linked

now browsing by tag

 
 

New #macOS #Backdoor #Linked to #Cyber-espionage #Group

A recently discovered macOS backdoor is believed to be a new version of malware previously associated with the OceanLotus cyber-espionage group, Trend Micro says.

Also known as APT 32, APT-C-00, SeaLotus, and Cobalt Kitty, OceanLotus is believed to be operating out of Vietnam and has been targeting high-profile corporate and government organizations in Southeast Asia. Well-resourced and determined, the group uses custom-built malware and already established techniques.

Some of the group’s targets include human rights organizations, media organizations, research institutes, and maritime construction firms.

The newly discovered macOS backdoor, which Trend Micro detects as OSX_OCEANLOTUS.D, has been observed on machines that have the Perl programming language installed.

The malware is being distributed via malicious documents attached to emails. The document masquerades as the registration form for an event with HDMC, an organization in Vietnam that advertises national independence and democracy.

The document contains malicious, obfuscated macros with a payload written in Perl. The macro extracts an XML file from the Word document. This file is an executable acting as the dropper for the final payload, which is the backdoor.

The dropper, which has all of its strings encrypted using a hardcoded RSA256 key, is also used to establish the backdoor’s persistence on the infected systems. The dropper checks whether it runs as root or not, and uses different path and filename based on that.

The dropper sets the backdoor’s attributes to “hidden” and uses random values for the file date and time, and deletes itself at the end of the process.

The backdoor has two main functions, which collect platform information and sending it to the command and control (C&C) server. It can also receive additional C&C communication information, which is encrypted before being sent.

“Malicious attacks targeting Mac devices are not as common as its counterparts, but the discovery of this new macOS backdoor that is presumably distributed via phishing email calls for every user to adopt best practices for phishing attacks regardless of operating system,” Trend Micro concludes.

advertisement:

The post New #macOS #Backdoor #Linked to #Cyber-espionage #Group appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Public #sector executive #pay should be #linked to #cybersecurity

Source: National Cyber Security News

Cybersecurity is constantly in the headlines for all the wrong reasons.

Earlier this month, we heard that all 200 UK NHS Trusts that have been assessed so far failed to meet the standards of the government-backed Cyber Essentials Plus scheme. Some of them even failed on patching, which was the vulnerability that led to the WannaCry ransomware attack. They clearly haven’t learned the lessons from an event which caused massive disruption across the health service, with operations postponed and appointments cancelled.

You would think that, if public sector organisations can’t even manage basic security hygiene such as patching, there would be consequences for those running them. However, while the forthcoming GDPR is bringing in new requirements for the protection of personal data, the large fines (€20m or 4% of global revenue) for a privacy breach will apply to the organisations concerned and will not affect their leaders.

After the TalkTalk cyberattack, its then chief executive Dido Harding may have had her cash bonus halved, from £432,000 to £220,000, but she was still paid a total of £2.81M in 2015, despite the personal and financial details of tens of thousands of customers disappearing into the ether.

Read More….

advertisement:

View full post on National Cyber Security Ventures

The CCleaner Attack Linked to State-sponsored Chinese Hackers

Source: National Cyber Security – Produced By Gregory Evans

Security researchers revealed that the CCleaner chain attack, which resulted in millions of users downloading a backdoored version of the CCleaner PC software utility, was linked to state-sponsored Chinese hackers. The attack started in July with compromising a CCleaner server, which let attackers inject backdoor code in two versions of…

The post The CCleaner Attack Linked to State-sponsored Chinese Hackers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Online dating apps including Tinder and Grindr linked to the rapidly increasing cases of STIs in Australia

STI levels are rising rapidly across Australia, and health experts are pointing the blame at dating apps like Tinder and Grindr. Chlamydia is currently the most widespread sexually transmitted infection, with 80,000 cases diagnosed a year in Australia – but gonorrhoea levels has doubled and even tripled in some regions. ‘For some people the fun is increased by taking sexual risks with people they meet on dating apps,’ Associate Professor David Whiley at the University of Queensland’s Centre for Clinical Research, told 9 News. Read More….

The post Online dating apps including Tinder and Grindr linked to the rapidly increasing cases of STIs in Australia appeared first on Dating Scams 101.

View full post on Dating Scams 101

Swift network bank thefts ‘linked’ to Sony Pictures hack

3600

Source: National Cyber Security – Produced By Gregory Evans

Security researchers Symantec have found clues in the malware used to hack into international financial messaging network Swift, which suggest a link to the Sony Pictures hack in 2014. At least three banks have reported financial attacks based on the Swift hack. In February, Bangladesh’s central bank lost $81m (£55m) after fraudulent messages were sent […]

The post Swift network bank thefts ‘linked’ to Sony Pictures hack appeared first on National Cyber Security.

View full post on National Cyber Security

Linked Hackers Post US Government Employee ‘Hit List’

Source: National Cyber Security – Produced By Gregory Evans

Among the individuals whose names appeared on the list were those with ties to the the State Department, the Department of Homeland Security and the departments of Defense, Energy, Commerce and Health and Services, Vocativ reported. The list also targets US embassies in Santiago and Kathmandu, plus the Department of the Navy in Mississippi. A […] The post Linked Hackers Post US Government Employee ‘Hit List’ appeared first on AmIHackerProof.com. View full post on AmIHackerProof.com | Can You Be Hacked?

The post Linked Hackers Post US Government Employee ‘Hit List’ appeared first on National Cyber Security.

View full post on National Cyber Security

Chipotle Restaurants Linked to Food Poisonings

Chipotle Mexican Grill, one of the most popular restaurant chains with teens, is under fire after its locations have been linked to food poisonings. More than 50 people in nine states have contracted E. coli from the restaurants. E. coli is a bacterium that can cause severe stomach pain, diarrhea, and vomiting. In Boston, more than 100 college students were sickened by norovirus, an easily transmitted virus that causes nausea and vomiting. These food-borne illnesses have landed some people in the hospital, but have caused no deaths so far.

View full post on THW | In the News