Hackerzhome

hackerzhome-logo-bg
Hackerzhome-logo-sm

Cybersecurity news all over the world

HACKERZHOME NEWS

May 9, 2023

www.hackerzhome.org

Tuesday

Use of QR codes in surveys and false parking fines to steal money

As genuine businesses use QR codes extensively for anything from Super Bowl commercials to enforcing parking fines, scammers have slipped in to use the technology for their nefarious ends.


Using a QR code to complete a “survey” at a bubble tea business reportedly cost a woman in Singapore $20,000, while incidents of false parking tickets using QR codes that target drivers have been reported in the U.S. and the U.K.


A woman from Singapore lost $20,000 to a sneaky con after stopping by a bubble tea business.


The anonymous 60-year-old woman noticed a sticker on the glass door of the bubble tea establishment urging customers to scan a QR code and complete a survey in exchange for a “free cup of milk tea.”


Given that loyalty and rewards programs frequently promote such deals and use QR codes, this may not raise any red flags for the typical consumer or even one who is technically knowledgeable.


She was about to go to bed when her phone suddenly lit up. She downloaded a fake “survey” app, and it stole $20,000 from her bank account.

The victim’s story was shared with the local media by Mr. Beaver Chua, head of anti-fraud at OCBC Bank’s global financial crime compliance department, who deems the scheme particularly “insidious.”

The fraudster then records any login information that the victim enters throughout the day while passively monitoring how they utilize their mobile banking app.

NEWS 1
Use of QR codes in surveys and false parking fines to steal money

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

Following the MSI breach, Intel is looking into the release of the Intel Boot Guard private keys.

Intel is looking into a possible private key leak that could affect the Intel Boot Guard security feature’s ability to prevent the installation of malicious UEFI firmware on MSI devices.

The Money Message extortion gang targeted the MSI computer hardware manufacturer in March, which claimed to have stolen 1.5TB of data, including databases, firmware, and source code.

Threat actors started disclosing MSI’s stolen material last week, including the source code for the firmware that powers the company’s motherboards.

The image signing private keys for 57 MSI devices and the Intel Boot Guard private keys for 116 MSI products are both contained in the leaked source code, according to a Friday warning from Alex Matrosov, CEO of firmware supply chain security platform Binary.

These reports are known to Intel, which is currently looking into them. According to the researcher’s claims, the data also contains MSI OEM Signing Keys for Intel® BootGuard, according to Intel’s answer to BleepingComputer’s inquiries regarding the breach.

It should be emphasized that Intel BootGuard OEM keys are not Intel signing keys; they are created by the system manufacturer.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

May 9, 2023 /

Tuesday

Hackerzhome News

2

Have you heard?
Google Play Has Seen 600K Installations Of The New Android Virus Fleckpe. Know more!

13 more domains related to DDoS-for-hire services are seized by the FBI.

13 more domains related to DDoS-for-hire services are seized by the FBI.

The seizure of 13 more domains connected to DDoS-for-hire platforms, often known as “booter” or “stressor” services, was disclosed by the US Justice Department today.

The seizures this week are part of Operation PowerOFF, a concerted worldwide law enforcement campaign to shut down internet sites that enable anyone to launch expensive distributed denial-of-service (DDoS) attacks against any target.

The Justice Department today announced the court-authorized seizure of 13 internet domains linked to these DDoS-for-hire businesses as part of an ongoing operation to target computer attack “booter” services, the Department of Justice stated.

The seizures this week are part of a third wave of actions by American law enforcement against well-known booter services that enable paying users to launch effectively distributed denial-of-service, or DDoS, attacks that overload targeted computers with data and prevent them from being able to access the internet.

When the FBI seized 48 more domains in December 2022, it also targeted top stressor services. Ten previously disrupted platforms registered new domains to maintain their online presence.

According to the DOJ, 48 of the top booter services were the focus of a previous sweep in December that netted 10 of the 13 domains today.

NEWS 3

New Ransomware 'CACTUS' Strain Infiltrates Networks by Using VPN Flaws

New Ransomware 'CACTUS' Strain Infiltrates Networks by Using VPN Flaws
NEWS 4

Researchers in the field of cybersecurity have shed light on a brand-new ransomware outbreak known as CACTUS, which has been discovered to use well-known vulnerabilities in VPN appliances to get early access to targeted networks.

Before creating new user accounts and using customized scripts to automate the deployment and detonation of the ransomware encryptor through scheduled tasks, CACTUS actors attempt to enumerate local and network user accounts as well as reachable endpoints once they have gained access to the network, according to Kroll in a report shared with The Hacker News.

Since March 2023, ransomware has been seen to target sizable businesses. Attacks use double extortion strategies to obtain sensitive data before they are encrypted. To date, no location of a data leak has been found.

An SSH backdoor is set up to maintain persistent access after susceptible VPN devices have been successfully exploited, and a series of PowerShell commands are run to do network scanning and compile a list of workstations that need to be encrypted.

Cobalt Strike, a tunneling tool known as Chisel, and remote monitoring and management (RMM) tools like AnyDesk are also used in CACTUS assaults for command and control and to push files to the infected systems.

Recent blog posts

Researchers Discover the Most Recent Server-Based Polymorphism Method in SideWinder

In attacks targeting Pakistani government institutions as part of a campaign that started in late November 2022, the advanced persistent threat (APT) actor SideWinder is said to have employed a backdoor.

According to a technical study released on Monday by the BlackBerry Research and Intelligence Team, the SideWinder advanced persistent threat (APT) organization employed a server-based polymorphism technique in this campaign to deliver the next stage payload.

Early March 2023 saw the discovery of a second campaign by a Canadian cybersecurity firm, demonstrating that Turkey was also a target of the threat actor’s gathering priorities.

SideWinder is known to target numerous Southeast Asian entities in Pakistan, Afghanistan, Bhutan, China, Myanmar, Nepal, and Sri Lanka, and it has been on the radar at least since 2012.

The actor typically uses DLL side-loading tactics to sneak up on targets and carefully crafted email lures to launch malware that gives the actor remote access to the systems they are attacking.

Researchers Discover the Most Recent Server-Based Polymorphism Method in SideWinder
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

Cyberghost

Cyberghost

A Computer science Engineer, Certified Ethical hacker (CEH), Offensive Security Certified professional (OSCP), SOC Analyst & Content Creator.