By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

TV show and movie fans are being targeted by a malicious campaign that distributes a GoBot2 backdoor variant via files downloaded from several South Korean and Chinese torrent sites. The malware dubbed GoBotKR by the ESET researchers who discovered it is being disseminated as part of a campaign started back in May 2018, with hundreds of samples having already been detected on the compromised computers of users from South Korea, China, and Taiwan. GoBotKR has been developed to specifically target South Korean fans and this is shown by the South Korea-specific evasion techniques added to the original GoBot2 backdoor. The GoLang-based GoBotKR backdoor is built by customizing the GoBot2 malware publicly available since March 2017 and the features added using GoLang libraries get executed on compromised computers with the help of legitimate Windows binaries and "third-party utilities such as BitTorrent and uTorrent clients." After infecting a victim's PC, the backdoor allows its operators to add the compromised machine to "a network of bots that can then be used to perform DDoS attacks of various kinds (e.g. SYN Flood, UDP Flood, or Slowloris)." To do that it starts by gathering and exfiltrating system information (e.g., network and OS version info, CPU and GPU versions, and installed anti-malware solutions) to its command-and-control (C2) servers, making it possible for the attackers to cherry-pick which of the bots can be used in future attacks, among a huge list of other capabilities from executing commands and scripts to running proxy/HTTP servers. For more visit OUR FORUM.

A bug in Windows 10 May 2019 Update (version 1903) might be distorting graphics or representing color improperly on some monitors. If the graphics or images are distorted or messed up in some way on your device, it might be because of the Windows 10 version 1903 update. According to various reports, Windows 10 version 1903 has a compatibility issue with certain GPU where ICC profiles may not work properly for users. The result is poor image quality and abnormal gradient graphics with faint vertical lines at regular intervals. The bug also renders tones when a color profile is loaded, or when the Calibration Loader task is invoked. The color distortion issue has been confirmed by several Windows 10 users in Reddit and other forums, including Nvidia forums. In a support document, display and monitor manufacturer Eizo has confirmed that the bug is also hitting their displays and monitors after the May 2019 Update. The calibration device manufacturer DisplayCal has also confirmed the color distortion after Microsoft’s latest feature update. According to DisplayCal, Calibration loading may stop working in Windows 10 version 1903. The bug affects both the Windows-internal calibration loader and 3rd party calibration loaders. Fortunately, Microsoft appears to have deployed a fix with Windows 10 KB4501375 (Build 18362.207). Installing Windows 10 Build 18362.207 could help users resolve the color distortion problem. “Addresses an issue that may cause Night light, Color Management profiles, or gamma correction to stop working after shutting down a device,” the changelog reads. For tips on a possible workaround stop by OUR FORUM.

The U.S. Federal Bureau of Investigation (FBI) issued a warning on Twitter regarding sextortion campaigns used by scammers to target young people from all over the United States. "The internet connects you with the world. Do you know who in the world is connecting with you? Sending one explicit image can start a scary cycle," says the FBI in a tweet shared on July 3. The agency also added to their alert the fact that sextortion scams usually rely on photos sent by potential victims to people they don't know in real life. In a story published on FBI's official website at the end of May, the agency states that it is currently "seeing a significant increase in activity involving sextortion—a federal crime that happens when an adult coerces a child to produce sexually explicit photographs or video of themselves and then send it to them over the Internet." The scammers who operate sextortion campaigns that impact kids usually make use of a variety of channels to contact their young targets from social media and gaming platforms to video and dating chat apps. FBI Special Agent Brian Herrick stated that "the FBI is seeing an increasing number of cases start on connected gaming systems, where the competition is intense and the offer of game credits or codes is enough to convince a child to create an explicit image." Extortionists also employ several methods to coerce the kids to send them explicit content in the form of images or videos, from flattery and attention to involving romantic interest in their online relationship, and even offering money and various other valuable items, with threats also being involved in many cases if no other measures are successful. "The second the criminal gets a picture, that child’s life is going to be turned upside down," said Special Agent Ryan Barrett, who worked on the Finkbiner’s sextortion case from April 2012."These people are relentless. They don’t care." Get better informed by visiting OUR FORUM.

