By Habiba Rashid
According to claims made by Moses Staff hackers, they hacked a major Israeli security firm to access and leak the footage.
This is a post from HackRead.com Read the original post: Moses Staff Hackers Publish Footage of Jerusalem Explosion

In a dramatic series of events, an Iranian hacker group by the name of Moses Staff published footage of the bombing attack in Jerusalem on its Telegram group. As seen by Hackread.com, Moses Staff claims to have hacked the surveillance cameras belonging to a major Israeli security organization.

Along with the video, there was a Hebrew inscription that said “for a long time we had control over all your activities – step by step, moment by moment.” The video showed the exact moment of the explosion near Jerusalem’s Central Bus Station. Moses Staff also claims that it “formatted the hard drive of the camera.”

Moses Staff on Telegram (Image: Hackread.com)

However, according to the Times of Israel, authorities have denied that any such camera was hacked. They even denied operating security cameras in the area claiming that “the footage was not taken by a camera belonging to the city.”

The bombing resulted in the death of a 16-year-old boy while at least 18 others were injured. However, this is not the first time Moses Staff has initiated action in what appears to be a war between Iran and Israel in the cyber domain.

> An Iranian hacker group calling itself Moses Staff published documentation showing CCTV footage of one of the bombings that happened in Jerusalem Wednesday morning. pic.twitter.com/6ZKjb0fsy9
> 
> — Joe Truzman (@JoeTruzman) November 24, 2022

The group has previously published details of Israeli soldiers, personal documents from Israeli companies, and leaks of hundreds of thousands of Israelis. It even distributed photos about a year ago that were reportedly taken at Defense Minister Benny Gantz’s house. Lastly, they also claim to have high-quality satellite photos of Israel. 

How they proceed from here onwards will only be revealed with time but they have already made their intentions clear with a strongly-worded message on their Telegram:

“We have news, reports, operational maps, and information about your units and forces. We will publish this information to inform the whole world of your crimes.”

1.  Palestinian Engineer Jailed for Hacking Israeli CCTVs & Drones
2.  Israeli Rabbi arrested for hacking CCTV cams at a bathing suit shop
3.  Israeli Security Camera Systems targeted by Pro-Hezbollah Hackers
4.  Israeli News Channels’ Telecast Hacked; replaced with Muslim prayer
5.  Hackers Posed as Women to Con Israeli Officials into Installing Malware  
    

I am a cyber security writer and one of my favourite games is Minecraft. I also really like obscure cat memes and during my free time, if I'm not found hanging around in Discord voice channels with my friends, I'm probably cycling and taking pictures of random cats on the street.

Moses Staff Hackers Publish Footage of Jerusalem Explosion

By Habiba Rashid
So far, researchers have identified approximately 50 phishing websites, all targeting MSI Afterburner to deliver malware. 
This is a post from HackRead.com Read the original post: Watch Out Gamers: Hackers Exploiting MSI Afterburner to Deliver Coin Miner

Cyble Research & Intelligence Labs (CRIL) recently uncovered a phishing campaign used by threat actors to deliver cryptocurrency miner softwares using utility software tools.

This particular campaign exploited the well-known MSI Afterburner, used widely by gamers and other high-performance computing users. Due to being one of the better-known graphics card software used to monitor system performance, allow users to modify the hardware settings to enhance the system’s performance and to overclock the best graphics cards on the market.

The threat actors employ various methods to distribute the malware including the use of emails, online advertisements, forums, and other mediums. In the last three months, Cyble has identified approximately 50 phishing websites, all targeting MSI Afterburner to deliver malware. 

One of the phishing websites (Image: Cyble)

The threat actors who created these websites made sure to design sophisticated phishing pages that mimicked the legitimate MSI Afterburner sites to lure users into downloading coin-miner malware that performed the crypto-mining process.

However, fraudulent websites can be spotted by looking at the domain names. Cyble has identified some of the fake domains, such as (MSI-afterburner-download.site), (msi-afterburner.download) and (mslafterburners dot com.) Some are already offline, but more are likely to show up.

The payload of malware is delivered bundled with legitimate MSI Afterburner installers and after installation, it starts the process of hijacking the victim’s computer, collecting sensitive information such as computer name, username, GPU, CPU, and other details from the system. The technical details are explained in Cyble’s analysis report. 

