Tag Archive for: DELIVERS

New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice

/in


Mar 27, 2024NewsroomVulnerability / Cybercrime

A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger called Agent Tesla.

Trustwave SpiderLabs said it identified a phishing email bearing this attack chain on March 8, 2024. The message masquerades as a bank payment notification, urging the user to open an archive file attachment.

The archive (“Bank Handlowy w Warszawie – dowód wpłaty_pdf.tar.gz”) conceals a malicious loader that activates the procedure to deploy Agent Tesla on the compromised host.

“This loader then used obfuscation to evade detection and leveraged polymorphic behavior with complex decryption methods,” security researcher Bernard Bautista said in a Tuesday analysis.

“The loader also exhibited the capability to bypass antivirus defenses and retrieved its payload using specific URLs and user agents leveraging proxies to further obfuscate traffic.”

The tactic of embedding malware within seemingly benign files is a tactic that has been repeatedly employed by threat actors to trick unsuspecting victims into triggering the infection sequence.

Cybersecurity

The loader used in the attack is written in .NET, with Trustwave discovering two distinct variants that each make use of a different decryption routine to access its configuration and ultimately retrieve the XOR-encoded Agent Tesla payload from a remote server.

In an effort to evade detection, the loader is also designed to bypass the Windows Antimalware Scan Interface (AMSI), which offers the ability for security software to scan files, memory, and other data for threats.

It achieves this by “patching the AmsiScanBuffer function to evade malware scanning of in-memory content,” Bautista explained.

The last phase involves decoding and executing Agent Tesla in memory, allowing the threat actors to stealthily exfiltrate sensitive data via SMTP using a compromised email account associated with a legitimate security system supplier in Turkey (“merve@temikan[.]com[.]tr”).

The approach, Trustwave said, not only does not raise any red flags, but also affords a layer of anonymity that makes it harder to trace the attack back to the adversary, not to mention save…

Source…

Google Delivers September Android Security Bulletin, but No Pixel Update Yet

/in


Yesterday, Google released the September Android security bulletin, sticking to its commitment of delivering these bulletins on the first Monday of every month. However, there was no Pixel update alongside it, leading to some confusion and complaints on social media platforms.

It’s important to note that Google deviated from its regular first-Monday schedule for Pixel updates starting in April, allowing themselves more flexibility in the delivery of monthly updates. This means that the absence of a Pixel update does not indicate any delay or failure on Google’s part.

The speculation about the release of Android 14 was also addressed in the article. Although Beta 5.1 and Beta 5.2 with bug fixes were rolled out in August, there has been no sign of the final Android 14 release. Google has only published the security bulletin build, which still carries the Android 13 designation.

In summary, if you have been eagerly refreshing your Pixel phone’s update page, hoping for a September update, you can stop for now. Google has not yet released an update, and it remains uncertain whether they will, or if it will be based on Android 13 or Android 14. Rest assured, we will keep you updated if there are any changes or announcements.

Source: Original article.

Source…

TCS Delivers Strong Q3; Rev Crosses $7 bn Propelled by Cloud Demand and Market Share Gains

/in


–          Revenue Growth of +13.5% YoY in CC; 8.4% YoY in USD

–          Growth led by North America & UK (+15.4% YoY in CC)

–          Operating Margin at 24.5%; Net Margin at 18.6%

–          IT Services Attrition trending down: LTM Attrition at 21.3%

–          Board Announces Dividend of `75/share Including Special Dividend of `67/share
 

MUMBAI, January 9, 2023: Tata Consultancy Services (BSE: 532540, NSE: TCS) reported its consolidated financial results according to Ind AS and IFRS, for the quarter ending December 31, 2022.


Highlights of the Quarter Ended December 31, 2022

  • Revenue at 7.075 billion, +8.4% YoY, +13.5% YoY in constant currency
  • Order Book at $7.8 billion | Book to Bill at 1.1
  • Operating Margin at 24.5%; contraction of 0.5% YoY
  • Net Income at $1.318 billion, +1.1% YoY | Net Margin at 18.6%
  • Net Cash from Operations at $1.354 billion ie 102.8% of Net Income
  • Net headcount addition of -2,197 |Workforce strength: 613,974
  • Diverse and inclusive workplace: Women in the workforce: 35.7% | 153 Nationalities
  • Building a G&T workforce: 11.4 million learning hours clocked | 1.3 million competencies acquired
  • LTM IT Services attrition rate at 21.3%
  • Total Dividend per share of `75 per share including `67 as special dividend
    Record date 17/01/2023 | Payment date 03/02/2023
  • Total Shareholder Payout of `33,297crore Year till Date


Rajesh Gopinathan, Chief Executive Officer and Managing Director, said: “We are pleased with our strong growth in a seasonally weak quarter, driven by cloud services, market share gains through vendor consolidation, and continued momentum in North America and UK. The sustained strength of demand for our services is a validation of the value we provide to our clients in helping them differentiate themselves, while enhancing their competitiveness. Looking ahead, and beyond current uncertainties, our longer-term growth outlook remains robust.”
 

N Ganapathy Subramaniam, Chief Operating Officer and Executive Director, said: “As I look back at 2022, it’s gratifying to see the privileged partnership that we continue to enjoy with our clients globally. In a hybrid working model we delivered many complex…

Source…

GroupSense Delivers New Ransomware Negotiation Training Service

/in


Training Service Prepares Ransomware Response Teams for Successful Threat Actor Engagement to Mitigate Damage, Protect Brand Reputation, Anticipate Emerging Threats and More

ARLINGTON, Va., Oct. 19, 2022 /PRNewswire/ — GroupSense, a digital risk protection services company, today announced the launch of a new Ransomware Negotiation Training service offering. During an immersive three-day, in-person training session, participants will learn the proper strategies to combat the negative consequences of an attack from negotiation experts at both GroupSense and Max Negotiating, a negotiation advisory firm that specializes in training lawyers and legal professionals. As a result of the training, participants will be able to help their client organizations identify threat actors, learn key cyber negotiation principles and strategies, protect brand reputation, avoid unnecessary business losses and stay ahead of emerging threats.

According to the Federal Bureau of Investigation’s Internet Crime Complaint Center, ransomware complaints increased 62% from 2020 to 2021. The increase in attacks makes negotiation with threat actors a crucial part of enabling an organization to resume operations, reducing permanent data loss and eliminating regulatory fines and penalties. While response teams, typically led by lawyers, are accustomed to negotiating on their client’s behalf, many have never communicated directly with threat actors or conducted negotiations under the constraints they impose. With GroupSense’s Ransomware Negotiation Training, participants will discover the ins-and-outs of ransomware attacks, the intricacies of threat actor engagement, discern their role in a ransomware negotiation and master a proactive ransomware response strategy.

“The business impact of a ransomware attack can be severe – revenue loss, brand and reputation damage, operational and business disruption, increased cyber insurance premiums and legal consequences,” said Maxwell Bevilacqua, chief negotiating officer of Max Negotiating. “By teaming up with GroupSense, we’re able to pair their expert ransomware negotiators with our negotiation experts to help clients – such as lawyers and law firms with…

Source…