Connect with us

Cyber Security

A New Version of the ComRAT Malware

Avatar

Published

on

ComRAT Malware

An modified version of the ComRAT malware that was used in recent attacks by Russia-linked cyber-espionage threat actor Turla will connect to Gmail to receive commands, ESET reports.

Also known as Snake, Venomous Bear, KRYPTON, and Waterbug, it is suspected the hacking community has been involved since at least 2006, based on the use of ComRAT, also known as Agent. BTZ and Chinch.

One of the group ‘s oldest malware families, ComRAT was used in 2008 to attack the US military and saw two major versions released until 2012, both of which were derived from the same code base. The hackers had made few modifications to the malware by 2017.

ComRAT v4, the version published in 2017, is much more complex than its predecessors, and is reported to have been in use even in this year’s attacks, according to ESET’s security researchers. ComRAT v4’s first report appears to have been collected in April 2017, while the latest is dated November 2019.

To date, Turla has used the malware to threaten at least three victims (two foreign ministries and a national parliament) to exfiltrate sensitive public cloud services such as OneDrive and 4shared.

Crafted in C++, ComRAT v4 is deployed using existing access methods, such as the backdoor PowerStallion PowerShell, and has two command and control (C&C) channels, namely HTTP (the same protocol used in the previous variant) and email (could receive commands and exfiltrate data via Gmail).

Based on the cookies stored in the configuration file, the malware will connect to the Gmail web interface to check an inbox and download attachments containing encrypted commands sent from another address by the attackers.

The new malware variant is internally called Chinch (same as previous versions), shares part of its network infrastructure with Mosquito, and Turla malware, such as a modified PowerShell loader, PowerStallion backdoor and RPC backdoor, has been observed to be dropped or dropped.

ComRAT v4, which is specifically designed to exfiltrate sensitive data, also helps attackers to deploy additional malware to compromised environments. Operators can also run commands to gather information from the compromised systems, such as groups or users of Active Directory, network details, and configurations of Microsoft Windows.

Components of the malware include an orchestrate inserted into explorer.exe that controls most of the functions, a communication module (DLL) injected into the orchestra’s default browser, and a Virtual FAT16 File System that includes configuration and logs.

The security researchers have noted a emphasis on evasion, with the hackers routinely exfiltrating log files related to security to determine whether or not their methods have been identified.

“The most interesting feature is that the Gmail web UI is used to receive commands and exfiltrate data. And it can bypass any security controls because it is not dependent on any malicious domain. We also found that this new version abandoned the use for persistence of a COM object hijacking, the method that gave the malware its common name, “the researchers note.

With ComRAT v4 still in use earlier this year, it’s clear that Turla remains an significant threat to diplomats and military personnel, ESET concludes.

Source: https://cybersguards.com/a-new-version-of-the-comrat-malware/

Cyber Security

What CDN is a Site Using?

Avatar

Published

on

CDN is a Site img-dd45

Table of Contents

How Can You Tell If A Website Is Using a CDN?

They say that curiosity killed the cat. But curiosity can lead to great things when you’re an entrepreneur. Content Delivery Networks (CDNs) have gone a long way in the digital world. Thousands of websites enjoy efficient content delivery and speed due to the power of CDNs. Now, if you’re a competitive business leader, the good question you might ask yourself is: what kind of CDN does the site use? Or better yet, which CDN providers are my strongest competitor partners?

There are two ways to find out what a website is using for CDN? So, choose the right one, and you can efficiently recognize which CDN is used on the website? They ‘re checking with the internet tools and checking them manually.

2 Ways to Find Which CDN is Used in a Website

Check with internet

Perhaps the oldest trick in the book is to check online. There is a broad array of websites to check which CDN other websites use. These sites often only ask for the domain name of the site you are looking for, and you are presented to their CDN provider after just one click.

