soon as practicable,” said an alert by the UK’s National Cyber Security Centre (NCSC).

    Many Open Source projects like the Minecraft server, Paper, have already begun patching their usage of ‘log4j2’. In a statement, Cloudflare has said it has updated systems to prevent attacks.

    (The above story first appeared on Morning Tidings on Dec 13, 2021 09:11 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website morningtidings.com).

  • Iran-Backed Hackers Exploiting Microsoft & Fortinet Bugs; Warns Federal Cyber Agencies

    San Francisco: Federal cyber agencies across the US, the UK and Australia have warned that the Iranian government-sponsored hackers are exploiting several vulnerabilities in Microsoft Exchange email server and cyber security company Fortinet to perform malicious activities, which include deploying ransomware. Beware! This WhatsApp Bug Allows Hackers To Steal Information From Your Phone, Here’s How To Avoid.

    In an advisory, The US Cybersecurity and Infrastructure Security Agency (CISA) said that they have highlighted the ongoing malicious cyber activity by an advanced persistent threat (APT) group associated with the government of Iran.

    “The Federal Bureau of Investigation (FBI) and CISA have observed this Iranian government-sponsored APT exploit Fortinet and Microsoft Exchange ProxyShell vulnerabilities to gain initial access to systems in advance of follow-on operations, which include deploying ransomware,” the CISA said in a statement late on Wednesday.

    By breaking into systems through Fortinet vulnerabilities, cybercriminals can “conduct data exfiltration, data encryption, or other malicious activity.”

    The CISA, the FBI, the Australian Cyber Security Centre (ACSC), and the UK’s National Cyber Security Centre (NCSC) have released the joint cybersecurity advisory.

    “ACSC is also aware this APT group has used the same Microsoft Exchange vulnerability in Australia,” it read.

    The Iranian government-sponsored APT group has exploited Fortinet vulnerabilities since at least March 2021 and a Microsoft Exchange ProxyShell vulnerability since at least October 2021. The APT actors are actively targeting a broad range of victims across multiple US critical infrastructure sectors, including the transportation sector and the healthcare and public health sector, as well as Australian organisations.

    “These Iranian government-sponsored APT actors can leverage this access for follow-on operations, such as data exfiltration or encryption, ransomware, and extortion,” the advisory read.

    In April this year, the FBI and CISA issued warnings about the vulnerabilities in Fortinet gear being actively exploited. Microsoft on Wednesday issued its own warning of six Iranian groups using vulnerabilities in the same pair of products to deploy ransomware

    (The above story first appeared on Morning Tidings on Nov 18, 2021 01:26 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website morningtidings.com).

  • 4 Out of 5 Indian Online Gamers Losing Rs 7,894 on Average to Hackers While Playing: Report

    New Delhi: As online gaming becomes mainstream in India, here comes bad news as four in five Indian gamers have been impacted financially by hacking while playing, losing Rs 7,894 on an average to cyber criminals, a new report showed on Monday. Garena Free Fire Emerged As Most Downloaded Mobile Game Worldwide for October 2021.

    Three quarters of Indian gamers (75 per cent) among those surveyed experienced cyber attack to their gaming account, most commonly detecting malicious software on a gaming device (35 per cent) and detecting unauthorised access to an online gaming account (29 per cent).

    Of those who experienced a cyber attack, more than four in five (81 per cent) reported that they were financially impacted as a result and have lost Rs 7,894 on an average, according to the report by cyber security company NortonLifeLock.

    “With online gaming come concerns including hidden fees and in-game currency, characters, or other items being lost or stolen, as our survey showed to be the case for over half of respondents (fees 60 per cent and in-game items 58 per cent),” said Ritesh Chopra, director, sales/field marketing, India and SAARC countries, NortonLifeLock.

    “In these challenging times, it is crucial to stay updated and aware of the threats that can compromise your safety and privacy in this complex digital world,” he added.

    Gamers are also willing to take various actions that could compromise the security of themselves or others simply to give themselves a competitive edge. Two in five Indian gamers (42 per cent) said they are at least somewhat likely to hack into the account of a friend, family member, or romantic partner if they knew it would give them a competitive advantage, the research discovered.

    In India, 56 per cent of respondents say that they are at least somewhat likely to exploit a loophole or bug in a game to give themselves a competitive advantage, and around two in five or more would consider paying to take possession of another user’s gaming account (48 per cent), installing cheats to their gaming account or gaming device (46 per cent), or hacking into the gaming account of a random player (39 per cent).

