Various anti-detection features, including the use of the ScrubCrypt antivirus-evasion tool, fuel an attack that aims to take over Microsoft Windows machines.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-10 15:07:302024-04-10 15:07:30Cagey Phishing Campaign Delivers Multiple RATs to Steal Windows Data
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-10 15:07:302024-04-10 15:07:30AT&T Data Breach Update: 51 Million Customers Impacted
On April 9, Twitter/X began automatically modifying links that mention “twitter.com” to read “x.com” instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links — such as fedetwitter[.]com, which until very recently rendered as fedex.com in tweets.
The message displayed when one visits carfatwitter.com, which Twitter/X displayed as carfax.com in tweets and messages.
A search at DomainTools.com shows at least 60 domain names have been registered over the past two days for domains ending in “twitter.com,” although research so far shows the majority of these domains have been registered “defensively” by private individuals to prevent the domains from being purchased by scammers.
Those include carfatwitter.com, which Twitter/X will now truncate to carfax.com when the domain appears in user messages or tweets. Visiting this domain currently displays a message that begins, “Are you serious, X Corp?”
Update: It appears Twitter/X has corrected its mistake, and no longer truncates any domain ending in “twitter.com” to “x.com.”
Original story:
The same message is on other newly registered domains, including goodrtwitter.com (goodrx.com), neobutwitter.com (neobux.com), roblotwitter.com (roblox.com), square-enitwitter.com (square-enix.com) and yandetwitter.com (yandex.com). The message left on these domains indicates they were defensively registered by a user on Mastodon whose bio says they are a systems admin/engineer. That profile has not responded to requests for comment.
A number of these new domains including “twitter.com” appear to be registered defensively by Twitter/X users in Japan. The domain netflitwitter.com (netflix.com, to Twitter/X users) now displays a message saying it was “acquired to prevent its use for malicious purposes,” along with a Twitter/X username.
The domain mentioned at the beginning of this story — fedetwitter.com — redirects users to the blog of a Japanese technology enthusiast. A user with the handle “amplest0e” appears to have registered space-twitter.com, which Twitter/X users will now see as the CEO’s “space-x.com.” The domain “ametwitter.com” already redirects to the real americanexpress.com.
Some of the domains registered recently and ending in “twitter.com” currently do not resolve and contain no useful contact information in their registration records. Those include firefotwitter[.]com (firefox.com), ngintwitter[.]com (nginx.com), and webetwitter[.]com (webex.com).
The domain setwitter.com, which Twitter/X will currently render as “sex.com,” redirects to this blog post warning about the recent changes and their potential use for phishing.
Sean McNee, vice president of research and data at DomainTools, told KrebsOnSecurity it appears Twitter/X did not properly limit its redirection efforts.
“Bad actors could register domains as a way to divert traffic from legitimate sites or brands given the opportunity — many such brands in the top million domains end in x, such as webex, hbomax, xerox, xbox, and more,” McNee said. “It is also notable that several other globally popular brands, such as Rolex and Linux, were also on the list of registered domains.”
The apparent oversight by Twitter/X was cause for amusement and amazement from many former users who have migrated to other social media platforms since the new CEO took over. Matthew Garrett, a lecturer at U.C. Berkeley’s School of Information, summed up the Schadenfreude thusly:
“Twitter just doing a “redirect links in tweets that go to x.com to twitter.com instead but accidentally do so for all domains that end x.com like eg spacex.com going to spacetwitter.com” is not absolutely the funniest thing I could imagine but it’s high up there.”
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-10 15:07:302024-04-10 15:07:30Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers
Threat actors are now taking advantage of GitHub’s search functionality to trick unsuspecting users looking for popular repositories into downloading spurious counterparts that serve malware.
The latest assault on the open-source software supply chain involves concealing malicious code within Microsoft Visual Code project files that’s designed to download next-stage payloads from a remote URL,
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-10 14:06:392024-04-10 14:06:39Cypago Announces New Automation Support for AI Security and Governance
Cybersecurity researchers have discovered a new Raspberry Robin campaign wave that propagates the malware through malicious Windows Script Files (WSFs) since March 2024.
“Historically, Raspberry Robin was known to spread through removable media like USB drives, but over time its distributors have experimented with other initial infection vectors,” HP Wolf Security said in a report
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-10 14:06:392024-04-10 14:06:39Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files
If you’re ready to start moving up to higher positions in the lucrative cybersecurity field, this e-learning bundle can help you pass certification exams. Use code ENJOY20 at checkout.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-10 13:06:302024-04-10 13:06:30Develop Advanced Cybersecurity Skills for Just $64
Some companies let you opt out of allowing your content to be used for generative AI. Here’s how to take back (at least a little) control from ChatGPT, Google’s Gemini, and more.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-10 12:06:542024-04-10 12:06:54How to Stop Your Data From Being Used to Train AI
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Cagey Phishing Campaign Delivers Multiple RATs to Steal Windows Data
/in General NewsVarious anti-detection features, including the use of the ScrubCrypt antivirus-evasion tool, fuel an attack that aims to take over Microsoft Windows machines.
darkreading – Read More
AT&T Data Breach Update: 51 Million Customers Impacted
/in General NewsThe recent AT&T data breach impacts 51 million customers, the company tells the US government.
The post AT&T Data Breach Update: 51 Million Customers Impacted appeared first on SecurityWeek.
