A new Android malware named NGate can steal money from payment cards by relaying to an attacker’s device the data read by the near-field communication (NFC) chip. […] Read More
The all in one place for non-profit security aid.
A new Android malware named NGate can steal money from payment cards by relaying to an attacker’s device the data read by the near-field communication (NFC) chip. […] Read More
North Korean State-Sponsored Hackers Suspected in JumpCloud Supply Chain Attack
An analysis of the indicators of compromise (IoCs) associated with the JumpCloud hack has uncovered evidence pointing to the involvement of North Korean state-sponsored groups, in a style that’s reminiscent of the supply chain attack targeting 3CX.
The findings come from SentinelOne, which mapped out the infrastructure pertaining to the intrusion to uncover underlying patterns. It’s worth noting Read More
The Hacker News | #1 Trusted Cybersecurity News Site
CISA Announces New Logging Tool for Windows-based Devices
The Cybersecurity and Infrastructure Security Agency (CISA) has launched a new version of Logging Made Easy (LME), a free and simple log management solution for Windows-based devices.
LME is based on a technology developed by the United Kingdom’s National Cyber Security Centre (NCSC), which was decommissioned in March 2023.
LME is designed to help organizations improve their cybersecurity by providing greater visibility into the security events and activities on their Windows devices.
Document
FREE Webinar
Join us for a live webinar where we will discuss the major challenges that CISOs commonly face while setting up alerts, and ways to minimize them. In addition, the webinar will cover the most common threat vectors as well as the importance of API security.
LME collects and centralizes logs from various sources, such as Windows Event Logs, Sysmon, and PowerShell, and allows users to analyze them using a web interface or a command-line tool.
LME is especially useful for small and medium-sized organizations that lack the resources or expertise to implement a more comprehensive log management solution.
LME can help them detect and respond to cyber threats, such as ransomware, phishing, or credential theft, by providing alerts and indicators of compromise.
CISA Director Jen Easterly said that LME is a great resource created by NCSC that provides basic logging of security information for Windows devices.
She added that CISA’s version of LME reimagines the technology and makes it available to a wider audience.
She urged organizations to secure their Windows devices today by downloading the free LME technical solution.
LME is one of CISA’s shared services product offerings, which aims to provide cost-effective and scalable cybersecurity solutions to public and private sector stakeholders.
CISA plans to expand LME’s capabilities and features in the future based on user feedback and demand.
Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.
The post CISA Announces New Logging Tool for Windows-based Devices appeared first on Cyber Security News.
Cyber Security News
Beware! Android Banking Trojan Mimics As Google Play Updates
A new Android banking Trojan, Antidot, emerged in May 2024, which steals credentials through overlay attacks and has various functionalities for complete device control.
Antidot uses VNC, keylogging, screen recording, and call forwarding to capture sensitive information.
It can also collect contacts and SMS messages, initiate USSD requests, and lock/unlock the device. The malware utilizes custom encryption and obfuscation techniques to hinder analysis.
ANYRUN malware sandbox’s 8th Birthday Special Offer: Grab 6 Months of Free Service
The Antidot Android Banking Trojan is disguised as a Google Play update app and delivers a fake Google Play update page during installation, which has been seen in multiple languages, suggesting the malware targets users in German, French, Spanish, Russian, Portuguese, Romanian, and English speaking regions.
The Android malware Antidot utilizes social engineering to trick users into granting accessibility permissions, and upon installation, a deceptive update page with a “Continue” button is displayed.
Clicking this button redirects the user to the Accessibility Settings menu, and by gaining Accessibility privileges, Antidot, similar to other Android banking Trojans, can perform malicious actions without the user’s knowledge or awareness, which enables the malware to steal sensitive information and potentially take control of the device.
The Antidot banking trojan utilizes a combination of HTTP and WebSocket protocols to establish real-time, two-way communication with its Command and Control (C&C) server and initiates contact through an HTTP request but leverages WebSocket’s “socket.io” library for continuous data exchange.
The malware communicates using “ping” and “pong” messages. Client-side “ping” messages transmit Base64 encoded data, while server replies (“pong”) contain commands in plain text for the malware to execute, allowing the C&C server to discreetly issue instructions to the infected device.
It initiates contact with the attacker’s C&C server by sending a “ping” message containing encoded device information like app name, version, device model, manufacturer, and installed apps.
Upon successful communication, the server responds with a “pong” message assigning a unique bot ID to the infected device, while the malware retrieves additional backup C&C server addresses during this exchange, ensuring continued communication even if the primary server goes offline.
According to Cyble, the Antidot Banking Trojan establishes a two-way communication channel with its server upon receiving a unique bot ID, as the malware transmits bot statistics and fetches commands from the server.
The commands, totaling 35, grant the attacker extensive control over the victim’s device, including stealing information (SMS, contacts, keystrokes), manipulating the interface (overlay windows, brightness), and even controlling the device itself (taking pictures, making calls, initiating sleep mode).
The Antidot Android Banking Trojan utilizes overlay attacks and keylogging to steal user credentials.
It overlays fake phishing pages resembling legitimate apps (like banking apps) on top of real ones, tricking users into entering their credentials into the malware.
Additionally, it logs every keystroke the victim types, as it communicates with a command-and-control server, sending stolen data and receiving instructions, and if the server detects the device isn’t the intended target, it instructs the malware to prompt the user to uninstall itself via an “SOS” command.
Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers
The post Beware! Android Banking Trojan Mimics As Google Play Updates appeared first on Cyber Security News.