Posts

Security researcher: Criminals use Discord to distribute malware

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


According to security researchers, the content delivery network (CDN) of the voice and text chat platform Discord is increasingly being misused by criminals to spread malware. The security company Sophos writes that four percent of their malware downloads examined came from Discord in the second quarter of this year. Users can upload and exchange files via Discord. According to Sophos, this has a number of advantages for cyber criminals.

Overall, Sophos found 14,000 malicious files on the Discord CDN and sees an upward trend. So that criminals can place their malicious software there, all they need is a chat room that anyone can set up free of charge. As soon as a file is uploaded, it lands on cdn.discordapp.com. In this Google Cloud Storage, Trojans can then be reached all over the world via a fast CDN.

Discord uploads files to its CDN, but no longer deletes them.

(Image: screenshot)

The special thing about it: You do not need to log in to access the file. If you call up the URL of the uploaded file, the browser asks directly whether the file should be downloaded. If this URL is linked in an email, there is no warning or anything else that could distract from the download.

Even if the message with the file attachment is deleted on Discord, the file itself can still be accessed in the CDN, as heise online found out in a short test. And it gets even better: If you delete the so-called “server” (actually a created, administrative room) on Discord with all messages, channels and users, the file was still available to us in the CDN.

The problem is by no means new. According to Sophos, a lot of malicious software landed on Discords CDN last year. Discord has not changed the basic functionality, but relies on reports from users and scans itself for malicious code. However, malware cannot be easily distinguished from non-malicious software without fully analyzing its behavior.

Among the files found by Sophos were some malware families that intercept stored login data or ensure that the attacker can remotely control the affected computer. We therefore recommend that you be…

Source…

Wiper Malware Used in Attack Against Iran’s Train System

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


Critical Infrastructure Security
,
Cybercrime
,
Endpoint Security

Operational Security Mistakes Left Clues About Developer’s Skills, But Not Identity

Wiper Malware Used in Attack Against Iran's Train System
Tehran’s rail station. (Photo: Mostafa Asgari via Wikimedia Commons/CC)

Nearly three weeks ago, Iran’s state railway operator was hit with a cyberattack that was disruptive and – somewhat unusually – also playful.

See Also: Live Webinar | Improve Cloud Threat Detection and Response using the MITRE ATT&CK Framework


The attack caused train services to be disrupted as well as the transport ministry’s website to go down, Reuters reported.


But the attack wasn’t just designed for disruption. Attackers also programmed screens at train stations to show a number for travelers to call for more information about the problems.



The phone number, 64411, is for the office of Iran’s supreme leader, Ali Khamenei. In other words, as noted by Juan Andres Guerrero-Saade, a threat researcher at security firm…

Source…

Malware Patrol Data Offered Through Bandura Cyber Threat Intelligence Marketplace | Business

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


ST. PETERSBURG, Fla.–(BUSINESS WIRE)–Jul 28, 2021–

Malware Patrol, the veteran threat intelligence company, announced today that they now offer data feeds through the Bandura Cyber Intelligence Marketplace.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20210728006051/en/

Cyber security teams around the world rely on Malware Patrol’s timely and accurate intelligence to expand their threat landscape visibility and to improve detection rates and response times. The company offers a variety of feeds related to the most prevalent attack types and vectors, including phishing, malware, ransomware, C2s, DGAs, cryptomining and DNS-over-HTTPS (DoH).

Bandura’s newly launched Cyber Intelligence Marketplace provides customers with access to high-value multi-source cyber intelligence data from leading intelligence providers. Bandura customers can easily discover, access, acquire, deploy, and enforce a curated collection of high-quality cyber intelligence data within minutes across their entire network and edge – in real time – without added latency.

“We’re excited to partner with Bandura Cyber because of their excellent reputation. We greatly appreciate that they are making it easier for their customers to diversify their threat intelligence sources via the Cyber Intelligence Marketplace. Those of us on the intelligence side of things know there’s an endless number of indicators of compromise out there, and that the best security posture comes from using multiple data sources,” said Malware Patrol CEO, Andre Correa.

Learn More

To learn more about the partnership between Bandura Cyber and Malware Patrol, attend a webinar with Bandura CRO Todd Weller and Malware Patrol Marketing & Sales Manager Leslie Dawn on Thursday, July 29 th, at 1 PM Eastern.

About Bandura Cyber

Bandura Cyber is an autonomous cyber intelligence and defense company that brings the power of cyber intelligence and cyber defense to global organizations. Our cloud-based platform combines cyber intelligence, automation, and network enforcement into a single solution that is easy to deploy and manage, filling in the gaps…

Source…

Fake Windows 11 installers are used to infect PC with malware

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.



Fake Windows 11 installers are used to infect PC with malware

Windows 11 was officially unveiled by Microsoft on July 24. rogue installers of the new operating system are being used by criminals to infect users’ PCs with malware.

Windows Insider is the only official way to get Windows 11 right now. With the help of Microsoft’s Windows Update program, users can download a trial version of the new operating system. Although Microsoft hasn’t released an ISO for clean installation, that hasn’t stopped criminals from distributing fake versions of the operating system’s installer.

As a result, many users are still downloading Windows 11 from other sources, which contain malicious programs offered by cybercriminals instead of the operating system, according to Kaspersky Labs.

According to an alert from security company Kaspersky, criminals are distributing a file with the name ” 86307_windows 11 build 21996.1 x64 + activator.exe”. It is approximately 1.7 GB in size, this space is occupied by a DLL file full of useless information. If the user clicks on the supposed installer, they will see a screen like the one below that says that the file is a download manager, which will download and install Windows 11, activate it and install additional applications ”: 

 

 

If the user continues, various malicious applications will be installed on the computer. Kaspersky says that adware (applications that display ads) and Trojans, programs created specifically to steal users’ login credentials, are installed. The security company said its solutions have detected thousands of infection attempts using bogus Windows 11 installers as bait.

Kaspersky’s recommendation for users interested in trying Windows 11 is to join the Windows Insider program , or wait until the official ISO is available.





Click here to post a comment for this news story on the message forum.

Source…