Hackerzhome

hackerzhome-logo-bg
Hackerzhome-logo-sm

Cybersecurity news all over the world

HACKERZHOME NEWS

May 23, 2023

www.hackerzhome.org

Tuesday

BlackCat ransomware attacks employ malicious Windows kernel drivers.

The malware known as “POORTRY” that Microsoft, Mandiant, Sophos, and SentinelOne discovered in ransomware attacks late last year has been upgraded by the Trend Micro driver.


A Windows kernel driver used by the POORTRY virus was signed using keys that belonged to legal Windows Hardware Developer Programme accounts but were stolen.


The UNC3944 hacker collective, also known as 0ktapus and Scattered Spider, utilized this rogue driver to disable security software that was operating on a Windows device in order to avoid discovery.


Although security software is often shielded from termination or manipulation, because Windows kernel drivers operate with the highest operating system privileges, they have the ability to kill practically any process.


The Microsoft-signed POORTRY driver was used by the ransomware attackers, according to Trend Micro, although its detection rates were high as a result of the attention it received after the code-signing keys were withdrawn.

NEWS 1
BlackCat ransomware attacks employ malicious Windows kernel drivers.

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

Pentagon explosion fake spreads on Twitter after being pushed by verified accounts

Earlier today, the stock market saw a momentary decline due to highly realistic AI-generated graphics simulating an explosion close to the Pentagon that went viral on Twitter.

Many verified Twitter accounts, including a Russian state media one with millions of followers and one imitating the Bloomberg news agency, boosted tweets with photographs purportedly showing an explosion close to the Pentagon complex in Arlington, Virginia.

Although the images that went viral first appeared to be real, there are several indications that they were created using artificial intelligence, demonstrating that the entire thing is a fraud.

Twitter’s pay-to-be-verified system, which allows any account to be verified by paying for a blue tick that, for many users, indicates it can be trusted, underscores the risks behind the bogus Bloomberg account, even if it has now been suspended.

The Pentagon Force Protection Agency (which no longer has a blue tick despite though it’s a Defence Agency in the U.S. Department of Defence) tweeted a confirmation from the Arlington Fire and EMS Department that the image is fake.

Hours after the photo was identified as a fake throughout the platform by US government agencies and OSINT professionals, the Twitter account that posted the original image withdrew the message.

This comes after a similar occurrence in November when a verified account pretending to be the pharmaceutical corporation Eli Lilly tweeted that insulin was “free now.” That was after Twitter Blue added the option to pay for a blue check.

Despite Twitter shutting down the account, the message went viral, garnering thousands of retweets and causing a $22 billion drop in Eli Lilly’s stock in just 24 hours.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

May 23, 2023 /

Tuesday

Hackerzhome News

2

Have you heard?
The ‘Edge For Gamers’ Feature Is Coming To Microsoft Edge Know more!

Inferno Drainer, a cryptocurrency phishing service, cheats on thousands of people.

Inferno Drainer, a cryptocurrency phishing service, cheats on thousands of people.

According to reports, the “Inferno Drainer” cryptocurrency phishing and scam business has defrauded 4,888 victims out of nearly $5.9 million in cryptocurrencies.

Since March 27, 2023, at least 689 bogus websites have been made using the phishing service, according to a report by the Web3Anti-Scam company “Scam Sniffer.

The majority of phishing websites went up after May 14, 2023, according to the experts, who also saw a surge in site-building activity during that period.

A total of 229 well-known companies, including Pepe, Bob, MetaMask, OpenSea, and Collab. Land, LayerZero, and others are targeted by malicious websites developed using Inferno Drainer.

When Scam Sniffer looked into how Inferno Drainer operated, it discovered that it had been in existence since February 2023 and had started to ramp up operations in the middle of April 2023.

The Mainnet was targeted the most ($4.3M), followed by Arbitrum ($790K), Polygon ($410K), and BNB ($390K), for a total of $5.9M in stolen assets.

NEWS 3

Meta receives a $1.3 billion sanction from the EU for transferring data to US servers.

Meta receives a $1.3 billion sanction from the EU for transferring data to US servers.
NEWS 4

According to the Irish Data Protection Commission (DPC), Facebook breached Article 46(1) of the GDPR (General Data Protection Regulation), for which the business has been fined $1.3 billion.

More precisely, it was discovered that Facebook moved user data from the EU to the US, where data privacy laws vary by state and are judged insufficient to safeguard EU data subjects’ rights.

Transfers of personal data to nations or international organisations without adequate security measures and legal redress procedures are prohibited by Article 46(1) of the GDPR.

Due to the transgression, the DPC fined Facebook’s parent company, Meta Ireland, a record-breaking €1.2 billion ($1.3 billion) and demanded that all data transfers that are in violation of the GDPR be halted within five months of the ruling.

Additionally, within six months of the DPA’s pronouncement, Meta will be compelled to stop processing or keeping any data that has been unlawfully transferred from the EU to the U.S.

Prior to the GDPR’s 2016 EU-US Privacy Shield, which permitted the storage of EU data with US businesses on the Privacy Shield list, Facebook had been transmitting data between European nations and the US.

Recent blog posts

Indonesian cybercriminals use AWS to conduct lucrative cryptocurrency mining operations

An Indonesian threat actor with financial motivations has been seen using Elastic Compute Cloud (EC2) instances from Amazon Web Services (AWS) to conduct unauthorised crypto mining activities.

The gang was initially identified by cloud security firm Permiso P0 Labs in November 2021, and it was given the name GUI-vil (pronounceable as Goo-ee-vil).

By weaponizing AWS keys in openly accessible source code repositories on GitHub or searching for GitLab instances with remote code execution vulnerabilities (like CVE-2021-22205), GUI-evil is possible to launch attack chains.

After a successful ingress, privileges are increased and an internal reconnaissance is conducted to check all accessible S3 buckets and identify the services that can be accessed using the AWS web portal.

By generating new users who follow the same naming pattern and eventually accomplish its goals, the threat actor attempts to blend in and persist within the target environment.

This is a key part of the threat actor’s modus operandi.

Indonesian cybercriminals use AWS to conduct lucrative cryptocurrency mining operations
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

Cyberghost

Cyberghost

A Computer science Engineer, Certified Ethical hacker (CEH), Offensive Security Certified professional (OSCP), SOC Analyst & Content Creator.