Tag Archive for: Spot

Android malware posing as Google Chrome could steal your photos, contacts, and more — how to spot the fake

/in


An updated version of the XLoader malware for Android devices doesn’t require any user interaction to launch once installed, according to researchers at McAfee (via BleepingComputer). Of course, you still need to click the malicious link in an SMS message to download and install the malware, but this XLoader variant doesn’t require users to manually launch the malware anymore.

Right now, the malware is being distributed through SMS texts on Android devices. If you’re targeted, the SMS text will include a shortened URL that, if clicked on, will direct you to a website to download an Android APK installation file for a mobile app.  McAfee says that, “While the app is installed, their malicious activity starts automatically.”

Source…

Researchers spot an increase in Jupyter infostealer infections

/in


Infections involving the Jupyter infostealer have increased over the last two weeks, in particular targeting organizations in the education and healthcare sectors, researchers said Monday.

VMware’s Carbon Black Threat Analysis Unit published a report on Monday highlighting a wave of new incidents involving the malware, which was first seen in late 2020. It allows hackers to steal credentials and exfiltrate data.

“New Jupyter Infostealer variants continue to evolve with simple yet impactful changes to the techniques used by the malware author. This improvement aims to avoid detection and establishes persistence, enabling the attacker to stealthily compromise victims,” the researchers said.

“This malware continues to be one of the top ten infections we’ve detected in our clients’ network primarily targeting the Education and Health sectors.” The report does not mention specific victims.

The malware has evolved to target the Chrome, Edge, and Firefox browsers while the hackers using it have also exploited search engines to get people to download malicious files with the malware attached, Carbon Black said.

In the most recent incidents, the researchers found the infostealer posing as legitimately signed files, using “a valid certificate to further evade detection” and allow initial access to a victim machine.

Common delivery methods for the malware include “malicious websites, drive-by downloads, and phishing emails,” as well as “malicious ads,” they said.

The researchers shared samples of infected files, including generalized how-to documents as well as more specific files. One example was a copy of the U.S. government’s budget for 2024.

In another instance, Carbon Black saw hackers exploiting a signed Autodesk Create Installer. Autodesk is a popular remote desktop application frequently exploited in past cyberattacks.

The report does not attribute Jupyter to a specific hacking group, but past research by other companies has suggested Russia as a point of origin.

Hackers are constantly evolving their efforts to deliver powerful infostealing malware. Last week, cybersecurity researchers at Bitdefender uncovered a campaign that saw hackers use Facebook ads…

Source…

CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws

/in


Last week, the US Cybersecurity and Infrastructure Security Agency (CISA) announced the launch of the Ransomware Vulnerability Warning Pilot (RVWP) program to “proactively identify information systems that contain security vulnerabilities commonly associated with ransomware attacks.” Once the program identifies vulnerable systems, regional CISA personnel will notify them so they can mitigate the flaws before attackers can cause too much damage. 

CISA says it will seek out affected systems using existing services, data sources, technologies, and authorities, including CISA’s Cyber Hygiene Vulnerability Scanning. CISA initiated the RVWP by notifying 93 organizations identified as running instances of Microsoft Exchange Service with a vulnerability called “ProxyNotShell,” widely exploited by ransomware actors. The agency said this round demonstrated “the effectiveness of this model in enabling timely risk reduction as we further scale the RVWP to additional vulnerabilities and organizations.”

Eric Goldstein, executive assistant director for cybersecurity at CISA, said, “The RVWP will allow CISA to provide timely and actionable information that will directly reduce the prevalence of damaging ransomware incidents affecting American organizations. We encourage every organization to urgently mitigate vulnerabilities identified by this program and adopt strong security measures consistent with the U.S. government’s guidance on StopRansomware.gov.”

The pilot kicked off with ProxyNotShell

Beyond the official announcement, CISA offered few details about the RVWP program. One question is why CISA initiated the program with the ProxyNotShell vulnerability. ProxyNotShell is the latest in a series of flaws exploited by the Chinese state-sponsored hacker Hafnium targeting Microsoft Exchange Servers. In late September, two zero-day flaws (CVE-2022-41040, CVE-2022-41082) became known collectively as ProxyNotShell. Microsoft released patches for ProxyNotShell in November.

“I guarantee you that the most likely reason [CISA started with ProxyNotShell] is because they had some heads up or advanced notice that it was being used,” Andrew Morris, GreyNoise founder and CEO, tells…

Source…

Here’s how to reserve your spot in the airport security line with Clear

/in


Ah, the dreaded airport security line — a place where dreams of early gate arrival are crushed and flights are missed. Even though you may have packed your bag like a pro, checked in early, and downloaded your boarding pass, the security line can still trash your savvy travel prep like that bottle of water you accidentally left in your bag. But there’s a way to avoid the hurt, hack the system, and breeze through like a VIP.

Yes, there are apps for checking wait times so you can budget your time appropriately, including an official one from the Transportation Security Administration. But true travel pros know that the best way to expedite the airport security process is to reserve your spot in line.

SEE ALSO:

The best carry-on luggage for every traveler

And it’s free. Here’s how it works.

How to reserve your spot in the security line

Clear, a travel tech company that uses biometric ID verification to expedite the security process, has a tool called Reserve. Get started by going to https://www.clearme.com/reserve on your computer or mobile and select the airport you’re flying from. How far in advance you can reserve a spot depends on the airport, which can be found on the airport’s website.

Reserve powered by Clear is available in 15 airports in North America and Europe: Calgary, Charleston, Edmonton, Los Angeles, Miami, New York, Newark, Orlando, Phoenix, Seattle, Toronto, Vancouver, Amsterdam, Berlin, and Munich. These cover many of the major travel hubs, but Reserve is planning to roll out in more cities, so don’t worry if none of these are close to you. That will eventually change.

Fill out your flight info

Click on the airport you’re departing from, and you’ll then be directed to a new page where you’ll need to fill out your flight info, including the date of departure, destination, airline, and flight number.

Screen showing form to find your flight info through the Reserve tool


Credit: Clear

Next, select the number of people you’ll be traveling with — up to 10 people.

Then, choose from a list of 15-minute time slots for your reservation. Note: Reserve will hold your spot for 15 minutes before or after your reservation time, so you have some wiggle room if you show up early or you’re running late.

Screen showing travel info through the Reserve tool


Credit: Clear

Fill out your…

Source…