Tag Archive for: ThirdParty

Woman loses over $20k from credit card and bank accounts after downloading third-party app

/in


SINGAPORE – A food delivery order that was supposed to cost $58 ended up costing Ms Lim (not her real name) over $20,000 after scammers took control of her Android phone and banking details remotely.

Ms Lim, 54, lost almost $20,500 from a credit card account and two DBS savings accounts in hours after she clicked on a link to download a third-party app, following which scammers then increased her credit limits and siphoned out all her money.

She had been looking for healthy tingkat (tiffin) meal delivery options for her elderly parents, and on July 26, she made an inquiry after seeing a Facebook ad from a company called Healthy Box.

The ad appeared to be from local caterer Grain, whom she had ordered from before. Hence, she was not suspicious.

She contacted the poster of the advertisement via Facebook messenger, after which the conversation continued on WhatsApp at around noon that day.

After the person confirmed they were from Grain, they sent her a link via WhatsApp to download an app – one that she had not used before – to make the order. She then installed the app, which she said looked exactly like the mobile-enabled version of Grain’s site.

When asked to make payment of $58 via PayNow to another number, she received a message saying that the vendor had not installed PayNow and that she could send the vendor a link to do so.

She then messaged the person to inform them that their PayNow was not working and asked them to check on it, but did not receive a reply.

Ms Lim, who works in events and marketing, went back to her online meetings. About 90 minutes later, when taking a lunch break, she noticed that her phone felt “burning hot”.

When she switched it on, the phone showed a blank screen and it had automatically performed a factory reset. Not suspecting anything, she followed the sequence to reset the phone and set it up again, as one would with a new phone.

Later that day, when she attempted to use her ATM card to withdraw money at around 6pm, she realised that her bank balance was zero.

She called the DBS customer service hotline, and an officer confirmed that $20,493.87 had been transferred out of her account.

A few days later, she went to…

Source…

Fans of third-party YouTube apps should watch out for Nexus banking malware

/in


It first appeared in June last year and is now being openly advertised by its creators on hacker forums to increase its reach. Nexus’ primary targets are 450 banking and cryptocurrency apps. 

It’s being distributed through phishing websites posing as legitimate websites of YouTube Vanced, a discontinued third-party YouTube app. It uses all the tricks in the books to gain your banking info and take over your financial accounts.

Nexus asks for 50 permissions and abuses at least 14 of them

It is capable of performing overlay attacks, i.e. replicating a legitimate interface to trick you into entering your credentials, and uses keylogging to record your keystrokes. It can even steal SMS messages to get access to two-factor authentication codes and can abuse Accessibility Services to steal information from crypto wallets, 2-Step Verification codes generated by Google Authenticator, and website cookies. The trojan can also delete messages received by you.

After it’s installed on a device, Nexus connects to its command-and-control (C2) server. C2s are used by cybercriminals to control malware, launch attacks, and receive stolen data.

Nexus is said to be in the beta stage but it’s already being used by many threat actors to carry out nefarious activities. Cybercriminals who do not know how to make their own malware can rent it for $3,000 a month.

It looks like the developer is from a CIS (Commonwealth of Independent States) country and has prohibited the trojan’s use in Azerbaijan, Armenia, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Russian Federation, Tajikistan, Uzbekistan, Ukraine, and Indonesia.

Nexus is capable of updating itself and Cleafy thinks it is a real threat and can infect hundreds of Android devices in the world.

To protect yourself from infections, try to only download apps from Google Play and enable Google Play Protect. Use strong passwords and enable biometric security features where possible and be very careful when granting permissions.

Source…

Third-party administrator hack leads to theft of patient data for over 251K

/in


An Austin, Texas-based third-party administrator began notifying over 250,000 patients that their data was stolen. (U.S. Air Force)

Austin, Texas-based Bay Bridge Administrators, a third-party administrator of insurance products, recently began notifying more than 251,000 patients that their data was stolen after a network hack in September 2022.

The “network disruption” was first detected on Sept. 5, which prompted BAA to secure the network and engage with an outside cybersecurity firm to investigate. Forensics showed that the attacker had gained access more than a week before being discovered, which enabled them to exfiltrate “certain data” from the network on Sept. 3.

BBA appears to explain the lengthy delay in notifying patients to a “thorough investigation” that concluded on Dec. 5. Under the Health Insurance Portability and Accountability Act, covered entities have 60 days without undue delay to inform patients of possible data exposure.

The notice uses language to suggest that the breach was not discovered until months after the initial hack and data theft. The Department of Health and Human Services has warned against this type of notice, urging providers to inform patients of possible privacy violations “even if it is initially unclear whether the incident constitutes a breach as defined in the rule.”

For patients tied to BBA, the compromised data was tied to “individuals enrolled in some employment insurance benefits administered” by the business associate in 2022.

The stolen data varied by individual and could include Social Security numbers, contact details, driver’s licenses or state identification numbers, medical data, health insurance information, and/or dates of birth.

Behavioral health provider reports September hack, data exfiltration

In a similar notice to BBA, Circles of Care in Florida is beginning to notify 61,170 patients that their data was stolen after a network hack detected on Sept. 21, 2022.

An investigation deployed with support from a third-party independent cybersecurity team found the attacker first accessed the network on Sept. 6 and used the access to obtain certain information. The investigation concluded on Nov. 29, 2022.

The…

Source…

New Threat Intelligence Feed for Third-Party Platforms

/in


What Is a Threat Intelligence Feed?

According to TechTarget’s WhatIs.com:

DevOps Connect:DevSecOps @ RSAC 2022

A threat intelligence feed (TI feed) is an ongoing stream of data related to potential or current threats to an organization’s security. TI feeds provide information on attacks, including zero-day attacks, malware, botnets and other security threats. TI feeds are vital components of security infrastructure, which help identify and prevent security breaches. Threat Intelligence  can be used to implement more granular security policies, as well as to identify potential characteristics or behaviors associated with that threat. Threat intelligence is gathered to help organizations understand emerging threats in the cybersecurity landscape, including zero-day threats, advanced persistent threats and exploits.  Threat actors may also include internal and partner threats, but the emphasis is on outside sources that might cause the most damage to a particular organization’s environment.

The new Threat Intelligence Feed is based on the Nozomi Networks Threat Intelligence subscription, which is solely for use in our own Guardian and Vantage products, but the new feed can be used in other security platforms. Threat Feed allows other platforms to leverage Nozomi Networks research and intelligence on recent and emerging threat indicators and how they are spreading. The feed delivers a single, unified source of data, including malicious IP addresses or URLs, new indicators of compromise (IOC) signatures, threat sources, malware hashes, and methods and tactics to gain system access, all of which can serve to accelerate incident response and enhance security operations.

The vision of Nozomi Networks, and what our customers continually ask for, is to do more with the data we observe and collect. This Threat Intelligence Feed gives customers new options for leveraging our data and intelligence for better analysis, security automation, policy enforcement or integration into other tools and dashboards. More flexibility means more security and more ways to apply Nozomi Networks intelligence.

Source…