Tag Archive for: upgrades

Raspberry Robin Malware Upgrades with Discord Spread and New Exploits

/in


Feb 09, 2024NewsroomMalware / Dark Web

Raspberry Robin Malware

The operators of Raspberry Robin are now using two new one-day exploits to achieve local privilege escalation, even as the malware continues to be refined and improved to make it stealthier than before.

This means that “Raspberry Robin has access to an exploit seller or its authors develop the exploits themselves in a short period of time,” Check Point said in a report this week.

Raspberry Robin (aka QNAP worm), first documented in 2021, is an evasive malware family that’s known to act as one of the top initial access facilitators for other malicious payloads, including ransomware.

Attributed to a threat actor named Storm-0856 (previously DEV-0856), it’s propagated via several entry vectors, including infected USB drives, with Microsoft describing it as part of a “complex and interconnected malware ecosystem” with ties to other e-crime groups like Evil Corp, Silence, and TA505.

Cybersecurity

Raspberry Robin’s use of one-day exploits such as CVE-2020-1054 and CVE-2021-1732 for privilege escalation was previously highlighted by Check Point in April 2023.

The cybersecurity firm, which detected “large waves of attacks” since October 2023, said the threat actors have implemented additional anti-analysis and obfuscation techniques to make it harder to detect and analyze.

“Most importantly, Raspberry Robin continues to use different exploits for vulnerabilities either before or only a short time after they were publicly disclosed,” it noted.

“Those one-day exploits were not publicly disclosed at the time of their use. An exploit for one of the vulnerabilities, CVE-2023-36802, was also used in the wild as a zero-day and was sold on the dark web.”

A report from Cyfirma late last year revealed that an exploit for CVE-2023-36802 was being advertised on dark web forums in February 2023. This was seven months before Microsoft and CISA released an advisory on active exploitation. It was patched by the Windows maker in September 2023.

Raspberry Robin Malware

Raspberry Robin is said to have started utilizing an exploit for the flaw sometime in October 2023, the same month a public exploit code was made available, as well as for CVE-2023-29360 in August. The latter was publicly…

Source…

People are just realising a little-known Wi-Fi hack makes router upgrades less of a nightmare – it’ll save loads of time

/in


THERE’S one issue people complain about time and again when upgrading their Wi-Fi router.

“Do I have to change the network and password on all my devices?”

Changing the password on every device you own is a massive hassle

1

Changing the password on every device you own is a massive hassleCredit: Getty

In the early days of Wi-Fi it was fine as you probably owned a handful of gadgets that could use it, such as a laptop.

Today, we own a load of internet-connected devices from TVs, phones, tablets, smart lights, heating systems, you name it.

Going through the settings to change the network it’s connected to and the password is a massive pain.

But there might be a far quicker way to solve it.

One trick is to go into the router’s settings and rename it (known as the SSID), as well as the password, so it matches your old router.

There are some caveats – if you’re upgrading from a really old router that has very dated security protocols it won’t work.

It’s also worth pointing out, your Wi-Fi password should not be simple as this makes it far too easy to hack.

So if you’re currently using a basic password, it’s far better to use this opportunity to go with a new complex password that’s watertight than the dangerously easy one of the past.

You’ll need to access your router’s system settings to do this, so check your box’s instructions on how to do it.

But here’s how to do it on Sky, Virgin Media and BT.

How to change Wi-Fi password on Sky

To change your Wi-Fi network name (SSID) and password on Sky, follow these steps:

  1. Ensure you’re connected to your new router.
  2. Type 192.168.0.1 into your web browser.
  3. Select Wireless or WiFi.
  4. Type in the default username, which is “admin”.
  5. Enter your password – this will either be “sky” or the Wi-Fi password on the back of your hub, depending on the kit you have, so try both.
  6. In Network Key, enter the password of your old Sky Hub.
  7. Click Apply.

