Tag: cybersecurity awareness

DOJ Slams XCast with $10 Million Fine Over Massive Illegal Robocall Operation
News

DOJ Slams XCast with $10 Million Fine Over Massive Illegal Robocall Operation

The VoIP service provider XCast was accused by the U.S. Department of Justice (DoJ) of facilitating unlawful telemarketing activities from at least January 2018, in violation of the Telemarketing Sales Rule (TSR). The DoJ and XCast announced a settlement on Tuesday. The stated order forbids the corporation from breaking the law and imposes additional compliance requirements on it, such as creating a procedure for consumer screening and reporting any suspected illegal telemarketing. Because XCast is unable to pay, the order, which also carries a $10 million civil penalty judgment, has been suspended. "XCast provided VoIP services that transmitted billions of illegal robocalls to American consumers, including scam calls fraudulently claiming to be from government agencies read more DO...
Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset
News

Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset

Malware that steals information is currently using MultiLogin, an undocumented Google OAuth API, to take over user sessions and grant persistent access to Google services even after a password reset. As per CloudSEK, the crucial vulnerability enables threat actors to sustain access to a legitimate session in an unauthorized way by facilitating cookie formation and session persistence. On October 20, 2023, a threat actor going by the handle PRISMA initially disclosed the method on their Telegram channel. Since then, it has been included in several malware-as-a-service (MaaS) stealer families, including RisePro, Lumma, Rhadamanthys, Stealc, Meduza, and Whitesnake. When users sign in to their accounts in the Chrome web browser, the MultiLogin authentication endpoint is primarily int...
Beware: Scam-as-a-Service Aiding Cybercriminals in Crypto Wallet-Draining Attacks
News

Beware: Scam-as-a-Service Aiding Cybercriminals in Crypto Wallet-Draining Attacks

Researchers studying cybersecurity are alerting people to a rise in phishing scams that have the potential to empty bitcoin wallets. Researchers at Check Point Oded Vanunu, Dikla Barda, and Roman Zaikin said, "These threats are unique in their approach, targeting a wide range of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and almost 20 other networks by using a crypto wallet-draining technique." The infamous phishing group Angel Drainer, which promotes a "scam-as-a-service" offering and charges a percentage of the stolen money—typically 20% or 30%—from its partners in exchange for wallet-draining scripts and other services read more Scam as a Service Aiding Cybercriminals in Crypto Wallet Draining Attacks. Get up to date on the latest cyberse...
New JinxLoader Targeting Users with Formbook and XLoader Malware
News

New JinxLoader Targeting Users with Formbook and XLoader Malware

Threat actors are utilizing JinxLoader, a new Go-based malware loader, to distribute next-stage payloads like Formbook and its XLoader replacement. The information was released by cybersecurity companies Symantec and Palo Alto Networks Unit 42, who both outlined multi-phase assault sequences that culminated in the phishing attack that launched JinxLoader. "The malware pays homage to League of Legends character Jinx, featuring the character on its ad poster and [command-and-control] login panel," Symantec said. "JinxLoader's primary function is straightforward – loading malware." The malware service was first marketed on hackforums[.]net on April 30, 2023, for $60 a month, $120 a year, or a lifetime cost of $200 read more New JinxLoader Targeting Users with Formbook and XLoader Ma...
New Rugmi Malware Loader Surges with Hundreds of Daily Detections
News

New Rugmi Malware Loader Surges with Hundreds of Daily Detections

Threat actors are distributing a variety of information stealers, including Vidar, Lumma Stealer (also known as LummaC2), RecordBreaker (also known as Raccoon Stealer V2), and Rescoms, through a new malware loader. The malware is being tracked by cybersecurity company ESET and is known as Win/TrojanDownloader.Rugmi. "This malware is a loader with three types of components: a downloader that downloads an encrypted payload, a loader that runs the payload from internal resources, and another loader that runs the payload from an external file on the disk," the business stated in its Threat Report H2 2023. According to the company's telemetry data, the number of Rugmi loader detections increased dramatically read more New Rugmi Malware Loader Surges with Hundreds of Daily Detections. ...
Microsoft seizes domains used to sell fraudulent Outlook accounts
News

