LinkedIn smart links leveraged in credential phishing campaign https://cybernews.com/security/linkedin-smart-links-phishing-campaign/
A recent phishing campaign is leveraging newly created or compromised LinkedIn business accounts.LinkedIn smart links are used by business accounts to track engagement metrics. Emails with smart links embedded into them can bypass various security suites since they are using a trusted LinkedIn domain.
An email with a generic subject first arrives in a victim’s inbox. It might resemble a notification about documents, security, financial, and human resources.
Upon clicking the link, the user eventually lands on a phishing page asking to log in using their Microsoft Office credentials.
“The Finance and Manufacturing sectors were the most targeted. Despite Finance and Manufacturing having higher volumes, it can be concluded that this campaign was not a direct attack on any one business or sector but a blanket attack to collect as many credentials as possible using LinkedIn business accounts and Smart Links to carry out the attack,”
In this case, the attackers use LinkedIn’s smart links, a feature that allows users to share documents and presentations with their connections, to carry out their phishing campaign. The attacker creates a document or presentation containing a malicious link and uploads it to LinkedIn using the smart links. The attacker then sends a message to their target on LinkedIn, encouraging them to view the document or presentation. This message might be disguised as a job offer or a professional opportunity to make it more enticing.
If the target clicks on the smart link to view the document or presentation, they are taken to a page that looks like a legitimate LinkedIn login page. However, this page is controlled by the attacker.
Suppose the target enters their LinkedIn username and password into this fake login page. In that case, the attacker can capture this information and use it to gain unauthorized access to the target’s LinkedIn account.
This attack is hazardous because it uses a trusted platform (LinkedIn) and a legitimate feature (smart links) to trick users into providing their login credentials.
My take on this article is that using LinkedIn Smart Links in a credential phishing campaign reminds me of the importance of vigilance, education, and continuous efforts to combat evolving cyber threats. It underscores the need for individuals and organizations to remain proactive in defending against phishing and other cyberattacks. Also, it’s crucial to double-check the URL of the page you’re on before entering your login information and to be wary of unsolicited messages asking you to view documents or presentations.
https://thehackernews.com/2023/10/spynote-beware-of-this-android-trojan.html
This article is about how the use of an Android banking trojan SpyNote requests invasive permissions to access call logs, cameras, SMS messages, and external storage. It also seeks accessibility permissions, subsequently leveraging it to give itself additional permissions to record audio, and phone calls, log keystrokes, and capture screenshots of the phone via MediaProjection API. The way that people send out this malware is by SMS phishing campaigns, and attack chains involving the spyware to trick potential victims into installing the app by clicking embedded links. The app hides its presence from the Android home screen and recent screen to avoid detection. The app not only hides itself but also has a service which is called Diehard to resist attempts to delete or terminate the app by the user or the operating system. It will restart automatically whenever it is about to shut down and if you try to uninstall it from the settings it prevents you by closing the menu screen because it abuses the accessibility APIs. The only option left to delete the app and its malware is to conduct a factory reset losing all data in the process.
https://ng.investing.com/news/stock-market-news/ceos-lack-of-confidence-in-cybersecurity-resilience-may-hinder-growth-93CH-1106663
The article discusses a study conducted by Accenture, which uncovers a contradiction, in the perspectives of CEOs regarding cybersecurity. While most CEOs acknowledge the importance of cybersecurity for business growth and stability a significant number lack confidence in preventing or managing cyberattacks. The article emphasizes that many CEOs tend to take a stance towards cybersecurity often overlooking its inclusion in their business plans. Additionally it highlights a misconception among CEOs; that implementing cybersecurity measures is more costly than dealing with the aftermath of a cyberattack. The study further explores the role of cybersecurity as a trust building factor raises concerns about the threat posed by AI in cyberattacks and provides recommendations for adopting a proactive and integrated approach, to cybersecurity.
https://www.infosecurity-magazine.com/news/espionage-campaign-targets-apac/
Kaspersky has uncovered a sophisticated espionage campaign named “TetrisPhantom” targeting government institutions in the Asia-Pacific region. What sets it apart is its use of secure USB drives for data infiltration. The operation allows attackers to gain control over victim devices and transfer stolen data via these USB drives. The threat actor employs advanced techniques such as software obfuscation and direct communication with USB drives. To protect against such attacks, Kaspersky recommends proactive measures like keeping software updated, being cautious with sensitive information requests, sharing threat intelligence with cybersecurity teams, improving team skills, and using endpoint detection and response solutions.
