Mobile Security

Related News

Conservatives seize on gas crunch to blame Biden, stir base (Ali Swenson/Associated Press)

  • None
  • Published date: 2021-05-14 17:45:02

Ali Swenson / Associated Press: Conservatives seize on gas crunch to blame Biden, stir base  —  Pipeline Cybersecurity Attack  —  A graphic calling the East Coast fuel supply crunch “Biden's Gas Crisis.”  A tweet speculating that gas stations running dry was …

memeorandum is an auto-generated summary of the stories that US political commentators are discussing online right now. Unlike sister sites Techmeme and Mediagazer, it is not a human-edited news out… [+72 chars]

Did the Government Take Down the DarkSide Ransomware Group?

  • Andrew Orr
  • Published date: 2021-05-14 17:40:51

DarkSide is the group behind the ransomware attack affecting Colonial Pipeline, and recently said it lost control of its web servers and lost some of its ransom payments (via The Record). DarkSide Ransomware The operator of the group, Darksupp, said: A few…

DarkSide is the group behind the ransomware attack affecting Colonial Pipeline, and recently said it lost control of its web servers and lost some of its ransom payments (via The Record). The operat… [+809 chars]

Read more about: Three key points of CMMC and how to get started

  • Commentators
  • Published date: 2021-05-14 17:37:00

Know your cybersecurity level. Without the required level of certification for a particular solicitation, a company will be deemed non-compliant and ineligible for an award. CMMC defines five cybersecurity maturity levels, ranging from basic cyber hygiene (ML…

By now, you are familiar with the term CMMCthe DoDs Cybersecurity Maturity Model Certification requirements as part of the Pentagons mandate to protect the industrial base networks and controlled unc… [+6637 chars]

FIN7 Backdoor Masquerades as Ethical Hacking Tool

  • Tara Seals
  • Published date: 2021-05-14 17:36:33

The financially motivated cybercrime gang behind the Carbanak RAT is back with the Lizar malware, which can harvest all kinds of info from Windows machines.