Less than two weeks ago, U.S. Cyber Command launched an offensive on Iran to disable computer systems used by the country's Revolutionary Guard Corps to control rocket and missile launches. Now, the agency has issued an unprecedented public warning that is has discovered the "active malicious use" of a Microsoft Outlook vulnerability that appears to be linked to Iran. When the U.S. opted for an offensive cyber strike instead of a more conventional missile strike in retaliation for the downing of a U.S. drone, it was painted as a backtrack but, as I reported at the time, it was actually a game changer. If the U.S. has used offensive cyber to compromise Iran's core command and control systems, it completely changes the battlefield dynamic. It was also notable that the U.S. decided to put the cyber strike into the public domain. Iran does not play in the same league as Russia or China when it comes to cyber capabilities. The country's ability to retaliate against the U.S. government is limited. But, for Iran, there are many easier targets. And one of the fears expressed by analysts after the military cyber strike was that Iran might elect to increase its cyber activity in the broader non-governmental sector. And so to this warning, and Cyber Command tweeting that it has discovered the "use of CVE-2017-11774 and recommends immediate patching," adding a disabled link to the suspected delivery URL. The vulnerability was first discovered by Sensepost and patched in 2017—so if an Outlook install has been patched there is no concern. But we all know—and countless press articles have run this year alone—that many systems remain unpatched and vulnerable, opening up entire networks to potential bad actors. The bug essentially opens a door for malicious code to escape from Outlook into the underlying operating system. And, the point at issue here is that this vulnerability has been linked to Iran before.  As reported by ZDNet, the bug was first exposed in 2017, "but by 2018, it had been weaponized by an Iranian state-sponsored hacking group known as APT33 (or Elfin), primarily known for developing the Shamoon disk-wiping malware." For more turn to OUR FORUM.

Google recently generated a flurry of coverage about its supposed privacy pivot, including an op-ed in The New York Times by chief executive Sundar Pichai. “We feel privileged that billions of people trust products like Search, Chrome, Maps, and Android to help them every day,” Pichai wrote. It’s not that we necessarily trust Google. It’s that, as a near monopoly, we have no choice. In fact, the crisis of trust — after a year of data breaches and congressional appearances — has led all the major tech companies to launch public relations campaigns around privacy. This is a smokescreen to satisfy regulators and pacify consumers while continuing their data exploitation activities. While some of the changes they have made are positive, they have no intention to give up their lucrative business model of ads powered by surveillance, which is fundamentally at odds with privacy. There was a time when we had meaningful privacy on the Internet. In the early days, dot-com barons weren’t interested in surveillance and data mining. The business model was subscriptions, led by companies like America Online, which dominated the space. As more users moved away from proprietary portals like America Online toward the open Internet, browsers and search replaced subscriber services as the gateway to the web. Clicks and user data seeded the beginnings of what is now called surveillance capitalism. By the end of the decade, a science project at Stanford was on pace to supplant “search” as a verb. Ironically, Google is an ad-funded doppelganger of the subscriber services it replaced. Instead of charging users for access, it simply spies on their online activity, location history, and behaviors to give advertisers (their true customers) unprecedented power to manipulate consumer behavior. For more navigate to OUR FORUM.

An extortion scam is being distributed that claims a Remote Access Trojan, or RAT, was installed on your computer using the EternalBlue exploit. The scammers then go on to say that they used the RAT to take videos of you on adult web sites and that you must pay a ransom or they will send it to all of your contacts. EternalBlue is an exploit allegedly created by the NSA that targets a vulnerability in the SMBv1 protocol. This vulnerability allows attackers to execute commands on a vulnerable computer that can be used to install malware. The extortion emails being distributed have a subject of "Security Alert. Your account was compromised. Password must be changed" and spins a tale that while visiting a porn site, the EternalBlue exploit was triggered to install a Remote Access Trojan on your computer. This Trojan was then allegedly used to take videos of you, steal your contacts, and your passwords. It goes on to say if you do not pay a $600 extortion demand, the attacker will send your video to all of your contacts. The reality is that this is just a scam and the senders have not utilized any exploits on your computer, there is no RAT installed, and there are no videos of you while using an adult web site. Any passwords or email addresses listed in the email are simply from data breaches where your account info was publicly disclosed. While you now know this is a scam, unfortunately not everyone else does and some people actually pay the extortion demand. Visit OUR FORUM for more.

 

GTranslate