TechPression

Category: Worms

  • 5 internet virus prevention tips for 2023

    5 internet virus prevention tips for 2023

    AV-Test Institute, an impartial IT security company, estimates that there will be over 1.2 billion malware pieces online in 2023. The organization discovers 450,000 new viruses and possibly dangerous apps daily. Scammers and hackers use such apps to steal funds and personal information or use your online identity. These virus prevention tips can prevent you from being a victim

    By studying this OctaFX guide’s information about malware and how to avoid it, you can safeguard yourself.

    Read also: Cybercrime Ravages Cryptocurrencies

    Types of malware 

    There are more than a billion different varieties of malware on the internet, but there are a few that everyone should be aware of. These consist of:

    Ransomware

    The access to your computer or the data saved on it is blocked by this kind of virus until a ransom is paid. In most cases, the data is encrypted, so any attempts to get around the blockage could result in the complete loss of the data. However, there is no assurance that once the ransom is paid, the hackers will unlock the data or that you will get the right decryption key.

    Spyware

    Without the consumers’ knowledge or consent, this spyware gathers user data. Keystroke logging is a common method used by spyware programs to attempt to obtain login credentials and payment information.

    Adware

    This program resembles spyware in certain ways. It collects data on your web activity, interests, friends, and the places you live or travels to, but it has no intention of stealing your credentials. It then sells this “profile” to advertisers. Adware occasionally downloads or shows you ads without your knowledge.

    Trojan

    Trojans are often disguised as pirated games, apps, programs, and services. A Trojan takes over the system and damages or steals data.

    Worm

    This harmful application will exploit program and operating system vulnerabilities to infiltrate networks. It will steal critical data, execute DDoS and ransomware operations, and duplicate itself on other network systems.

    Virus

    Viruses can steal personal data and conduct cyberattacks like worms. A virus cannot operate or infect other computers on the network unless the host program is running.

    Malware/virus prevention tips for 2023

    You shouldn’t install any of the above malicious apps. Besides stealing your data and hurting your device, malware may infect other machines on the network. If it’s the work network, it might cause a massive data leak, harming your organization and clients. OctaFX offers five online security guidelines to avoid malware:

    Implement antiviral software

    Your computer’s chance of downloading and operating malware will be significantly decreased by installing antivirus software. Check everything you download from untrusted sources, including USB drives, for viruses.

    Use only legal apps and software

    These free files could include unwelcome extras like viruses and Trojans that can seriously damage your computer and steal your personal information.

    Avoid suspicious emails

    Avoid downloading and opening files from unfamiliar email addresses. Even though the file names seem harmless, email attachments may contain viruses.

    Update your software as needed

    They typically have significant security updates that make it more difficult for malware to take advantage of their flaws.

    Make a data backup


    This makes it possible to recover your data even if a malicious program blocks your computer and encrypts it.

    Every day, cybercriminals create thousands of new malware programs. While the aforementioned recommendations may not provide perfect protection against malware, they will considerably minimize your chances of becoming infected in the first place.

     

  • Kaspersky Launches Online Course for Cyberattack Défense

    Kaspersky Launches Online Course for Cyberattack Défense

    Kaspersky, a Russian multinational cybersecurity and anti-virus provider has announced the launch of a new Windows Incident Response training course.

    The purpose of this was to provide in-house cybersecurity teams and information security professionals with the opportunity to expand their analytic skills in the incident response domain, particularly while they are in the midst of a ransomware attack.

    It is known that cyber-attack is becoming ravenous these days and every company is navigating their way to improve their network security, but the question to ask is how do companies respond to cyber threats?

    Some may say the answer lies within the capacity of the IT admins of the firm, but report has it that only a few can handle ransomware attacks.

     

    Are Companies Prepared for a Ransomware Attack

    According to a recent Kaspersky worldwide survey conducted for senior non-IT management and company owners, 73 percent of companies cannot handle a ransomware attack on their own or with the support of traditional IT service providers.

    “The recent global study by Kaspersky titled “How do business executives perceive ransomware threat?”[1] confirms that most firms (73%) will have to seek the help of external incident response providers’ in the event of a ransomware attack. This is despite the fact that 66% of respondents consider there to be a high possibility of these attacks on their organization.”