Infection chain

Crypto mining requires dedicated hardware like GPUs because it is a power and resource-intensive activity. By hijacking the processing power of the victim’s machine, the threat actors can mine cryptocurrencies without their consent. This severely decreases the victim’s overall system performance and drains their system resources, significantly affecting the productivity of the victim user or organization. 

There are quite a few measures that users can take to ensure that their device does not become a victim of such a phishing campaign. It is advised that you check your system performance and CPU usage periodically, avoid downloading pirated software from Warez/Torrent and rely on official websites only.

Moreover, turn on the automatic software update feature on your devices, use reputed antivirus, refrain from opening untrusted links and email attachments and monitor endpoints and servers for unexpected spikes in CPU and RAM utilization that could reveal potential malware infection. 

I am a cyber security writer and one of my favourite games is Minecraft. I also really like obscure cat memes and during my free time, if I'm not found hanging around in Discord voice channels with my friends, I'm probably cycling and taking pictures of random cats on the street.

Watch Out Gamers: Hackers Exploiting MSI Afterburner to Deliver Coin Miner

By Owais Sultan
One of the best things about LinkedIn is that it allows you to download a CSV file with…
This is a post from HackRead.com Read the original post: How to use Linked Helper 2 as a LinkedIn Data Export Tool

One of the best things about LinkedIn is that it allows you to download a CSV file with your first-degree connections information. This file, however, lacks the email and phone numbers of the profile.

However, provided your first-degree connection has provided this information on your LinkedIn, it can easily be obtained by Linked Helper 2. It is important to note that getting the phone numbers and emails of your second and third degree is impossible because LinkedIn does not grant you access to such information.

You can use Linked Helper 2 to export your first-degree connections on LinkedIn to a downloadable CSV file. In addition, Linked Helper 2 also gives you a chance to create a targeted mailing list. In this article, we will guide you step by step on how you can use Linked Helper as a LinkedIn data export tool.

We are going to walk you through the following steps;

*   Creation of a new campaign
*   Profile collection
*   Adjusting action configurations
*   Starting the Campaign
*   Downloading the CSV file

Let us dive in!

**1 Generate a new campaign using a template with preset commands**

To create a new campaign, open the Campaign menu and click the Create new command. A pop window will appear, requiring you to name your Campaign. The next step is selecting the type of Campaign you want. At this stage, pick **people** as the campaign type. After that, select the needed template, i.e., **Visit and Extract profiles.** Wrap up by clicking the **Create** button.

Here, the Campaign generated only has a single action. However, if more steps are needed, you can configure the Workflow and add more actions.

**2 Profile collection into your created Campaign**

Near the Campaign queue, locate and click the **Collect** button. You will then be prompted to provide the source of your profiles. Since we want to collect first-degree connection profiles, we will use **the My network page** as the source.

After collecting the profiles, you can also review them to check for errors.

**3 Fine-tune action configurations**

You can adjust action settings under the General tab. Here you can configure the action’s name and suspend the start of the action. After a profile has been processed through an activity, Linked Helper 2 can automatically remove or assign tags associated with the profile.

On the **Tags tab** under the action, enter a tag name and confirm it by pressing enter on your personal computer. Now proceed to the Display settings Tab, select Bunch, and fine-tune its size and the time between bunches.

**4 Start the Campaign**

Start the Campaign can quickly be done by clicking the **Start campaign** button on the left menu. You can also launch the Campaign by clicking the **Start** button at the topmost section of your screen.

As soon as the campaign launches, the Campaign’s status will change, and Linked Helper will display when the subsequent step is carried out. Linked Helper uses a green frame to highlight the Campaign being performed.

**5 Download CSV profiles**

Visited profiles are stored under the **Successful** sub-list by Linked Helper. To access them click the **Successful** command or **Campaign**, then **Workflow.** 

To download these profiles, first, click **the Select all** button to select all the profiles. Finish up by clicking **Download.** Remember to choose your delimiter, preferably Google Sheets or MS Excel.

1.  How to Use Excel to Scrape a Website
2.  Penetration Testing Azure: The User-Friendly Guide
3.  How to configure cPanel and WHM Panel on your VPS
4.  6 Best Ways to Make a Collaborative PowerPoint Presentation
5.  MySQL Performance Tuning: Top 5 Tips for Blazing Fast Queries

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

How to use Linked Helper 2 as a LinkedIn Data Export Tool

By Habiba Rashid
The DDoS attack took place moments after the European Parliament voted to declare the Russian government a state sponsor of terrorism.
This is a post from HackRead.com Read the original post: Killnet Hits European Parliament Website with DDoS Attack

Staying true to its reputation of being known for relying majorly on DDoS attacks, the pro-Kremlin hacking group Killnet has struck again and this time, their target was the European Parliament website.

