Search This Blog

Showing posts with label Unauthorized Websites. Show all posts

 GALLIUM APT Deployed a New PingPull RAT

According to Palo Alto Networks researchers, the PingPull RAT is a "difficult-to-detect" backdoor that uses the Internet Control Message Protocol (ICMP) for C2 connections. Experts also discovered PingPull variations that communicate with each other using HTTPS and TCP rather than ICMP.

Gallium, a Chinese advanced Trojan horse (APT), has an ancient legacy of cyberespionage on telecommunications companies, dating back to 2012. In 2017, the state-sponsored entity, also called Soft Cell by Cybereason, has been linked to a broader range of attacks aimed at five major Southeast Asian telecom businesses. However, during the last year, the group's victimology has expanded to include financial institutions and government agencies in Afghanistan, Austria, Belgium, Cambodia, Malaysia, Mozambique, the Philippines, Russia, and Vietnam. 

A threat actor can use PingPull, a Visual C++-based virus, to gain access to a reverse shell and run unauthorized commands on a compromised computer. File operations, detailing storage volumes, and timestamping files are all part of it now. 

The researchers explained that "PingPull samples which use ICMP for C2 communications issue ICMP Echo Request (ping) packets to the C2 server." "The C2 server will send commands to the system by responding to these Echo queries with an Echo-Reply packet." 

PingPull variants that use HTTPS and TCP rather than ICMP to interact with its C2 server have been discovered, along with over 170 IP addresses associated with the company since late 2020. Although the threat actor is recognized to exploit internet-exposed programs to acquire an initial foothold and deploy a customized form of the China Chopper web shell to create persistence, it's not obvious how the targeted networks are hacked. 

Throughout Southeast Asia, Europe, and Africa, the GALLIUM trojan continues to pose a serious danger to telecommunications, finance, and government organizations. It is recommended all businesses use the results of researchers to inform the implementation of protective measures to guard against this threat group, which has deployed a new capability called PingPull in favor of its espionage efforts.

Carrier's Industrial Access Control System has Critical Flaws


Carrier's LenelS2 HID Mercury access control system, which is widely used in healthcare, academic, transport, and federal buildings have eight zero-day vulnerabilities.

In a report shared by The Hacker News, Trellix security experts Steve Povolny and Sam Quinn wrote, "The vulnerabilities found to enable us to demonstrate the ability to remotely open and lock doors, manipulate alarms, and degrade logging and notification systems." 

The investigation begins at the hardware level; Researchers were able to change onboard components and connect with the device by using the manufacturer's built-in ports. 

They were able to gain root access to the device's operating system and extract its firmware for virtualization and vulnerability or other exploits using a combination of known and unique techniques. One of the issues (CVE-2022-31481) contains an unauthorized remote execution weakness with a CVSS severity rating of 10 out of 10. The following is the detailed list of flaws: 
  • Unauthenticated command injection vulnerability CVE-2022-31479. 
  • Unauthenticated denial-of-service vulnerability CVE-2022-31480.
  • CVSS 10 rated RCE vulnerability is CVE-2022-31481. 
  • Unauthenticated denial-of-service vulnerability CVE-2022-31482. 
  • An authenticated arbitrary file write vulnerability, CVE-2022-31483. 
  • Unauthenticated user modification vulnerability CVE-2022-31484.
  • Unauthenticated information spoofing vulnerability CVE-2022-31485. 
  • An authenticated command injection vulnerability, CVE-2022-31486 

Carrier has issued an alert in response to the revelation, which includes further details, mitigations, and firmware patches that consumers should apply right now. 

In locations where physical access to privileged facilities is required, LenelS2 is used to connect with more complicated building automation implementations. The following LenelS2 HID Mercury access or unauthorized access panels are affected: 
  • LNL-X2210 
  • LNL-X2220 
  • LNL-X3300 
  • LNL-X4420
  • LNL-4420 
  • S2-LP-1501 
  • S2-LP-1502 
  • S2-LP-2500, as well as 
  • S2-LP-4502 

According to a study conducted by IBM in 2021, the average cost of a physical data breach is 3.54 million dollars, with a detection time of 223 days. 

For companies that rely on access control systems to protect the security and safety of its facilities, the stakes are high. "ICS security presents unique issues," according to the US Cybersecurity and Infrastructure Security Agency (CISA). 

The increasing convergence of information technology (IT) and operational technology (OT) presents chances for exploitation that could result in catastrophic repercussions, including loss of life, economic damage, and disruption of society's National Critical Functions (NCFs)."

Consumers should be aware that while the vulnerabilities revealed recently may appear to have minimal impact created by hackers, critical infrastructure assaults have a significant impact on our everyday lives.

