Hackerzhome

hackerzhome-logo-bg
Hackerzhome-logo-sm

Cybersecurity news all over the world

HACKERZHOME NEWS

February 1, 2023

www.hackerzhome.org

Wednesday

PoS malware can prevent contactless payments in order to steal credit cards

The PoS malware Prilex has recently developed the ability to prevent safe, NFC-enabled contactless credit card transactions, forcing customers to input credit cards that the malware subsequently steals.


To conduct close-proximity payments using credit cards, cellphones, or even smartwatches, contactless transactions utilize NFC (Near Field Communication) chips integrated into credit cards and mobile devices.


Since the COVID-19 epidemic, their popularity has soared due to their convenience, with over $34.55 billion in contactless transactions being reported in 2021.


Although the use of NFC chips in credit cards has made it more difficult for point of sale (PoS) malware to collect credit card information, threat actors have had to come up with other ways to steal your payment information.


Following the Prilex PoS malware closely, Kaspersky claims to have discovered at least three fresh variations with the version codes 06.03.8070, 06.03.8072, and 06.03.8080, which were initially made available in November 2022.


These new variations include a feature that disables contactless transactions at payment terminals, requiring users to enter their cards instead.


Additionally, according to a September 2022 Kaspersky investigation, Prilex introduced EMV cryptogram generation to perform “GHOST transactions” even when the card is protected by CHIP and PIN technology and avoid transaction fraud detection.

NEWS 1
In order to steal credit cards, PoS malware can restrict contactless payments

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

Researchers Discover a Packer That Several Malware Used to Avoid Being Found for Six Years

Over the past six years, a shellcode-based packer known as TrickGate has been functioning successfully without drawing attention while enabling threat actors to spread a variety of malware, including TrickBot, AZORult, Emotet, FormBook, Agent Tesla, Cerber, REvil, and Maze.

Since at least late 2016, TrickGate has been made available as a service to other threat actors. It assists in hiding payloads behind a layer of wrapper code in an effort to get past security measures placed on a host. By using the malware’s encryption as an obfuscation technique, packers can also act as cryptos.

However, since 2019, TrickGate has been tracked under other names, including the new loader, Loncom, and NSIS-based crypter, due to the commercial packer-as-a-regular service modifications.

According to telemetry data acquired by Check Point, TrickGate-using threat actors have targeted the industrial industry predominantly, with smaller concentrations in education, healthcare, government, and finance.

Nanocore, FormBook, Agent Tesla, LokiBot, and Remcosare the most frequently employed malware families in recent attacks, with notable concentrations recorded in Taiwan, Turkey, Germany, Russia, and China.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

February 1, 2023 /

Wednesday

Hackerzhome News

2

have you heard?
167,00 credit cards were stolen know more!

AMI MegaRAC BMC Software Has Additional Supply Chain Vulnerabilities, Researchers Find

AMI MegaRAC BMC Software Has Additional Supply Chain Vulnerabilities, Researchers Find

AMI MegaRAC Baseboard Management Controller (BMC) software has been found to have two additional supply chain security weaknesses, over two months after the discovery of three security flaws in the same product.

Firmware security company Eclypsium claimed that the two flaws were postponed until now to give AMI more time to develop suitable mitigations.

The problems, collectively known as BMC&C, might serve as a launchpad for cyberattacks, giving threat actors access to unapproved devices and remote code execution with superuser privileges.

The following are the two new faults in question: CVE-2022-26872 (CVSS score: 8.3), CVE-2022-40258.

In particular, it has been discovered that MegaRAC uses the MD5 hashing technique with a global salt for older devices and the SHA-512 hashing algorithm with per-user salts for later appliances, which may make it possible for a threat actor to decrypt the passwords.

NEWS 3

A new major issue in over 29,000 QNAP devices has not yet been patched

A new major issue in over 29,000 QNAP devices has not yet been patched
NEWS 4

Tens of thousands of QNAP network-attached storage (NAS) units are awaiting a patch to fix a serious security hole that was fixed on Monday by the Taiwanese business.

This SQL injection vulnerability (CVE-2022-27596) can be used by remote threat actors to inject malicious code into attacks against unpatched, Internet-exposed QNAP devices.

Additionally, QNAP gave this problem a CVSS base score of 9.8/10 and stated that it might be exploited in low-complexity attacks without user engagement by malicious actors who are not authorized.

Customers operating QTS 5.0.1 and QuTS hero h5.0.1 on impacted devices are advised to upgrade to QTS 5.0.1.2234 build 20221201 or later and QuTS hero h5.0.1.2248 build 20221215

You must log in as the admin user to update your device. Then, go to “Control Panel System Firmware Update,” select “Check for Update” from the list of “Live Update” options, and wait for the download and installation to finish.

Recent blog posts

A new Chromebook attack called Sh1mmer unregisters controlled devices

Users can unenroll an enterprise-managed Chromebook using the new “Sh1mmer” hack, which gives them the freedom to install any apps and get around device limitations.

When Chromebooks are registered with a school or an organization, they are controlled by rules set by the administrators of the latter. As a result, administrators can impose restrictions on how a device is used as well as force-install software and browser add-ons.

In addition, it is nearly hard to unenroll a device once it has been enrolled without the assistance of the company’s administrator.

Security researchers from the Mercury Workshop Team have created a new vulnerability named “Sh1mmer” that enables users to unenroll their Chromebooks from enterprise management in order to get around these limitations.

The Sh1mmer exploit needs a leaked RMA shim that it will change to let users control the device’s registration. The following Chromebook boards, according to the researchers, have RMA shims that have been made available to the public.

For those who are not familiar, RMA shims are disc images kept on USB drives that include both the ChromOS factory bundle components needed to reinstall the operating system and manufacturer tools needed to carry out repairs and diagnostics.

A new Chromebook attack called Sh1mmer unregisters controlled devices
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

Cyberghost

Cyberghost

A Computer science Engineer, Certified Ethical hacker (CEH), Offensive Security Certified professional (OSCP), SOC Analyst & Content Creator.

Leave a Reply

Your email address will not be published. Required fields are marked *