This DDoS attack took place after the governing body voted to declare the Russian government a state sponsor of terrorism. 

The distributed denial-of-service attack or DDoS attack took place on Wednesday afternoon European time and the website stayed down for a few hours before becoming operational again. 

It is worth noting that the DDoS attack came just days after Killnet claimed responsibility for targeting government sites in the United Kingdom and vowed to target more in the coming days.

Killnet members quickly claimed the credit for the attack shortly after and posted screenshots showing the European Parliament website was unavailable in 23 countries on Telegram. Furthermore, the text accompanying the images included a homophobic remark toward the legislative body. 

“Strap-on shelling of the server part of the official website of the European Parliament!” the group posted to its Telegram channel.

Screenshot shared by Killnet in its Telegram group.

The attacks against the European Parliament came hours after the agency adopted a resolution officially identifying Russia as a state sponsor of terrorism. It was adopted by the member states with 494 votes in favor, 58 against, and 44 abstentions.

Members of the European Parliament “highlight that the deliberate attacks and atrocities committed by Russian forces and their proxies against civilians in Ukraine, the destruction of civilian infrastructure and other serious violations of international and humanitarian law amount to acts of terror and constitute war crimes,” the declaration stated. “In light of this, they recognize Russia as a state sponsor of terrorism and as a state that ‘uses means of terrorism.’”

Since the Russo-Ukraine war began in February, Killnet has launched 76 attacks against countries supporting Ukraine. 

1.  Anti-Russian OldGremlin Gang Launches Linux Malware
2.  34 Russian Hacking Groups Stole 50 Million User Passwords
3.  New DDoS Malware ‘Chaos’ Hits Linux and Windows Devices
4.  RapperBot malware targets gaming servers with DDoS attacks
5.  DDoS App Meant to Hit Russia Infected Phones of Ukrainian Activists

I am a cyber security writer and one of my favourite games is Minecraft. I also really like obscure cat memes and during my free time, if I'm not found hanging around in Discord voice channels with my friends, I'm probably cycling and taking pictures of random cats on the street.

Killnet Hits European Parliament Website with DDoS Attack

By Deeba Ahmed
Around one hundred people have been arrested by the Metropolitan Police in the United Kingdom’s biggest-ever fraud operation.…
This is a post from HackRead.com Read the original post: Police Seize iSpoof domains as UK’s largest bank call scam is disrupted

Around one hundred people have been arrested by the Metropolitan Police in the United Kingdom’s biggest-ever fraud operation. The Scotland Yard has also shut down iSpoof domains which served as a spoofing hub for scammers.

Reportedly, through that website, scammers stole tens of millions of pounds from British citizens through fake bank phone calls. The police stated that the website was used to defraud 200,000 Brits, and at least £50 million was stolen.

In June 2021, the Scotland Yard, European law enforcement agencies, and the FBI initiated an international investigation dubbed Operation Elaborate.

Authorities now plan to contact around 70,000 victims in Briton for the investigation. These individuals fell victim to the UK’s biggest scam campaign. An extensive probe revealed that scammers paid a subscription fee to iSpoof.cc and iSpoof.me for using its technology and phone victims impersonating staff members of reputed banks like Halifax, Barclays, and NatWest.

The fraudsters tricked people into giving their bank account credentials or transferring funds. Until August, they had made 10 million fake calls through iSpoof, and around 3.5 million calls were made in the UK, out of which 350,000 calls lasted over a minute.

Authorities in the USA and Ukraine helped Scotland Yard take down this website. As per the authorities, during the campaign, scammers sometimes contacted around twenty people every minute of the day using fake identities created through iSpoof.

Seized iSpoof website (Image credit: Hackread.com)

The amount stolen from the victims is yet unknown, but authorities claim it is close to £50m. One of the victims suffered a loss of £3m, and another lost £10,000. Scammers earned around £3.2m within 20 months, investigators estimated.

For your information, the iSpoof website was set up in December 2020 to allow users to disguise their phone numbers and pretend to be a caller from a reputed organization, mainly a tax office or bank. Scammers paid the subscription fee in bitcoin.