CDNPlanet’s Finder tool is an excellent example of this. If you use the multi-CDN strategy on the website you wish to visit, my CDN services are a better option for you. This helps you to determine the CDN of a country or region. Multi-CDN tactics work best for those who do not know, as some CDN providers work better than others in specific parts of the world.

Check Manually

If, for whatever reason, you can’t find what you’re looking for with the first option, do it manually. It will take a little more time, but you should be able to locate a CDN site if you do it correctly.

The first thing that you have to search for a site CDN manually is to find out the IP address of the domain you want. To get that, you can use DNS Watch or DNS record search.

The second thing you need is to find out who the IP owner is. You should be able to do this with the internet using either of these tools: IP search or UltraTools. This will lead you to the CDN provider you ‘re looking for.

What Is a CDN, and How Does a CDN work?

If the first thing you tried to find out was the CDN used by your close competitors, but you are not sure, it might be time to consider investing in it. CDNs are a bunch of servers scattered around the globe. Its technology is used to relay the content of your website to your foreign audience. This reduces your users’ physical distance by trying to access your site.

CDNs have also been shown to deliver a ton of benefits, two of which are speed and better ROI. If your website loads faster, your visitors will probably stay longer. It also helps to provide them with a better digital experience. Other studies have also shown how CDNs improved their ROI dramatically for those who offer goods and services on their websites in particular.

Think about it: the clearer and faster your images are loaded, the more likely your customers are to click on different product variants. Amazon is a terrific example of a site that thrives with CDN.

How to Speed Up Website with a CDN?

Like so many things in the digital world, not every tool is meant for every business. CDN could be one of them. CDN is suitable for low to high traffic locations. It is also useful for websites that are actively followed by foreigners. It doesn’t matter if their visitors are a thousand miles away from your hometown or just from a neighboring country. CDNs reduce latency making it perfect for your growing site.

What Industry Does CDN Benefit the Most?

  1. Media
  2. E-Commerce

1.Media

CDNs should be listed on websites that publish blog posts and articles almost every hour. For example, take BuzzFeed. As their main goal is to provide content fresh, and as it happens, they are obliged to provide content to their readers quickly. You can also be sure that your audience is global. If a Californian-based organ host hosts their site, you can already be sure that their visitors from India will not experience the same smooth flow of Las Vegas visitors. This is why CDNs are useful for media sites.

2.E-commerce

As mentioned several times in the article, it can be a different challenge to sell things online because your customers do not see what they have to offer. In this case, photos of your products and services should be vivid to illustrate what they buy successfully and accurately. Sites like Wish, Amazon, and eBay are all aware of the importance of CDNs to their market.

Source: https://cybersguards.com/what-cdn-is-a-site-using/

Continue Reading

Cyber Security

Don’t Fall Victim to Hacker Attacks While Playing at Online Casinos: 5 Useful Tips

Avatar

Published

on

Casino Games

Online casinos are convenient, mobile-friendly, and a great way to pass the time any time of day. With more online casinos popping up on the web every year, it’s often challenging to determine which ones are legit and secure.

Want to protect yourself from hackers while playing at your favorite online casino? These tips can help you keep your information safe and private.

Table of Contents

Avoid Sharing Too Much Information

Similar to keeping yourself safe from hackers while gaming online, it’s always a good idea to limit how much data you share at an online casino. While it’s not uncommon for online casinos to request bank information, you may want to explore other private or more secure money options like cryptocurrency.

Use your common sense. If an online casino asks for information that you don’t feel comfortable giving, explore your other options. It’s always best to trust your gut and increase your vulnerability to hackers.

Create Hard To Crack Passwords

Hackers might not spend a lot of time trying to guess your password, but if your password, PIN, or username is weak, it won’t take them long to grab access to your online casino account.

When creating an account at an online casino, take your time to create a strong password. Think strong passwords are only necessary for bank accounts or your social media account? Privacy is privacy. A predictable password can make you more vulnerable at online casinos.

Secure and Protect Your Device

Whether you play on your smartphone, tablet, laptop, PC, or hop between a few different devices, it’s essential that each one is protected with antivirus software, and you avoid playing when there is no secure wifi connection available.

