Warning !! Hackers Launching Fully Equipped Android RAT via WhatsApp & SMS to Spy Your Android

Warning !! Hackers Launching Fully Equipped Android RAT via WhatsApp & SMS to Spy Your Android

Researchers discovered a fully equipped Android RAT called “BRATA” that exclusively attacking the Android users in Brazil and launching via different sources including WhatsApp, SMS, and sponsor links in Google Search. Attackers spreading this BRATA Android RAT since January 2019, initially hosted in Google play store and, some of the other 3rd party app stores. […]

The post Warning !! Hackers Launching Fully Equipped Android RAT via WhatsApp & SMS to Spy Your Android appeared first on GBHackers On Security.

Source: GBHackers
Warning !! Hackers Launching Fully Equipped Android RAT via WhatsApp & SMS to Spy Your Android

Russian Police Busted the TipTop Hacker Group that Hacked More than 800,000 Smartphones Using Malware

TipTop hacker group

TipTop hacker group know for attacking customers of Russian banks, detained by Russian authorities. The group hacked more than 800,000 smartphones. The group was named as TipTop because their main goal is to premium clients of large Russian banks. TipTop hacker group found to be active since 2015, and they approximately steal $1500 to $10500 […]

The post Russian Police Busted the TipTop Hacker Group that Hacked More than 800,000 Smartphones Using Malware appeared first on GBHackers On Security.

Source: GBHackers
Russian Police Busted the TipTop Hacker Group that Hacked More than 800,000 Smartphones Using Malware

Ransomware Attack Response and Mitigation Checklist

Ransomware is one of the fast-growing threat in the worldwide and its considered as a leader of Global cyberattack in recent days which cause some dangerous issues and loss in many organizations and individuals. Here is the Ransomware response Checklist for Attack Response and Mitigation. The ransomware is a turnkey business for some criminals, and victims still […]

The post Ransomware Attack Response and Mitigation Checklist appeared first on GBHackers On Security.

Source: GBHackers
Ransomware Attack Response and Mitigation Checklist

Friday Squid Blogging: Why Mexican Jumbo Squid Populations Have Declined

A group of scientists conclude that it’s shifting weather patterns and ocean conditions.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Source: Schneier
Friday Squid Blogging: Why Mexican Jumbo Squid Populations Have Declined

Foxit PDF Software Company Suffers Data Breach—Asks Users to Reset Password

If you have an online account with Foxit Software, you need to reset your account password immediately—as an unknown attacker has compromised your personal data and log-in credentials.

Foxit Software, a company known for its popular lightweight Foxit PDF Reader and PhantomPDF applications being used by over 525 million users, today announced a data breach exposing the personal information of
Source: HN
Foxit PDF Software Company Suffers Data Breach—Asks Users to Reset Password

Phishers are Angling for Your Cloud Providers

Many companies are now outsourcing their marketing efforts to cloud-based Customer Relationship Management (CRM) providers. But when accounts at those CRM providers get hacked or phished, the results can be damaging for both the client’s brand and their customers. Here’s a look at a recent CRM-based phishing campaign that targeted customers of Fortune 500 construction equipment vendor United Rentals.

Stamford, Ct.-based United Rentals [NYSE:URI] is the world’s largest equipment rental company, with some 18,000 employees and earnings of approximately $4 billion in 2018. On August 21, multiple United Rental customers reported receiving invoice emails with booby-trapped links that led to a malware download for anyone who clicked.

While phony invoices are a common malware lure, this particular campaign sent users to a page on United Rentals’ own Web site (unitedrentals.com).

A screen shot of the malicious email that spoofed United Rentals.

In a notice to customers, the company said the unauthorized messages were not sent by United Rentals. One source who had at least two employees fall for the scheme forwarded KrebsOnSecurity a response from UR’s privacy division, which blamed the incident on a third-party advertising partner.

“Based on current knowledge, we believe that an unauthorized party gained access to a vendor platform United Rentals uses in connection with designing and executing email campaigns,” the response read.

“The unauthorized party was able to send a phishing email that appears to be from United Rentals through this platform,” the reply continued. “The phishing email contained links to a purported invoice that, if clicked on, could deliver malware to the recipient’s system. While our investigation is continuing, we currently have no reason to believe that there was unauthorized access to the United Rentals systems used by customers, or to any internal United Rentals systems.”

United Rentals told KrebsOnSecurity that its investigation so far reveals no compromise of its internal systems.

“At this point, we believe this to be an email phishing incident in which an unauthorized third party used a third-party system to generate an email campaign to deliver what we believe to be a banking trojan,” said Dan Higgins, UR’s chief information officer.

United Rentals would not name the third party marketing firm thought to be involved, but passive DNS lookups on the UR subdomain referenced in the phishing email (used by UL for marketing since 2014 and visible in the screenshot above as “wVw.unitedrentals.com”) points to Pardot, an email marketing division of cloud CRM giant Salesforce.

Companies that use cloud-based CRMs sometimes will dedicate a domain or subdomain they own specifically for use by their CRM provider, allowing the CRM to send emails that appear to come directly from the client’s own domains. However, in such setups the content that gets promoted through the client’s domain is actually hosted on the cloud CRM provider’s systems.

Salesforce told KrebsOnSecurity that this was not a compromise of Pardot, but of a Pardot customer account that was not using multi-factor authentication.

“UR uses a third party marketing agency that utilizes the Pardot platform,” said Salesforce spokesman Bradford Burns. “The third party marketing agency is who was compromised, not a Pardot employee.”

This attack comes on the heels of another targeted phishing campaign leveraging Pardot that was documented earlier this month by Netskope, a cloud security firm. Netskope’s Ashwin Vamshi said users of cloud CRM platforms have a high level of trust in the software because they view the data and associated links as internal, even though they are hosted in the cloud.

“A large number of enterprises provide their vendors and partners access to their CRM for uploading documents such as invoices, purchase orders, etc. (and often these happen as automated workflows),” Vamshi wrote. “The enterprise has no control over the vendor or partner device and, more importantly, over the files being uploaded from them. In many cases, vendor- or partner-uploaded files carry with them a high level of implicit trust.”

Cybercriminals increasingly are targeting cloud CRM providers because compromised accounts on these systems can be leveraged to conduct extremely targeted and convincing phishing attacks. According to the most recent stats (PDF) from the Anti-Phishing Working Group, software-as-a-service providers (including CRM and Webmail providers) were the most-targeted industry sector in the first quarter of 2019, accounting for 36 percent of all phishing attacks.

Image: APWG

Update, 2:55 p.m. ET: Added comments and responses from Salesforce.

Source: KB
Phishers are Angling for Your Cloud Providers

Google Found 5 iOS Exploit Chain Via Hacked Websites to Remotely Hack Your iPhone If You Just Visting the Site

iOS Exploit Chain

Researchers from Google Project Zero team uncovered a five dangerous iOS exploit chain in wide that can hack almost every iPhone running with iOS 10 to 12 by just trick them to visit the hacked website. An unknown hacking group targeting iPhone using by implants this exploit chain over 2 years through various hacked websites. Google’s […]

The post Google Found 5 iOS Exploit Chain Via Hacked Websites to Remotely Hack Your iPhone If You Just Visting the Site appeared first on GBHackers On Security.

Source: GBHackers
Google Found 5 iOS Exploit Chain Via Hacked Websites to Remotely Hack Your iPhone If You Just Visting the Site