Connect with us

Press Release

FBI: Hackers target defence companies with ransomware using BadUSB

Published

on

FBI: Hackers target defence companies with ransomware using BadUSB

In a recently updated flash alert, the Federal Bureau of Investigation (FBI) cautioned US businesses that the financially driven FIN7 cybercriminal gang has been targeting the US military industry with packages carrying infected USB sticks to spread ransomware.

The attackers sent out shipments with “BadUSB” or “Bad Beetle USB” devices marked with the LilyGO brand, which are frequently sold online.

Since August 2021, they have been mailing harmful packages to companies in the transportation and insurance sectors as well as defence companies beginning in November 2021 via the United States Postal Service (USPS) and United Parcel Service (UPS).

Networks that have been hacked by ransomware such as BlackMatter or REvil
Targets were duped into opening the shipments and plugging the USB drives into their computers by FIN7 agents posing as representatives from Amazon and the US Department of Health & Human Services (HHS).

According to reports the FBI has received since August, these harmful shipments may also include letters about COVID-19 regulations, fake gift cards, or forgeried thank-you notes, depending on the impersonated party.

The USB drive immediately registers as a Human Interface Device (HID) Keyboard as the targets plug it into their PCs (allowing it to operate even with removable storage devices toggled off).

Once keystrokes have been injected, malware payloads are subsequently installed on the infected systems.

FIN7’s ultimate objective in such assaults is to get access to the targets’ networks and use a variety of tools, including Metasploit, Cobalt Strike, Carbanak malware, the Griffon backdoor, and PowerShell scripts, to instal ransomware (including BlackMatter and REvil) within a compromised network.

Teddy bears were used to spread malware
The FBI previously issued a warning about a previous string of events in which FIN7 actors pretended to be Best Buy and sent similar shipments containing malicious flash drives to lodging facilities, dining establishments, and retail establishments via USPS.

Reports about these assailants first surfaced in February 2020. Additionally, some of the targets said that the hackers threatened them via phone or email to connect the discs to their systems. The infected parcels supplied by FIN7 also contained objects like teddy bears intended to deceive targets into relaxing their guard, starting at least in May 2020.

Assaults like the ones made by FIN7 are referred to be HID or USB drive-by attacks, and they are only effective if the targets are coerced into inserting unfamiliar USB devices into their workstations or voluntarily do so.

By limiting employee access to USB devices based on their hardware ID or if they have been approved by the company’s security staff, businesses can protect themselves from such assaults.

 

Continue Reading

Press Release

Characteristics That Set Mega888 Apart From Other Online Casinos

Published

on

Characteristics That Set Mega888 Apart From Other Online Casinos

The world of online gaming has never been the same since the launch of Mega888. It may be argued that the casino is the greatest online casino for all of your gambling needs because it has accomplished so much in such a short period of time.

There is a list of other online casinos, however the majority of them cannot be compared to Mega888. So what precisely sets Mega888 apart from other online casinos? We’ve put together a collection of justifications to aid you comprehend Mega888’s virtues.

The casino provides patrons with a wealth of amenities. So, these are the characteristics that set Mega888 apart from other online casinos in the gambling sector.

Quality of the Online Casino Overall
Prior to going any further, it is important to note the casino’s general level of excellence. One of the main reasons Mega888 is trustworthy is because it never takes advantage of or scams its customers.

The casino will take steps to protect every player from fraud of any kind, making Mega888 a trustworthy and respectable online casino. The Mega888 team is always developing new features to improve the playing experience.

The high-quality games that Mega888 has to offer are among its best features. The online casino’s selection of games goes well beyond simply having outstanding gameplay. The online casino is top-notch because the games have incredible graphics and the casinos provide outstanding customer service to all of their customers.

Mega888 Has Several Different Games.
The range of games available at Mega888 is one of the premium attractions. Mega888 provides an incredible selection of games, all of which are of the highest calibre. The online casino offers a wide variety of games, including shooting, fishing, and arcade games.

Additionally, if you still think that this is insufficient, players can choose from a number of table games. The developers at Mega888 are constantly working to provide fresh material for the players at the online casino, so whenever a player enters the site, they will find new games.

To keep the platform updated with new games each month, the online platform occasionally undergoes maintenance. Consequently, each time you play at the online casino, you will have a distinctive gaming experience. Players can currently choose from hundreds of slot games, numerous live table games, and much more.

Mega888’s security is impenetrable.
The security of the Mega888 is one of its key characteristics. All gamers at Mega888 are helped by the security system’s design, which protects them from danger or attacks from outside sources. However, this wouldn’t have been possible if Mega888 hadn’t given the security team a sizable sum of money from their annual budget.

This indicates that the online casino places a high priority on security and won’t compromise it for anything. There is no history of fraud or account hacking at the online casino’s security. It demonstrates that the online casino ensures the confidentiality of all player financial and personal information right from the start.

You won’t ever need to be concerned about a hack or scam involving your account. The online casino has a good reputation, and Mega888 has received approval from numerous organisations as a legitimate online gaming platform. Additionally, numerous licencing companies have endorsed the casino, demonstrating that it is a secure and safe location to gamble.

The two-factor authentication barrier that Mega888 has for players between the email and the Mega888 Apk is its best security feature. This means that it would be nearly impossible for any outside attacker to access a player’s account without going through two distinct layers of security.