The website had around 59,000 users who paid subscriptions worth £150 and £5,000. The service was taken offline this week, and more than 100 suspects have been arrested, most of whom were residing in London. 40% of the victims were in the USA and 35% in Britain.

A British citizen and resident of east London, Teejai Fletcher, is suspected to be the mastermind of this scam campaign. The 34-year-old suspect was charged with fraud, participating in activities of an organized criminal group, and supplying/making articles used in fraud. The suspect is in police custody and will be presented before the court in two weeks.

1.  Indian call center seized over Amazon hacking scam
2.  World’s Largest Private Torrent Site Filelist.ro Seized
3.  WT1SHOP Cybercrime Market Seized by US and Portugal
4.  179 Dark Web vendors arrested, 500kg worth of drugs seized
5.  Domain, server of DoubleVPN used by ransomware gangs seized

Police Seize iSpoof domains as UK’s largest bank call scam is disrupted

By Deeba Ahmed
Researchers believe that the attack is ongoing, in which hackers are using malicious versions of SoftVPN, SecureVPN, and OpenVPN software.
This is a post from HackRead.com Read the original post: Bahamut Using Fake VPN Apps to Steal Android User Credentials

Bahamut is a notorious cyber-mercenary group that has been active since 2016 and is currently targeting Android devices with fake VPN apps and injecting malware to steal user credentials. The malware-laden apps were first discovered by Slovakian cybersecurity firm ESET’s Lukáš Štefanko.

**Beware of Bahamut**

ESET researchers discovered a new attack spree from the infamous cybercrime group Bahamut. The group launched malware attacks through fake Android VPN applications. Research revealed that hackers use malicious versions of SoftVPN, SecureVPN, and OpenVPN software.

In this highly targeted campaign, hackers aim to extract sensitive data from infected devices. The campaign was started on January 22. The fake VPN apps are distributed through a bogus SecureVPN website. In previous campaigns from Bahamut, the prime targets were located in the Middle East and South Asia.

**8 Variants of Spyware Apps Detected**

Researchers have identified 8 different variants of the infected apps. These contain trojanized versions of genuine VPN apps such as OpenVPN. Bahamut is offering these fake VPN apps as a service for hire.

Malicious website spreading SecureVPN and the permission it asks for upon installation (Image: ESET)

According to ESET’s blog post, attacks are launched via spear phishing messages and fake apps. Researchers believe that this campaign is still active.

Reportedly, the targets are carefully selected because the app requires the victim to enter an activation key to enable the features using a distribution vector. The activation key is designed to establish contact with the attacker-controlled server and prevents the malware from accidentally triggering after it is launched on a non-targeted device.

**How does the Attack Works?**

According to Štefanko, the fake app requests an activation key before the VPN and spyware feature is enabled. The key and URL are sent to the targeted users. After the app is activated, the hackers get remote control of the spyware and can infiltrate/harvest confidential user data.

Furthermore, hackers can spy on almost everything stored on the device, including call logs, SMS messages, device location, WhatsApp data and other encryption app data, Telegram and Signal data, etc. The victim remains unaware of the data harvesting.

“The data exfiltration is done via the keylogging functionality of the malware, which misuses accessibility services,” Štefanko said.

It is worth noting that the malicious software linked with the service and the malware-infected app wasn’t promoted on Google Play. Moreover, researchers are clueless about the initial distribution vector, but they believe it is through social media, SMS, or email.

1.  Edward Snowden urges users to stop using ExpressVPN
2.  Popular free Android VPN apps on Play Store contain malware
3.  38% of Android VPN Apps on Play Store Plagued with Malware
4.  Top 10 Android Educational Apps That Collect Most User Data
5.  Hackers Selling US Colleges VPN Credentials on Russian Forums

Bahamut Using Fake VPN Apps to Steal Android User Credentials

By Habiba Rashid
On Telegram, Killnet declared that “all medical institutions, government services, and online services” could soon be attacked.
This is a post from HackRead.com Read the original post: Pro-Russian Killnet group hits UK organizations with DDoS attacks

On November 22nd, in the early hours of the morning, Prince William’s website was reportedly attacked by a Russian hacking group Killnet. In a message posted on Telegram, Killnet stated the reason for the attack to be UK’s continued support for Ukraine.

Killnet said it had conducted the attack “due to the supply of high-precision missiles to Ukraine.”

