Tag Archive for: files

A Massive Therapy Hack Shows Just How Unsafe Patients’ Files Can Be

/in


The suburb of Courbevoie sits just west of Paris on the left bank of the Seine. It’s home to La Défense, a thicket of skyscrapers visible from the city that forms a distant, unlovely terminus to the grand axis extending from the Louvre up the Avenue des Champs-Élysées and through the Arc de Triomphe. Just a short walk from Courbevoie’s office towers, at 7:20 a.m. on Feb. 3, 2023, local police arrived at a short-term rental in a modern beige apartment block. They were responding to a domestic violence call.

Outside the apartment, the officers met the young woman who’d phoned. She told them her friend and her friend’s husband were inside. The night before, the three had been out late at a nightclub and the husband had been drinking. There had been a dispute, the woman said. Now she worried her friend was in danger. The officers knocked on the door, no one answered, and they broke it open with a battering ram.

Source…

Hackers are loading SVG files with multi-stage malware in new phishing attack

/in


A sophisticated new phishing attack was spotted in the wild, leveraging a wide variety of tools to bypass antivirus protections and ultimately deliver different Remote Access Trojan (RAT) malware.

According to cybersecurity researchers at Fortinet, an unidentified threat actor was seen sending phishing emails, stating a shipment has been delivered, and attaching an invoice. This attachment, however, is a Scalable Vector Graphics (SVG) file which, when run, triggers the infection sequence. 

Source…

Vedalia APT Group Exploits Oversized LNK Files to Malware

/in


The Vedalia Advanced Persistent Threat (APT) group, also known by its alias Konni, has been distributing malware using an innovative technique involving oversized LNK files.

This method marks an evolution in the group’s operational tactics, aiming to bypass conventional security measures and compromise targeted systems.

Broadcom recently published a blog post stating that the Vedalia APT group has utilized huge LNK files in their latest malware campaign.

Document

Run Free ThreatScan on Your Mailbox

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Key Highlights of the Campaign

  • Innovative Delivery Mechanism: The Vedalia APT group has ingeniously utilized LNK files with double extensions, effectively masking the malicious .lnk extension.
  • This tactic deceives users into believing the files are harmless, increasing the likelihood of execution.
  • Obscuration through Whitespace: A notable characteristic of these LNK files is the excessive use of whitespace.
  • This technique is designed to hide the malicious command lines embedded within, making detection by security software and analysts more challenging.
  • Bypassing Security Defenses: The embedded command line script within the LNK files is crafted to search for and execute PowerShell commands.
  • This approach is specifically chosen to evade detection mechanisms. It leverages PowerShell’s legitimate system functions to locate and deploy the embedded malicious files and payload.

File-based

  • CL.Downloader!gen20
  • Scr.Mallnk!gen13
  • Trojan.Gen.NPE
  • WS.Malware.1

Implications and Recommendations

The Vedalia APT group’s adoption of oversized LNK files for malware delivery underscores the evolving landscape of cyber threats.

Organizations and individuals are advised to remain vigilant, update their security solutions, and educate users about the risks of opening files from unknown sources.

This campaign by the Vedalia APT group serves as a reminder of the continuous innovation among cyber adversaries.

By staying informed and proactive, organizations…

Source…

FIU study: Ransomware can hide in the websites you upload files to

/in


FIU cybersecurity researchers warn websites that request access to your files might be able to bypass antivirus software and carry out major ransomware attacks.

Free photo editors, tax document assistants and other online apps that ask for permission to access your media can encrypt files and effectively take control of them, an FIU College of Engineering and Computing study shows. These attackers could then demand ransom in exchange for the files’ safe return.

The researchers say that the hack works on all three major PC operating systems: Windows, Linux and Mac OS. Some cloud services such as Apple Cloud, Box, Google Drive, OneDrive and Dropbox are also susceptible, as well as external drives.

Just two things are needed for a malicious website to conduct the attack.

  1. A person needs to say, ‘yes’ to a pop-up that asks them to share their files, such as ‘Allow this website to access your photos?’
  2. Someone must click, ‘yes,’ on a second pop-up, which is the attack. The pop-up will be disguised as a benign message, such as an advertisement or a request like, ‘May we close the rest of your tabs for you?’

Clicking ‘yes’ on these two pop-ups is all too easy, says Selcuk Uluagac, principal investigator of the research and Knight Foundation School of Computing and Information Sciences professor.

“Antivirus software systems allow these attacks because it is normal for them to give browsers access to files,” Uluagac said. “They don’t detect that anything is wrong.”

The research was conducted in collaboration with Google senior research scientist Güliz Seray Tuncay and published in the proceedings of the 32nd USENIX Security Symposium, which is a top-tier cybersecurity conference according to Google Scholar.

“Everybody knows not to download a suspicious file. Now we are finding that it can be just as dangerous to upload a file,” said Harun Oz, a Ph.D. student on the research team.

These hacks are possible due to the increasing power of web browsers, researchers say.

“Browsers have become much more powerful over time,” said Abbas Acar, a postdoctoral researcher on the…

Source…