Tag Archive for: Caught

Candiru Spyware Caught Exploiting Google Chrome Zero-Day to Target Journalists

/in


Candiru Spyware Chrome Exploit

The actively exploited but now-fixed Google Chrome zero-day flaw that came to light earlier this month was weaponized by an Israeli spyware company and used in attacks targeting journalists in the Middle East.

Czech cybersecurity firm Avast linked the exploitation to Candiru (aka Saito Tech), which has a history of leveraging previously unknown flaws to deploy a Windows malware dubbed DevilsTongue, a modular implant with Pegasus-like capabilities.

Candiru, along with NSO Group, Computer Security Initiative Consultancy PTE. LTD., and Positive Technologies, were added to the entity list by the U.S. Commerce Department in November 2021 for engaging in “malicious cyber activities.”

“Specifically, a large portion of the attacks took place in Lebanon, where journalists were among the targeted parties,” security researcher Jan Vojtěšek, who reported the discovery of the flaw, said in a report. “We believe the attacks were highly targeted.”

CyberSecurity

The vulnerability in question is CVE-2022-2294, memory corruption in the WebRTC component of the Google Chrome browser that could lead to shellcode execution. It was addressed by Google on July 4, 2022. The same issue has since been patched by Apple and Microsoft in Safari and Edge browsers.

The findings shed light on multiple attack campaigns mounted by the Israeli hack-for-hire vendor, which is said to have returned with a revamped toolset in March 2022 to target users in Lebanon, Turkey, Yemen, and Palestine via watering hole attacks using zero-day exploits for Google Chrome.

Candiru Spyware

The infection sequence spotted in Lebanon commenced with the attackers compromising a website used by employees of a news agency to inject malicious JavaScript code from an actor-controlled domain that’s responsible for redirecting potential victims to an exploit server.

Via this watering hole technique, a profile of the victim’s browser, consisting of about 50 data points, is created, including details like language, timezone, screen information, device type, browser plugins, referrer, and device memory, among others.

Avast assessed the information gathered to ensure that the exploit was being delivered only to the intended targets. Should the collected data be deemed of…

Source…

Convict caught smuggling mobile phone into central prison

/in


Security checks at the central prison of Parappana Agrahara has been stepped up ever since videos of the accused in Bajrang Dal activist Harsha’s murder case talking over mobile phones and making video calls while in prison went viral. The Chief Superintendent of Prison stepped up security measures and even filed a case against the accused for using mobile phone during Eid to talk to family and friends.

On Tuesday, Karnataka State Industrial Security Force staff deployed at the prison caught a convict trying to get into the prison with a mobile phone and memory card concealed in his pant. The accused, Kamanna K., was being escorted by Ponnampet police to central prison when constable Praveen H.G. of KSISF recovered the mobile phone and memory chip during frisking. The accused, along with the seized items, has been handed over to Chief Superintendent of Prison P.R. Ramesh, who filed a case with the jurisdictional police.

Earlier on Sunday, the Electronics City division police, along with the prison staff, conducted joint operations and searched the barracks and inmates, including the high-security section.

As many as nine inmates, including convicts and undertrials, were caught with ₹97,270 cash, four knives, five scissors, a SIM card, and a memory card.

The accused have been booked under various sections of Karnataka Prison Act and further investigations are on to ascertain the source of banned items inside the prison.

Source…

Uganda Security Exchange Caught Leaking 32GB of Sensitive Data

/in


Apart from personal and financial records, the data also included plain-text login credentials including usernames and passwords of customers and businesses using the Easy Portal of the Uganda Security Exchange.

The Uganda Securities Exchange (USE) aka principal stock exchange in Uganda has been caught leaking highly sensitive financial and sensitive data of its customers and business entities across the globe.

This was revealed to Hackread.com by Anurag Sen, a prominent IT security researcher who has been known for identifying exposed servers and alerting relevant authorities before it’s too late. Anurag is the same researcher who discovered Australian trading giant ACY Securities to be exposing 60GB worth of data earlier this month.

What Happened

It all started with Anurag scanning for misconfigured databases on Shodan and noted a server exposing more than 32GB worth of data to public access. According to Anurag, the server belonged to the Uganda Security Exchange’s Easy Portal. For your information, Easy Portal is an online self-service portal that lets users and trading entities view stock performance, view statements, and monitor their account balance.

“There are other ports running on the server which opened the link to the bank of Baroda – which is Indian based company operating in Uganda. Also, it is registered under the Uganda security exchange.”

Anurag told Hackread.com

What Data was Leaked

Upon further digging into the humongous dataset Anurag concluded that the exposed records were of sensitive nature. The worse part of the data leak is the fact that the server was left exposed without any security authentication.

This means anyone with a slight bit of knowledge about finding unsecured databases on Shodan and other such platforms would have complete access to USE’s data including the following:

  • Full Name
  • Usernames
  • Full Address
  • Date of Birth
  • Access tokens
  • Phone Number
  • Email Address
  • Plaintext passwords
  • ID number of Users
  • Bank details including ID, and account number
  • Details on Foreign citizens and companies including citizens based in Uganda

The screenshot below shows the type of data exposed by the USE:

Image provided to…

Source…

Cat Caught on Camera Trying To Hack Treat Machine Has Internet in Stitches

/in


A video of a cat desperately trying to get hold of some extra treats has delighted the internet after gaining viral attention on Reddit.

User u/GoobyTron420 shared the adorable footage of Egyptian Mau cat Gizmo—full name Gilbo Baggins—on the popular r/cats forum on Wednesday. The cat’s antics have since received over 36,000 upvotes on Reddit from thrilled viewers.

Angry cat and home camera
A cat looking grumpy, left, and a picture of a wireless in-home camera, right. A cat caught trying to hack an automatic treat dispenser has left the internet in stitches.
Nadya So/PORNCHAI SODA/Getty Images

Filmed on a pet video device that also has the ability to shoot treats—a feature controlled by the owner—Gizmo can be seen patting at the camera attempting to get it to release a treat.

“Please enjoy a video of my cute boy Gizmo trying to get a snack from the kitty camera because it can shoot treats,” said the cat’s owner in the caption.

Designed for keeping an eye on your pets even when you can’t be at home with them, pet cameras have gained popularity in recent years. Similar to security cameras, they are often designed with pet-friendly extras like a speaker so you can chat to your furry friend and—as is the case here—the ability to give your pet a treat from anywhere.

There are various versions on the market that retail at an average of around $100. Pet site Paw Shake says: “A pet camera is a really useful tool to monitor your pet’s behavior when you are away, even if you have a pet sitter watching your pet.” From ensuring nobody is on furniture they shouldn’t be to communicating with restless animals on your way home, they’re also a great way to capture moments you may otherwise miss—just like Gizmo’s search for treats.

In stitches at the feline’s antics, Reddit users headed to the comments to share their thoughts.

“Looks like he’s at the ATM… and forgot his PIN,” joked one Redditor. Another commenter said: “He seems very dedicated towards his job.”

“This is so cute and totally reminds me of our cat who is never late to feeding time,” wrote another user.

“Cats are skilled hackers,” shared another viewer of the video. “Mine have figured out numerous ways to hack the automated feeders.”

Other eagle-eyed…

Source…