HTTP Status Codes Command This Malware How to Control Hacked Systems

A new version of COMpfun remote access trojan (RAT) has been discovered in the wild that uses HTTP status codes to control compromised systems targeted in a recent campaign against diplomatic entities in Europe.

The cyberespionage malware—traced to Turla APT with "medium-to-low level of confidence" based on the history of compromised victims—spread via an initial dropper that masks itself as a visa application, the Global Research and Analysis Team at Kaspersky discovered.

The Turla APT, a Russian-based threat group, has a long history of carrying out espionage and watering hole attacks spanning various sectors, including governments, embassies, military, education, research, and pharmaceutical companies.

First documented by G-Data in 2014, COMpfun received a significant upgrade last year (called "Reductor") after Kaspersky found that the malware was used to spy on a victim's browser activity by staging man-in-the-middle (MitM) attacks on encrypted web traffic via a tweak in the browser's random numbers generator (PRNG).

👉🏼 Read more:
https://thehackernews.com/2020/05/malware-http-codes.html

https://securelist.com/compfun-http-status-based-trojan/96874/

#cyberespionage #malware #http #hacked
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Attack against supercomputers

More than 10 high-performance data centers were hacked, including the one in the city of Garching (Germany). They are used for research on Covid-19 therapies, but those affected suspect other motives behind the attacks.

Dieter Kranzlmüller cannot explain what the hacker wanted. "Someone broke in and manipulated the system. But we don't know exactly what he did," says the head of the Leibniz computer centre in Garching near Munich. The high-performance computer SuperMUC-NG is located there. Kranzlmüller's team had to take it off the Internet this week after a hacker had gained access to the system. The Cybercrime Department of the Bavarian State Office of Criminal Investigation is investigating.

The case has shaken the research community, which depends on the expensive machines for its investigations. They are scattered internationally, but can no longer access the computers online. According to Kranzlmüller, in addition to Garching, more than ten high-performance computer centres in different countries are affected, including those in Freiburg, Stuttgart and Jülich. A "serious problem right across the academic community", is what those responsible for the super computer Archer in Edinburgh call it.

Read more 🇩🇪:
https://www.computerbase.de/2020-05/sicherheitsprobleme-europaeische-rechenzentren-supercomputer/

https://www.sueddeutsche.de/digital/supercomputer-hacker-garching-corona-1.4909397

#attack #hacker #hacked #supercumputers #datacenter #research
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Hackers who stole files from a law firm to stars like Lady Gaga and Drake doubled their ransom to $42 million and threatened to release 'dirty laundry' on Trump

Grubman, Shire, Meiselas and Sacks was recently the target of a hack by a group called REvil, which is attempting to random the information.

One of the top entertainment law firms in the US — Grubman, Shire, Meiselas and Sacks — was recently the target of a ransomware attack.

REvil, the group behind the attack, on Thursday doubled their ransom to $42 million, Page Six reported.
They also threatened to release "dirty laundry" on President Donald Trump if the amount wasn't paid.
They did not elaborate on what the material might be. Sources told Page Six that Trump had never been a client of the firm.

A hacker group that stole 756 gigabytes of data from one of top US entertainment law firms has doubled their ransom to $42 million, and threatened to release "dirty laundry" on President Donald Trump if the money is not paid.

👉🏼 Weiter auf:
https://www.businessinsider.fr/us/revil-hackers-threaten-trump-dirty-laundry-taken-from-law-firm-2020-5

#hacker #hacked #ransom #LadyGaga #drake #trump
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Average American had personal data stolen at least 4 times last year, report says

Over the past decade or so you’ve probably noticed the increasing frequency of major data breaches around the world. There have been at least 200 documented data breaches since 2005, and the number of records exposed is only on the rise as more folks move their lives online. With more people transitioning facets of their lives online in the context of the “stay home” orders of the 2020 pandemic, these numbers of are sure to climb even higher in years to come.

It’s impossible to know the impact and extent to which data breaches are occurring as many almost certainly go unreported. Here are some of the data breaches we analyzed in our research:

👉🏼 Read more:
https://www.interest.com/personal-finance/the-average-american-had-personal-information-stolen-at-least-4-times-in-2019/

https://en.wikipedia.org/wiki/List_of_data_breaches

https://www.statista.com/statistics/273550/data-breaches-recorded-in-the-united-states-by-number-of-breaches-and-records-exposed/

https://theweek.com/articles/730439/have-almost-certainly-been-hacked

#USA #hacked #breach #leak
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

The entire database is being sold for $30,000 on a hacker forum.

Last month a hacker was selling 267 million Facebook user data on a dark web marketplace. Now, a hacker or call them a threat actor is claiming to have access to a database with 500 million Facebook user data from 82 countries.

What’s worse is that the data is currently being sold on an infamous hacking forum, Hackread.com has learned.

As seen on the forum, the hacker has been offering the treasure trove of data since May 15th, 2020 and includes personal information such as,

Names
Gender
location
City name
Surnames
Actual job
Marital status
Mobile number
Email addresses
Facebook profile links

Furthermore, the hacker has divided the price of the data into three parts, for instance, $1500 per million, $450 per 100,000, and $30,000 for 500 million for the entire database. The listing also states that the information in the database was stolen between November 2019 to May 2020.

👉🏼 Read more:
https://www.hackread.com/hacker-selling-500-million-facebook-user-data/

https://www.hackread.com/hacker-forum-sell-267-million-facebook-records/

#hacker #hacked #breach #facebook #DeleteFacebook
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

The A1 Telekom Austria Hack - they came in through the web shells

On the 3rd of February 2020 I received an encrypted email on 3 of my email addresses from a person calling themself "Libertas" with the subject "Information for the public".

"I am writing to you today because you seem to be a IT security related guy from Austria with a brain. I hope this assumption is correct, otherwise please disregard this message.

I am writing concerning your local telecom company A1 Telekom. -Libertas"

At first I thought it's some conspiracy theorist who wants to publish something on my blog (they always do) but it was not one of these cases and I wasn't prepared to what they presented me.

Disclaimer:

After confirming the hack with A1 I was asked to postpone the publishing of this post until A1 has kicked the attackers out. I complied with their request so I wouldn't interfere with the ongoing investigation. Since I did not publish this post for months the whistleblower also contacted a journalist from Heise.de and we agreed to release our articles at the same time.

Since I have no way of checking the validity of individual statements made by the whistleblower, they could all be fabricated. I find them very plausible and many details of the email were confirmed by A1 but keep it in the back of your head that the statements of "Libertas" might be untrue or half-true until confirmed by A1 Telekom. Since I had the opportunity to talk to people from A1 I will add their statements in blue.

👉🏼 Read more:
https://blog.haschek.at/2020/the-a1-telekom-hack.html

👉🏼 Read more 🇩🇪:
https://www.golem.de/news/oesterreich-hackerangriff-bei-a1-telekom-2006-148984.html

#austria #telekom #hack #hacked #Libertas
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Anonymous Hackers Target TikTok: ‘Delete This Chinese Spyware Now’

“Delete TikTok now,” the account tweeted today, July 1, “if you know someone that is using it, explain to them that it is essentially malware operated by the Chinese government running a massive spying operation.”

https://twitter.com/YourAnonCentral/status/1278204068175818752?s=20

https://www.forbes.com/sites/zakdoffman/2020/07/01/anonymous-targets-tiktok-delete-this-chinese-spyware-now/

#anonymous #hacked #TikTok #DeleteTikTok
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

Hacker breaches security firm in act of revenge

Hacker claims to have stolen more than 8,200 databases from a security firm's data leak monitoring service.

A hacker claims to have breached the backend servers belonging to a US cyber-security firm and stolen information from the company's "data leak detection" service.

The hacker says the stolen data includes more than 8,200 databases containing the information of billions of users that leaked from other companies during past security breaches.

The databases have been collected inside DataViper, a data leak monitoring service managed by Vinny Troia, the security researcher behind Night Lion Security, a US-based cyber-security firm.

👀 👉🏼 https://www.zdnet.com/article/hacker-breaches-security-firm-in-act-of-revenge/

👀 👉🏼 https://gist.github.com/campuscodi/226b0758e08592df2e5d898979d1da17

#DataViper #leak #breach #hacked
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Massive Bitcoin fraud wave rolls over Twitter

Do not send Bitcoins! They will certainly not be doubled.

Prominent Twitter accounts such as those of Bill Gates, Elon Musk, Jeff Bezos, Joe Biden, Apple and Uber currently promise to double Bitcoins sent to certain wallets. Numerous crypto currency exchanges also tweet similar "invitations". Some refer to an alleged "Crypto for Health" campaign.

This is a large-scale fraud attempt. The most likely scenario at present is a security hole in Twitter, which allows the perpetrators to access numerous, perhaps even all, Twitter accounts. Therefore, it cannot be ruled out that the perpetrators will send less conspicuous tweets to any Twitter account. Now, special caution is required when interpreting tweets.

👉🏼 👀 🇬🇧 https://www.coindesk.com/hackers-take-over-prominent-crypto-twitter-accounts-in-simultaneous-attack

https://twitter.com/TwitterSupport/status/1283518038445223936

👀 👉🏼 🇩🇪 https://www.heise.de/news/Massive-Bitcoin-Betrugswelle-ueberrollt-Twitter-4844911.html

#twitter #fraud #bitcoin #hacked
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Hackers Convinced Twitter Employee to Help Them Hijack Accounts

After a wave of account takeovers, screenshots of an internal Twitter user administration tool are being shared in the hacking underground.

A Twitter insider was responsible for a wave of high profile account takeovers on Wednesday, according to leaked screenshots obtained by Motherboard and two sources who took over accounts.

On Wednesday, a spike of high profile accounts including those of Joe Biden, Elon Musk, Bill Gates, Barack Obama, Uber, and Apple tweeted cryptocurrency scams in an apparent hack.

"We used a rep that literally done all the work for us," one of the sources told Motherboard. The second source added they paid the Twitter insider. Motherboard granted the sources anonymity to speak candidly about a security incident. A Twitter spokesperson told Motherboard that the company is still investigating whether the employee hijacked the accounts themselves or gave hackers access to the tool.

The accounts were taken over using an internal tool at Twitter, according to the sources, as well as screenshots of the tool obtained by Motherboard. One of the screenshots shows the panel and the account of Binance; Binance is one of the accounts that hackers took over today. According to screenshots seen by Motherboard, at least some of the accounts appear to have been compromised by changing the email address associated with them using the tool.

👀 👉🏼 https://www.vice.com/en_us/article/jgxd3d/twitter-insider-access-panel-account-hacks-biden-uber-bezos

#twitter #fraud #bitcoin #hacked #insider
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag