Analysis of a Phishing Kit (that targets Chase Bank)

in #cybersecurity18 days ago

Emsisoft has released a decryptor for the SynAck Ransomware, allowing victims to decrypt their encrypted files for free.

The SynAck ransomware gang launched its operation in 2017 but rebranded as the El_Cometa gang in 2021.

As part of this rebranding, the threat actors released the master decryption keys and documentation for their encryption algorithm on their Tor data leak site.

continue reading: https://www.bleepingcomputer.com/news/security/synack-ransomware-decryptor-lets-victims-recover-files-for-free/


Source: https://QUE.com

FTC Bans Stalkerware App SpyFone
The U.S. Federal Trade Commission on Wednesday banned a stalkerware app company called SpyFone from the surveillance business over concerns that it stealthily harvested and shared data on people’s physical movements, phone use, and online activities that were then used by stalkers and domestic abusers to monitor potential targets.

“SpyFone is a brazen brand name for a surveillance business that helped stalkers steal private information,” said Samuel Levine, acting director of the FTC’s Bureau of Consumer Protection, in a statement. “The stalkerware was hidden from device owners, but was fully exposed to hackers who exploited the company’s slipshod security. This case is an important reminder that surveillance-based businesses pose a significant threat to our safety and security.”

continue reading: https://thehackernews.com/2021/09/ftc-bans-stalkerware-app-spyfone-orders.html?&web_view=true

Analysis of a Phishing Kit (that targets Chase Bank)
Most of us are already familiar with phishing: A common type of internet scam where unsuspecting victims are conned into entering their real login credentials on fake pages controlled by attackers. Once entered, the attackers syphon off those login details and use them for their own purposes. Sometimes this can just be a nuisance: for example someone entering their Netflix account login information into a bogus page. Things become much more serious when banking information is involved. The attackers could potentially empty your bank account and life savings with the click of a few buttons. It is also very common for users to re-use passwords across multiple services, and common practice for attackers to test credentials on multiple other platforms.

continue reading: https://blog.sucuri.net/2021/09/analysis-of-a-phishing-kit-that-targets-chase-bank.html

BrakTooth vulnerabilities put Bluetooth users at risk
White-hat hackers have disclosed a bunch of security vulnerabilities, dubbed BrakTooth, affecting commercial Bluetooth devices – and are raising red flags about some vendors’ unwillingness to patch the flaws.

“Today we released BrakTooth,” said the ASSET (Automated Systems Security) Research Group at the Singapore University of Technology and Design, “a family of 16 new security vulnerabilities (20+ CVEs) in commercial Bluetooth Classic (BR/EDR) stacks that range from denial of service (DoS) via firmware crashes and deadlocks in commodity hardware to arbitrary code execution (ACE).”

continue reading: https://www.theregister.com/2021/09/01/braktooth_vulnerabilities_put_bluetooth_users

Is Zero Trust the Remedy to Healthcare’s Ransomware Epidemic?
There’s no sugarcoating it: healthcare has a serious ransomware problem. And it’s not a new problem for this sector. In fact, the first-ever such attack targeted the industry in 1989 when 20,000 floppy disks infected with ransomware were given to those who attended the World Health Organization’s AIDS Conference.

So, the problem isn’t new, but it is getting worse. Ransomware has exploded in the past several years across almost every sector, but healthcare has definitely been one of the industries bearing the brunt of the assault. It’s always been a rich target for bad actors.

continue reading: https://hitconsultant.net/2021/09/01/is-zero-trust-the-remedy-to-healthcares-ransomware-epidemic/

Insider threats often go unnoticed
Research suggests that over half of organisations find it difficult to detect when a malicious insider is preparing to steal data or launch a cyberattack.

Most businesses are struggling to identify and detect early indicators that could suggest an insider is plotting to steal data or carry out other cyberattacks.

Research by security think tank the Ponemon Institute and cybersecurity company DTEX Systems suggests that over half of companies find it impossible or very difficult to prevent insider attacks.

continue reading: https://www.zdnet.com/article/half-of-businesses-cant-spot-these-signs-of-insider-cybersecurity-threats/

Read more Cyber Security News at https://QUE.com/tag/cybersecurity

Thank you for reading and stay safe.
@yehey


Posted via Onlinebuzz.com