Lost24

A new threat has been detected, which is a banking trojan that attacks Android users. Discovered by Cyble, the Antidot Trojan pretends to be an application and is distributed through unofficial sources as an "exclusive update" or "special version" of the application. It may also appear in suspicious emails and text messages.

Once installed, the Trojan displays a fake Google Play update page through which the user clicks "Continue" to give the Trojan full access to the device. The malware can then steal your bank login details and private messages.

Antidot uses advanced techniques such as overlay attacks, creating fake websites that look like real banking applications to capture entered passwords and account number

Lost24

In 2013, a wallet was created secured with a long password generated by the RoboForm password manager. The owner couldn't guess the password he created because he only saw it for a fraction of a second. He only knew what the password consisted of, but he wasn't even sure about it. The wallet was secured with a password generated by the RoboForm program.


However, the old version of RoboForm had a bug that caused passwords to be based on the current time they were generated, making them less random. The owner of the Bitcoins, not remembering exactly when he generated the password, turned to the hacker to crack it. Using a brute force attack, the hacker checked all possible passwords over a specified period of time and discovered that the password was mAI

Thursday 30 May 2024, Safety Guide

Can AI lead to suicide?

Lost24

At the beginning of the year, Google introduced "Search Generative Experience" (SGE), aimed at simplifying information searches by generating short summaries of results through artificial intelligence. This was intended to replace the need to browse through multiple pages of information, but recently users have noticed that SGE often provides false and harmful advice. Examples include advising people to eat rocks during pregnancy, smoking cigarettes and staring at the sun, and using glue to stick cheese to pizza.


One of the strangest situations was when the AI ​​suggested jumping off the Golden Gate Bridge after entering "i'm feeling depressed" in the search field

Kris Kashtanova described an SGE test in which

Lost24

Months after the New Hampshire presidential primaries, the Federal Communications Commission (FCC) issued a ruling regarding fake phone calls with President Joe Biden's AI-generated voice. FCC Chairwoman Jessica Rosenworcel announced the introduction of similar regulations as in Europe. During the New Hampshire primary, in the days before the vote, residents received calls in which AI imitated Biden's voice, encouraging them to stay home instead of voting.

The FCC imposed fines on political consultant Steve Kramer, responsible for these fraudulent calls, and on VoIP operator Lingo Management. Kramer was fined $6 million for violating the Truth in Caller ID Act by spoofing, and Lingo was fined $2 million for failing to verify caller information.

Lost24

The fifth zero-day vulnerability this year, CVE-2024-4671, has been discovered in Google Chrome. This vulnerability, related to the browser's visual component, causes a "use after free" error, which may lead to random code execution or a crash. Google has already released a patch for Windows, Linux and Mac. However, the company hasn't shared much details about it, it will only do so once most users update their browsers. The update number is 124.0.6367.201 for Linux and Mac and 124.0.6367.202 for Windows.

Users are advised to check whether their browser has been updated by going to the Chrome About tab.


Source:

Read more

0 - Comment

Monday 13 May 2024, Safety Guide

Dell hacked

Lost24

Last week, a scandal broke out related to the leak of Dell data, which was then put up for sale on the dark web. The company's customers were surprised by an incident when Dell reported on one of the websites about a data leak, including names, surnames, residential addresses and order details. According to information from the Daily Dark Web, Dell was the victim of a hacker attack and the stolen data was put up for sale.


The CyberDefence24 editorial team contacted Dell Technologies, which confirmed the leak of customer data, limiting it to names, physical addresses and information about equipment and orders. The company launched an investigation and took preventive measures, continuously improving security. Dell ensures that sensitive data, such as pa

Lost24

The APT28 group attacked Polish government institutions, which was confirmed by CERT Polska from NASK and CSIRT MON. The attack consisted of several stages. First, they sent emails with links leading to run.mocky.io and then redirecting to webhook.site.

There, victims downloaded a fake ZIP archive pretending to be a collection of photos, but in fact it was script-executing malware. This allowed hackers to obtain the victim's IP address and a list of files on their computer, which helped them assess whether it was a suitable target for an attack. Ultimately, if the victim ran the app, APT28 had free rein to act against them.


Source:

Read more

0 - Comment

Tuesday 30 April 2024, Safety Guide

Steam targeted by hackers

Lost24

Recently, criminals have been using the image of the Steam platform to carry out a dangerous attack using the browser-in-the-browser technique. They create a fake website that, when opened as a pop-up window, pretends to be Steam. This allows them to create the illusion of originality by presenting the real URL in the address bar. The victim, unaware of the threat, is tricked into providing his login and password, which end up in the hands of criminals.