    More than six in 10 gamers in India (62 per cent) said they picked up gaming during the Covid-19 pandemic and many (60 per cent) said the amount of time they spend gaming has increased since the start of the pandemic.

    Over two in five gamers (41 per cent) have been tricked into compromising their personal security, either by downloading malware onto a gaming device, or tricked into sharing account information online. Notably, one in five gamers have been doxed and had personal information stolen and posted/shared publicly online without their consent), the report noted.

    (The above story first appeared on Morning Tidings on Nov 15, 2021 03:38 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website morningtidings.com).

  • SolarWinds Cyberattack: Chinese Hackers Behind SolarWinds Attack, Says Microsoft

    SolarWinds Cyberattack: Chinese Hackers Behind SolarWinds Attack, Says Microsoft

    San Francisco, July 15: Microsoft has revealed that the massive SolarWinds cyber attack was operated by a group of hackers from China.

    Microsoft Threat Intelligence Centre (MSTIC) team detected a zero-day remote code execution exploit, being used to attack SolarWinds Serv-U FTP software in limited and targeted attacks.

    “MSTIC attributes this campaign with high confidence to DEV-0322, a group operating out of China, based on observed victimology, tactics, and procedures,” the company said in an update on Wednesday. ‘Russian’ Hackers Targeted NASA as Part of SolarWinds Attack,

    To carry out the attack, hackers installed a malware in the Orion software sold by the IT management company SolarWinds. Reports suggested that the hackers compromised at least 250 federal agencies and top enterprises in the US.

    The zero-day attack was first spotted in a routine Microsoft 365 Defender scan.

    “The vulnerability being exploited is CVE-2021-35211, which was recently patched by SolarWinds. We strongly urge all customers to update their instances of Serv-U to the latest available version,” Microsoft advised.

    According to Microsoft, the hackers compromised ‘SolarWinds’ software allowing them to “impersonate any of the organisation’s existing users and accounts, including highly privileged accounts.”

    The company said it had discovered its systems were infiltrated “beyond just the presence of malicious ‘SolarWinds’ code.”

    It may take several months for the US government to complete the investigation into the SolarWinds hack.

    Alarmed at repeated cyber-attacks on the country especially after at a key fuel pipeline, US President Joe Biden has signed an executive order, implementing new policies to improve national cybersecurity.

    (The above story first appeared on Morning Tidings on Jul 15, 2021 11:55 AM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website morningtidings.com).

  • Beware! Chinese Hackers Targeting SBI Users via Phishing & Free Gift Scams: Report

    Beware! Chinese Hackers Targeting SBI Users via Phishing & Free Gift Scams: Report

    New Delhi: In fresh trouble for the State Bank of India (SBI), hackers of Chinese origin are targeting bank users with phishing scams, asking them to update their KYC using a particular website link and offering free gifts worth Rs 50 lakh from the bank via a WhatsApp message, cybersecurity researchers warned on Wednesday. Beware! SHAREit App Bug Can Leak Your Data to Hackers: Report.

    The research wing of New Delhi-based think tank CyberPeace Foundation, along with Autobot Infosec Pvt Ltd, studied two such incidents on the name of SBI that were faced by some smartphone users.

    “All the domain names associated with the campaign have the registrant country as China,” the research team said.

    In the first case of the text message requesting KYC verification, the landing page that appears resemble with the official SBI online page.

    On clicking the “Continue to Login” button, it redirects the user to full-kyc.php page, asking confidential information like username, Password and a captcha in order to login to the online banking.

    “Following this, it asks for an OTP sent to the user’s mobile number. As soon as the OTP is entered, it redirects the user to another page that asks the users to enter some confidential information again like account holder name, mobile number, date of birth. After entering the data, it redirects the user to an OTP page,” the researchers informed.

    The research team came to a conclusion that the campaign is pretended to be launched from State Bank of India but hosted on the third-party domain instead of the official website www.onlinesbi.com, which makes it more suspicious. The overall layout of the web page used in the campaign is kept similar to the official SBI netbanking site to lure the users. The SBI was yet to react to the report. In the second case of luring users to win attractive free gifts, the team found that the WhatsApp message also redirects the user to a link.

    “On the landing page, a congratulations message appears with an attractive photo of State Bank of India and asks users to participate in a quick survey to get a free gift of Rs 50 lakh from the State bank of India,” the researchers informed.