345,000 People are Affected by a Data Breach at ARcare


ARcare announced a data breach after an unauthorized party acquired access to sensitive information stored on the company's computer servers. The names, dates of birth, financial account information, and Social Security numbers of some people were exposed as a result of the incident.

ARcare sent out data breach notices to those whose information was compromised on April 25, 2022. The Arcare breach, according to the US Department of Health and Human Services, affected 345353 people. 

ARcare, a community health clinic in Augusta, Arkansas, offers services such as chronic disease management, behavioral health, and HIV treatment. The healthcare provider discovered the personal information about individuals had been exposed on April 4 and began notifying potentially affected individuals and regulators on April 25. 345,353 people may have been infected, according to the US Department of Health and Human Services (HSS). 

ARcare learnt about a data security incident affecting its software system on February 24, 2022, according to an official document filed by the business. As a result, the corporation took steps to secure its computer systems and initiated an inquiry to discover more about the incident's origin and scale. 

The data breach alert states, "ARcare is examining and updating existing policies and procedures relevant to data protection and security.ARcare is also looking into additional security measures to minimize any risk related to this incident and to better prevent future instances."

ARcare confirmed on March 14, 2022, how an unauthorized entity had gained access to and perhaps removed sensitive data from the ARcare network. Between January 18, 2022, and February 24, 2022, an unauthorized entity got access to the system.

Spam with an SMS Group Offering Freebies in Return for Direct Debit

Unsolicited and unwanted messages which are referred to as spam, are rarely sent from another phone. They often originate on a computer and are delivered to your phone via email or instant messaging. Scammers can transmit them cheaply and easily since they are sent over the internet. Robotexts are a sort of spam text; however, because they are simpler to ignore than robocalls, they are less intrusive. 

Spam texts and robotexts are frequently the beginning of a scam in which the sender hopes to collect personal information about the user to utilize it for fraudulent purposes. These texts put you in danger of identity theft and raise the chances of you installing malware onto your phone unintentionally. 

Spam text messages are often not scams, although they are sometimes. Scammers will deploy a variety of content to deceive you which includes luring keywords like "You've won a prize, a gift card, or a voucher", which you must use, or "You've been offered a credit card with a low or no interest rate". You must take action because there is an issue with your payment information. There's a delivery package notification  potentially requesting you to reschedule a delivery slot or pay a delivery fee to obtain it. If you weren't the one who made the purchase or transaction, you'll be alerted and asked to respond.
  • Remember any reputable organizations will not approach you out of the blue by text message and ask you to reveal personal or financial information. 
  • There are grammatical and spelling mistakes. In client correspondence, legitimate businesses rarely make obvious spelling or grammatical problems. 
  • Is the message of any interest to you? Did you order or expect anything, for example, if it alerts you about a parcel delivery? Did you enter a competition if it informs you about a prize? Is it a gift card from a store where one previously purchased something? 
Why do People continue receiving spam texts, they may utilize technologies to generate numbers automatically, so you may obtain both robocalls and robotexts even if you have a different phone number. Users' data is sold on social networking sites as prominent and well-known social networking sites watch your online behavior and sell such data for advertising. What can one do if they receive a spam text message, don't respond, avoid clicking on any links, and don't give out any personal details. Furthermore, directly go to the company's website and report the scammer. 

One important question that needs to be addressed is: What steps can be taken to protect yourself against spam texts? In order to avoid being scammed via spam texts, users are advised to only give out their personal cell phone number if it is really necessary. Online forms frequently ask for phone numbers, however, users must bear in mind that the information they provide could end up on marketing lists or databases. To help decrease the number of unwanted messages and calls, do not give out your phone number unless it is absolutely necessary, besides, do not make your cell phone number available to the public. For example, avoid putting your mobile phone number on your Facebook, Twitter, or other social media pages. Additionally, keep a close check on your phone bill which includes examining your phone bill regularly. 

Users must note that if they are unsure, they should check the provider's website to see if they are offering freebies in exchange for payment. Although it is more than likely they aren't, it is still preferable to click any of them to find out.

WhatsApp’s Bug Leaves Private Chats Compromised?

Security researchers allegedly dug up some bug which apparently lets hackers access private chats and impacts user security heavily.

Per sources, WhatsApp immediately shunned the reports and hinted that it was absolutely preposterous to even think that WhatsApp would harm its users in such a way.

The people behind the massively successful messaging application are always keen on advising users on updating and following every security measure.

iOS users are especially advised to be cautious of this bug specifically when they’re surfing unknown websites. They are suggested to securely click on websites.

Users per usual are strongly advised to update their devices to the latest, download anti-virus apps and software and keep the security on high alert.

Per the source reports, allegedly, the hacked messages from the WhatsApp chats are floated on other servers.

Users should steer clear of unauthorized websites for the sake of their safety.