Tag Archive for: Beware

Beware, Hackers Can Steal Your Car Through Radio Frequency, NCC Warns Nigerians

/in


Hackers have now found a means to compromise the security of vehicles by unlocking and starting their engines wirelessly with the intention of stealing.

The Nigerian Communications Commission (NCC) disclosed this on Sunday to alert Nigerians on the ongoing cyber-vulnerability.

The regulator explained that car remotes are categorized short range devices that make use of radio frequency (RF) to lock and unlock, hence hackers take advantage to unlock and start a compromised car.

The Computer Security Incident Response Team of the NCC, said, “the vulnerability is a Man-in-the-Middle (MitM) attack or, more specifically, a replay attack in which an attacker intercepts the RF signals normally sent from a remote key fob to the car, manipulates these signals, and re-sends them later to unlock the car at will.

“With this latest type of cyber-attack, it is also possible to manipulate the captured commands and re-transmit them to achieve a different outcome altogether.

“Multiple researchers disclosed a vulnerability, which is said to be used by a nearby attacker to unlock some Honda and Acura car models and start their engines wirelessly.”

It said that the attack consists of a threat actor capturing the radio frequency (RF) signals sent from your key fob to the car and resending these signals to take control of your car’s remote keyless entry system.”

Advising the public, the NCC provided some precautionary measures that can be adopted by car owners to prevent falling victim to the attack.

The NCC said, “When affected, the only mitigation is to reset your key fob at the dealership. Besides, the affected car manufacturer may provide a security mechanism that generate fresh codes for each authentication request, this makes it difficult for an attacker to ‘replay’ the codes thereafter.

“Additionally, vulnerable car users should store their key fobs in signal-blocking ‘Faraday pouches’ when not in use.

“Importantly, car owners in the stated categories are advised to choose Passive Keyless Entry (PKE) as opposed to Remote Keyless Entry (RKE), which would make it harder for an attacker to read the signal due to the fact that criminals would need to be at close proximity…

Source…

Cyber Beware: E-Gaming and Cyber-Criminality | Manatt, Phelps & Phillips, LLP

/in


Another major video game developer and publisher experienced a cyberattack reportedly resulting in the exfiltration of more than three-fourths of a terabyte of data. The exfiltrated data reportedly includes source code, software development kits and game engines. News reports indicate that the threat actors accessed the system through Slack channels, stolen authentication cookies and (apparently) a well-executed spear phishing attack to secure multifactor authentication tokens. Simultaneously, other recent reports have described malware hiding in gaming platforms through profile images, like malware injection through website favicons.

Meanwhile, esports has become big business and mainstream, with huge amounts of data and significant capital transactions. A League of Legends tournament was featured in the Netflix documentary 7 Days Out, and Sports Illustrated’s July 2021 cover story was about an esports team. Even the Olympics reportedly is considering including esports.

The combination of threat actors looking toward the video game industry and the rise of esports indicates how important it is for the industry and esports platforms and leagues to increase their cybersecurity awareness. As with other technology developments, the risk is ever present to the individual, in their home, to their personal computing devices and to their financial accounts. As presently situated, the industry and esports present attractive targets to cyber threat actors. The following are a few examples of areas that need significant attention.

First, attackers may seek player or subscriber account information. Many games today—from MMORPGs and Web3-based platforms to sports and real-time strategy games, and everything in between—include online play or DLC components. For those, the publisher may be collecting significant amounts of information about the players—information with significant market value to marketers and threat actors, such as payment information, geolocation, crypto addresses, or other personal information valuable for phishing and other social engineering attacks against individuals and their employers. Recent news reports about posting social media profiles to websites for…

Source…

Beware of new Black Basta ransomware! Here is what damage it can cause

/in


A new Black Basta ransomware has recently got operationalised by hackers. They ask hefty amounts to decrypt files and not leak data.

A new ransomware is reportedly stealing corporate data and documents before encrypting a company’s devices. Dubbed as Black Basta ransomware, it has become operative during April only and has breached more than 12 companies in just a few weeks. The ransomware uses the stolen data in double-extortion attacks and demands hefty amounts to decrypt files and not leak data. Big companies like Deutsche Windtechnik and American Dental Association have already become the victim of this ransomware. The amount of rasome is not known yet, however, the companies are in negotiation with the threat actors.

The data extortion details of these victims who have not paid a ransom yet are listed on ‘Black Basta Blog’ or ‘Basta News’ Tor site. Here’s all you need to know about this newly found ransomware

Also read: Looking for a smartphone? To check mobile finder click here.

What is Black Basta ransomware?

Black Basta ransomware seems to be a rebrand of an experienced operation i.e, Conti ransomware operation. It steals corporate data and documents before encrypting a company’s devices and demands a wholesome amount to not leak data. It slowly leaks data for each victim to try and pressure them into paying a ransom.

How does Black Basta ransomware work?

According to BleepingComputer, the ransomware hacks into an existing Windows service and uses it to launch the ransomware decryptor executable. The ransomware then changed the wallpaper to display a message stating, “Your network is encrypted by the Black Basta group. Instructions in the file readme.txt” and reboot the computer into Safe Mode with Networking. Ransomware expert Michael Gillespie informed the portal Black Basta ransomware utilizes the ChaCha20 algorithm to encrypt files. Each folder on the encrypted device contains a readme.txt file that has information about the attack and a link and unique ID to log in to the negotiation chat session with the threat actors. They then demand a ransom and threaten to leak data if payment is not made in seven…

Source…

Do you use VLC media player? Beware! Hackers in China have launched malware attack

/in


The popular VLC media player is being used by hackers in China to launch malware attacks in several countries. Pay heed to these important security checks.

VLC media player is quite popular globally. It is on almost every device that plays audio or even video files. Of course, it’s free, open source and easy to operate on every platform and that makes it the one of the top-most options in media players for users. And maybe that’s the reason why hackers chose VLC media player to launch massive malware attacks! Yes, there are chances that your VLC media player is hiding malware. In a shocking revelation, cybercriminals are using the VLC to spread malware and spy on government agencies and other organisations, cybersecurity researchers confirmed in a report. The hacking group is none other than the notorious Chinese group Cicada.

A report by Symantec’s cybersecurity unit reveals that the Chinese hacking group Cicada is using VLC media player on Windows computers and laptops to launch malware which is being used to spy on governments and related organizations. Besides that, the hacking group has targeted organizations with religious connections as well as legal and non-profit sectors for the malware attack. The report found traces of malware attacks in the United States, Canada, Hong Kong, Turkey, Israel, Montenegro, and Italy. India is also in the list of countries which have faced VLC malware attacks.

How are Chinese hacking groups using VLC for malware attacks?

The Chinese hacking group Cicada captures a clean version of VLC and embeds a malicious file alongside the media player’s export functions, cybersecurity firm Symantec explained. It’s a technique that hackers use all the time to embed malware into other famous and real software. Once the malware file is in the software, Cicada then takes complete control of the hacked system using a VNC remote-access server.

VLC attacks are not a new phenomena though. It began in 2021, after hackers attacked a known Microsoft Exchange server flaw, the Symantec blog mentioned.

Keep these points in mind to avoid being the victim of hacking

Hacking groups like Cicada continue to pose a…

Source…