The Clark County School District (CCSD) experienced a cybersecurity breach where an unauthorized entity accessed personal data of students, parents, and employees. The intrusion, identified 11 days prior to the announcement, has not led to any identity theft reports at the moment. CCSD is actively investigating with experts, notifying affected individuals by mail with guidance on information safety.
The US cybersecurity agency CISA, the FBI and the Multi-State Information Sharing and Analysis Center (MS-ISAC), have issued a warning regarding a critical zero-day vulnerability in Atlassian Confluence Data Center and Server. Tracked as CVE-2023-22515. with a high CVSS score of 9.8. This flaw allows remote exploitation without authentication and leads to privilege escalation in on-premises Confluence instances. Hackers can create unauthorized administrator accounts, potentially enabling them to modify crucial configuration settings. With the release of proof-of-concept exploit code, malicious actors have begun targeting the vulnerability, prompting CISA, FBI, and MS-ISAC to anticipate widespread exploitation in government and private networks. Organizations are strongly advised to update to the patched versions of Confluence and restrict network access until updates are applied. The advisory includes details on exploitation and indicators of compromise to help organizations detect malicious activity related to this vulnerability.
“Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software”
On October 17, 2023, critical security vulnerabilities were discovered in the CasaOS open-source personal cloud software, posing a significant cyber threat. These flaws, identified as CVE-2023-37265 and CVE-2023-37266, allowed attackers to bypass authentication requirements, gaining complete control over susceptible systems with a CVSS score of 9.8 out of 10. Thomas Chauchefoin, a Sonar security researcher, found that these vulnerabilities enabled attackers to exploit CasaOS’ dashboard, potentially compromising sensitive data. Additionally, the software’s support for third-party applications could be manipulated to execute arbitrary commands, providing persistent access and the ability to infiltrate internal networks. The issues were responsibly disclosed on July 3, 2023, and promptly addressed in version 0.4.4 released by maintainers IceWhale on July 14, 2023. Successful exploitation of these flaws could grant unauthorized access and administrative privileges on vulnerable CasaOS instances. Chauchefoin emphasized the risks associated with relying on IP address identification at the application layer for security decisions, urging caution due to the complexities involved in interpreting various HTTP headers and nuances within different frameworks.
URL: https://thehackernews.com/2023/10/critical-vulnerabilities-uncovered-in.html
This article talks about Mike Rogers, who was the former NSA director noted that AI is a double edge sword in regards to the cybersecurity perspective, and that it brings advantages and disadvantages. It will provide the ability to create more knowledge about about the enemies are doing, but it will also increase the ability of other entities to penetrate their system. To further explain the disadvantages, it could help attackers simulate defensive moves companies and targets are put in place. In the Verizon 2023 data breach report, it was suggested that companies have the advantage in the short term, but eventually attackers will beat them with more complex attacks,
Sensitive data of more than 820,000 customers were leaked due to a misconfiguration in its systems.
The victims most affected by the data leak were those using the services of DNA Micro’s subsidiary company InstaProtek, which provides a screen warranty service as well as Liquipel and Otterbox, who use the warranty service as screen protectors and phone case manufacturers,
The companies sell their products with a “You break it, we fix it” guarantee, taking responsibility for replacing the device’s screen in case damage occurs while using its products. DNA Micro gathered customer data and stored it on its systems to administer warranty services.
Unfortunately, it left the data – which included private information about devices and their owners – open to public access.
Through the exposed data, cyber attacks such as phishing, and disruption of mobile cellular service by exploiting the IMEI numbers, malware by exploiting OS version information exposed, and SIM swapping due to the exposed phone numbers. The blame is assigned to three open Kibana instances containing sensitive data belonging to DNA Micro. The largest publicly accessible data store was as big as 81GB. These tools are designed to be used on local or private networks. Once the instance is exposed to the internet – without being secured by authentication – it’s accessible to anyone. This includes threat actors, who can easily exploit the leaked data.
LinkedIn smart links leveraged in credential phishing campaign
https://cybernews.com/security/linkedin-smart-links-phishing-campaign/
A recent phishing campaign is leveraging newly created or compromised LinkedIn business accounts.LinkedIn smart links are used by business accounts to track engagement metrics. Emails with smart links embedded into them can bypass various security suites since they are using a trusted LinkedIn domain.
