Tag: reconbee

Frontier Communications shuts down systems after cyberattack
News

Frontier Communications shuts down systems after cyberattack

Following a recent intrusion by a cybercrime gang that compromised parts of its IT systems, American telecom company Frontier Communications is currently working to restore service. Frontier is a top U.S. communications company that serves millions of customers and businesses in 25 states with gigabit Internet speeds via a fiber-optic network. In order to stop the threat actors from moving laterally via the network, the organization was obliged to partially shut down some systems after learning about the incident, which also caused significant operational disruptions. Frontier claims that PII data was still accessible to the attackers, although it could not specify if the data belonged to clients, staff members, or both. Frontier Communications Parent, Inc. disclosed in a fili...
OfflRouter Malware Evades Detection in Ukraine for Almost a Decade
News

OfflRouter Malware Evades Detection in Ukraine for Almost a Decade

A malware known as OfflRouter has persisted in infecting certain government networks in Ukraine since 2015. Based on an examination of more than 100 private documents infected with the VBA macro virus and published to the VirusTotal malware scanning portal since 2018, Cisco Talos revealed its conclusions. Since 2022, almost 20 of these documents have been uploaded. VBA code to drop and launch an executable called "ctrlpanel.exe" was found in the papers, according to security researcher Vanja Svajcer. The virus is still causing potentially sensitive papers to be uploaded to document repositories that are open to the public in Ukraine. One remarkable feature of OfflRouter is that it cannot be distributed over email; instead, it must be distributed through other channels, like docum...
FIN7 Cybercrime Group Targeting U.S. Auto Industry with Carbanak Backdoor
News

FIN7 Cybercrime Group Targeting U.S. Auto Industry with Carbanak Backdoor

Anunak, also known as Carbanak, is a known backdoor that was delivered in a spear-phishing effort directed towards the U.S. automotive industry by the notorious cybercrime group known as FIN7. The BlackBerry research and intelligence team revealed in a recent article that "FIN7 identified employees at the company who worked in the IT department and had higher levels of administrative rights." Living off the land binaries, scripts, and libraries (LOLBAS) were utilized to launch their well-known Anunak backdoor under the guise of a free IP scanning utility and establish an early foothold. Since 2012, FIN7—also known as Carbon Spider, Elbrus, Gold Niagara, ITG14, and Sangria Tempest—has established itself as a well-known, financially motivated cybercrime organization that has succes...
Hackers Target Middle East Governments with Evasive “CR4T” Backdoor
News

Hackers Target Middle East Governments with Evasive “CR4T” Backdoor

Middle Eastern governments have been singled out in an as-yet-undisclosed campaign to introduce a new backdoor known as CR4T. The activity was found in February 2024, according to Russian cybersecurity outfit Kaspersky, though there is evidence that suggest it may have been going on for at least a year earlier. DuneQuixote is the codename for the campaign. According to Kaspersky, the campaign's organizers employed realistic and well-thought-out evasion techniques in both network communications and the malware code to stop the gathering and analysis of its implants. The assault begins with a dropper, which may be found in two varieties: a standard dropper that can be used as an executable or DLL file, or it can be a corrupted installer file for Total Commander read more Hackers Ta...
Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware
News

Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware

Threat actors are using unpatched Atlassian servers as a means of distributing the Linux version of the Cerber ransomware, also known as C3RB3R. The attacks take use of a significant security flaw in the Atlassian Confluence Data Center and Server known as CVE-2023-22518 (CVSS score: 9.1), which enables an unauthorized attacker to reset Confluence and create an administrator account. With this access, a threat actor could gain complete control over the compromised systems, resulting in the loss of availability, confidentiality, and integrity. Financially driven cybercrime gangs have been seen misusing the newly formed admin account to install the Effluence web shell plugin and permit the execution of arbitrary commands on the host read more Critical Atlassian Flaw Exploited to De...
Russian APT Deploys New ‘Kapeka’ Backdoor in Eastern European Attacks
News

Russian APT Deploys New ‘Kapeka’ Backdoor in Eastern European Attacks

From at least mid-2022, a hitherto unreported "flexible" backdoor known as Kapeka has been "sporadically" seen in cyberattacks directed towards Eastern Europe, particularly Estonia and Ukraine. The malware was related to the Russia-affiliated advanced persistent threat (APT) organization identified as Sandworm (also known as APT44 or Seashell Blizzard), according to research by Finnish cybersecurity company WithSecure. The same malware is being monitored by Microsoft under the handle KnuckleTouch. According to security expert Mohammad Kazem Hassan Nejad, "the malware […] is a flexible backdoor with all the necessary functionalities to serve as an early-stage toolkit for its operators and also to provide long-term access to the victim estate." A dropper built into Kapeka is intend...
Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor
News

Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor

A fresh Google malvertising effort is using a collection of domains that seem like authentic IP scanner software to spread a backdoor called MadMxShell that was not previously disclosed. According to Zscaler ThreatLabz researchers Roy Tay and Sudeep Singh, the threat actor used a typosquatting technique to register multiple look-alike domains. Then, he used Google Ads to push these domains to the top of search engine results that targeted specific search keywords, luring victims to visit these sites. Between November 2023 and March 2024, up to 45 domains are said to have been registered. These websites impersonate port scanning and IT management programs, including Advanced IP Scanner, Angry IP Scanner, IP scanner PRTG, and ManageEngine. Threat actors have long relied on copycat ...
Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack
News

Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack

Users are being notified by the developers of the PuTTY Secure Shell (SSH) and Telnet client about a serious flaw that affects versions 0.68 through 0.80 and has the potential to be used to fully recover NIST P-521 (ecdsa-sha2-nistp521) private keys. The vulnerability has been given the CVE designation CVE-2024-31497, and researchers Fabian Bäumer and Marcus Brinkmann of the Ruhr University Bochum are credited with making the discovery. The vulnerability has the effect of compromising the private key, according to an alert from the PuTTY project. With just a few dozen signed communications and the public key, an attacker can obtain enough information to obtain the private key and then fabricate signatures appearing to be from you, giving them the ability to, for example, access a...
Cerebral to pay $7 million settlement in Facebook pixel data leak case
News

Cerebral to pay $7 million settlement in Facebook pixel data leak case

The telehealth company Cerebral and the U.S. Federal Trade Commission have struck a settlement in which Cerebral will pay $7,000,000 to resolve charges that it mishandled patients' private health information. Online treatment and medication management for a range of mental health issues, such as anxiety, depression, ADHD, bipolar disorder, and substance misuse, are offered by Cerebral, a remote telehealth company. The corporation notified 3.2 million users of its websites, applications, and services in March 2023 of a data breach, stating that the use of tracking pixels on its platform had resulted in the exposure of their personal data. According to the FTC's lawsuit, Cerebral and its former CEO, Kyle Robertson, violated the company's cancellation policy and disclosed customers'...