[[{“value”:”
Law enforcement in 50 countries partner to take down ransomware, banking malware, and phishing threats.
The post 31 People Arrested in Global Cybercrime Crackdown appeared first on SecurityWeek.
“}]] Read More
SecurityWeek RSS Feed
The all in one place for non-profit security aid.
[[{“value”:”
Law enforcement in 50 countries partner to take down ransomware, banking malware, and phishing threats.
The post 31 People Arrested in Global Cybercrime Crackdown appeared first on SecurityWeek.
“}]] Read More
SecurityWeek RSS Feed
US Military Personnel Receiving Unsolicited, Suspicious Smartwatches
The US army says soldiers says unsolicited, suspicious smartwatches are being sent to soldiers, exposing them to malware attacks.
The post US Military Personnel Receiving Unsolicited, Suspicious Smartwatches appeared first on SecurityWeek.
SecurityWeek RSS Feed
JsOutProx Malware Abusing GitLab To Attack Financial Institutions
[[{“value”:”
GitLab is a prominent web-based Git repository manager that is exploited by hackers to gain unauthorized access to confidential source code, steal intellectual property or insert malicious code into projects that are hosted on GitLab.
Gitlab’s software vulnerabilities or misconfigurations in their deployment can serve as an initial point of an attack from which the whole system can be breached and other networks or systems connected to this one could be targeted.
A new variation of JSOutProx emerged as a stealthy attack framework that combines JavaScript and .NET components.
It is aimed at financial institutions in the APAC and MENA areas, using .NET serialization to foster malicious JavaScript code on compromised systems.
This modular malware, which SOLAR SPIDER has initially associated with phishing campaigns since 2019, can also incorporate plugins meant for malicious actions after an initial intrusion.
A surge in activity was detected around February 8, 2024, when a Saudi Arabian system integrator reported an incident targeting the customers of a major regional bank.
Document
Run Free ThreatScan on Your Mailbox
AI-Powered Protection for Business Email Security
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .
The campaign impersonated “mike.will@my[.]com” and employed fake SWIFT/Moneygram payment notifications to deliver malicious payloads.
Besides this, Resecurity aided multiple victims through DFIR engagements, recovering the malware used in these impersonation attacks aimed at banking customers across enterprises and individuals.
Initially reported in November 2023, Solar Spider has hosted payloads on GitHub repositories. But for JavaScript code, instead of that, they use PDF files to make their malware look like.
The group shifted from a preference for GitHub to GitLab repositories when Resecurity discovered a new sample from this group utilizing GitLab repositories on March 27, 2024, designed as a multi-stage infection chain.
On the 25th of March, 2024, several GitLab accounts that belonged to this actor were registered to host malicious payloads in repositories such as “docs909” (established on April 2) and “dox05” (established on March 26).
This rotating repository tactic probably assists in maintaining different payloads for various victims.
After delivering the malware successfully, the actor deletes the repository and opens another.
It is noteworthy that Resecurity secured the latest payloads uploaded on April 2nd, 2024, throwing light upon a developing GitLab campaign.
To detect, prevent, and mitigate JSOutProx RAT malware that has hidden JavaScript backdoors, which are not easy to understand, and contains modules with command execution capacity, file operations capability, persistence mechanisms, screen capturing functionalities, and system control.
One exceptional point is how it employs the Cookie header while communicating with C2s.
Resecurity downloaded the deobfuscated implants from archived payloads, and its analysts found some decoded JavaScript codes for further analysis and defensive measures.
The first stage implant has functionalities that allow it to update, set proxy/sleep times, execute processes, evaluate JavaScript, and exit.
It interacts with ActiveXObject, a Windows Script Host object used for malicious automation tasks. The second stage adds other plug-ins that broaden the malware’s range of functions.
Moreover, the continuously evolving malware exhibits an organized development effort, attacking high-profile victims in government and finance sectors with customized lures.
Is Your Network Under Attack? – Read CISO’s Guide to Avoiding the Next Breach – Download Free Guide
The post JsOutProx Malware Abusing GitLab To Attack Financial Institutions appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
Peloton accused of providing customer chat data to train AI
It seems that Peloton may have been providing more training than just for its customers, as it’s set to face court in California accused of using user chat data to train AI.
Peloton Interactive, Inc. is a US-based exercise equipment and media company, known for its stationary bicycles, treadmills, and indoor rowers equipped with internet-connected touch screens that stream live and on-demand fitness classes through a subscription service.
In June 2023, legal firm Consumer Advocates filed a class-action lawsuit alleging that AI-powered marketing firm Drift processed chat data between Peloton users and company representatives without permission.
The suit accuses Peloton of violating the anti-wiretapping California Invasion of Privacy Act (CIPA), and although the accusation names Drift, the lawsuit is only against Peloton.
The user data comes from the chat function on Peloton’s website which allows current and would-be customers to ask questions. The complaint claims that users were not made aware of the fact that Drift was recording and analyzing their chat content.
Despite Peloton’s attempts to get the case thrown out, the court allowed it to go forward, albeit with some restrictions. The issue at hand is whether or not Peloton sought the affected users’ permission before conveying their information to Drift. Although Peloton has the right to go through the chat content as it is a part of the conversation, the real problem is the passing of this information to Drift.
Drift, which was bought by Salesloft in February, is a platform that focuses on personalizing conversations at every stage of the buyer’s journey, and as such offers conversational AI for customer service and marketing.
The accusation says that website chat users were not notified that the content of the chat was automatically captured by Drift to be stored and analyzed. It is now up to the court to determine if the Peloton customers had sufficient information on how their data would be handled and whether they had the ability to agree or disagree.
With recent protests against Meta, Google, and Adobe among others, about using user’s input as training data for AI, Peloton can expect to face negative effects even if the court decides in its favor.
Either way, customers should be careful about the data they provide to chatbots.
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.
Go into your vacation knowing you’re much more secure: This summer you can get a huge 50% off a Malwarebytes Standard subscription or Malwarebytes Identity bundle. Run, don’t walk!