<div class="c-article__content js-reading-content"> <p>The notorious FIN7 cybercrime gang, a financially motivated group, is spreading a backdoor called Lizar under the guise of being a Windows pen-testing tool for ethical hackers.</p> <p>According to the BI.ZONE Cyber Threats Research Team, FIN7 is pretending to be a legitimate organization that hawks a security-analysis tool. They go to great lengths for verisimilitude, researchers said: “These groups hire employees who are not even aware that they are working with real malware or that their employer is a real criminal group.”</p> <p>Since 2015, FIN7 has targeted point-of-sale systems at casual-dining restaurants, casinos and hotels. The group <a href="https://threatpost.com/fin7-hitting-restaurants-with-fileless-malware/126213/" target="_blank" rel="noopener">typically uses</a> malware-laced phishing attacks against victims in hopes they will be able to infiltrate systems to steal bank-card data and sell it. Since 2020, it has also added ransomware/data exfiltration attacks to its mix, carefully selecting targets according to revenue using the ZoomInfo service, researchers noted.</p> <p><a href="https://threatpost.com/newsletter-sign/" target="_blank" rel="noopener"><img loading="lazy" class="aligncenter wp-image-141989 size-full" src="https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg" alt="" width="700" height="50"></a></p> <p>Its choice of malware is always evolving, including occasionally using <a href="https://threatpost.com/fin7-ramps-up-campaigns-with-two-fresh-malware-samples/142975/" target="_blank" rel="noopener">never-before-seen samples</a> that surprise researchers. But its go-to toolkit has been Carbanak remote-access trojan (RAT), which <a href="https://threatpost.com/carbanak-source-code-complex-malware/144059/" target="_blank" rel="noopener">previous analysis</a> shows is highly complex and sophisticated compared with its peers: It’s basically a Cadillac in a sea of golf carts. Carbanak is typically used for reconnaissance and establishing a foothold on networks.</p> <p>Lately, though, BI.ZONE researchers have noticed the group using a new type of backdoor, called Lizar. The latest version has been in use since February, and it offers a powerful set of data retrieval and lateral movement capabilities, according to an analysis <a href="https://bi-zone.medium.com/from-pentest-to-apt-attack-cybercriminal-group-fin7-disguises-its-malware-as-an-ethical-hackers-c23c9a75e319" target="_blank" rel="noopener">published on Thursday</a>.</p> <p>“Lizar is a diverse and complex toolkit,” according to the firm. “It is currently still under active development and testing, yet it is already being widely used to control infected computers, mostly throughout the United States.”</p> <p>Victims so far have included attacks on a gambling establishment, several educational institutions and pharmaceutical companies in the U.S., along with an IT company headquartered in Germany and a financial institution in Panama.</p> <h2><strong>Inside FIN7’s Lizar Toolkit</strong></h2> <p>The Lizar toolkit is structurally similar to Carbanak, researchers said. It consists of a loader and various plugins that are used for different tasks. Together they run on an infected system and can be combined into the Lizar bot client, which in turn communicates with a remote server.</p> <p>“The bot’s modular architecture makes the tool scalable and allows for independent development of all components,” according to the analysis. “We’ve detected three kinds of bots: DLLs, EXEs and PowerShell scripts, which execute a DLL in the address space of the PowerShell process.”</p> <p>The plugins are sent from the server to the loader and are executed when a certain action is performed in the Lizar client application, according to BI.ZONE.</p> <p>The six stages of the plugins’ lifecycle are as follows:</p> <ul> <li>The user selects a command in the Lizar client application interface;</li> <li>The Lizar server receives the information about the selected command;</li> <li>The server finds a suitable plugin from the plugins directory, then sends it to the loader;</li> <li>The loader executes the plugin and stores the result of the plugin’s execution in a specially allocated area of memory on the heap;</li> <li>The server retrieves the results of plugin execution and sends them on to the client; and</li> <li>The client application displays the plugin results.</li> </ul> <p>The plugins are variously designed to load other tools like Mimikatz or Carbanak, retrieve information from the victim machine, take screenshots, harvest credentials, retrieve browser histories, and more.</p> <p>The specific bot commands are as follows:</p> <ul> <li>Command Line – get CMD on the infected system;</li> <li>Executer – launch an additional module;</li> <li>Grabber – run one of the plugins that collect passwords in browsers, Remote Desktop Protocol and Windows OS;</li> <li>Info – retrieve information about the system;</li> <li>Jump to – migrate the loader to another process;</li> <li>Kill – stop plugin;</li> <li>List Processes – get a list of processes;</li> <li>Mimikatz – run Mimikatz;</li> <li>Network analysis – run one of the plugins to retrieve Active Directory and network information;</li> <li>New session – create another loader session (run a copy of the loader on the infected system);</li> <li>Rat – run Carbanak; and</li> <li>Screenshot – take a screenshot.</li> </ul> <p>The Lizar server application, meanwhile, is written using the .NET framework and runs on a remote Linux host, researchers said. It supports encrypted communications with the bot client.</p> <p>“Before being sent to the server, the data is encrypted on a session key with a length ranging from 5 to 15 bytes and then on the key specified in the configuration (31 bytes),” researchers explained. “If the key specified in the configuration (31 bytes) does not match the key on the server, no data is sent from the server.”</p> <h2><strong>Cybercriminals Posing as Security Researchers</strong></h2> <p>The impressively ironic tactic of posing as a security outfit while contributing to, well, insecurity is not a new idea, even for FIN7. In the past, BI.ZONE has observed it pushing Carbanak under the guise of the package being a tool from cybersecurity stalwarts Check Point Software or Forcepoint.</p> <p>Earlier this year, a North Korean advanced persistent threat group (APT) called Zinc, which has links to the more notorious APT Lazarus, mounted two separate attacks targeting security researchers.</p> <p>In January, the group <a href="https://threatpost.com/north-korea-security-researchers-0-day/163333/" target="_blank" rel="noopener">used elaborate social-engineering efforts</a> through Twitter and LinkedIn, as well as other media platforms like Discord and Telegram, to set up trusted relationships with researchers by appearing to themselves be legitimate researchers interested in offensive security.</p> <p>Specifically, attackers initiated contact by asking researchers if they wanted to collaborate on vulnerability research together. They demonstrated their own credibility by posting videos of exploits they’ve worked on, including faking the success of a working exploit for an existing, patched Windows Defender vulnerability that had been exploited as part of the massive SolarWinds attack.</p> <p>Eventually, after much correspondence, attackers provided the targeted researchers with a Visual Studio Project infected with malicious code that could install a backdoor onto their system. Victims also could be infected by following a malicious Twitter link.</p> <p>Security researchers infected in those attacks were running fully patched and up-to-date Windows 10 and Chrome browser versions, according to Google TAG at the time, which signaled that hackers likely were using zero-day vulnerabilities in their campaign.</p> <p>Zinc <a href="https://threatpost.com/north-korean-apt-security-researchers/165155/" target="_blank" rel="noopener">was back at it in April</a>, using some of the same social-media tactics but adding Twitter and LinkedIn profiles for a fake company called “SecuriElite,” which purported to be an offensive security firm located in Turkey. The company claimed to offer pen tests, software-security assessments and exploits, and purported to actively recruit cybersecurity personnel via LinkedIn.</p> <p><strong>Download our exclusive FREE Threatpost Insider eBook,</strong> <strong><em>“</em></strong><a href="https://threatpost.com/ebooks/2021-the-evolution-of-ransomware/?utm_source=April_eBook&amp;utm_medium=ART&amp;utm_campaign=ART" target="_blank" rel="noopener"><strong><em>2021: The Evolution of Ransomware</em></strong></a><strong><em>,”</em></strong><strong> to help hone your cyber-defense strategies against this growing scourge. We go beyond the status quo to uncover what’s next for ransomware and the related emerging risks. Get the whole story and </strong><a href="https://threatpost.com/ebooks/2021-the-evolution-of-ransomware/?utm_source=April_eBook&amp;utm_medium=ART&amp;utm_campaign=ART" target="_blank" rel="noopener"><strong>DOWNLOAD</strong></a><strong> the eBook now – on us!</strong></p> <footer class="c-article__footer"> <div class="c-article__footer__container"> <div class="c-article__footer__col"> <a href="#discussion" class="c-button c-button--secondary">Write a comment</a> </div> <div class="c-article__footer__col"> <div class="c-article__sharing"> <p><strong>Share this article:</strong></p> <nav class="c-nav-sharing"> <div class="social-likes social-likes_notext" data-title="FIN7 Backdoor Masquerades as Ethical Hacking Tool" data-url="https://threatpost.com/fin7-backdoor-ethical-hacking-tool/166194/" data-counters="yes" data-zeroes="yes"><div class="facebook" title="Share via Facebook"></div> <div class="twitter" title="Share via Twitter"></div><div class="linkedin" title="Share via LinkedIn"></div> <div class="reddit" title="Share via Reddit"></div> <div class="flipboard" title="Share via Flipboard"></div> </div> </nav> </div> </div> </div> <div class="c-article__footer__container"> <div class="c-article__footer__col"></div> <div class="c-article__footer__col"> <ul class="c-list-categories"> <li><a class="c-label c-label--secondary-transparent" href="https://threatpost.com/category/malware-2/">Malware</a></li> <li><a class="c-label c-label--secondary-transparent" href="https://threatpost.com/category/web-security/">Web Security</a></li> </ul> </div> </div> </footer> </div>