    At the bottom of the page, a section appears which seems to be a Facebook comment section where many users have commented about how the offer is beneficial. The Research teams investigated the URLs in a secured sandbox environment where WhatsApp application was not installed. The researchers recommend that people should avoid opening such messages sent via social platforms.

    “The URL manipulation showed that the web server has directory listing enabled and found other links visible which proves that not only the SBI users, IDFC, PNB, IndusInd and Kotak bank users are also targeted by the same type of phishing scam,” the team noted.

    In March this year, the same research team had pointed out that several users of the SBI were targeted in a phishing scam where hackers flooded them with suspicious text messages, requesting them to redeem their SBI credit points worth Rs 9,870.

    (The above story first appeared on Morning Tidings on Jul 07, 2021 05:45 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website morningtidings.com).

  • ‘Tata Motors Cars Celebrate Sales Exceeding 30 Million’ Fake Message: ‘China-Based Hackers Luring Indians Into Scam’, Says Report

    ‘Tata Motors Cars Celebrate Sales Exceeding 30 Million’ Fake Message: ‘China-Based Hackers Luring Indians Into Scam’, Says Report

    New Delhi, June 10: Cyber-security researchers in India on Thursday said they have discovered a malicious free gift campaign pretending to be an offer from Tata Motors that is collecting users’ data, and the campaign has been traced to China-based hackers.

    The research wing of New Delhi-based CyberPeace Foundation received some links via WhatsApp, related to a free gift offer from Tata Motors, collecting browser and system information as well as the cookie data from the users.

    “The campaign is pretended to be an offer from Tata Motors but hosted on the third-party domain instead of the official website of Tata Motors which makes it more suspicious,” the research team said in a statement.  ‘Tata Motors Cars Celebrates Sales Exceeding 30 Million, Fill Questionnaire to Win Tata Safari’; Fake WhatsApp Message Goes Viral, Company Debunks Claim

    If any user opens the link from a device like smartphones where WhatsApp application is installed, the sharing features on the site will open the WhatsApp application on the device to share the link.

    “The prizes are kept really attractive to lure the laymen,” the team said.

    The title of the fake website is “Tata Motors Cars, Celebrates sales exceeding 30 million.”

    On the landing page, a congratulations message appears with an attractive photo of a Tata Safari car and asks users to participate in a quick survey to get a free TATA Safari vehicle.

    “Also, at the bottom of this page, a section comes up which seems to be a Facebook comment section where many users have commented about how the offer is beneficial,” the research revealed.

    After Clicking the OK button, users are given three attempts to win the prize.

    After completing all the attempts, it says that the user has won “TATA SAFARI”.

    “Congratulations! You did it! You won the TATA SAFARI!” Clicking on the ‘OK’ button, it then instructs users to share the campaign on WhatsApp.

    The user then has to click the WhatsApp button in order to complete the progress bar. After clicking on the green ‘Complete registration’ button, it redirects the user to multiple advertisements webpages, and it varies each time the user clicks on the button.

    According to the researchers, cybercriminals used Cloudflare technologies to mask the real IP addresses of the front-end domain names used in the free gifts from Tata Motors campaign.

    “But during the phases of investigation, we have identified a domain name that was requested in the background and has been traced as belonging to China,” the researchers revealed.

    CyberPeace Foundation, a think tank and grassroot NGO of cyber security and policy experts, along with Autobot Infosec Private Limited looked into this matter to realise that these websites are online fraud.

    “The campaign is pretended to be an offer from Tata Motors but hosted on the third-party domain instead of the official website of Tata Motors which makes it more suspicious,” the Foundation said.

    The Foundation recommended that people avoid opening such messages sent via social platforms.

    (The above story first appeared on Morning Tidings on Jun 10, 2021 11:33 AM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website morningtidings.com).

  • Chinese-Speaking Hackers Target Uyghur Muslims in China, Abroad Through Fake E-Mails From UN and Human Rights Group

    Chinese-Speaking Hackers Target Uyghur Muslims in China, Abroad Through Fake E-Mails From UN and Human Rights Group

    Beijing, May 28: Members of the Uyghur community in China and abroad are being targeted in surveillance efforts by “Chinese-speaking” hackers through the use of fake emails from the United Nations (UN) and a human rights group, according to cybersecurity researchers.

    A joint collaboration between cybersecurity groups Check Point Research and Kaspersky’s Global Research and Analysis Team concluded with ‘low to medium confidence’ that the effort was carried out by Chinese-speaking hackers, reported The Hill. China Used ETIM’s Designation as Terrorist Group for Genocide of Uyghurs: Human Rights Campaign For Uyghurs.