Killnet on Telegram (Screenshot shared with Hackread.com by Check Point cyber security firm)

Although the website is now functioning, there are additional security checks on the connection by Cloudflare (the company that provides secure web connections) which were not present before. 

The attack appeared to be a distributed denial-of-service attack (DDoS attack) which causes a server to be overwhelmed by numerous bogus requests, usually from bot servers – something Killnet is well known for. However, this information has not been confirmed. 

Killnet also declared in a message on Telegram that “all medical institutions, Government services, and online services” could soon be attacked as well. In further posts, the group said it was targeting the websites of the London Stock Exchange, the British Army, and the Bankers’ Automated Clearing System (Bacs).

Currently, all three websites are functional however, the British Army website displayed undergoing “planned maintenance” message on Tuesday, November 22nd.

Killnet on Telegram claiming responsibility for series of DDoS attacks (Screenshot shared with Hackread.com by Check Point cyber security firm)

In a conversation with Hackread.com, Muhammad Yahya Patel, Security Evangelist at Check Point Software said “Killnet is a prolific political pro-Russian hacking group that moves targets every few weeks based on geopolitical developments. As a major player in the hacktivism space, they also suggest and define the targets for other pro-Russian groups. We have seen a 42% global increase in cyberattacks since the start of the Russia-Ukraine war, with a significant rise in state-sponsored groups. These DDoS attacks are the latest efforts from hacktivists to disrupt high-profile websites, including those of the Royal household, as part of their political agenda.”

DDoS attacks are unlikely to compromise data or systems because they simply flood the web server with too many requests so that it cannot respond in time. During the attack, the loss of connection is likely to be short-lived since web operators can identify numerous IP connections originating from the same block.

Therefore, threat actors employing this technique are unlikely to achieve any real damage because this technique is not very successful these days and most companies nowadays employ technologies to offset such attacks. 

This is not the first time Killnet has taken it upon itself to wage a cyber war due to the ongoing political situation between Ukraine and Russia. Previously, they tried to take down the Eurovision song contest. Due to not being invited, they tried to cause chaos in Italy (the host nation) but were thwarted and Ukraine went on to win the competition. 

The group also attempted to take down the online voting servers throughout the final but was unable to break through the “wide range of security measures” that Eurovision officials promised. Instead, they chose to attack several Italian institutions in the semi-final and final in Turin. 

1.  34 Russian Hacking Groups Stole 50 Million User Passwords
2.  New DDoS Malware ‘Chaos’ Hits Linux and Windows Devices
3.  RapperBot malware targets gaming servers with DDoS attacks
4.  Anti-Russian OldGremlin Ransomware Gang Launches Linux Malware
5.  DDoS App Meant to Hit Russia Infected Phones of Ukrainian Activists

I am a cyber security writer and one of my favourite games is Minecraft. I also really like obscure cat memes and during my free time, if I'm not found hanging around in Discord voice channels with my friends, I'm probably cycling and taking pictures of random cats on the street.

Pro-Russian Killnet group hits UK organizations with DDoS attacks

By Habiba Rashid
Boa was discontinued in 2005 but remained popular and is now becoming a crisis because of the complex nature of how it was built into the IoT device supply chain.
This is a post from HackRead.com Read the original post: Retired Software Exploited To Target Power Grids, Microsoft

A recent alarming report by Microsoft reveals the risks attached to common Internet of Things (IoT) devices using the discontinued Boa web server. Hackers are exploiting vulnerabilities in the software to target organizations in the energy sector.

On Tuesday, Microsoft researchers revealed in an analysis their discovery of a vulnerable open-source component in the Boa web server, used widely in a range of routers and security cameras as well as popular software development kits (SDKs).

Despite the software’s retirement in 2005, it remained popular and is now becoming a crisis because the complex nature of how it was built into the IoT device supply chain is making it difficult to mitigate the Boa flaws. 

Microsoft reports that attackers are continuing their attempts to exploit the flaws of the Boa web servers which include a high-severity information disclosure bug (CVE-2021-33558) and another arbitrary file access flaw (CVE-2017-9833). An unauthenticated attacker could exploit these vulnerabilities to obtain user credentials and leverage them for remote code execution.

“The known CVEs impacting such components can allow an attacker to collect information about network assets before initiating attacks and to gain access to a network undetected by obtaining valid credentials. In critical infrastructure networks, being able to collect information undetected prior to the attack allows the attackers to have a much greater impact once the attack is initiated, potentially disrupting operations that can cost millions of dollars and affect millions of people,” Microsoft said.