Op-ed: All organizations need to shore up cyber-defenses after Colonial Pipeline hack

  • Alejandro Mayorkas and Gina Raimondo
  • Published date: 2021-05-14 17:34:00

The Departments of Homeland Security and Commerce are working to help businesses prevent and respond to ransomware attacks, write Secretaries Mayorkas and Raimondo.

Storage tanks at a Colonial Pipeline Inc. facility in Avenel, New Jersey, on Wednesday, May 12, 2021. The recent ransomware attack on Colonial Pipeline was an all too familiar story to businesses ac… [+5662 chars]

Moody’s-Backed VisibleRisk Raises $25M To Develop Its Cyber Rating Platform

  • Vikrant Chaturvedi
  • Published date: 2021-05-14 17:30:35

VisibleRisk, a cybersecurity analysis provider, has raised $25M in Series A funding from Moody’s and Team8. How’s the company performing? Texas-based VisibleRisk is a software platform, that offers security analysis. It is a joint venture of Team8 and Moody’s…

The funding helps VisibleRisk build out features for its newly launched platform. Here are the top-line bullets you need to know. VisibleRisk, a cybersecurity analysis provider, has raised $25M in S… [+1103 chars]

Global Interactive Patient Engagement Solutions Market (2021 to 2026) - Emerging Countries Offer High-Growth Potential Presents Opportunities

  • None
  • Published date: 2021-05-14 17:30:00

DUBLIN, May 14, 2021 /PRNewswire/ -- The "Global Interactive Patient Engagement Solutions Market by Product (In Room Television, Interactive Bedside Terminals, Tablets), Type (Inpatient, Outpatient), End User (Hospitals, Clinics), Region - Forecast to 2026" r…

DUBLIN, May 14, 2021 /PRNewswire/ -- The "Global Interactive Patient Engagement Solutions Market by Product (In Room Television, Interactive Bedside Terminals, Tablets), Type (Inpatient, Outpatient),… [+6664 chars]

How Faster COVID-19 Research Is Being Made Possible by Secure Silicon

  • Sara Peters Senior Editor at Dark Reading
  • Published date: 2021-05-14 17:30:00

When Intel and Leidos set up a "trusted execution environment" to enable a widespread group of researchers to securely share and confidentially compute real-world data, it was no small achievement.