In this case, to protect yourself, it is worth turning on two-step verification in the Steam mobile application. This way, even if your password is stolen, attackers won't be able to access your account.


Source:

Read more

0 - Comment

Saturday 27 April 2024, Safety Guide

Deadly ISO file from North Korea

Lost24

Although North Korea does not seem to be a threat in cyberspace at first glance, it regularly conducts complex attacks. The Lazarus Group, known for many major incidents, including: attacks on Sony Pictures and the Bangladesh Bank and WannaCry, is behind the latest campaign.

"Recruiters" sent ISO files to selected people, suggesting that they were part of the recruitment procedure. They knew that in Windows 10 and 11, ISOs can be mounted automatically with two clicks. Victims then opened the AmazonVNC.exe file, which downloaded malicious shellcode from the C2 server, which in turn triggered RAT, allowing remote access. The attack exploited a Windows security vulnerability (CVE-2024-21338, CVSS Score: 7.8), which allowed cybercriminals to elevate their

Lost24

A new malware called Sign1 is being installed by hackers on a growing number of websites, mainly those based on WordPress. Discovered by Sucuri, Sign1 allows users to be redirected to unsafe sites by implementing malicious code in widgets, HTML plugins, and Simple Custom CSS and JS add-ons.


So far, the infection has affected over 39,000 WordPress sites, with further growth forecast.


Source: komputerswiat.pl


Friday 19 April 2024, Safety Guide

POLAND vs Hackers in 2023.

Lost24

In 2023, there were over 80,000 incidents related to cyberattacks, an increase of over 100 percent in overall use.

Criminal gangs, hacktivists and hackers actively operate at the state level. Poland was a victim of cyberattacks that were made available to obtain information, recognized ICT systems and disrupted dangerous infrastructure. The Ministry of Digitization plays a key role in the National Cybersecurity System, supported by three CSIRT devices - NASK, GOV, MON and a new team being established:

NASK Cybersecurity Center


The NASK Cybersecurity Center project started in 2023. Possibility to take advantage of opportunities in the protection of ICT infrastructure at the national level.

Lost24

GitHub user netsecfish disclosed a vulnerability (CVE-2024-3273) affecting older models of D-Link NAS devices, including the DNS-320L, DNS-325, DNS-327L, and DNS-340L.


He indicated that there is a risk for over 92,000 people. devices connected to the network, allowing attackers to exploit the vulnerability and then take control of the device.


There is one problem, and it's a big one. Devices are not supported.


Therefore, it is recommended to replace them due to lack of updates (EoL). It is also recommended to isolate or limit access to devices that can be used to execute commands. The risk is the result of oversight rather than intentional placement of a backdoor.
<

Lost24

The answer is simple. Due to an employee's error.


When sending an e-mail, the employee included the data of 300 payers. The email was sent to the vice president of the trade union. What was found out? ZUS spokesman Paweł Żebrowski in an interview with praw.pl informed the Personal Data Protection Office and the prosecutor's office about the leak, and all payers will also receive information about the event.


The email sent included, among others:


  • PESEL numbers
  • ID cards
  • dates
  • place of birth

    Additionally, the employee will face prof

Lost24

Experts warn about a new virus circulating on the Internet, which uses a popular antivirus to infect mobile devices and deceive users in order to gain money.


An improved banking Trojan is more difficult to detect and defeat, which favors cybercriminals. They warn to be careful with things downloaded from the Internet, as hackers are using increasingly creative fraud methods, including fake SMS messages and impersonating services encouraging people to download a fake McAfee Security application.


An improved version of the Vultur banking Trojan can cause serious damage, and new tactics by cybercriminals make it important to be vigilant. The Trojan can take control of the device, install applications, delete files and bypass t

Lost24

A few days ago, Medily's customer data was leaked.


The data leak had its source in the servers of Medily, which provides Aurero software used to manage visits to various clinics throughout Poland. In its statements, Medily indicated that it had multiple layers of security in place and that the compromise occurred on a test server, not a production server.


The problem is that the test server contained patient data that should have been deleted in 2021.
The clinic's privacy policy shows that it processes data such as:

first name and last name,
PESEL or date of birth,
sex
Phone number,
e-mail adress


there is also a description of the t