Tag Archive for: misusing

ESET Research: Lazarus attacks aerospace and defense contractors worldwide while misusing LinkedIn and WhatsApp


DUBAI, UNITED ARAB EMIRATES, June 1, 2022 /EINPresswire.com/ — During the annual ESET World conference, ESET researchers have been presenting about a new investigation into the infamous Lazarus APT group. Director of ESET Threat Research Jean-Ian Boutin went over various new campaigns perpetrated by the Lazarus group against defense contractors around the world between late 2021 and March 2022.

In the relevant 2021-2022 attacks and according to ESET telemetry, Lazarus has been targeting companies in Europe (France, Italy, Germany, the Netherlands, Poland, and Ukraine) and Latin America (Brazil).

Despite the primary aim of this Lazarus operation being cyber-espionage, the group has also worked to exfiltrate money (unsuccessfully). “The Lazarus threat group showed ingenuity by deploying an interesting toolset, including for example a user mode component able to exploit a vulnerable Dell driver in order to write to kernel memory. This advanced trick was used in an attempt to bypass security solutions monitoring.,” says Jean-Ian Boutin.

As early as 2020, ESET researchers had already documented a campaign pursued by a sub-group of Lazarus against European aerospace and defense contractors ESET called operation In(ter)ception. This campaign was noteworthy as it used social media, especially LinkedIn, to build trust between the attacker and an unsuspecting employee before sending them malicious components masquerading as job descriptions or applications. At that time, companies in Brazil, Czech Republic, Qatar, Turkey and Ukraine had already been targeted.

ESET researchers believed that the action was mostly geared towards attacking European companies, but through tracking a number of Lazarus sub-groups performing similar campaigns against defense contractors, they soon realized that the campaign extended much wider. While the malware used in the various campaigns were different, the initial modus operandi (M.O.) always remained the same: a fake recruiter contacted an employee through LinkedIn and eventually sent malicious components.

In this regard, they’ve continued with the same M.O. as in the past. However, ESET researchers have also…

Source…

T-Mobile hacker speaks. Misusing browser histories? IoT camera bug. Gamer data exposed. FBI warns of Hive ransomware.


At a glance.

  • What was the T-Mobile hacker thinking?
  • EU cautions against using browser histories in credit assessments.
  • IoT security camera bug.
  • EskyFun data exposure.
  • FBI describes Hive ransomware.

Alleged T-Mobile attacker reveals himself.

A hacker is claiming responsibility for the massive recent T-Mobile data breach, and his review of the cell phone provider’s security systems is less than favorable. John Binns, an American man living in Turkey, told the Wall Street Journal that he used a simple, publicly available tool to penetrate T-Mobile’s “awful” defenses. He scanned T-Mobile’s websites for vulnerabilities then sussed out an unprotected T-Mobile router where he found credentials that granted him access to one hundred of the company’s servers. Binns has not disclosed whether he was paid to carry out the hack or whether he successfully sold the data, but he claims his motivation was not monetary. He says his goal was to “make noise” in order to draw attention to his purported mistreatment by the US government, including an alleged kidnapping that landed him in a “fake” mental institution. 

EDPS advises against using internet histories for credit assessment.

The European Data Protection Supervisor (EDPS) has declared that an individual’s personal internet history data should not be used in assessing credit scores, The Record by Recorded Future reports. “[T]he EDPS considers that inferring consumers’ credit risk from data such as search query data or online browsing activities cannot be reconciled with the principles of purpose limitation, fairness and transparency, as well as relevance, adequacy or proportionality of data processing,” the agency asserts. The EDPS also advised against using health data or any other special category of personal data under Article 9 of the General Data Protection Regulation, as it could lead to unfair treatment of consumers. The advisory was in response to a blog post published by the International Monetary Fund last year that claimed examining this sort of data could lead to more accurate credit assessments.  

Bug detected in IoT security cameras.

Nozomi Networks Labs has disclosed the discovery of a critical Remote Code…

Source…

Fitness-tracking apps caught misusing Touch ID to steal money from iPhone users

Print thumb

Two iOS fitness apps have been found exploiting a sneaky user interface trick to fool users into making unwanted in-app purchases with Touch ID.

Graham Cluley