An email with a generic subject first arrives in a victim’s inbox. It might resemble a notification about documents, security, financial, and human resources.
Upon clicking the link, the user eventually lands on a phishing page asking to log in using their Microsoft Office credentials.
“The Finance and Manufacturing sectors were the most targeted. Despite Finance and Manufacturing having higher volumes, it can be concluded that this campaign was not a direct attack on any one business or sector but a blanket attack to collect as many credentials as possible using LinkedIn business accounts and Smart Links to carry out the attack,”
In this case, the attackers use LinkedIn’s smart links, a feature that allows users to share documents and presentations with their connections, to carry out their phishing campaign. The attacker creates a document or presentation containing a malicious link and uploads it to LinkedIn using the smart links. The attacker then sends a message to their target on LinkedIn, encouraging them to view the document or presentation. This message might be disguised as a job offer or a professional opportunity to make it more enticing.
If the target clicks on the smart link to view the document or presentation, they are taken to a page that looks like a legitimate LinkedIn login page. However, this page is controlled by the attacker.
Suppose the target enters their LinkedIn username and password into this fake login page. In that case, the attacker can capture this information and use it to gain unauthorized access to the target’s LinkedIn account.
This attack is hazardous because it uses a trusted platform (LinkedIn) and a legitimate feature (smart links) to trick users into providing their login credentials.
My take on this article is that using LinkedIn Smart Links in a credential phishing campaign reminds me of the importance of vigilance, education, and continuous efforts to combat evolving cyber threats. It underscores the need for individuals and organizations to remain proactive in defending against phishing and other cyberattacks. Also, it’s crucial to double-check the URL of the page you’re on before entering your login information and to be wary of unsolicited messages asking you to view documents or presentations.
https://thehackernews.com/2023/10/spynote-beware-of-this-android-trojan.html
This article is about how the use of an Android banking trojan SpyNote requests invasive permissions to access call logs, cameras, SMS messages, and external storage. It also seeks accessibility permissions, subsequently leveraging it to give itself additional permissions to record audio, and phone calls, log keystrokes, and capture screenshots of the phone via MediaProjection API. The way that people send out this malware is by SMS phishing campaigns, and attack chains involving the spyware to trick potential victims into installing the app by clicking embedded links. The app hides its presence from the Android home screen and recent screen to avoid detection. The app not only hides itself but also has a service which is called Diehard to resist attempts to delete or terminate the app by the user or the operating system. It will restart automatically whenever it is about to shut down and if you try to uninstall it from the settings it prevents you by closing the menu screen because it abuses the accessibility APIs. The only option left to delete the app and its malware is to conduct a factory reset losing all data in the process.
https://ng.investing.com/news/stock-market-news/ceos-lack-of-confidence-in-cybersecurity-resilience-may-hinder-growth-93CH-1106663
The article discusses a study conducted by Accenture, which uncovers a contradiction, in the perspectives of CEOs regarding cybersecurity. While most CEOs acknowledge the importance of cybersecurity for business growth and stability a significant number lack confidence in preventing or managing cyberattacks. The article emphasizes that many CEOs tend to take a stance towards cybersecurity often overlooking its inclusion in their business plans. Additionally it highlights a misconception among CEOs; that implementing cybersecurity measures is more costly than dealing with the aftermath of a cyberattack. The study further explores the role of cybersecurity as a trust building factor raises concerns about the threat posed by AI in cyberattacks and provides recommendations for adopting a proactive and integrated approach, to cybersecurity.
https://www.infosecurity-magazine.com/news/espionage-campaign-targets-apac/
Kaspersky has uncovered a sophisticated espionage campaign named “TetrisPhantom” targeting government institutions in the Asia-Pacific region. What sets it apart is its use of secure USB drives for data infiltration. The operation allows attackers to gain control over victim devices and transfer stolen data via these USB drives. The threat actor employs advanced techniques such as software obfuscation and direct communication with USB drives. To protect against such attacks, Kaspersky recommends proactive measures like keeping software updated, being cautious with sensitive information requests, sharing threat intelligence with cybersecurity teams, improving team skills, and using endpoint detection and response solutions.