Microsoft’s initial discovery of the vulnerable component was made while it was investigating a suspended Indian electric grid intrusion. This followed a report in 2021 by the threat intelligence company Recorded Future detailing that a Chinese threat group was targeting operational assets within India’s power grid.

In April 2022, the firm published a new report describing attacks from another Chinese state-sponsored threat actor using IoT devices to gain a foothold on operational technology (OT) networks, used to monitor and control physical industrial systems. 

Needless to say, the damage caused by this vulnerable component could be immense since Microsoft has identified one million internet-exposed Boa server components globally over the span of one week.

Another major concern is the fact that due to often being included in popular SDKs, the presence of a Boa server in a product is unknown by many of the users. Realtek SDK is one example of a software development kit that is provided to companies that make routers, access points, and other gateway devices and includes the Boa web server. 

Microsoft warns about the supply chain risk posed by flaws in widely-used network components as it continues to witness attacks targeting Boa vulnerabilities. 

1.  Microsoft Warns of Evolving Toll Fraud Android Malware
2.  Microsoft warns of Hackers Using Malicious IIS Extensions
3.  Microsoft Office Most Exploited Software in Malware Attacks
4.  New Spam Attack Abusing OAuth Apps to Target MS Exchange
5.  Scammers Leveraging Microsoft Team GIFs in Phishing Attacks

I am a cyber security writer and one of my favourite games is Minecraft. I also really like obscure cat memes and during my free time, if I'm not found hanging around in Discord voice channels with my friends, I'm probably cycling and taking pictures of random cats on the street.

Retired Software Exploited To Target Power Grids, Microsoft

By Deeba Ahmed
Russian hacking groups primarily using Telegram are on a password stealing spree and so far have targeted users on Amazon, Steam, and Roblox.
This is a post from HackRead.com Read the original post: 34 Russian Hacking Groups Stole 50 Million User Passwords

Group-IB security researchers have warned about an ongoing password-stealing spree initiated by Russian-speaking hacking groups. According to the Singapore-based cybersecurity giant, thirty-four groups were detected using off-the-shelf info stealers to target unsuspecting users. Here are more details of their findings.

**Russian Hackers Stealing Passwords**

Cybersecurity firm Group-IB states that the 34 Russian hacking groups are distributing information-stealing malware and offering them in stealer-as-a-service. The hackers mainly offer Redline and Racoon info stealers to steal passwords from Roblox and Steam gaming accounts.

The hackers also target users to steal PayPal and Amazon credentials, users’ payment records, and crypto wallet information. The attackers found their victims through Russian Telegram groups.

**How does the Attack Works?**

In their report shared with Hackread.com, Group-IB revealed that scammers use websites impersonating reputed companies, and victims are tricked into downloading malicious files. This is achieved by embedding links to download malware into popular games’ video reviews on YouTube, lucky draws and lotteries on social media platforms, and mining software of NFT files on various forums.

Once the info stealer invades the device, it collects data from browsers and transmits it to the attacker. The stolen data can include gaming account credentials, social media, email services, crypto-wallet info, and bank card details.

**How Many Devices Have Been Infected?**

Reportedly, within the first seven months of 2022, these groups managed to infect more than 890,000 user devices and stole over 50 million passwords. Researchers reviewed 34 Telegram groups the hackers used to launch their attacks and learned that targets are pretty extensive as they have targeted users across 111 countries. But their prime targets were countries including the following:

*   USA
*   India
*   Brazil
*   Germany
*   Indonesia

Each group has around 200 active members. So far, the stolen data comprises 16% of PayPal and 13% of Amazon passwords, which makes these the most targeted platforms in this campaign. Apart from these, hackers have targeted EpicGames, Steam, and Roblox.

Most of the groups are well-organized. Primarily they are involved in automated scam-as-a-service attacks. Researchers noted that the perpetrators are low-level cybercriminals previously involved in phishing campaigns like Classicscam.

Of the 34 groups, 23 use Redline and 8 use Raccoon and three use custom-made malware. They usually rent the malware from the dark web for as low as $150 to $200 a month. As per Group-IB’s estimate, the stolen data could be worth around $6 million.

“The popularity of schemes involving stealers can be explained by the low entry barrier. Beginners do not need to have advanced technical knowledge as the process is fully automated and the worker’s only task is to create a file with a stealer in the Telegram bot and drive traffic to it. For victims whose computers become infected with a stealer, however, the consequences can be disastrous” researchers concluded.

