While cybersecurity defenders are looking for innovative ways to keep Internet users safe, cybercriminals are doing the opposite — to hurt users by stealing their money or information that can lead to theft or other things that are valuable to the user. It's upon me and you to always know the threat out there and act accordingly.
Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner
It's a phishing attack. To complicate issues, if you fall for it, it takes around 25 seconds from script execution to credential exfiltration.
Here is what's going on:
The initial dropper file is a Visual Basic Script (VBScript) that, upon opening, displays a bogus French-language error message, fooling message recipients into thinking that the file is corrupted.
...the heavily obfuscated script runs a series of checks to evade sandboxes and enters into a persistent User Account Control (UAC) loop that prompts users to run it with administrator privileges.
As soon as the dropper obtains administrative privileges, it wastes no time disabling security controls and covering up its tracks
Convicted spyware chief hints that Greece’s government was behind dozens of phone hacks
While reading the article, one thing is clear: someone hacked the phones of government officials and journalists. The spyware chief was sentenced to eight years in prison and now he claims he will not be a "scapegoat."
From the article:
Several senior officials in the Greek government, including the head of Greece’s national intelligence agency and a senior aide to the Prime Minister Kyriakos Mitsotakis, resigned in the wake of revelations that several journalists’ phones had been hacked.
No government officials have been convicted in connection with the surveillance, and critics have accused the Mitsotakis government of a cover-up.
WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites
At the time of writing, Adobe has patched the vulnerability that allowed this to happen, but it appears that the patch is yet to reach production websites.
The following is how the skimmer works:
The skimmer is designed as a self-executing script that establishes a WebRTC peer connection to a hard-coded IP address ("202.181.177[.]177") over UDP port 3479 and retrieves JavaScript code that's subsequently injected into the web page for stealing payment information.
The use of WebRTC marks a significant evolution in skimmer attacks, as it bypasses Content Security Policy (CSP) directives.
Apple made strides with iOS 26 security, but leaked hacking tools still leave millions exposed to spyware attacks
The article title says it all. If you're not in the loop in the past few weeks, let me update you. The hacking tools in question are DarkSword and Coruna. The former was leaked on GitHub, making it easy for anyone to launch attacks on older iOS users.
From the article:
The discovery of Coruna and DarkSword suggest that memory-based attacks could continue to plague users of older iPhones and iPads that lag behind the newer, more memory-safe models.
Experts working for iVerify and Lookout, two cybersecurity companies that have a commercial stake in selling security products for mobile devices, say Coruna and DarkSword may also challenge the long-held assumption that iPhone hacks are rare.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.
Top comments (0)