Microsoft seizes domains used to sell fraudulent Outlook accounts

A cybercrime group from Vietnam (Storm-1152) registered over 750 million fraudulent accounts and made millions of dollars selling them online to other cybercriminals. Microsoft's Digital Crimes Unit was able to seize multiple domains used by this group. Leading supplier of fake Outlook accounts and other illicit "products," such as an automated CAPTCHA-solving service to get around Microsoft's CAPTCHA challenges and create more phony Microsoft email accounts, is Storm-1152. It is also a prominent provider of cybercrime-as-a-service. Storm-1152 is the operator of illegitimate websites and social media pages that offer tools to get around identity verification software on popular tech platforms read more Microsoft seizes domains used to sell fraudulent Outlook accounts. Get up to d...
Design Flaw in Google Workspace Could Let Attackers Gain Unauthorized Access
News

Design Flaw in Google Workspace Could Let Attackers Gain Unauthorized Access

A "severe design flaw" in Google Workspace's domain-wide delegation (DWD) feature has been identified by cybersecurity researchers. This flaw could be used by threat actors to facilitate privilege escalation and gain unauthorized access to Workspace APIs without the need for super admin privileges. In a technical report shared with The Hacker News, cybersecurity firm Hunters stated that "such exploitation could result in theft of emails from Gmail, data exfiltration from Google Drive, or other unauthorized actions within Google Workspace APIs on all of the identities in the target domain." The design flaw, which is still active today, has been given the codename DeleFriend because it allows users to modify delegations that are already in place in Google Workspace read more Design Fl...
WhatsApp Introduces New Privacy Feature to Protect IP Address in Calls
News

WhatsApp Introduces New Privacy Feature to Protect IP Address in Calls

The messaging app WhatsApp, which is owned by Meta, is formally launching a new privacy feature dubbed "Protect IP Address in Calls" that hides users' IP addresses from other parties by routing calls via its servers. "WhatsApp cannot listen to your calls, even if they are relayed through WhatsApp servers, because calls are end-to-end encrypted," the business stated in a statement obtained by The Hacker News. The main goal is to safeguard the connection by using WhatsApp servers to make it more difficult for malicious parties to determine the location of the user during a call. Call quality will somewhat decline as a trade-off when the privacy option is enabled read more WhatsApp Introduces New Privacy Feature to Protect IP Address in Calls. Get up to date on the latest cybersecur...
CanesSpy Spyware Discovered in Modified WhatsApp Versions
News

CanesSpy Spyware Discovered in Modified WhatsApp Versions

Researchers studying cybersecurity have discovered several Android WhatsApp modifications that have the CanesSpy spyware module installed. Modified versions of the messaging program have been seen spreading through dubious websites that advertise such software, as well as Telegram groups with a large Arabic and Azerbaijani user base—among them, two million people. Dmitry Kalinin, a security researcher at Kaspersky, stated that "the trojanized client manifest contains suspicious components (a service and a broadcast receiver) that cannot be found in the original WhatsApp client." In particular, the additional changes are meant to trigger the spyware module whenever the phone is turned on or begins to charge read more CanesSpy Spyware Discovered in Modified WhatsApp Versions. Ge...
Google Play Store Highlights ‘Independent Security Review’ Badge for VPN Apps
News

Google Play Store Highlights ‘Independent Security Review’ Badge for VPN Apps

Google is launching a new banner to draw attention to the "Independent security review" label for Android VPN apps that have passed a Mobile Application Security Assessment (MASA) audit in the Play Store's Data safety section. According to Nataliya Stanetsky of the Android Security and Privacy Team, "We've launched this banner beginning with VPN apps due to the sensitive and significant amount of user data these apps handle." A global security standard like the Mobile Application Security Verification Standard (MASVS) can be independently used by developers to validate their apps through MASA, giving users more information and empowering them to make educated read more Google Play Store Highlights Independent Security Review Badge for VPN Apps. Get up to date on the latest cybers...