-
DNS HIJACKING. What is this attack & how does it work?
Knowing how attackers can attack us, let's understand how DNS interception works and what you can do to protect yourself.DNS hijacking is one type of DNS attack. This attack can be carried out in three ways:By installing malware on the victim's PC;By seizing control of routers;By hacking the DNS connection.The attackers then change the IP address of the resource corresponding to a specific domain name and redirect the victim to their own site instead of the site they requested, where the user is prompted to enter their credentials or banking information.How does DNS interception work?When...
-
LSA is natural LSD
Psychedelic drugs can change perceptions, change belief systems, and radically alter states of consciousness. While modern research is rapidly re-introducing substances such as psilocybin and LSD, nature still provides many psychoactive compounds that remain poorly understood. One such substance that has yet to be placed under the microscope is LSA.LSA, or d-lysergic acid amide, is a psychedelic substance that is structurally similar to LSD (Lysergic acid diethylamide). However, unlike LSD, it does not need to be synthesized as it occurs naturally. LSA is found in the seeds of morning glory, a group of over 1,000...
-
Royal ransomware extorts up to 11 million dollars from victims
Royal malware with royal ransom demands.The US Cybersecurity and Infrastructure Security Agency (CISA) said cybercriminals used a variant of the Royal ransomware to attack more than 100 US and international organizations.Once inside the target's system, the hackers disable the antivirus software and steal large amounts of data before deploying the Royal ransomware. The CIA believes that the Royal malware is based on the Zeon malware that is associated with the Conti syndicate.The Royal hackers demanded a ransom of between $1 million and $11 million in bitcoin. Notably, the cybercriminals did not include ransom amounts and...
-
Play hacker group claims responsibility for Oakland attack
American citizens have finally learned who is behind the massive failure of IT networks.The Play ransomware gang has claimed responsibility for a cyber attack on the American city of Oakland that occurred in the first half of February. This attack severely disrupted the city's IT systems. Local authorities even had to declare a state of emergency in the city.Oakland is an American city in the state of California, located on the east side of the San Francisco Bay. The population is about 440 thousand people. The city serves as the main transportation center and economic...
-
Previously unknown Android spyware targets South Korean journalists
North Korean government hackers spy on South Korean journalists using an infected Android app as part of a social engineering campaign. This was reported by the South Korean non-profit organization Interlab, which discovered a new malware called RambleOn.The application gives access to the target's contact list, SMS messages, voice calls, location and other data. The spyware masquerades as the anonymous Fizzle messenger (ch.seme), but actually acts as a conduit for delivering the next stage payload hosted in pCloud and Yandex.The app was reportedly sent as an APK file on Chinese messenger WeChat on December 7,...
-
Samsung will protect its users from invisible Zero-Click attacks
Samsung has announced a new feature called Message Guard, which protects users from malicious activities using so-called "Zero-Click" attacks.The South Korean conglomerate said the solution "proactively" protects users' devices by "limiting exposure to invisible threats disguised as image attachments."The feature available on Samsung Messages and Google Messages is currently limited to the Samsung Galaxy S23 series of smartphones. But this year, the company plans to expand the feature to other Galaxy smartphones and tablets running One UI 5.1 or higher.Zero-click attacks are targeted and sophisticated attacks that exploit previously unknown vulnerabilities (such as zero-day) to...
-
Asian scammers made about $3 million using "Pig Butchering" method
The attackers ingratiated themselves and convinced their victims to voluntarily invest money on fake crypto platforms.Last October, Sean Gallagher, a senior threat researcher at cybersecurity firm Sophos, received an unexpected text message from a young Malaysian woman who identified herself as Harley. She said she previously ran a wine business in Vancouver, but due to the COVID-19 pandemic, the business had to wind down, and as a result, Harley learned how to make money through another trade - cryptocurrency.Harley told Sean that she was ready to share all her secrets with him, to which he...
-
Washington state public transit system hit by LockBit ransomware
The payment deadline has passed, it looks like the attackers will again be left with a nose.Pierce Transit, a public transit company in Pierce County, Washington, has confirmed that a ransomware attack compromised some of its systems two weeks ago. According to the company, the attack occurred on February 14 and forced the organization to take temporary workarounds.“Third-party forensic experts were brought in to thoroughly investigate the nature and extent of the incident, and law enforcement agencies were notified. It is important to note that our transit operations and passenger safety were not affected by...
-
The fight for dominance in the darknet market
Hydra Market accounted for 93% of all illegal underground economic activity. Before the closure of the site, the average daily income of all underground markets was about $4.2 million, and after the closure of the marketplace, according to Chainalysis, this figure fell to $447 thousand. If in 2021 the revenue of the DarkWeb market was about $3.1 billion, then in 2022 the revenue of the darknet decreased to $1.5 billion.10 months after the shutdown of Hydra, dark web trading still hasn't recovered. According to Chainalysis, there are three new candidates for the largest online marketplace:...
-
Updated Pakistani Trojan ReverseRAT targets Indian government agencies
Security company ThreatMon has discovered a spear-phishing campaign targeting government agencies in India that leads to the deployment of an updated version of the ReverseRAT trojan. ThreatMon experts attributed this activity to the SideCopy group.SideCopy is a Pakistani-born hacker group that overlaps with another threat actor called the Transparent Tribe. It is so named because it mimics SideWinder's infection chains to deliver its own malware. SideCopy was first seen in 2021 during the deployment of ReverseRAT in attacks against governments and energy companies in India and Afghanistan.The detected SideCopy campaign uses the Kavach two-factor authentication...
