Tag Archive for: documents

Konni Group Use Weaponized Word Documents Deliver RAT Malware

/in


In the ever-evolving cybersecurity domain, the resurgence of NetSupport RAT, a Remote Access Trojan (RAT), has raised concerns among security professionals. 

This sophisticated malware, initially developed as a legitimate remote administration tool, has been repurposed by malicious actors to infiltrate systems and establish remote control.

NetSupport Manager, the software upon which NetSupport RAT is based, originated as a genuine remote technical support tool three decades ago. 

It provided capabilities for file transfers, support chat, inventory management, and remote access. 

While its initial purpose was legitimate, threat actors have exploited its functionalities for malicious purposes.

Document

Free Webinar

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked. The session will cover: an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

In collaboration with the Threat Analysis Unit, the Carbon Black Managed Detection & Response (MDR) team has witnessed a significant increase in NetSupport RAT infections in recent weeks. 

This surge primarily affects Education, Government, and Business Services organizations.

Delivery Mechanisms and Actor Landscape

The distribution of NetSupport RAT involves a variety of tactics, including fraudulent updates, drive-by downloads, exploitation of malware loaders like GhostPulse, and phishing campaigns. 

Unlike some malware exclusively utilized by specific threat actors, NetSupport RAT has been employed by a range of malicious entities, from novice hackers to sophisticated adversaries.

Recent NetSupport RAT attacks typically involve tricking victims into downloading fake browser updates from compromised websites. 

The initial infection process may vary depending on the specific threat actor’s methodology.

One observed infection scenario involves a victim downloading a fake browser update from a compromised website. 

This update hosts a PHP script that displays a seemingly authentic update prompt. 

Upon…

Source…

Computer Whiz Stuck at Center of Documents Case

/in


One day in June of last year, at a time when federal investigators were demanding security footage from former President Donald Trump’s Mar-a-Lago estate, Yuscil Taveras shared an explosive secret.

Taveras, who ran Mar-a-Lago’s technology department from a cramped workspace in the basement of the sprawling Florida property, confided in an office mate that another colleague had just asked him, at Trump’s request, to delete the footage that investigators were seeking.

Taveras later repeated that story to at least two more colleagues, who in turn shared it with others, according to people with knowledge of the matter. Before long, the story had ricocheted around the grounds of Trump’s gold-adorned private club and up the chain of command at Trump Tower in Manhattan, prompting Taveras’ superiors in New York to warn against deleting the tapes.

Sign up for The Morning newsletter from the New York Times

But by then, Taveras had already balked at what prosecutors said was Trump’s request. Looking to steer clear of the investigation into whether the former president was hoarding classified documents at Mar-a-Lago, he told one colleague that he was unwilling to cross a line and potentially go to prison, according to another person with knowledge of the conversation.

Still, when he was summoned before a grand jury this spring, Taveras did not fully recount the incident. Only after prosecutors subsequently threatened to charge him for failing to tell all that he knew did Taveras shift course to become a potentially important witness in the case.

Facing indictment this summer, Taveras replaced his lawyer, who was being paid by Trump’s political action committee and also represented one of the former president’s co-defendants. Taveras then returned to the grand jury and offered a more detailed version of events, recounting how he had been asked to delete the surveillance footage. In exchange, prosecutors agreed not to charge him.

This account of Taveras’ turnabout, drawn from court records and interviews with nearly a dozen people who know him and are involved in the matter, reveals new details of the critical if at first reluctant role he played in helping investigators develop…

Source…

New Zealand unveils defense strategy documents. Here’s what they say.

/in


WELLINGTON, New Zealand — New Zealand has released three defense and national security documents outlining prevailing challenges, principals for its military and ways to improve the force.

Defence Minister Andrew Little on Aug. 4 presented to lawmakers a 36-page “Defence Policy and Strategy Statement,” a 12-page “Future Force Design Principles” document and an inaugural 44-page “National Security Strategy.”

“A year ago we commissioned the Defence Policy Review, to provide a roadmap for the future of Defence as part of the national security of New Zealand, and to do so in the context of the rapidly changing conditions we see around us,” Little said, per a transcript of a speech in which he introduced the documents. “One of the first actions [Prime Minister] Chris Hipkins government took was to speed up work on that review.”

Overall, the documents outline challenges and pressures; introduce “sliding principles” and four underlying assumptions; and conclude that, in the mid- to long-term period, investment in the military is needed to “continue to protect and promote New Zealand’s interests.”

Threats

“In 2023 we do not live in a benign strategic environment,” Little said. “New Zealand is facing more geostrategic challenges than we have had in decades — climate change, terrorism, cyberattacks, transnational crime, mis and disinformation, and competition in our region which, up until recently, we thought was protected by its remoteness.”

Those challenges appear to have overtaken expectations, with the government writing that the military “is designed for a relatively benign strategic environment, and not the challenges of increased strategic competition and the adverse effects of climate change that the Defence Policy and Strategy Statement 2023 identifies. As a result, it is not in a fit state to respond to future challenges.”

“A rough sea can still be navigated,” the government wrote, and “even in difficult times we can act to find our way through.”

But it’s unclear how that could be the case, given the “Defence Policy and Strategy Statement” acknowledges it “does not in itself address capability investment questions or require…

Source…

Feds Fear Flipper Zero Use By Far-Right Documents Show

/in


Police departments in major cities have been put on alert over the Flipper Zero hacking tool and expressed concern over its potential use by racially motivated extremists, documents obtained by the Daily Dot show.

In an April 6, 2023 bulletin from the South Dakota Fusion Center (SDFC), which compiles and shares intelligence with law enforcement regarding perceived domestic threats, warnings were given about the possibility of extremist groups seeking to utilize the popular device.

“The NYPD Intelligence and Counterterrorism Bureau (ICB) assesses that racially and ethnically motivated violent extremists (REMVEs) may seek to exploit the hacking capabilities of a new cyber penetration tester, known as the Flipper Zero, in order to bypass access control systems,” the bulletin states.

flipper zero

REMVEs are described as any “loosely organized movement of individuals and groups that espouse some combination of racist, anti-Semitic, xenophobic, Islamophobic, misogynistic, and homophobic ideology,” a report from the Rand Corporation states.

“The majority of REMVE actors are motivated by cultural nationalism or White supremacy—beliefs that Caucasian or ‘Aryan’ peoples represent superior races, and that ‘White culture’ is superior to other cultures,” the report adds.

In the intelligence bulletin, which the Daily Dot obtained through the Freedom of Information Act (FOIA), the NYPD ICB is said to be monitoring discussions of the Flipper Zero on the messaging app Telegram among groups such as “domestic and international hackers, hobbyists, doomsday preppers, and most notably, REMVEs and accelerationists.”

The Flipper Zero is a portable and digital multi-tool that can hack everything from radio protocols to access control systems. The device is capable of cloning RFID cards, such as those used to open hotel rooms, and has been shown to be able to bypass the security on certain brands of electronic safes. While the device is able to perform some impressive feats, its capabilities have also been greatly exaggerated in staged TikTok videos.

While the NYPD ICB admits that it has not observed REMVEs “explicitly discuss the potential for Flipper Zero…

Source…