     

    Read AlsoInstabug Has Raised $46M To Fix Beyond App’s Bugs

     

    Additionally, firms that have never had a ransomware assault are more prone to overestimate the abilities of their usual security suppliers and in-house IT staff. According to research, businesses that have previously faced similar risks use their current resources less often.

     

    Kaspersky LeadingThe Way Forward

    Kaspersky is willing to lend a helping hand to companies looking to improve the expertise of their in-house digital forensics and incident response teams. In addition, Kaspersky has expanded its online expert training portfolio to accommodate IT security practitioners who are looking to upgrade relevant skills. The Windows Incident Response course was designed by professionals with more than 12 years of expertise in the industry who are part of the company’s Global Emergency Response Team (GERT).

     

    What The Course Entails

    Students will be led through the process of incident detection by Ayman Shaaban, Digital Forensics and Incident Response Manager, and Kai Schuricht, Senior Incident Response Specialist, using the example of a real-life REvil ransomware case. The course places a heavy emphasis on the development of practical skills.

    Kai Schuricht, Senior Incident Response Specialist at Kaspersky affirmed that “Incident Response capabilities require specialized skills to verify and handle threats in a timely manner, as well as to minimize the damage from an incident. Since no one is immune to a cyberattack, and it becomes increasingly more difficult to prevent a security perimeter penetration, remediation and the knowledge and experience of how to respond are more in demand than ever before.”

     

    Read Also : African Startups Can Now Apply for Google’s Black Founders Fund

     

    Furthermore, By the conclusion of the course, IT security professionals will be able to detect and react to a cyber incident, distinguish APTs from other threats, and explore attack tactics and focused assault anatomy via the Cyber Kill Chain. Participants will learn evidence collecting, incident identification, log file analysis, network analysis, IoC creation, and memory forensics.

    “Responding to complex incidents and uncovering attack steps is a huge challenge for InfoSec experts. Within this new course, we’ve concentrated GERT knowledge gained from handling security incidents for Kaspersky customers around the globe. Our aim was not only to provide extensive theory around the subject but to also provide real applied skills through end-to-end ransomware case investigation.” comments Ayman Shaaban, Digital Forensic and Incident Response Manager at Kaspersky.

     

    More Details Of The Course

    Participants will have access to the platform for a period of six months in order to complete the training with self-guided training, which includes a total of 40 video lessons and 100 hours of virtual lab time for hands-on learning. This is being done in order to make the learning more suitable and adaptable for everyone. The length of the course is expected to be 15 hours.

    More information about the Windows Incident Response course is available HERE

  • Dis-Chem Loses 3.7 million Customer Records in Data Breach

    Dis-Chem Loses 3.7 million Customer Records in Data Breach

    Dis-Chem, the South African second-largest retail pharmacy network has found itself in a data breach dilemma in which millions of its customers’ records were compromised.

    “We have since taken the necessary measures in conjunction with our operator to determine the scope of the compromise and to restore the integrity of our operator’s information system.” Dis-Chem

    According to a report released by dis-chem the data “incident” happened through one of their “third-party service providers and operators” (“the unauthorized party”) on or about 28 April 2022 (“the incident”) although the firm is yet to disclose the suspected party. 

    They affirmed to their customers that the affected database contained no sensitive data such as medical, financial, or banking information and that it “immediately took necessary action” and ” all possible steps to isolate the threat.”

    About Dis-Chem Data Breach

    In accordance with Section 22 of the Personal Data Protection Act, Dis-Chem published a notification on their website about the occurrence.

    The Unauthorized access to personal information occurred on or around April 28, 2022, the group reported. In collaboration with their operator, we’ve since taken steps to assess the damage and restore our operator’s information system’s integrity.

    “It was brought to our attention on 1 May 2022, that an unauthorised party had managed to gain access to the contents of the database,” Dis-Chem said in a statement

     

    Read Also : Google to Remove 900,000 Abandoned Apps from Play Store

     

    “Upon being made aware of the incident, we immediately commenced an investigation into the matter and to ensure that the appropriate steps were taken to prevent any further incidents,” it added.

