Adobe is inviting security researchers to join its private bug bounty program on the HackerOne platform.
The post Adobe Inviting Researchers to Private Bug Bounty Program appeared first on SecurityWeek.
The all in one place for non-profit security aid.
Adobe is inviting security researchers to join its private bug bounty program on the HackerOne platform.
The post Adobe Inviting Researchers to Private Bug Bounty Program appeared first on SecurityWeek.
Attention Travelers! Beware of Booking.com Themed Phishing Attacks
Phishing attacks are a type of social engineering scam where attackers trick victims into revealing sensitive information.
In phishing attacks, the attackers often impersonate trusted entities like banks or companies in emails, texts, or calls to trick victims into clicking malicious links or attachments.
Cybersecurity researchers at OSINTMATTER recently warned travelers of Booking[.]com themed phishing attacks.
A sophisticated phishing attack targets “Booking[.]com” by compromising hotel managers’ accounts to scam customers.
Here, the threat actor uses a fake domain (extraknet-booking[.]com) that mimics the legitimate “extranet-booking.com.”
They employ JavaScript obfuscation using parseInt to encode strings that include the “Cyrillic text” (“загружено” or “loaded”), possibly indicating Russian-speaking origins.
Researchers warned that the attack utilizes SEO poisoning to boost malicious site rankings in search results.
Notably, the “238 STUN” (Session Traversal Utilities for NAT) binding requests were identified using non-standard high ports for potential data exfiltration or maintaining communication with compromised systems.
Decoding Compliance: What CISOs Need to Know – Join Free Webinar
This attack has been associated with the Ninja Trojan as it belongs to one of the complex malware that can evade detection by loading into memory. Among them, there are dozens of sites associated with the scripts of the phishing site.
This technique uses “UDP hole punching,” which allows for the penetration of NAT firewalls and helps to compromise the target’s internal networks.
This sophisticated approach combines several technical elements to create a highly effective and evolving threat.
The sophisticated phishing attack on Booking[.]com employed advanced techniques to evade detection and maximize impact.
At its core, the attack utilized dynamic cloaking which allowed the attackers to display either a malicious fake portal, the genuine Booking[.]com page, or error pages, depending on factors like IP address and browser settings.
The attack infrastructure included a fake domain (extraknet-booking[.]com) and employed JavaScript obfuscation to hide malicious code. STUN binding requests and UDP hole punching were used to maintain persistent access.
A critical component was an iFrame linked to hundreds of other phishing pages which acted as a centralized hub for distributing malicious content.
This iFrame, pointing to httxxx://ls.cdn-gw-dv[.]vip/+dedge/zd/zd-service[.]html, allowed for centralized control, wide reach, and tracking of attack effectiveness.
The phishing pages exhibited varied behaviors during testing like timeouts and 404 errors that were achieved through RST injection.
Here the sophistication of the attack suggests a connection to the “Ninja” Trojan malware.
The primary goal appeared to be infecting hotel managers’ devices, likely as a precursor to exploiting Booking[.]com’s chat system for distributing malicious links to customers in a subsequent phase of the attack.
Are You From SOC/DFIR Teams? – Try Advanced Malware and Phishing Analysis With ANY.RUN – 14-day free trial
The post Attention Travelers! Beware of Booking.com Themed Phishing Attacks appeared first on Cyber Security News.
See me speak at webinar about data security for financial services
Join me and Metomic CEO Richard Vibert for a discussion about some of the cybersecurity challenges faced by the financial services industry, and how you can best protect your organisations. Sign up now for the free event on February 29 2024. Read More
Graham Cluley
Maxar Space Systems Suffers Data Breach, Hackers Gain Unauthorized Access
Maxar Space Systems, a leading provider of space technology and geospatial intelligence, has recently fallen victim to a significant cybersecurity incident.
On October 11, 2024, the company’s information security team discovered that a hacker, operating from a Hong Kong-based IP address, had successfully targeted and accessed a Maxar system containing sensitive employee data.
The breach, which is believed to have lasted for approximately one week before detection, exposed various categories of personal information.
Affected data includes home addresses, social security numbers, business contact details, employee numbers, job titles, and employment dates.
However, the company has confirmed that no bank account information or dates of birth were compromised in the incident. Besides this, researchers at IDX observed that upon discovery of the unauthorized access, Maxar immediately took action to prevent further intrusion and secure their systems.
Maximizing Cybersecurity ROI: Expert Tips for SME & MSP Leaders – Attend Free Webinar
The company has also notified law enforcement agencies about the breach and is cooperating fully with ongoing investigations.
In response to the incident, Maxar has implemented several measures to protect affected individuals:
Maxar has emphasized the importance of vigilance and recommended that affected individuals take proactive steps to safeguard their personal information. These steps include closely monitoring financial accounts, considering credit freezes, and obtaining free credit reports from major credit reporting agencies.
The company has also retained an external third-party firm to conduct a thorough investigation of the incident and ensure that any vulnerabilities that allowed the unauthorized access have been fully addressed and eliminated.
As the companies like Maxar continue to play crucial roles in global geospatial intelligence and space exploration, the protection of sensitive data becomes increasingly critical.
Due to this, the experts highlights the importance of robust cybersecurity measures, regular security audits, and employee training to mitigate the risks of such breaches.
As investigations continue, Maxar has committed to providing updates to affected individuals and implementing additional security measures to prevent future incidents.
The incident highlights the growing sophistication of cyber threats and the need for constant vigilance in protecting sensitive information, particularly in high-tech industries dealing with critical infrastructure and national security-related data.
Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN -> Try for Free
The post Maxar Space Systems Suffers Data Breach, Hackers Gain Unauthorized Access appeared first on Cyber Security News.