**What is Scam-as-a-service**

Scam-as-a-service is a type of online fraud that allows criminals to easily set up and manage their own scams. By using readily available tools and services, scammers can quickly launch phishing, social engineering, and other types of attacks without having to invest in the development of their own malicious software or infrastructure.

The rise of scam-as-a-service has made it easier than ever for criminals to defraud individuals and businesses. While traditional scams require a significant investment of time and money to set up, scam-as-a-service providers make it possible for even amateur criminals to launch sophisticated attacks.

Scam-as-a-service is particularly concerning because it enables criminals toconduct their activities with relative anonymity and without having to establish a physical presence.

1.  Fake Tor Browser Installer Spreading Malware Via YouTube
2.  2K Games Help Desk Platform Hacked to Spread Info-stealer
3.  QBot Malware Exploiting Windows Calculator to hack Devices
4.  Hackers Selling US Colleges VPN Credentials on Russian Forums
5.  Ukraine Thwart Russian Industroyer 2 Malware on Energy Provider

34 Russian Hacking Groups Stole 50 Million User Passwords

By Waqas
The data was collected by Tridas eWriter operated by now-defunct Tempa, Florida-based The Tridas Group LLC.
This is a post from HackRead.com Read the original post: Medical Software Firm exposes vulnerable children’s sensitive data

Security researcher Jeremiah Fowler in collaboration with Website Planet’s team of researchers discovered an unprotected database containing more than 16,000 records. What’s worse, the misconfigured database contained sensitive personally identifiable information (PII) of thousands of children.

Fowler noted that the misconfigured database contained highly sensitive PII, including the names of parents and children, dates of birth, patient ID numbers, physical address, special needs, school attended, medical diagnoses, and social/behavioral problems’ history.

**What Information was Included in the Database?**

Researchers reviewed a sample of 1,000 records to determine who owned the data and informed them about the exposed database. As per their findings, each record they reviewed had some form of PII related to children.

The records were unique as per the Patient ID number, and the data appears to be fairly recent. In the database, children’s records were categorized with tags, including the following:

1.  Attention Difficulties
2.  Behavior Difficulties
3.  Autism Symptoms
4.  Emotional Issues
5.  Social Inter Concerns
6.  Learning Problems
7.  Development Delay

However, according to Website Planet’s report, a surprising aspect of the discovery what that the records included a summary/questionnaire explaining the condition of their child. This was a detailed overview as parents explained their child’s challenges and situations that validated that their child needed medical assistance.

Exposed information (Website Planet)

Such information should only be accessible to medical experts, but it was publicly accessible through a misconfigured IP indicating the host domain, login portal, and data location.

**Who Owns the Database?**

Further probe revealed that the data was linked to an online interview system called Tridas eWriter. The Tridas Group LLC based in Tempa, Florida operated this system. This company offers software for schools and parents for diagnostic management of children with Autism, ADHD, learning challenges, and similar disorders.

“Tridas eWriter provides secure, HIPAA compliant online questionnaires and it generates a detailed report that organizes the data in an easy-to-read format to facilitate the diagnosis and management of these complex challenges,” the company’s website read.

Researchers believe that the records were collected from Tridas eWriter questionnaires, filled out by parents before booking the initial evaluation appointment of their children. As per the Tridas Center website, it was closed on 31 December 2019.

However, researchers at Website Planet notified the Tridas Group LLC about the exposed database, and access to it was restricted immediately.

**Potential Risks**

Exposure to such sensitive health records entails a range of risks and can put the safety of children and their families in danger. The exposed data can be used for medical extortion or in phishing, social engineering scams, and even ransomware attacks that could have led to data encryption.

Threat actors may insert malicious code or detect vulnerabilities to launch future cyberattacks. Medical records are the most sensitive and crucial part of the exposed information as it belongs to children’s health, and scammers may exploit them for a long time.

1.  Op protected childhood: 113 online child predators arrested
2.  Storybooks for children app FarFaria exposed data of 3M users
3.  Leaky Server Exposing Scraped Data of 150,000 Mastodon Users
4.  Neopets Suffers Second Data Breach as 69 Million Accounts are Stolen
5.  Japanese Healthcare Firm ‘Doctors Me’ Exposed Images of 12,000 Patients

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Source

HackRead