    The investigation indicated that a total of 3 687 881 data subjects were affected by the incident and that the following individuals’ personal information was accessed:

    • first names and last names
    • Email address
    • mobile numbers

    “Based on the categories of personal information impacted, there is a possibility that any impacted personal information may be used by the unauthorised party to commit further criminal activities, such as phishing attacks, emails compromises, social engineering and/or impersonation attempts.”

    “For example, it may be cross-referenced with information compromised in other third-party cyber incidents, for the further perpetuation of crime against data subjects.”

    What Are The Consequences Of The Incident?

    Since the data accessed doesn’t hold sensitive information, criminals won’t be able to do too much with the compromised data, say experts.

    According to the Chief Executive Officer of the Southern African Fraud Prevention Service (SAFPS), Manie van Schalkwyk said in a statement that criminals could try to use the information as a stepping stone to acquire more sensitive consumer data.

    “If you look at those data elements, in themselves itself they really can’t do much. The modus operandi is that they will contact the consumers, either by e-mail or phone, and it will look like they are coming from the bank,” said Van Schalkwyk.

    “And then they will, for instance, say to the consumer, ‘we are phoning from the bank and there is a big debit order on your account that needs to go off, should we stop it for you?’ Of course, they will say yes.

     

    Read Also : Cybersecurity Experts Discover Fake Windows 11 Upgrades

     

    Moreover, “And then they will try to provide the consumer with information to make them feel at ease that these people are phoning from the bank. And that is when they use the information that they have stolen — they provide information to you so you feel more comfortable.

    “Then they will ask questions to say, ‘just verify your bank account details and they use tricks like, ‘my system just went down, please give me your PIN, I know I shouldn’t ask but the moment my system comes back I will then help you to stop the debit order’.”

    Observations

    While Investigations into the incident are still ongoing, the third-party operator has deployed additional safeguards — including enhanced access management protocols — to secure the information on the database.

    They have not been made aware of any actual misuse or dissemination of personal information that may have resulted from the acquisition of personal information.

    “We are however continuing, with the assistance of external specialists, to undertake web monitoring (including the dark web) for any publication of personal information relating to the incident.”

    How Can Customers Be Protected From Further Harm?

    So that more damage doesn’t happen, they suggest that people whose data was stolen stay alert and know the following security best practices:

    • Do not click on any suspicious links.
    • Refrain from disclosing any passwords or PINs via email, text or even social media platforms.
    • Change your passwords often and ensure there is complexity in the configuration (i.e. with the use of special characters).
    • Ensure regular anti-virus and malware scans are performed on any electronic devices and check software is up to date.
    • Only provide personal information when there is a legitimate reason to do so.
  • Cybersecurity Experts Discover Fake Windows 11 Upgrades

    Cybersecurity Experts Discover Fake Windows 11 Upgrades

    Microsoft continues to release updates in which it unveils a series of new features for Windows 11.

    Sequel to this upgrade, users will have to keep updating their system to keep to date with the recent features. In lieu of this, hackers are now attempting to deceive users by delivering fake Windows 11 upgrades that contain malware.

    Cybersecurity specialists have discovered a new hacking campaign that uses the pretense of a genuine Windows 11 update to install information-stealing malware named “Inno Stealer” leading unsuspecting window’s OS users to install the fake Windows 11

     

    Fake Windows 11 Upgrades: How The Malware Works

    The chance of landing on this infected website is high if you search for Windows 11 upgrade or anything similar on the internet.

    Once on the fake Windows 11 upgrade page, the user will click the “Download Now” option. This will not download the official Windows 11 update; instead, it will install malware software that will steal the user’s personal information.

     

    Read Also: Cybercrime Typology in Nigeria: A Sign of Industrialisation Part 1

     

    The malware is capable of collecting web browser cookies and other saved credentials, including data from cryptocurrency wallets, as well as information on the victim’s computer’s files and registry.

    According to Bleeping Computer, the fake Microsoft website is infected with the Inno Stealer virus. In order to create temporary files on the infected device, the malicious software takes advantage of a part of the Windows installation.