If you’re playing on a mobile device, always try to stay up to date with software upgrades. Even though it’s tempting to play while you’re on the go, don’t play if your connection isn’t stable or if you’re picking up signals from unknown sources. If you travel a lot and want to play at an online casino, a VPN is a good option to consider.

Learn How To Spot a Potentially Unsafe Online Casino

Sketchy and untrustworthy sites are a little more difficult to spot than they were decades ago. While there’s no guarantee that you won’t stumble across a casino that will compromise your information, there are red flags to watch for:

  • No license is visible on the site
  • No terms and conditions available
  • Not many games to choose from or low-quality games
  • You receive “spammy” emails after visiting the casino
  • No evidence of security features like SSL encryption
  • The casino experiences glitches every time you play
  • No customer service available

Do Your Research

Doing a little research before you play at an online casino will not only help you pick the best casino to meet your playing needs, but can help you stay protected from hackers. Start by reading reviews about top-rated casinos, and don’t hesitate to see how peers and forums rate certain online casinos.

This Slots.LV Casino review is an excellent example of the type of review to look for. Not only does it give you an informative and unbiased look at a top-rated casino, but you’ll learn about all the important features from payment options to security features.

Another great option to consider is testing out the casino before you are forced to create an account. Most top-rated casinos will offer free demos of certain games, which offers you the perfect opportunity to get a little taste of the game before you sign up.

Source: https://cybersguards.com/dont-fall-victim-to-hacker-attacks-while-playing-at-online-5-useful-tips/

Continue Reading

Cyber Security

Europe Police catch COVID 19 ransomware spreading gang

Avatar

Published

on

A cybercrime unit formed by a police agency operating in Europe, succeeded in catching cyber criminals on a recent note and sources say that they were trying to spread ransomware to hospitals in the name of COVID 19 testing. 

According to a statement issued by Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT), the 4 man hacker’s group dubbed as “Pentaguard” became highly active from March 2020. And the group came on to the surveillance radar of Romania Cyber Crime unit that was formed last year to curb cybercrime.

Recently, the Bucharest Cybercrime Unit succeeded in nabbing the PentaGuard group members who possessed remote access Trojans, source code of file-encrypting malware, and SQL Injection Tools to launch cyberattacks on public and private sectors. They aimed to steal data, deface websites, and encrypt key systems in exchange for a ransom.

“They were in a plan to launch ransomware attacks on healthcare organizations researching COVID 19 medicine operating in Romania. Furthermore, the group of criminals also amassed all tools to launch email phishing attacks on government facilities that were storing and managing Corona Virus related data,” says a DIICOT update.

All three of the gang members were caught in three different houses located in Romania and one from Moldova. 

In the past two months, cyber crooks have been constantly monitoring the internet on companies and universities working in bringing down the Corona Virus related to medicine/vaccine as soon as possible. And many cyber gangs like Maze Ransomware group are seen consistently targeting the research institutions via digital attacks. Their motive is to either demand huge amounts of a sum to free up the database from ransomware or sell the stolen data for a handsome amount on the dark web.

Note 1 – In May’20, Interpol issued a purple notice to all its 194 country members that there is a major cyber threat is lurking on hospitals and front-line organizations dealing with Novel COVID 19.

Note 2– Reiterating the same, Microsoft issued a public statement in June’20 that hackers would employee techniques such as exploiting VPN or remote access vulnerabilities to gain access to private or public IT Infrastructure.