    The hackers were targeting Uyghurs in both China and Pakistan using malicious emails designed to trick individuals into installing a back door into Microsoft Windows software to allow the hackers to collect information and further carry out attacks, said the researchers.

    According to them, the emails were sent under the guise of the UN Human Rights Council or from a fake human rights organization known as the Turkic Culture and Heritage Foundation.

    “We believe that these cyberattacks are motivated by espionage, with the endgame of the operation being the installation of a back door into the computers of high-profile targets in the Uyghur community,” said Lotem Finkelsteen, the head of threat intelligence at Check Point, in a statement to The Hill.

    “The attacks are designed to fingerprint infected devices, including all of its running programs. From what we can tell, these attacks are ongoing, and new infrastructure is being created for what looks like future attacks,” Finkelsteen added.

    The findings also said that the attacks, which target both members of the Uyghur community and the organisations supporting them, are likely still ongoing.

    According to The Hill, Facebook announced in March that it had disrupted efforts of Chinese hacking groups to target and surveil members of the Uyghur community in China and other countries through installing malware on mobile devices.

    China has been rebuked globally for cracking down on Uyghur Muslims in Xinjiang, with a handful of countries, the latest being Lithuania, terming the human rights abuses on the ethnic minorities as ‘genocide’.

    After years of denying the existence of the internment camps in Beijing, China in 2019 described the facilities as residential training centres that provide vocational training for Uyghurs, discourage radicalisation and help protect the country from terrorism.

    However, several media reports and former detainees have said that those in the camps are detained against their will and subjected to political indoctrination, routinely face rough treatment at the hands of their overseers and endure poor diets and unhygienic conditions in the often overcrowded facilities.

    Former detainees have also described being subjected to torture, rape, sterilization, and other abuses while in custody.

    (This is an unedited and auto-generated story from Syndicated News feed, Morning Tidings Staff may not have modified or edited the content body)

  • Fake Android Service App on Google Play Store Offering Free Netflix May Steal Your WhatsApp Data, Say Cybersecurity Researchers

    Fake Android Service App on Google Play Store Offering Free Netflix May Steal Your WhatsApp Data, Say Cybersecurity Researchers

    New Delhi, April 7: Cybersecurity researchers said on Wednesday that they have discovered a fake service app on Google Play Store that offers users view Netflix on their smartphones for free, while monitoring their WhatsApp notifications and sending automatic replies to incoming messages. Named ‘FlixOnline’, the hackers distributed the malware via malicious auto-replies to incoming WhatsApp messages, using payloads received from a remote command and control (C&C) server, according to the team from Check Point Research (CPR). Beware! Fake Oximeter Apps Used by Cybercriminals to Con People During COVID-19.

    By replying to incoming WhatsApp messages, this method could enable a hacker to distribute phishing attacks, spread further malware, or spread false information or steal credentials and data from users’ WhatsApp account and conversations, they warned.

    “This ‘wormable’ Android malware features innovative and dangerous new techniques for spreading itself, and for manipulating or stealing data from trusted applications such as WhatsApp,” the cybersecurity researchers said. “It highlights that users should be wary of download links or attachments that they receive via WhatsApp or other messaging apps, even when they appear to come from trusted contacts or messaging groups,” they warned. “If a user was infected, they should remove the application from their device, and change their passwords,” the researchers said.

    A threat actor could perform a wide range of malicious activities like spreading further malware via malicious links, stealing data from users’ WhatsApp accounts and spreading fake or malicious messages to users’ WhatsApp contacts and groups. When the application is downloaded from the Play Store and installed, the malware starts a service that requests ‘Overlay’, ‘Battery Optimization Ignore’, and ‘Notification’ permissions.

    If these permissions are granted, the malware then has everything it needs to start distributing its malicious payloads, and responding to incoming WhatsApp messages with auto-generated replies.

    “Theoretically, though these auto-generated replies, a hacker can steal data, cause business interruptions on work related chat groups, and even extortion by sending sensitive data to all the users contacts,” the team noted.

    The researchers notified Google about the malicious application and the details of its research and the tech giant quickly removed the application from the Play Store. Over the course of two months, the FlixOnline app was downloaded approximately 500 times.

    (The above story first appeared on Morning Tidings on Apr 07, 2021 05:38 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website morningtidings.com).