Hackerzhome

hackerzhome-logo-bg

Cybersecurity news all over the world

HACKERZHOME NEWS

April 13, 2023

Thursday

Legion: New hacking tool harvests login information from sites with configuration issues

Online email providers are the target of phishing and spam assaults using a new Python-based credential harvester and SMTP hijacking program called “Legion,” which is being marketed on Telegram.


Cybercriminals selling Legion manage a Telegram channel with over a thousand subscribers, a YouTube channel with lessons, and other online presences under the “Forza Tools” alias.


According to Cado, Legion is modular malware that includes modules to perform SMTP server enumeration, remote code execution, exploit vulnerable Apache versions, brute-force cPanel and WebHost Manager accounts, interact with Shodan’s API, and abuse AWS services. It is likely based on the AndroxGhOst malware.


The tool targets a wide range of services, including Twilio, Nexmo, Stripe/Paypal (payment API function), AWS console credentials, AWS SNS, S3 and SES-specific, Mailgun, and database/CMS platforms, for credential theft.


Legion typically hunts for files that are known to contain secrets, authentication tokens, and API keys on unprotected web servers that are running content management systems (CMS) and PHP-based frameworks like Laravel.


The program uses a number of methods, such as concentrating on configuration files and environment variable files (.env) that may reveal SMTP, Mailgun, AWS console, Nexmo passwords, and Twilio, to recover credentials from web servers that have been incorrectly set up.

NEWS 1
Legion New hacking tool harvests login information from sites with configuration issues

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

Owner information is revealed by a Hyundai data breach in France and Italy.

Hyundai has warned that hackers have access to personal information and have affected car owners and people who have scheduled a test drives in Italy and France.

An international automaker, Hyundai sells more than 500,000 automobiles annually in Europe, with a market share of about 3% in France and Italy.

According to multiple reports on Twitter and an example of the notice provided by Troy Hunt, the founder of “HaveIBeenPwned,” the incident revealed the following types of data: addresses, phone numbers, physical addresses, and vehicle chassis numbers.

Furthermore, it is made clear in the letter that no money nor private information was taken by the hacker who got access to Hyundai’s database.

In reaction to the attack, Hyundai claims they hired IT professionals, who have taken the impacted systems down until new security measures are put in place.

The South Korean automaker cautions consumers in the same statement to be wary of unsolicited emails and SMS texts that purport to be from them since they could be phishing and social engineering tactics.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

April 13, 2023 /

Thursday

Hackerzhome News

2

Have you heard?
Apple App Store And Google Play Are Infiltrated With Cryptocurrency Scam Apps Know more!

Reddit is down and isn't loading content for users of mobile apps.

Reddit is down and isn't loading content for users of mobile apps.

Reddit is looking into a widespread outage that prohibits users from using the social network’s mobile apps to access the website.

When using the mobile app, users are reporting getting instantly locked out and encountering various content loading warnings, such as “No Internet,” Please try again later, and let’s give that another shot.

Reddit has stated on its official status page that only native mobile applications are presently unavailable and that its engineers are already attempting to ascertain the source of this outage.

Tens of thousands of Reddit users have reported having an app and server connectivity troubles in the last hour, according to outage monitoring company Downdetector.com.

On March 14, Reddit had another significant outage that prevented users from accessing the platform’s website and mobile apps anywhere in the world.

A 4-hour partial outage that struck the social network a month ago similarly left PC users with outdated subreddit feeds and a substantially diminished search experience.

NEWS 3

One million installs of a Kyocera Android app can be exploited to spread malware.

One million installs of a Kyocera Android app can be exploited to spread malware.
NEWS 4

Because of incorrect intent handling, a Kyocera Android printing app is susceptible to other malicious applications abusing the vulnerability to download and perhaps install malware on devices.

The following apps are affected by the weakness, which is identified as CVE-2023-25954, according to a security advisory published by JVN (Japanese Vulnerability Notes), a government-sponsored website devoted to promoting security awareness: Olivetti Mobile Print, UTAX/TA Mobile Print, KYOCERA Mobile Print.

In a security alert released yesterday, KYOCERA advised users of its printer software to update to version 3.2.0.230227, which is now accessible through Google Play.

The user must also set up a second malicious app on their device, which will start the payload download, for such an assault to succeed.

Despite the fact that this requirement lessens the severity of the bug, it would still be simple to distribute a malicious app that exploits it because it wouldn’t need to contain risky code or ask for risky permissions during installation.

Instead, it would only need to look for certain vulnerable apps and then exploit them to spread malware.

Reasons Why Shadow APIs Are Riskier Than You Think

Shadow APIs provide an increasing concern to businesses of all sizes because they can hide fraudulent activity and result in significant data loss.

Shadow APIs are a type of application programming interface (API) that isn’t formally defined or maintained, for those who are unfamiliar with the phrase.

Contrary to popular opinion, it is sadly all too typical to have production APIs that neither your operations team nor your security team is aware of.

Thousands of APIs are managed by businesses, and a large number of them are not routed through a proxy like an API gateway or web application firewall.

They are therefore the most susceptible because they are not regularly checked and audited.

Shadow APIs give hackers a helpless route to exploit flaws because they are hidden from security experts. Malicious actors may be able to use these APIs to access a variety of sensitive data, including customer addresses and business financial records.

Preventing unauthorized access using shadow APIs has become mission-critical due to the risk of significant data leakage and severe compliance violations.

Reasons Why Shadow APIs Are Riskier Than You Think
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news: