BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Intel’s Secure Data Tunnel Moves AI Training Models to Data Sources
/in General NewsThe chip maker’s Tiber Secure Federated AI service creates a secure tunnel between AI models on remote servers and data sources on origin systems.
darkreading – Read More
LockBit Developer Rostislav Panev Extradited from Israel to the US
/in General NewsThe US extradites LockBit ransomware developer, Rostislav Panev, from Israel. Learn how his arrest impacts the fight against…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
End-to-End Encrypted Texts Between Android and iPhone Are Coming
/in General NewsPlus: A nominee to lead CISA emerges, Elon Musk visits the NSA, a renowned crypto cracking firm’s secret (and problematic) cofounder is revealed, and more.
Security Latest – Read More
Cybersecurity in Crypto: Best Practices to Prevent Theft and Fraud
/in General NewsCybersecurity tips to protect your cryptocurrency from hackers, scams, and fraud. Learn best practices for securing digital assets…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal
/in General NewsCybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index (PyPI) repository with bogus libraries masquerading as “time” related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens.
Software supply chain security firm ReversingLabs said it discovered two sets of packages totaling 20 of them. The packages
The Hacker News – Read More
ClickFix: How to Infect Your PC in Three Easy Steps
/in General NewsA clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed “ClickFix,” the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware.
ClickFix attacks mimic the “Verify You are a Human” tests that many websites use to separate real visitors from content-scraping bots. This particular scam usually starts with a website popup that looks something like this:
This malware attack pretends to be a CAPTCHA intended to separate humans from bots.
Clicking the “I’m not a robot” button generates a pop-up message asking the user to take three sequential steps to prove their humanity.
Executing this series of keypresses prompts Windows to download password-stealing malware.
Step 1 involves simultaneously pressing the keyboard key with the Windows icon and the letter “R,” which opens a Windows “Run” prompt that will execute any specified program that is already installed on the system.
Step 2 asks the user to press the “CTRL” key and the letter “V” at the same time, which pastes malicious code from the site’s virtual clipboard.
Step 3 — pressing the “Enter” key — causes Windows to download and launch malicious code through “mshta.exe,” a Windows program designed to run Microsoft HTML application files.
“This campaign delivers multiple families of commodity malware, including XWorm, Lumma stealer, VenomRAT, AsyncRAT, Danabot, and NetSupport RAT,” Microsoft wrote in a blog post on Thursday. “Depending on the specific payload, the specific code launched through mshta.exe varies. Some samples have downloaded PowerShell, JavaScript, and portable executable (PE) content.”
According to Microsoft, hospitality workers are being tricked into downloading credential-stealing malware by cybercriminals impersonating Booking.com. The company said attackers have been sending malicious emails impersonating Booking.com, often referencing negative guest reviews, requests from prospective guests, or online promotion opportunities — all in a bid to convince people to step through one of these ClickFix attacks.
In November 2024, KrebsOnSecurity reported that hundreds of hotels that use booking.com had been subject to targeted phishing attacks. Some of those lures worked, and allowed thieves to gain control over booking.com accounts. From there, they sent out phishing messages asking for financial information from people who’d just booked travel through the company’s app.
Earlier this month, the security firm Arctic Wolf warned about ClickFix attacks targeting people working in the healthcare sector. The company said those attacks leveraged malicious code stitched into the widely used physical therapy video site HEP2go that redirected visitors to a ClickFix prompt.
An alert (PDF) released in October 2024 by the U.S. Department of Health and Human Services warned that the ClickFix attack can take many forms, including fake Google Chrome error pages and popups that spoof Facebook.
ClickFix tactic used by malicious websites impersonating Google Chrome, Facebook, PDFSimpli, and reCAPTCHA. Source: Sekoia.
The ClickFix attack — and its reliance on mshta.exe — is reminiscent of phishing techniques employed for years that hid exploits inside Microsoft Office macros. Malicious macros became such a common malware threat that Microsoft was forced to start blocking macros by default in Office documents that try to download content from the web.
Alas, the email security vendor Proofpoint has documented plenty of ClickFix attacks via phishing emails that include HTML attachments spoofing Microsoft Office files. When opened, the attachment displays an image of Microsoft Word document with a pop-up error message directing users to click the “Solution” or “How to Fix” button.
HTML files containing ClickFix instructions. Examples for attachments named “Report_” (on the left) and “scan_doc_” (on the right). Image: Proofpoint.
Organizations that wish to do so can take advantage of Microsoft Group Policy restrictions to prevent Windows from executing the “run” command when users hit the Windows key and the “R” key simultaneously.
Krebs on Security – Read More
Update Your iPhone Now to Fix Safari Security Flaw
/in General NewsThe vulnerability allowed malicious code running inside the Web Content sandbox, an isolated environment for web processes designed to limit security risks, to impact other parts of the device.
Security | TechRepublic – Read More
Threat Actor Impersonates Booking.com in Phishing Scheme
/in General NewsMicrosoft detailed a sophisticated campaign that relies on a social engineering technique, “ClickFix,” in which a phisher uses security verification like captcha to give the target a false sense of safety.
darkreading – Read More
Apple-UK Encryption Saga Continues: British Officials’ Clarification & US Officials’ Warning
/in General NewsThe British side reportedly said they would have to produce warrants for each individual data access request, so they will always have to be made as part of an investigation into serious crime.
Security | TechRepublic – Read More
Will Cisco’s Free Tech Training for 1.5M People Help Close EU’s Skills Gap?
/in General NewsCisco’s training through its Networking Academy will help “build a resilient and skilled workforce ready to meet Europe’s digital transformation and AI objectives.”
Security | TechRepublic – Read More