Search This Blog

Latest News

ATFuzzer: A Threat that Misuses USB Chargers, Headsets, and Bluetooth.

A new security threat has been found which can hit various high-tech android devices by exploiting the Bluetooth and USB accessories to ...

All the recent news you need to know

Carding Bots Now Pose a Threat to E-Commerce Platforms


In a discovery made by the PerimeterX research team, two new "carding" bots that represent a threat to e-commerce platforms have been detected towards the beginning of the busiest shopping time of the year.

Carding is a 'brute force attack' on a retailer's site utilizing stolen credit cards or gift vouchers. Threat actors utilize carding to mass-confirm a large number of stolen credit cards and produce a list of authentic credit cards.

The validated credit cards are then commonly sold on the black market for around $45 each and traded for untraceable gift vouchers that empower the cyber-criminals to veil their identity.

One of the new carding bots, named the canary bot, explicitly abuses top e-commerce platforms. The other bot, called the shortcut bot, sidesteps the e-commerce website altogether and rather abuses the card payment vendor APIs utilized by a site or mobile application.

Portraying an attack by the canary bot, researchers stated: "In this attack, the bots create a shopping cart, add products to the cart, set shipping information, and finally execute the carding attack—all of the steps except for the carding attack exhibit normal user behavior through a website."

The worldly canary bot recognized by PerimeterX researchers is frightfully great at aping human behavior. Researchers said that they had seen an 'increasing trend' in API endpoint abuse to approve credit cards on the web and on mobile applications.

They additionally saw an expansion in these new kinds of attacks over numerous unrelated customers demonstrating the speedy advancement of these attack tools.

All things considered, PerimeterX has advised e-commerce website proprietors to keep customers from getting to the payment page without items in their cart to stop fundamental carding attacks.


ISRO targeted by North Korean Hackers during Chandrayaan-2 Launch


According to the fresh news that has been coming from various experts, it has appeared that Chandrayaan-2 (also known as Mission Moon), a famous mission by the Indian Space Research Organisation (ISRO) was attacked by hackers from North Korea. It also appears that the attacks were organized using a malware named Dtrack, which is connected to a club of North Korean hackers managed by the administration. "The malware was identified by the Financial Institute and Research Centers in 18 Indian states," confirms the reports by Kaspersky, a cybersecurity firm.


It is also said that the same malware was used to direct hacks on Kudankulam nuclear factory. The National Cyber Coordination Center that attempts to protect the nation from harmful cyber invasions recently received critical information from a US cybersecurity firm regarding the hack. It said that Kunankulam Nuclear Plant's master domain controllers alongside the ISRO were attacked by the hackers. Following this incident, Kaspersky's specialists detected the malware and notified the issue to the Indian government before the Chandrayaan-2 landing.

"The hack was organized using very simple and basic techniques like phishing emails, an unedited browser, and poor security that resulted in allowing the hackers to easily invade the devices," says Yash Kadakia in an interview, founder, Security Brigade, a cybersecurity firm in Mumbai. He further adds that a similar server was used to send spams to superior nuclear experts at the Nuclear Plant in Kudankulam which was also aimed by the hackers to pick other experts at ISRO later.

About Dtrack Malware- 
Generated by North Korean Hackers, the Dtrack malware provides a full command that permits the hackers to obtain data from the device. The virus can misuse devices with weak privacy and passwords. If the virus invades a device, it can obtain critical information like catalogs, IDs, user history, and IP addresses. "A high number of DTrack attacks were discovered. The hack was carried by Lazarus that has become a major concern for big corporations," said Konstantin Zykov about the virus who is a Researcher at Kaspersky Cybersecurity, at an event in Delhi.

Cyber Intrusions on a Rise in Oregon, Attackers Bringing in Sophisticated Methods


Cyber intrusions have been on a rise with cybercrime becoming more dangerous and sophisticated than ever. The pervasive and evolving cybercrime poses a serious threat to both the public and private sector networks as attackers target international organizations to steal corporate data and individuals are subjected to identity theft.