How to change Wi-Fi password on Virgin Media

To change your Wi-Fi network name (SSID) and password on Virgin Media, follow these steps:

  1. Ensure you’re connected to your new router.
  2. Type 192.168.0.1 into your web browser.
  3. Go to Advanced settings from the left menu.
  4. Click on Wireless.
  5. Click on Security.
  6. Change the network names and password to the exact ones used on your old…

Source…

Dubai Electronic Security Centre upgrades RZAM cybersecurity app

/in



– Dubai Electronic Security Centre upgrades RZAM cybersecurity app to strengthen digital security standards in Dubai

The Dubai Electronic Security Center (DESC), one of the entities under the Digital Dubai umbrella, has announced new features and updates to the RZAM cybersecurity application, which was launched during the Gulf Information Security Expo and Conference (GISEC) exhibition in March 2023.

DESC prioritises the continuous update of digital security and safety standards; it forms part of the Center’s consistent efforts to develop unconventional cybersecurity solutions and advance Dubai’s position as a sustainable, safe, and trusted digital city, and a global example of digital transformation.

The latest updates enhance the efficiency of the RZAM application in addressing cybersecurity challenges by expanding its user base and making it available on various web browsers, including Mozilla Firefox, Safari, Chrome, and Edge. Users can also download the application from the Chrome Web Store on their computers, or from the App Store on their iPhones. Moreover, the app supports the Arabic language, further enhancing its effectiveness, and uses artificial intelligence (AI) to protect internet users from malicious and real-time phishing sites, ensuring a safe and secure internet experience.

Yousuf Hamad Al Shaibani, Chief Executive, Dubai Electronic Security Center, said, “We are proud of the efforts made by our talented young Emirati professionals in developing a groundbreaking application like RZAM. These dedicated efforts contribute to the advancement of technological security and reflect our commitment to national innovation, in line with the wise leadership’s vision for developing unconventional solutions to tackle cybersecurity challenges.”

“Our team at the Dubai Electronic Security Center is committed to developing innovative solutions and initiatives to secure Dubai’s digital future, and establish a highly reliable cyberspace for the free flow of information,” Al Shaibani added. “This enhances the emirate’s global leadership in digital and…

Source…

North Korea’s Lazarus Group upgrades its main malware • The Register

/in


The Lazarus Group, the cybercrime gang linked to the North Korean government, has been named as the perpetrator of an attack against a Spanish aerospace firm, using a dangerous new piece of malware.

Lazarus’s fingerprints were all over a recent attack on an unnamed Spanish aerospace firm, according to security shop ESET, which opined the incident mimics previous Lazarus campaigns that used nearly identical ingress tactics.

ESET asserts this attack bears hallmarks of the Lazarus campaign known as Operation Dream Job right down to the types of encryption used, which mirrors that used in a campaign offering fake jobs at Amazon.

Like those other campaigns, suspected Lazarus hackers used LinkedIn to contact employees at the unnamed Spanish firm. Posing as recruiters from Meta, the Lazarus operatives suggested downloading a pair of coding challenges. Those files were bundled with attack code that, when printed, triggered a payload and installed malware.

ESET asserts that the goal of the attacks, and other Dream Job breaches, was espionage. “Pilfering the know-how of an aerospace company is aligned with long-term goals manifested by Lazarus,” wrote ESET senior malware researcher Peter Kálnai.

The Lazarus Group activity has previously targeted numerous high-profile orgs, including others in aerospace, chemical manufacturing and other nationally critical industries. Lazarus has also pulled off a number of cryptocurrency heists and was named as being behind the Sony Pictures hack in 2015.

Lazarus’s dangerous new toolset

In previous attacks – including the Amazon Dream Job campaign – Lazarus used a remote access Trojan known as BlindingCan.

ESET’s Kálnai suggested this recent attack used an upgraded malware tool named “LightlessCan” that has support for 68 commands, although only 43 appear to be implemented.

ESET’s analysts believes LightlessCan is based on BlindingCan source code, as the order of shared commands is “preserved significantly, even though there may be differences in their indexing.”

LightlessCan adds mimicked Windows command functionality – the tool can mimic commands like ping, ipconfig, systeminfo, sc, net, and the like with a hardcoded “The…

Source…