Tag Archive for: hackers

Hackers Update Vultur Banking Malware With Remote Controls

/in


Cybercrime
,
Fraud Management & Cybercrime
,
Governance & Risk Management

Attackers Can Now Download, Alter and Delete Files – Plus Click, Scroll and Swipe

Prajeet Nair (@prajeetspeaks) •
April 2, 2024    

Hackers Update Vultur Banking Malware With Remote Controls
Image: Shutterstock

Threat actors are tricking banking customers with SMS texts into downloading new and improved banking malware named Vultur that interacts with infected devices and alters files.

See Also: Combating Cyber Fraud: Best Practices for Increasing Visibility and Automating Threat Response

First documented in March 2021 by Threat Fabric, Vultur garnered attention for its misuse of legitimate applications such as AlphaVNC and ngrok, enabling remote access to the VNC server on targeted devices. Vultur also automated screen recording and keylogging for harvesting credentials.

The latest iteration of this Android banking malware boasts a broader range of capabilities and enables attackers to assume control of infected devices, hinder application execution, display customized notifications, circumvent lock-screen protections and conduct various file-related operations such as downloading, uploading, installing, searching and deleting.

The new functionalities primarily focus on remote interaction with compromised devices, although Vultur still relies on AlphaVNC and ngrok for remote access, said NCC Group security researchers in a report on Thursday.

Vultur’s creators also…

Source…

Hackers Show Vulnerabilities of RFID-Based Hotel Door Locks

/in


Hackers show vulnerabilities of RFID-based hotel door locks

Apr 02, 2024In a scenario that feels lifted from Oceans 11, a group of hackers have shown the vulnerabilities of RFID-based locks through a hotel room keycard.

A team of security researchers recently revealed a hotel keycard hacking technique they call Unsaflok. The technique exposes a collection of security vulnerabilities that would allow a hacker to open several models of Saflok-brand RFID-based keycard locks sold by lock maker Dormakaba.

The Saflok systems are installed on three million doors worldwide, inside 13,000 properties in 131 countries.

RFID Journal Live

The Hackers Story

As detailed in a story published on Wired, the researchers exploited weaknesses in both Dormakaba’s encryption and the underlying RFID system used, known as MIFARE Classic, according to Ian Carroll and Lennert Wouters.

They started by obtaining any keycard from a target hotel—new or used—in order to read a certain code from that card with a $300 RFID read-write device. After writing two keycards of their own, they were able to first rewrite a certain piece of the lock’s data and then open it.

“Two quick taps and we open the door,” said Wouters, a researcher in the Computer Security and Industrial Cryptography group at the KU Leuven University in Belgium. “And that works on every door in the hotel.”

Dormakaba Solution

Wouters and Carroll shared the full technical details of their hacking technique with Dormakaba in November 2022. Dormakaba says that it’s been working since early last year to make hotels that use Saflok aware of their security flaws and to help them fix or replace the vulnerable locks.

For many of the Saflok systems sold in the last eight years, there’s no hardware replacement necessary for each individual lock. Instead, hotels will only need to update or replace the front desk management system and have a technician carry out a relatively quick reprogramming of each lock, door by door.

But Dormakaba has reportedly only updated 36 percent of installed Safloks. Given that the locks aren’t connected to the internet and some older locks will still need a hardware upgrade, they say the full fix will still likely take months…

Source…

Hackers steal database of Russian convicts to avenge Navalny’s death – media

/in


After Russian opposition leader Alexei Navalny died in prison, a group of anti-Kremlin hackers gained access to the computer network run by the Federal Penitentiary Service (FSVP of Russia) and claimed they had snatched data on hundreds of thousands of prisoners.

This was reported by CNN, Ukrinform reports.

According to hackers, they got hold of the agency’s database, which contains information on approximately 800,000 Russian prisoners, their families and contacts, including data on prisoners held in the colony where Navalny died on February 16.

Hackers posted a photo of the politician alongside his wife Yulia at a political rally on the penitentiary service’s website.

Read also: Canada expanding Russia sanctions over Navalny’s death

The hackers, who claim to be of various ethnic backgrounds, including Russian expatriates and Ukrainians, are sharing the data “in the hope that somebody can contact them and help understand what happened to Navalny,” a hacker claiming to be involved in the breach told CNN.

An analysis by CNN found several duplicate entries in the database, but it still contains information on hundreds of thousands of people. CNN was able to match several names seen in the snapshots shared by hackers with people currently in a Russian prison as per public records.

The group also gained access to the prison’s online store, where families of convicts can purchase food for them, and changed the prices of some goods to just one ruble. This is evidenced by screenshots and videos published by hackers.

Read also: Defense Ministry developing legislative definition for term ‘cyberwarfare’

The group also posted Navalny’s photo on the store’s website. They sent a warning to the administrators of the prison’s online store not to remove the image and went on to destroy one of the servers when the admins failed to heed to the warning.

The hackers “clearly had full blown access to get it all,” says Tom Hegel, who is principal threat researcher at U.S. cybersecurity company SentinelOne. “The amount of images captured and data provided is quite thorough.”

Read also: Ukraine’s counterintelligence exposes 1,700 attempts at…

Source…

What is Volt Typhoon? A cybersecurity expert explains the Chinese hackers targeting US critical infrastructure

/in


Volt Typhoon is a Chinese state-sponsored hacker group. The United States government and its primary global intelligence partners, known as the Five Eyes, issued a warning on March 19, 2024, about the group’s activity targeting critical infrastructure.

The warning echoes analyses by the cybersecurity community about Chinese state-sponsored hacking in recent years. As with many cyberattacks and attackers, Volt Typhoon has many aliases and also is known as Vanguard Panda, Bronze Silhouette, Dev-0391, UNC3236, Voltzite and Insidious Taurus. Following these latest warnings, China again denied that it engages in offensive cyberespionage.

Volt Typhoon has compromised thousands of devices around the world since it was publicly identified by security analysts at Microsoft in May 2023. However, some analysts in both the government and cybersecurity community believe the group has been targeting infrastructure since mid-2021, and possibly much longer.

Volt Typhoon uses malicious software that penetrates internet-connected systems by exploiting vulnerabilities such as weak administrator passwords, factory default logins and devices that haven’t been updated regularly. The hackers have targeted communications, energy, transportation, water and wastewater systems in the U.S. and its territories, such as Guam.

In many ways, Volt Typhoon functions similarly to traditional botnet operators that have plagued the internet for decades. It takes control of vulnerable internet devices such as routers and security cameras to hide and establish a beachhead in advance of using that system to launch future attacks.

Operating this way makes it difficult for cybersecurity defenders to accurately identify the source of an attack. Worse, defenders could accidentally retaliate against a third party who is unaware that they are caught up in Volt Typhoon’s botnet.

Why Volt Typhoon matters

Disrupting critical infrastructure has the potential to cause economic harm around the world. Volt Typhoon’s operation also poses a threat to the U.S. military by potentially disrupting power and water to military facilities and critical supply chains.

FBI Director…

Source…