An Israeli based startup is panning out water as a 1 million dollar wire transfer was remotely stolen in a complex MITM attack. The malicious actor/s were able to fool a Chinese venture capitalist out of a 1 million dollar wire transfer to the Israeli startup through a series of clever spoofing tactics. These tactics that went so far as to intercept emails and masquerade as either the Chinese VC or the startup's CEO. The actor/s were able to cancel many face-to-face meetings between the two in order to maintain their heist's cover. 


           As of the writing of this article, no names or any reports go over the names or possible suspects behind this heist. 

           Original article can be found here.

             That was the news folks, have a good time, and stay safe out there

            -----Mad-Architect 

            

                                    A large trove of SMS messages as well as personal data belonging to millions of customers residing in the US was discovered hosted on Microsoft Azure. The firm, called TrueDialog, provides a vast range of texting solutions to businesses, hence they would have a large database containing information on all of their customers. 


                The personal information that was found included phone numbers, accounts usernames and passwords, and some other accounts details that weren't specified. The total amount of information that was found was at 604 GB of data. 

                It is not clear if this information was already poached by malicious actors or not, but the firm has made strides to secure the hole, as well they assure all of their customers that their personal data is of utmost importance. 


                Original article can be found here.

                                     That was the news folks, have a good day,. and stay safe out there.


                  ---Mad-Architect 

                

                    Microsoft has just shored up a vulnerability in their user login, that would have allowed attackers to gain access to their online accounts. The vulnerability would have allowed the attackers to quietly steal account tokens. Researchers from Israel based "CyberArk" discovered an accidental loophole that would have allowed an attacker to siphon off the tokens. This all very well could have been done without ever alerting the user. 

         Thankfully, this flaw was reported back in October, and was fixed three weeks later. 

         Original article can be found here.


                    That was the news folks, have a good day, and stay safe out there.


         --Mad-Architect 

         


          

                 Europol just announced that it has taken down the cyber-criminal gang responsible for creating and distributing the Imminent Monitor RAT or [M-RAT]. Both users and those behind its creation were targeted in a joint operation between Europe, Colombia, and Australia. 

        According to a report by authorities, the hacking tool was used across 124 countries, and over 14,500 users. After this operation, all of those users have been rendered useless. Over 430 devices were seized by both users and distributors.


        Original article can be found here.


                  That was the news folks, have a good weekend, and stay safe out there.

         --Mad-Architect 

        

        

                         This week in Seattle, Washington, two parents discovered someone had hacked into their baby monitor and had been constantly saying "I love you" to their child. On top of this, the camera had also been resetting itself without user input, moving from its standard angle of into their child's crib to different areas around the room. 

            The official report from King 5 News can be found here. 

            As of the writing of this article, the parents have since thrown out the baby monitor. This is not the first time a baby monitor has been hacked. Not many families really research how these things work, which effectively allows malicious actors to hack in and breach family privacy. 

            Original article can be found here.

                           That was the news folks, have a good day, and stay safe out there

             ---Mad-Architect 




           

                              A new type of ransomware called "SectopRAT" that was first discovered by MalwareHunterTeam stated in a November 15th tweet, that this new ransomware was able to create a second "hidden" desktop that was able to fully control the chosen browser. 

             According to an article by ZDNet: 
             
             "The first SectopRAT sample is signed by Sectigo RSA Code Signing CA and uses a Flash icon, whereas the second is not signed. Both samples of the Remote Access Trojan (RAT) use arbitrary characters in their names, have write/execute characteristics, and make use of ConfuserEx for obfuscation. 
According to the researchers, the malware contains a RemoteClient.Config class with four valuables for configuration -- IP, retip, filename, and mutexName. 
The IP variable relates to the Trojan's command-and-control (C2) server, whereas the retip variable has been designed to set up new C2 IPs that the server can override using the "set IP" command."


             The article goes on:


             "Filename and mutexName, however, are set but not in active use. 
The hardcoded filename spoolsvc.exe is added to the registry for persistence, a mimicry of the legitimate Microsoft service spoolsv.exe.
Once connected with its C2, the Trojan can be commanded to either stream an active desktop session or create a secondary one, hardcoded as "sdfsddfg," which is hidden from view. The researchers say that operators of the malware are able to use the "Init browser" command to initiate a browser session through the secondary desktop. "


             

             As far as this goes, its been stated by the team at MalwareHunter that the sample they received seems to show that the malware isn't finished, and is merely out in the wild for testing purposes. 


             Original article can be found here.


             That was the news folks, have a good day, and stay safe out there.

             ---Mad-Architect 

             

                        Mobile devices, smartphones, small handheld computers which proliferated in the last decade, have fallen victim to an evolving tactic that malicious actors have profited off for a while now, a tactic known as "Juice Jacking".

           This attack methodology is orchestrated via public USB ports, that according to a public warning issued this week by LA County DA [District Attorney], the warning explained that public USB ports were vulnerable to hacking, and thus could be utilized to install malware and steal a treasure trove of data. 


           While this technique has only existed for some odd years now, its been evolving right along with smartphones, and the same actors that cultivate them have profited highly from it.

           

           While prevailing wisdom would say "to not use the public USB port", if you really must use it, there are some precautions you can take: You can disable port access to data on your phone, or plugging your own phone into a tablet or laptop and plug your own charging device into an AC outlet, that should charge everything without making it vulnerable to malware.


          This goes to show that regardless, technology can always be manipulated and be used to steal your data, and maybe your identity. 


          Original article can be found here.


           That was the news folks, have a good day, and stay safe out there.


          ---Mad-Architect 

           
                 

                                          Sergiy P. Usatyuk, the man responsible for running a profitable DDoS for hire service out of Orland Park, Illinois, has finally been sentenced to 13 years in prison, plus another 3 years of supervised release. 

                   Mr. Usatyuk was able to run a successful DDoS-for-hire service, from which he made money off of by charging a subscription fee. He operated it with a co-conspirator from August 2015 to November 2017. According to a report, the operation had 1,367,610 DDoS attacks, and had cost computer systems 109,186.4 of network downtime. He had also made over 550,000 dollars off of the sum total of subscription fees. 

                   A judge has forced Mr. Usatyuk to forfeit all of his servers, and assorted computer equipment, as well as most of his proceeds. 


                   Original article can be found here,


                      That was the news folks, have a good rest of your weekend, and stay safe out there.

                    --Mad-Architect 

                   


                   

           A Mexican based petrol provider, Pemex has reportedly been targeted in a ransomware attack. The attack Sunday, which in reports did nothing to disrupt production or fuel supply, did however affect roughly 5% of their personal computers. 

      Officials originally thought the Ryuke ransomware was to blame, but after a closer inspection they are confident it was actually the DoppelPaymer variant of ransomware. A Tor payment site was discovered, where it demanded a payment of 565 BTC, about 5 million USD. This is only the latest in a long trend of ransomware attacks targeting infrastructure, automation, and the medical sector. Norsk Hydro was hit in March, as well as the German based automation giant Pilz last month. 


      It is currently unknown as to who was behind the attack, as of the time of this report, Pemex officials have stated that all is now running smoothly.

      Original article can be found here.


             That was the news folks, have a good day, and stay safe out there.


       ---Mad-Architect