When Intel and Leidos set up a "trusted execution environment" to enable a widespread group of researchers to securely share and confidentially compute real-world data, it was no small achievement.Vi… [+7143 chars]

Lawmakers reach bipartisan deal to probe Jan. 6 attack

  • None
  • Published date: 2021-05-14 17:24:00

The Capitol Building on Jan. 6, 2021. (Image credit: Sebastian Portillo/Shutterstock.com) The House Homeland Security Committee announced a bipartisan agreement on Friday to form an independent commission to investigate the January 6 attack on the U.S. Capito…

Congress Lawmakers reach bipartisan deal to probe Jan. 6 attack The Capitol Building on Jan. 6, 2021. (Image credit: Sebastian Portillo/Shutterstock.com) The House Homeland Security Committee ann… [+1908 chars]

Mars Archives - Stacey on IoT

  • Stacey Higginbotham
  • Published date: 2021-05-14 17:23:13

Mars Archives  Stacey on IoT

Two good stories on the Colonial Pipeline hack: The big cybersecurity news this week was a ransomware attack on Colonial Pipeline Co., which controls a pipeline that sends jet fuel, gas, and heating … [+60 chars]

How we can secure the future of healthcare and telemedicine

  • None
  • Published date: 2021-05-14 17:21:00

[ This article was originally published here ]It is no secret that healthcare systems around the globe are facing unprecedented challenges. Beyond the obvious spectre of the pandemic, health services need to provide a growing, increasingly elderly, population…

[ This article was originally published here ] It is no secret that healthcare systems around the globe are facing unprecedented challenges. Beyond the obvious spectre of the pandemic, health servic… [+5496 chars]

Cybersecurity Experts Call for Stronger Action to Disrupt Ransomware 'Business Model'

  • Meghan Roos
  • Published date: 2021-05-14 17:18:25

Ransomware attacks are "lucrative" and "easy" for the groups behind them, one cyber security expert told Newsweek.

A ransomware group leaked files it illegally obtained from the Washington Metropolitan Police Department (WMPD) two weeks after the department announced it had been targeted by a cyberattack. Accord… [+6682 chars]

Lawmakers Reach Deal On Bipartisan 9/11-Style Commission To Investigate Capitol Riot

  • Andrew Trunsky
  • Published date: 2021-05-14 17:16:32

The two top lawmakers on the House Homeland Security Committee reached an agreement on legislation that would create a bipartisan commission into the Capitol riot.

The two top lawmakers on the House Homeland Security Committee reached an agreement Friday on legislation that would create a bipartisan, 9/11-style commission to investigate the Jan. 6 Capitol riot.… [+2752 chars]

Biden signs executive order to bolster US cyber security following pipeline attack

  • None
  • Published date: 2021-05-14 17:08:00

US President Joe Biden on Wednesday signed an executive order that aims to implement new policies to protect the country from future cyber attacks, following recent breaches targeting public and private firms. The new policy aims to shift the federal governme…

US President Joe Biden on Wednesday signed an executive order that aims to implement new policies to protect the country from future cyber attacks, following recent breaches targeting public and priv… [+3462 chars]

Cybersecurity How is Technology Enhancing Safety

  • CIO Review
  • Published date: 2021-05-14 17:04:00

AI can be used to help defend against increasingly advanced and disruptive malware, ransomware, and social engineering attacks on a holistic level. FREMONT, CA: The rise of digital connectivity, combined with increasingly sophisticated cyber-threats, has emph…

AI can be used to help defend against increasingly advanced and disruptive malware, ransomware, and social engineering attacks on a holistic level. FREMONT, CA: The rise of digital connectivity, com… [+2150 chars]

This 161-hour training bundle teaches you ethical hacking from scratch

  • Lawrence Abrams
  • Published date: 2021-05-14 16:59:00

This 161-hour training bundle teaches you ethical hacking from scratch. If hacking always looks like fun in the movies, but your inner voice tells you to ignore those thoughts, cybersecurity would be a great place to focus that energy. Especially if you're i…

If hacking always looks like fun in the movies, but your inner voice tells you to ignore those thoughts, cybersecurity would be a great place to focus that energy. Especially if you're in the market … [+1953 chars]

