Tag Archive for: disabled

Exclusive-US disabled Chinese hacking network targeting critical infrastructure, sources say

/in


By Christopher Bing and Karen Freifeld

(Reuters) – The U.S. government in recent months launched an operation to fight a pervasive Chinese hacking operation that successfully compromised thousands of internet-connected devices, according to two Western security officials and one person familiar with the matter.

The Justice Department and Federal Bureau of Investigation sought and received legal authorization to remotely disable aspects of the Chinese hacking campaign, the sources told Reuters.

Known as Volt Typhoon, the malicious cyber activity has alarmed intelligence officials who say it is part of a larger effort to compromise Western critical infrastructure, including naval ports, internet service providers and utilities.

Such breaches could enable China, national security experts said, to remotely disrupt important facilities in the Indo-Pacific region that in some form support or service U.S. military operations.

A Justice Department spokesperson declined to comment. A spokesperson for the FBI and the Chinese embassy in Washington did not immediately respond to a request for comment.

When Western nations first warned about Volt Typhoon in May, Chinese foreign ministry spokesperson Mao Ning said the hacking allegations were a “collective disinformation campaign” from the Five Eyes countries, a reference to the intelligence sharing grouping of countries made up of the United States, Canada, New Zealand, Australia and the UK.

(Reporting by Christopher Bing in Washington and Karen Freifeld in New York; Editing by Chris Sanders and Lisa Shumaker)

Source…

Microsoft Disabled App Installer Abused by Hackers

/in


Threat actors, particularly those with financial motivations, have been observed spreading malware via the ms-appinstaller URI scheme (App Installer). As a result of this activity, Microsoft has disabled the ms-appinstaller protocol handler by default.

“The observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access vector for malware that may lead to ransomware distribution,” the Microsoft Threat Intelligence team said.

The ms-appinstaller protocol handler vector is probably the one that threat actors have selected since it can bypass security measures like Microsoft Defender SmartScreen and built-in browser alerts for downloading executable file types, which are intended to protect users from malware.

Microsoft Threat Intelligence has identified App Installer as a point of entry for human-operated ransomware activities by several actors, including Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674.

Document

Free Webinar

Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.

Spoofing legitimate applications, tricking users into installing malicious MSIX packages that look like legitimate applications, and avoiding detections on the initial installation files are some of the activities that have been noticed.

Financially Motivated Threat Actors Abusing App Installer

Microsoft discovered that Storm-0569 was using search engine optimization (SEO) poisoning to spread BATLOADER by impersonating websites that offered legitimate downloads, including AnyDesk, Zoom, Tableau, and TeamViewer. 

When a user searches on Bing or Google for a legitimate software application, they could see links to malicious installers using the ms-app installer protocol on a landing page that mimics the landing pages of the actual software provider. A prominent social engineering technique involves spoofing and imitating…

Source…

‘World’s most dangerous malware’ disabled | The Canberra Times

/in


news, latest-news

A global investigations team has disabled the infrastructure of Emotet, which is considered the world’s most dangerous malware capable of stealing passwords and remotely installing malicious software, Germany’s Federal Criminal Police Office says. The operation was carried out on Tuesday as part of an international campaign with investigators from the Netherlands, Ukraine, Lithuania, France, England, Canada and the United States and coordinated by Europe’s law enforcement authorities, police said in a statement. Emotet, which can steal passwords and install remotely controlled programs including ransomware, is believed to have been used in a number of organised attacks, including attempts to infiltrate the world’s biggest oil company Saudi Aramco. In Germany alone, attacks with the Emotet malware on individuals and institutions including the Berlin Court of Justice caused damage of at least 14.5 million euros ($A22.8 million), police said. Australian Associated Press

/images/transform/v1/crop/frm/silverstone-feed-data/79701ac0-5ee1-43e5-89fb-0a492a811e6b.jpg/r0_74_800_526_w1200_h678_fmax.jpg

Source…

He died claiming to be a disabled veteran. But many believe he was hijacker D.B. Cooper. – The Washington Post

/in

He died claiming to be a disabled veteran. But many believe he was hijacker D.B. Cooper.  The Washington Post

A man who some believed to be the elusive D.B. Cooper died Tuesday in Southern California. Robert Rackstraw, who was featured in a 2016 History Channel …

“HTTPS hijacking” – read more