    Four more files are created and stored on the system as a result of this operation. Scripts in some of these files are specifically intended to deactivate Windows registry security mechanisms, for example.

    As a result, they may also alter Windows Defender’s default anti-virus software and remove ESET and Emisoft’s security solutions.

     

    About The Fake Windows 11 Upgrade Malware Inno Stealer

    CloudSEK’s cybersecurity experts have detected the malicious software. Inno Stealer is the term given to malware that infects computers by using the Inno Setup Windows installer to establish itself on a computer.

    Since its discovery, security experts have expressed concern about the virus, pointing out that it targets a large number of browsers and cryptocurrency wallets, among other things. Chrome, Edge, Brave, Opera, Vivaldi, 360 Browser, and Comodo are among the browsers that are susceptible to the Inno Stealer malware. Cookies and passwords saved in these web browsers may be stolen by the virus and sent back to the hacker who installed it on the computer.

     

    Read Also : Technology in Nigeria’s Piracy Fights: What Somalia Can Learn

     

    Due to the fact that the virus enables hackers to download new payloads into a system, there is an increased chance of infection. According to the study, this activity is only carried out at night, when the victim is unlikely to be in front of the computer screen. The new payloads, which take the form of TXT files, are therefore capable of suppressing the security protocols on a system to a greater extent. Inno Stealer is then able to steal information from the clipboard and exfiltrate directory enumeration data from the target computer.

     

    How Do I Keep Myself Safe From Fake Window Update?

    In the midst of your displeasure that your computer doesn’t support Windows 11, remember to only download ISO files from sites or sources that you are 100% certain about. Scammers are growing better at making fake websites look legitimate, so you should pay attention to things like the web address to see whether it’s a scam.
    The built-in Windows Update tool will also notify you whether your device fulfills the Windows 11 compatibility criteria. Installing a legitimate Windows 11 update in this manner is the safest option.

  • The Bet9ja website has been restored after Attack

    The Bet9ja website has been restored after Attack

    Earlier we reported the Bet9Ja website shutdown now a new report suggests that the website has been restored, the mobile phone has been retrieved from Russian hackers, and the CEO has delivered a statement to bettors.

    The good news is that the Bet9ja website, which the Russian Blackcat hacking gang had hijacked, has been restored. Ayo Ojuroye, CEO of Bet9ja, said this in an official statement by Ayo Ojuroye, the CEO and Co-Founder of Bet9ja. “I want to tell you that your data is safe, and your cash is intact,” said Ayo Ojuroye, CEO of Bet9ja. Even with these attacks, the security of your data is not jeopardized.


    Is the Bet9ja website back up and running?


    Yes, the Bet9ja website is back online. Our fact-check reporter at Techpression confirmed that the Bet9ja website is back up and running. Message from Bet9ja’s CEO, headlined “WE HAVE CONTROL, OF ALL ACCOUNTS, DATA, AND FUNDS ARE SECURE”: The last few days have been difficult for us. We were subjected to an unprovoked and unjustifiable sophisticated criminal cyber-attack on our platform on Wednesday, April 6, 2022.

    Many of our clients and stakeholders have been inconvenienced by the inability to access their accounts or place bets on the bet9ja.com platform. I’d want to apologize on behalf of the management and every team member for this and emphasize how much we regret the situation.

     

    More on Bet9ja CEO Statement

    We can confirm that the Blackcat Group was responsible for the ransomware attack. You can learn more about cybercriminal organizations by searching the internet. We have taken actions to minimize and mitigate any risk to our network systems and operations due to the massive attack on our platform.

    We have brought in worldwide cyber security and forensic specialists to assist us in analyzing and improving our network security and strengthening our operations to make them more resilient and safe. As Nigeria’s top and one of most prominent sports betting firms, we want to tell you that we have taken these precautions because we understand how important it is to protect our consumers.