The Clark County School District (CCSD) experienced a cybersecurity breach where an unauthorized entity accessed personal data of students, parents, and employees. The intrusion, identified 11 days prior to the announcement, has not led to any identity theft reports at the moment. CCSD is actively investigating with experts, notifying affected individuals by mail with guidance on information safety.
https://www.ktnv.com/news/education/clark-county-school-district-investigating-cybersecurity-incident-no-reports-of-identity-theft-so-far
https://www.securityweek.com/nsa-publishes-ics-ot-intrusion-detection-signatures-and-analytics/
The US cybersecurity agency CISA, the FBI and the Multi-State Information Sharing and Analysis Center (MS-ISAC), have issued a warning regarding a critical zero-day vulnerability in Atlassian Confluence Data Center and Server. Tracked as CVE-2023-22515. with a high CVSS score of 9.8. This flaw allows remote exploitation without authentication and leads to privilege escalation in on-premises Confluence instances. Hackers can create unauthorized administrator accounts, potentially enabling them to modify crucial configuration settings. With the release of proof-of-concept exploit code, malicious actors have begun targeting the vulnerability, prompting CISA, FBI, and MS-ISAC to anticipate widespread exploitation in government and private networks. Organizations are strongly advised to update to the patched versions of Confluence and restrict network access until updates are applied. The advisory includes details on exploitation and indicators of compromise to help organizations detect malicious activity related to this vulnerability.
“Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software”
On October 17, 2023, critical security vulnerabilities were discovered in the CasaOS open-source personal cloud software, posing a significant cyber threat. These flaws, identified as CVE-2023-37265 and CVE-2023-37266, allowed attackers to bypass authentication requirements, gaining complete control over susceptible systems with a CVSS score of 9.8 out of 10. Thomas Chauchefoin, a Sonar security researcher, found that these vulnerabilities enabled attackers to exploit CasaOS’ dashboard, potentially compromising sensitive data. Additionally, the software’s support for third-party applications could be manipulated to execute arbitrary commands, providing persistent access and the ability to infiltrate internal networks. The issues were responsibly disclosed on July 3, 2023, and promptly addressed in version 0.4.4 released by maintainers IceWhale on July 14, 2023. Successful exploitation of these flaws could grant unauthorized access and administrative privileges on vulnerable CasaOS instances. Chauchefoin emphasized the risks associated with relying on IP address identification at the application layer for security decisions, urging caution due to the complexities involved in interpreting various HTTP headers and nuances within different frameworks.
URL: https://thehackernews.com/2023/10/critical-vulnerabilities-uncovered-in.html
https://thehill.com/policy/technology/4261433-former-nsa-director-ai-is-double-edged-sword-for-cybersecurity/
This article talks about Mike Rogers, who was the former NSA director noted that AI is a double edge sword in regards to the cybersecurity perspective, and that it brings advantages and disadvantages. It will provide the ability to create more knowledge about about the enemies are doing, but it will also increase the ability of other entities to penetrate their system. To further explain the disadvantages, it could help attackers simulate defensive moves companies and targets are put in place. In the Verizon 2023 data breach report, it was suggested that companies have the advantage in the short term, but eventually attackers will beat them with more complex attacks,
DNA Micro, a Californian IT company leaks private mobile phone data
https://cybernews.com/security/dna-micro-data-leak/
Sensitive data of more than 820,000 customers were leaked due to a misconfiguration in its systems.
The victims most affected by the data leak were those using the services of DNA Micro’s subsidiary company InstaProtek, which provides a screen warranty service as well as Liquipel and Otterbox, who use the warranty service as screen protectors and phone case manufacturers,
The companies sell their products with a “You break it, we fix it” guarantee, taking responsibility for replacing the device’s screen in case damage occurs while using its products. DNA Micro gathered customer data and stored it on its systems to administer warranty services.
Unfortunately, it left the data – which included private information about devices and their owners – open to public access.
Through the exposed data, cyber attacks such as phishing, and disruption of mobile cellular service by exploiting the IMEI numbers, malware by exploiting OS version information exposed, and SIM swapping due to the exposed phone numbers. The blame is assigned to three open Kibana instances containing sensitive data belonging to DNA Micro. The largest publicly accessible data store was as big as 81GB. These tools are designed to be used on local or private networks. Once the instance is exposed to the internet – without being secured by authentication – it’s accessible to anyone. This includes threat actors, who can easily exploit the leaked data.