SecurityWeek – Read More
Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers
/in General NewsOn April 9, Twitter/X began automatically modifying links that mention “twitter.com” to read “x.com” instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links — such as fedetwitter[.]com, which until very recently rendered as fedex.com in tweets.
The message displayed when one visits carfatwitter.com, which Twitter/X displayed as carfax.com in tweets and messages.
A search at DomainTools.com shows at least 60 domain names have been registered over the past two days for domains ending in “twitter.com,” although research so far shows the majority of these domains have been registered “defensively” by private individuals to prevent the domains from being purchased by scammers.
Those include carfatwitter.com, which Twitter/X will now truncate to carfax.com when the domain appears in user messages or tweets. Visiting this domain currently displays a message that begins, “Are you serious, X Corp?”
Update: It appears Twitter/X has corrected its mistake, and no longer truncates any domain ending in “twitter.com” to “x.com.”
Original story:
The same message is on other newly registered domains, including goodrtwitter.com (goodrx.com), neobutwitter.com (neobux.com), roblotwitter.com (roblox.com), square-enitwitter.com (square-enix.com) and yandetwitter.com (yandex.com). The message left on these domains indicates they were defensively registered by a user on Mastodon whose bio says they are a systems admin/engineer. That profile has not responded to requests for comment.
A number of these new domains including “twitter.com” appear to be registered defensively by Twitter/X users in Japan. The domain netflitwitter.com (netflix.com, to Twitter/X users) now displays a message saying it was “acquired to prevent its use for malicious purposes,” along with a Twitter/X username.
The domain mentioned at the beginning of this story — fedetwitter.com — redirects users to the blog of a Japanese technology enthusiast. A user with the handle “amplest0e” appears to have registered space-twitter.com, which Twitter/X users will now see as the CEO’s “space-x.com.” The domain “ametwitter.com” already redirects to the real americanexpress.com.
Some of the domains registered recently and ending in “twitter.com” currently do not resolve and contain no useful contact information in their registration records. Those include firefotwitter[.]com (firefox.com), ngintwitter[.]com (nginx.com), and webetwitter[.]com (webex.com).
The domain setwitter.com, which Twitter/X will currently render as “sex.com,” redirects to this blog post warning about the recent changes and their potential use for phishing.
Sean McNee, vice president of research and data at DomainTools, told KrebsOnSecurity it appears Twitter/X did not properly limit its redirection efforts.
“Bad actors could register domains as a way to divert traffic from legitimate sites or brands given the opportunity — many such brands in the top million domains end in x, such as webex, hbomax, xerox, xbox, and more,” McNee said. “It is also notable that several other globally popular brands, such as Rolex and Linux, were also on the list of registered domains.”
The apparent oversight by Twitter/X was cause for amusement and amazement from many former users who have migrated to other social media platforms since the new CEO took over. Matthew Garrett, a lecturer at U.C. Berkeley’s School of Information, summed up the Schadenfreude thusly:
“Twitter just doing a “redirect links in tweets that go to x.com to twitter.com instead but accidentally do so for all domains that end x.com like eg spacex.com going to spacetwitter.com” is not absolutely the funniest thing I could imagine but it’s high up there.”
Krebs on Security – Read More
Beware: GitHub’s Fake Popularity Scam Tricking Developers into Downloading Malware
/in General NewsThreat actors are now taking advantage of GitHub’s search functionality to trick unsuspecting users looking for popular repositories into downloading spurious counterparts that serve malware.
The latest assault on the open-source software supply chain involves concealing malicious code within Microsoft Visual Code project files that’s designed to download next-stage payloads from a remote URL,
The Hacker News – Read More
Researchers Resurrect Spectre v2 Attack Against Intel CPUs
/in General NewsVUSec researchers resurrect Spectre v2 attack, showing that it works against the Linux kernel on the latest-generation Intel CPUs.
The post Researchers Resurrect Spectre v2 Attack Against Intel CPUs appeared first on SecurityWeek.
SecurityWeek – Read More
Cypago Announces New Automation Support for AI Security and Governance
/in General NewsBy cybernewswire
Tel Aviv, Israel, April 10th, 2024, CyberNewsWire Cyber GRC software company Cypago has announced a new automation solution…
This is a post from HackRead.com Read the original post: Cypago Announces New Automation Support for AI Security and Governance
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files
/in General NewsCybersecurity researchers have discovered a new Raspberry Robin campaign wave that propagates the malware through malicious Windows Script Files (WSFs) since March 2024.
“Historically, Raspberry Robin was known to spread through removable media like USB drives, but over time its distributors have experimented with other initial infection vectors,” HP Wolf Security said in a report
The Hacker News – Read More
Develop Advanced Cybersecurity Skills for Just $64
/in General NewsIf you’re ready to start moving up to higher positions in the lucrative cybersecurity field, this e-learning bundle can help you pass certification exams. Use code ENJOY20 at checkout.
Security | TechRepublic – Read More
Fortinet Patches Critical RCE Vulnerability in FortiClientLinux
/in General NewsFortinet has released patches for a dozen vulnerabilities, including a critical-severity remote code execution flaw in FortiClientLinux.
The post Fortinet Patches Critical RCE Vulnerability in FortiClientLinux appeared first on SecurityWeek.
SecurityWeek – Read More
How to Stop Your Data From Being Used to Train AI
/in General NewsSome companies let you opt out of allowing your content to be used for generative AI. Here’s how to take back (at least a little) control from ChatGPT, Google’s Gemini, and more.
Security Latest – Read More