In December 2018, Aaron Cole, from the Portland suburb of Oregon City, fell prey to a wire scam and nearly lost his home after being duped into making a fraudulent down payment of $123,000. The attacker sent Cole an email directing him to make the payment and tricked him into believing that it is from the title company he had been working with. At the time, Cole did not realize that a sophisticated network of hackers had been keeping track of his interactions with the title company. Although the email appeared similar in structure to the original emails he received from his title company, it had slight differences.

It was only when the title company reached out Cole on due dates, asking him to send the money, the realization of the blunder hit the Oregon man hard. He suddenly realized that he was duped by cybercriminals to give away all the money which he had saved from the sale of his former house along with other family savings.

Cole's title company, WFG came to his immediate rescue and made up for the losses, in turn, Cole is helping the company in spreading the word about more such scams. He was fortunate to be hired for the same amount he lost to the hackers - to be a spokesperson at the National Title Insurance Company.

“They warned we're never going to send you an email with wire instructions, it'll be an encrypted email. We’ll call you with wire instructions. They're putting all the red flags out there that they can possibly think of,” said Cole. “I was looking at it more like the terms of use when you want to download an app and you just skip through the thing and you click accept.”

While explaining the unfortunate incident and the state of mind which followed, the Oregon Husband and father of two said: "It was the worst feeling."

"And then having to go home and tell my wife that I just gave away all the money. She could tell right when I walked in the house and just sat down, and I just couldn't come up with the words to tell her." He added.

Referencing from the statements given by Gabriel Gundersen, an FBI supervisory special agent with the Oregon Cyber Task Force, "The emails have gotten well-crafted and quite detailed. They're highly tailored to that particular victim."

"It's a social engineering piece, where they're coercing a victim to do something based on an artificial agenda or an artificial timeline." He added.

Earlier the attempts made by attackers to dupe people were uncoordinated and clumsily executed due to which individuals had a scope of making distorted sense of anything which strikes them as strange and makes them feel uncomfortable, however now these cyber traps are set sophisticatedly making it difficult for individuals to locate the red flags.

Security officers are in a constant race with the attackers, ensuring they are not lacking behind with the fixes for every new approach slammed in by con men. However, the overall impact is still staggering as crucial systems are bypassed, disrupting the entire functioning of vital medical and banking networks.

Researchers Discover the Existence of the New APT Framework “Darkuniverse”



A new APT Framework named "DarkUniverse" was recently discovered by researchers via tips from a script that was utilized in the NSA breach in 2017 wherein the well-known hacking tools leak 'Lost in Translation' was published by shadow brokers.

Researchers believe that the "DarkUniverse" APT Framework was active in at least 8 years from 2009 until 2017, and the traces show that it's likewise tied with ItaDuke, an actor that utilized PDF exploits for dropping previously unknown malware.

There are various versions of the sample been utilized for this campaign between 2009 to 2017, and the most recent rendition of the malware utilized until 2017. The further examination uncovers that the battle is for the most part utilizing the spear-phishing emails to convey the malware through the weaponized Microsoft Office document attachment.

As indicated by Kaspersky investigate, “DarkUniverse is an interesting example of a full cyber-espionage framework used for at least eight years. The malware contains all the necessary modules for collecting all kinds of information about the user and the infected system and appears to be fully developed from scratch.”

The DarkUniverse campaign is said to gather different sensitive information including Email conversations, files from specific directories, screenshots, information from the Windows registry, sends a file to the C2, credentials from Outlook Express, Outlook, Internet Explorer, Windows Mail and more.

The malicious framework targeted on different nations including Syria, Iran, Afghanistan, Tanzania, Ethiopia, Sudan, Russia, Belarus and the United Arab Emirates and the victims included both non-military personnel and military associations.