Additionally, if a hacker tries to steal money from a transaction, the online casino’s management team will immediately transfer the money to the legitimate owner after learning about the behaviour.

The security system’s usage of a 128-bit encryption technique is another observable aspect. The casino maintains sensitive data using this technique, including user names, passwords for Mega888 accounts, and financial information.

The online casino’s high level of encryption prevents many hackers from accessing any accounts. Last but not least, the online casino has a firewall that prevents hackers from accessing the site.

Services for Instant Cash Out Using Mega888
Every online casino has its unique cash-out options, and given that these services are available online, it is crucial for the platform to guarantee that the casino offerings are reliable and prompt. Mega888 ensures that their services are simple to use.

All of Mega888’s services to its players appear to be seamless. All that is required of players is consistency and a willingness to take financial risks when playing at an online casino. The casino has remarkable and simple processes in place so that players may withdraw their money with little hassle.

You must get in touch with a dealer in order to collect your money. You have a number of options for doing that, some of which include WeChat, real-time chat, phone calls, or WhatsApp. Make sure that the choice you choose is practical for you since the dealers Mega888 offers are knowledgeable, competent, and professional.

Every request a player submits receives a response within 24 hours, and any questions they may have will be addressed as soon as possible. Players can retrieve their money in the quickest and safest possible manner in this fashion.

Last Words
Overall, Mega888 might have a lot of characteristics that make it a casino you definitely want to play at. However, before you take the major step of gambling with your own money, it’s crucial to understand more about the games and their rules.

Continue Reading

Press Release

PHP source code was given backdoors thanks to a compromise of the Git server.

Published

on

PHP source code was given backdoors thanks to a compromise of the Git server.

The official PHP Git repository was breached in the most recent software supply chain attack, and the code base was modified.

Yesterday, two malicious commits were uploaded to the PHP team’s git.php.net server, which hosts the php-src Git repository.

Threat actors had verified these commits as if Rasmus Lerdorf and Nikita Popov, two well-known PHP developers and maintainers, had made them.

PHP Git server has an RCE backdoor installed.
Yesterday, two malicious contributions were uploaded to the official PHP Git repository in an effort to corrupt the PHP code base.

The event is concerning because 79% of websites on the Internet still use PHP as their server-side programming language.

The attackers released a mystery update upstream called “repair typo” in the malicious commits [1, 2] that BleepingComputer saw under the guise of a little typographical patch.

Looking closer at the newly added line 370, where the zend eval string function is used, reveals that the code in fact creates a backdoor for quickly achieving Remote Code Execution (RCE) on a website using this hacked version of PHP.

Developer Jake Birchall for PHP responded to Michael Voek, who had discovered the error originally, with the explanation, “This line executes PHP code from within the useragent HTTP header, if the string starts with ‘zerodium’.”

Nikita Popov, a PHP maintainer, explained the following to us via email:

“During a regular post-commit code review a few hours after the first commit, it was discovered. The modifications were immediately undone because they were blatantly malicious “According to Popov, BleepingComputer.

The malicious commit was also done under Rasmus Lerdorf’s identity, the person who created PHP.

But that should come as no surprise because with source code version control systems like Git, it is possible to sign off a change locally under a different identity [1, 2] and then upload the spoof commit to the remote Git server, where it appears to have been signed off by the person listed on it.

According to PHP maintainers, this malicious activity originated from the compromised git.php.net server rather than from the compromise of an individual’s Git account, despite the fact that a thorough investigation of the incident is still ongoing.

The official PHP codebase has been moved to GitHub.
Following this event, the PHP maintainers have chosen to move the official PHP source code repository to GitHub as a precaution.

We’ve made the decision to stop running the git.php.net server even though our investigation is still ongoing since we believe that keeping our own git infrastructure is an unnecessary security risk.

Popov stated that the GitHub repositories, which were previously merely mirrors, “would become canonical.”

After this modification, Popov demands that any future code updates be uploaded directly to GitHub rather than the git.php.net site.

Anyone who wants to contribute to the PHP project must now join the PHP organisation on GitHub.

The same security alert includes advice for doing that.

You would need to have two-factor authentication (2FA) set on your GitHub account in order to join the organisation.

Beyond the two commits that were mentioned, “We’re investigating the repositories for any corruption,” says Popov.

In order to learn the full scope of this attack and whether any code was transmitted downstream before the fraudulent commits were discovered, BleepingComputer contacted Popov and the PHP security team.

Although it might have been cloned or forked in the interim, no tags or release artefacts reflect the changes.

Popov added to BleepingComputer, “The changes were in the development branch for PHP 8.1, which is scheduled for release at the end of the year.

The PHP team has confirmed to BleepingComputer that they want to decommission their git server ultimately and switch to GitHub permanently in the coming days.

Continue Reading

Press Release

According to an internally sourced Facebook post, Rob LathERN, CHIEF OF ADVERTISING INTEGRITY who handled ads around sensitive subjects, left the company on Dec. 30 (KATIE PAUL/REUTERS).

Published

on

ads around sensitive subjects

Internal Facebook post indicates Rob Leathern, chief of advertising integrity who handled ad products around sensitive subjects, left the company on December 30  —  (Reuters) – Facebook Inc’s chief of advertising integrity, who handled the company’s ad products around sensitive subjects …

Continue Reading

Trending