     

    Read Also Bet9ja Website Hacked By Russian Blackcat Hackers Gang


    I want to reassure you that your data and cash are secure. Even with these attacks, the security of your data is not jeopardized. We’re doing everything we can to get back up and running in stages. Since then, the team has been working tirelessly to achieve these goals. At this time, I’d want to express my heartfelt gratitude to our agents for sticking with us during this challenging period; they are indeed the best in class. For your support on social media, we are grateful to our stakeholders, the National and State Lotteries Boards, and, most importantly, our loyal customers for your help. We apologize once more for any inconvenience.

    As a company, we will always strive to serve you better and provide you with the highest levels of professional service. While the work continues, I have directed our marketing team to make compensation readily available, and for the first time, I have just approved a never-before-seen bonus package on the Bet9ja platform, which will go into effect as soon as the site is restored.

     

    Read Also : Russian Hackers Attacks And Target South American Energy Sector

     

    This is our way of saying thank you for your steadfast devotion, patience, and understanding during this trying time. Finally, as a truly Nigerian company and industry leader, we will not be intimidated, harassed, or pressured into surrender. We are extraordinary at Bet9ja, but we do not profess to have all the answers. Instead, as illustrated by our team of professional experts, agents, government stakeholders, and devoted consumers, we come together as a community of professionals to safeguard this industry we all love.


    Thank you for your patience, understanding, and loyalty at this challenging time. Please know that we are entirely in charge of the issue and that all accounts, data, and cash are safe and secure. Our best days are yet ahead of us. Thank you very much. Bet9ja CEO/Co-Founder AYO OJUROYE Bet9ja, The website, is currently operational, and bettors may access now using this link. Previous: Bet9ja Breaking NewsThe term “Bet9ja website hacked” is now trending in the betting world. According to a statement made by the renowned betting firm on Thursday, April 7, 2022, the Russian Blackcat Group hacked Nigerian betting company Bet9ja.

     

    What We Know About The Hacker’s Demand From Bet9ja 

    The hackers are purportedly seeking a ransom, according to a statement made by Bet9ja on Thursday, April 7, 2022, but they have never accepted their terms. Even though the Bet9ja website has been hacked, the company declared that their IT staff is working around the clock to restore the regular Bet9ja website and that clients’ funds are safe.

     

    The Russian Blackcat Group has requested that the Bet9ja company pay an unspecified amount of money. According to an official statement, the Russian Blackcat Group hacked the Bet9ja website. “It is crucial to keep you all updated on the true condition of things since it has been very tough in the previous 24 hours,” the statement says. We’ve seen messages in various groups claiming that we’re performing maintenance, which is not valid.


    We will not do so on a significant UCL day. The entire Bet9ja system has been attacked by the Russian Blackcat organization, known for multiple attacks on major corporations worldwide. This Russian gang has launched a massive hacker attack, but our workers have been working nonstop since yesterday to restore all services, which is not simple. “

     

    The company advised their valued clients to keep calm because everything was under control. Please do not be discouraged. We will undoubtedly restore things as soon as possible and offer an update on the progress. They are already demanding a ransom, but we will never accept their terms. I must inform you of this to be on the same page. They have struck us severely, but they can not kill us. “We will hold our ground and return stronger,” the message said.

  • Russian Hackers Attacks And Target South American Energy Sector

    Russian Hackers Attacks And Target South American Energy Sector

    Russian Hackers at the prowl. Two large hacking attacks aiming at disrupting energy businesses and key infrastructure allegedly targeted 135 nations, including South Africa, between 2012 and 2017, according to the United States.

    Daily Maverick reports that the goal was to conduct a sophisticated effort to target and breach networks of vital infrastructure and energy firms throughout the world.

    The South African energy utility, Eskom, was questioned if it had been attacked by Russia and answered that it, like many other organizations, has to deal with a variety of cyber-attacks. But Eskom could not say if they were directly targeted by Russians or not.

    The fact that cybercriminals are actively targeting a wide range of industries, including our own, is well-known to us.” When it comes to thwarting cyberattacks, Eskom relies on a team of information and cybersecurity experts and tools.

     

    Read Also : LMPS Launches First Moroccan Cyberdefense Product

     

    When it comes to the confrontation between Russia and Ukraine, South Africa has taken a neutral position. It was previously reported that South African President Cyril Ramaphosa had expressed his hope that negotiations between the two countries involved in the conflict would lead to peace, but he did not identify which side he was on.

