According to a statement from the South Korean president’s office on Friday, the country’s cyber agencies have detected an increase in Russia-linked attacks, primarily targeting civilian and government websites.
The Record from Recorded Future News – Read More
Malwarebytes has acquired Sweden-based privacy-focused VPN provider AzireVPN to expand its product offerings.
The post Malwarebytes Acquires VPN Provider AzireVPN appeared first on SecurityWeek.
SecurityWeek – Read More
Battle City, colloquially known as “that tank game”, is a symbol of a bygone era. Some 30 years ago, gamers would pop a cartridge into their console, settle in front of a bulky TV, and obliterate waves of enemy tanks until the screen gave out.
Today, the world’s a different place, but tank games remain popular. Modern iterations offer gamers not just the thrill of gameplay but also the chance to earn NFTs. Cybercriminals too have something to offer: a sophisticated attack targeting crypto-gaming enthusiasts.
This story begins in February 2024, when our security solution detected the Manuscrypt backdoor on a user’s computer in Russia. We’re very familiar with this backdoor; various versions of it have been used by the Lazarus APT group since at least 2013. So, given we already know the main tool and methods used by the attackers — what’s so special about this particular incident?
The thing is that these hackers typically target large organizations like banks, IT companies, universities, and even government agencies. But this time, Lazarus hit an individual user, planting a backdoor on a personal computer! The cybercriminals lured the victim to a game site and thereby gained complete access to their system. Three things made this possible:
Before you start to worry, relax: Google has since released a browser update, blocked the tank game’s website, and thanked the Kaspersky security researchers. But just in case, our products detect both the Manuscrypt backdoor and the exploit. We’ve delved into the details of this story on the Securelist blog.
At the start of the investigation, we thought the group had gone to extraordinary lengths this time: “Did they actually create an entire game just for a scam?” But we soon worked out what they’d really done. The cybercriminals based their game — DeTankZone — on the existing game DeFiTankLand. They really went all out, stealing the source code of DeFiTankLand and creating fake social media accounts for their counterfeit.
Around the same time, in March 2024, the price of the DefitankLand (sic) cryptocurrency plummeted — the developers of the original game announced that their cold wallet had been hacked, and “someone” had stolen $20,000. The identity of this “someone” remains a mystery. The developers believe it was an insider, but we suspect that the ever-present tentacles of Lazarus are involved.
Differences between the fake and the original are minimal
The cybercriminals orchestrated a full-blown promotion campaign for their game: they boosted follower counts on X (formerly Twitter), sent collaboration offers to hundreds of cryptocurrency influencers (also potential victims), created premium LinkedIn accounts, and organized waves of phishing emails. As a result, the fake game got even more traction than the original (6000 followers on X, versus 5000 for the original game’s account).
Social media content created by AI with the help of graphic designers
Now for the most fun part…
The malicious site that Lazarus lured their victims to offered a chance, not only to “try out” a zero-day browser exploit, but also to play a beta version of the game. Now, here at Kaspersky, we respect the classics, so we couldn’t resist having a go on this promising new version. We downloaded an archive that seemed completely legitimate: 400MB in size, correct file structure, logos, UI elements, and 3D model textures. Boot her up!
The DeTankZone start menu greeted us with a prompt to enter an email address and password. We first tried logging in using common passwords like “12345” and “password” but that doesn’t work. “Fine, then”, we think. “We’ll just register a new account”. Again, no luck — the system wouldn’t let us play.
The start menu inspires confidence with a seemingly legitimate login form
So why were there 3D model textures and other files in the game archive? Could they really have been other components of the malware? Actually, it wasn’t that bad. We reverse-engineered the code and discovered elements responsible for the connection to the game server — which, for this fake version, was non-functional. So, in theory, the game was still playable. A bit of time spent, a little programming, and voilà — we replace the hackers’ server with our own, and the red tank “Boris” enters the arena.