Source: https://www.cybersecurity-insiders.com/europe-police-catch-covid-19-ransomware-spreading-gang/

Continue Reading
Blockchain13 mins ago

Altcoins Boosted by Bitcoin Dominance Falling to 10-Week Low

a-look-at-fairspin-crypto-casino.jpg
Blockchain20 mins ago

A look at Fairspin Crypto Casino

Blockchain22 mins ago

Litecoin in a Brief Surge, Setting up for a Potential Relief Rally

Covid1943 mins ago

Mylan gets license for remdesivir in India

AR/VR43 mins ago

Meet: Modest Tree

Gaming58 mins ago

Hyper Scape patch notes for July 6 nerfs weapons

Esports1 hour ago

BIG Clan tops HLTV’s CS:GO world rankings for the first time

Blockchain1 hour ago

Crypto Trading Volume Plummeted in June as Prices Stabilized

Blockchain1 hour ago

DeFi Exchange Uniswap Is Being Swarmed With Scam Tokens

Gaming1 hour ago

Evening Reading – July 6, 2020

IOT1 hour ago

Designing 3D Printed Enclosures for KiCad PCBs

Blockchain1 hour ago

Ripple Recovers from Downtrend and Rebounds, Uptrend Likely After Holding Bottom

Blockchain1 hour ago

Bitcoin Falls Alongside US Futures as Economic Recovery Flatlines

Payments1 hour ago

Starling Bank launches two new paid business accounts

Ecommerce1 hour ago

New DoD Security Regulations Have Ramifications for IT Contractors

Covid191 hour ago

DIG and DC South pay rich tribute to healthcare professionals

AI1 hour ago

Corona Kavach: Implications & Opportunities for Insurers in India

Payments2 hours ago

China: Chainlink-adoptee national blockchain project goes live; 135 public nodes running

Payments2 hours ago

SoftBank splashes $130m in Indian insurtech PolicyBazaar

Esports2 hours ago

EuroPlay Games Contest to be aired on Twitch during Gamescom

Blockchain2 hours ago

Kyber Network Launches Katalyst, Investors Prepare to Take Profits

CovId192 hours ago

India global third for COVID-19 cases

venezuela-raises-petrol-prices-mandates-support-for-petro-at-gas-stations-3.jpg
Blockchain2 hours ago

This “Hidden” Signal Could Ignite a Bitcoin Breakout to $10.5k: Analyst

Payments2 hours ago

National Bank of Pakistan modernises pool management

Blockchain2 hours ago

Sphereon Is Integrating Its Product Suite With LTO Network, Adding Thousands of Transactions

Payments2 hours ago

Stablecoin News for the week ending Tuesday 7th July

Blockchain2 hours ago

Crypto Fund Gives Ethereum Tokens Instead of Shares to Investors, And It’s Approved by the U.S. SEC

Esports2 hours ago

LCS to host League of Legends showmatch with “iconic” TSM and Cloud9 teams

Blockchain2 hours ago

Ethereum Price Analysis: ETH Signaling Strong Rally Above $245

Blockchain2 hours ago

Dogecoin Gains 20% Amidst TikTok Pumping Challenge

AR/VR2 hours ago

HP Reverb G2 Pre-Orders Start Listing In Europe, UK & New Zealand

Blockchain3 hours ago

Bitcoin Hash Rate Hits Record Average High Defying BTC Price Bears

CovId193 hours ago

A COVID-19 vaccine. When?

Payments3 hours ago

Aldi Nord switches card acquiring to Fiserv in five days

Blockchain3 hours ago

Neo Founder Says Next-Gen Internet Will Break Up Tech Giants’ Data Silos

venezuela-raises-petrol-prices-mandates-support-for-petro-at-gas-stations-3.jpg
Publications3 hours ago

Expect a rebound in Samsung Electronic’s share price in the second half: Analyst

venezuela-raises-petrol-prices-mandates-support-for-petro-at-gas-stations-3.jpg
Publications3 hours ago

‘Safe-haven shine’ must come off of gold if markets recover, strategist says

Esports3 hours ago

League of Legends band True Damage teases a “worldwide release” this week

Blockchain3 hours ago

ETF Approval Times Are Now Shorter Because Of New SEC Vote

Gaming3 hours ago

‘Sky: Children of the Light’ 0.10.0 Adds Support for the Upcoming Season of Sanctuary, One Year Celebration Events, and More

Trending