In latest acquisition, Cisco buys vulnerability analytics startup Kenna Security

  • Maria Deutscher
  • Published date: 2021-05-14 16:58:09

Announcing its third startup acquisition in a week, Cisco Systems Inc. today revealed plans to buy Kenna Security Inc., whose software helps enterprises fix security vulnerabilities in their systems.  Kenna previously raised $98.3 million from investors inclu…

Announcing its third startup acquisition in a week, Cisco Systems Inc. today revealed plans to buy Kenna Security Inc., whose software helps enterprises fix security vulnerabilities in their systems.… [+4814 chars]

UK cybersecurity director says protection must be priority to prevent future attacks

  • Claire Kopsky
  • Published date: 2021-05-14 16:54:00

Former Marine and University of Kentucky Director of Cybersecurity George Insko said a hack that large could Former Marine and University of Kentucky Director of Cybersecurity George Insko said a hack that large could

LEXINGTON, Ky. (LEX 18) The Colonial Pipeline ransomware attack disrupted life for millions of Americans in early May and caused those watching from a distance to wonder if they too could be affected… [+3607 chars]

Gas crunch from cyberattack intensifies in nation's capital

  • JEFF MARTIN, FRANK BAJAK and NOMAAN MERCHANT
  • Published date: 2021-05-14 16:42:02

Gas shortages have spread from the South, almost exhausting supplies in Washington, D

Gas shortages at the pumps have spread from the South, all but emptying stations in Washington, D.C., following a ransomware cyberattack that forced a shutdown of the nations largest gasoline pipelin… [+6015 chars]

Extreme heat could cause U.S. power shortages this summer -NERC - Reuters

  • Reuters
  • Published date: 2021-05-14 16:40:00

The organization responsible for North American electric reliability warned energy shortfalls were possible this summer in California, Texas, New England and the Central United States based on above-normal temperature forecasts for much of the region.

An electrical substation is seen after winter weather caused electricity blackouts in Houston, Texas, U.S. February 20, 2021. REUTERS/Go Nakamura/File Photo/File PhotoThe organization responsible for… [+2012 chars]

Disruptionware: A New Cyber Threat Targeting Critical Infrastructure

  • None
  • Published date: 2021-05-14 16:37:00

Disruptionware is an emerging type of cyberattack calculated not only to disrupt the availability, integrity and confidentiality of victims’ data, systems and networks, but also to interrupt or shut down the essential business operations functions of its vict…

Disruptionware is an emerging type of cyberattack calculated not only to disrupt the availability, integrity and confidentiality of victims’ data, systems and networks, but also to interrupt or shut … [+6717 chars]

President Biden Issues Executive Order to Strengthen U.S. Cybersecurity Practices

  • None
  • Published date: 2021-05-14 16:37:00

On May 12, 2021, President Biden issued an Executive Order on Improving the Nation’s Cybersecurity following a series of highly publicized cybersecurity incidents during the first four months of his presidency, including the Colonial Pipeline attack, which re…

On May 12, 2021, President Biden issued an Executive Order on Improving the Nation’s Cybersecurity following a series of highly publicized cybersecurity incidents during the first four months of his … [+6131 chars]

To Outrun China, Senate to Consider Groundbreaking Legislation

  • None
  • Published date: 2021-05-14 16:37:00

The U.S. Senate has kicked off the complicated process of coordinating and passing multi-committee legislation designed to bolster U.S. technological capabilities, expand the U.S. political, diplomatic, and economic toolkit for dealing with China, and curb Ch…

The effort has garnered strong bipartisan support and is likely to yield landmark legislation that will be enacted with strong bipartisan support and the backing of the Biden Administration. The Sen… [+15214 chars]

Hackers Using Microsoft Build Engine to Deliver Malware Filelessly

  • None
  • Published date: 2021-05-14 16:30:00

This article has been indexed from The Hacker News Threat actors are abusing Microsoft Build Engine (MSBuild) to filelessly deliver remote access trojans and password-stealing malware on targeted Windows systems. The actively ongoing campaign is said to have …

This article has been indexed from The Hacker News Threat actors are abusing Microsoft Build Engine (MSBuild) to filelessly deliver remote access trojans and password-stealing malware on targeted Wi… [+249 chars]

House Reaches Agreement on Capitol Riot Commission

  • Nia Prater
  • Published date: 2021-05-14 16:26:38

The bipartisan body will release a report on its findings by the end of the year.

A bipartisan commission will investigate the January 6 Capitol riot, which left five people dead. The House Committee on Homeland Security commission is tasked with investigating and reporting upon t… [+1900 chars]