The game reminded us of shareware games from 20 years ago — which made all the effort worthwhile
The key takeaway here is that even seemingly harmless web links can end up with your entire computer being hijacked. Cybercriminals are constantly refining their tactics and methods. Lazarus is already using generative AI with some success, meaning we can expect even more sophisticated attacks involving it in the future.
Security solutions are also evolving with effective integration of AI — learn more here and here. All ordinary internet users have to do is make sure their devices are protected, and stay informed about the latest scams. Fortunately, the Kaspersky Daily blog makes this easy — subscribe to stay updated…
Kaspersky official blog – Read More
After the hacker IntelBroker leaked stolen source code, Nokia said the impact of the cybersecurity incident is limited.
The post Nokia Says Impact of Recent Source Code Leak Is Very Limited appeared first on SecurityWeek.
SecurityWeek – Read More
ZDI discloses vulnerabilities in the infotainment system of multiple Mazda car models that could lead to code execution.
The post Unpatched Vulnerabilities Allow Hacking of Mazda Cars: ZDI appeared first on SecurityWeek.
SecurityWeek – Read More
High-profile entities in India have become the target of malicious campaigns orchestrated by the Pakistan-based Transparent Tribe threat actor and a previously unknown China-nexus cyber espionage group dubbed IcePeony.
The intrusions linked to Transparent Tribe involve the use of a malware called ElizaRAT and a new stealer payload dubbed ApoloStealer on specific victims of interest, Check Point
The Hacker News – Read More
A significant number of Nigerian cybercriminals have been sent to prison in recent months in the United States, and some of them received lengthy sentences.
The post US Prison Sentences for Nigerian Cybercriminals Surge in Recent Months appeared first on SecurityWeek.
SecurityWeek – Read More
Cyble Research & Intelligence Labs (CRIL) has investigated significant ICS vulnerabilities this week, providing essential insights derived from advisories issued by the Cybersecurity and Infrastructure Security Agency (CISA). This week’s report highlights multiple vulnerabilities across critical ICS products, with specific focus on those from Rockwell Automation, Delta Electronics, and Solar-Log.
CISA released three security advisories addressing four ICS vulnerabilities across these products, underscoring the urgent need for mitigation.
Among the most notable is a Cross-Site Scripting (XSS) flaw in Solar-Log Base 15, a widely used photovoltaic energy management product, which poses heightened risks due to internet-facing deployments identified by Cyble’s ODIN scanner.
CRIL has pinpointed the following critical ICS vulnerabilities requiring immediate action:
The severity overview indicates that these vulnerabilities span medium to critical levels, affecting critical infrastructure and necessitating prioritized mitigation.
Figure 1. Sectors impacted due to these vulnerabilities. (Source: CRIL)
To address these vulnerabilities effectively, organizations should consider the following best practices:
The vulnerabilities highlighted in this ICS intelligence report call for swift action from organizations to mitigate potential security risks. With threats evolving rapidly and exploit attempts on the rise, maintaining a proactive stance is essential. By prioritizing the recommendations and implementing necessary patches, organizations can safeguard critical infrastructure, enhance operational resilience, and minimize the risk of exploitation.
Source:
The post Weekly ICS Vulnerability Intelligence Report: Rockwell Automation, Delta Electronics, Solar-Log appeared first on Cyble.
Blog – Cyble – Read More
We’ve all heard a million times: growing demand for robust cybersecurity in the face of rising cyber threats is undeniable. Globally small and medium-sized businesses (SMBs) are increasingly targeted by cyberattacks but often lack the resources for full-time Chief Information Security Officers (CISOs). This gap is driving the rise of the virtual CISO (vCISO) model, offering a cost-effective
The Hacker News – Read More
HPE this week warned of two critical vulnerabilities in Aruba Networking access points that could lead to unauthenticated command injection.
The post HPE Patches Critical Vulnerabilities in Aruba Access Points appeared first on SecurityWeek.
SecurityWeek – Read More