    Kaspersky’s Antivirus Software

    It has lately been claimed that Kaspersky’s antivirus software has been used to break into organizations’ systems during the crisis between Russia and Ukraine.

    The US Federal Bureau of Investigation (FBI) stated that the Russian government would be able to disrupt and destroy their systems if they succeeded to get into the countries’ mentioned corporations.

    According to reports, the Russian Embassy in South Africa hasn’t stated anything in response to the claims made by the United States.

    What The Russian Hackers Intend To Achieve 

    According to reports, Russian hackers targeted a US government agency that handles nuclear power facilities and a petrochemical company in Saudi Arabia.

    In exchange for information leading to the arrest and conviction of three Russian nationals, the United States government has offered a reward of up to $10 million. They have been deemed a flight risk by the FBI.

     

    Read Also : Microsoft Unveils New Features For Windows 11

     

    After that, it went on to say that “this group includes oil and gas companies around the world, electric grid companies, atomic power plants (and) renewable energy businesses, engineering groups, and sophisticated technology firms.”

    There were no details provided in this indictment on which South African companies were targeted and whether or not they had been successfully hacked.

  • The website of Bet9ja has been hacked by the Russian Blackcat gang

    The website of Bet9ja has been hacked by the Russian Blackcat gang

    Bet9ja’s management has stated that their website was hacked by the Russian Blackcat gang. Bet9ja revealed this in a statement, identifying the attackers as the Russian Blackcat organisation, which is known for multiple attacks on large corporations throughout the world.

    The gaming site stated that the hacker gang had already sought a ransom, but it insists that it would not accept the hacker group’s terms.


    What they have to say About Bet9ja System Breach
     

    “The entire Bet9ja system has been under attack by the Russian Blackcat group, who are famous for multiple hacks on large companies throughout the world,” according to a portion of the statement. This Russian gang launched a massive hacker attack, but our workers have been working nonstop since yesterday to restore all services, which is not simple.

    Read Also : Hackers Send Fake, Data Breaches Notifications To Trezor Users


    “They have already demanded a ransom, but we will never accept their terms. ” It is critical that I inform you of this so that we are all on the same page. They have struck us severely, but they can not kill us. We shall hold our ground and come back even stronger. “

     
    Please don’t be disappointed; we will certainly restore things as quickly as possible and keep you updated on the development. “Bet9ja said in a previous social media post that user funds and prizes are safe while the company works to fix the problem.


    What you need to know

    According to sources, the ransomware assaults that brought down a swath of and hampered payments at some German filling stations in January were carried out by the Russia-linked hacker group BlackCat.
     
    Hackers used a type of ransomware called “Black Cat” to get into computers at Mabanaft GmbH and Oiltanking GmbH Group, reports say.
     
    There is a new ransomware service called BlackCat (also called ALPHV). It has been aggressively recruiting people from other ransomware gangs and attacking businesses all over the world.

  • Hackers Send Fake, Data Breaches Notifications To Trezor Users

    Hackers Send Fake, Data Breaches Notifications To Trezor Users

    Hackers targeted Trezor, a cryptocurrency hardware wallet. They used the company’s mailing list to send out fake data breach notifications to users.

    Mailchimp, a well-known email marketing platform, has confirmed that hackers used an internal tool to steal data from more than 100 of its customers, with the information being used to launch phishing attacks against cryptocurrency users.

    What They Are Saying About The Attack

    Mailchimp confirmed the breach to the press on Monday, but users of the Trezor hardware cryptocurrency wallet had reported being targeted by sophisticated phishing emails over the weekend. A false email was sent out to users, requesting that they install an impersonated Trezor Suite software, which would allow them to steal their password (recovery seed).

    Techviral reported that the fake Trezor data breach email contains the following text: “We regret to inform you that Trezor has experienced a security incident involving data belonging to 106,856 of our customers and that the wallet associated with your e-mail address [email here] is within those affected by the breach.”

     

    Read Also : Lapsus Group Attacks Microsoft and Okta in Cyber Hack

     

    When a user clicks on the download button, a fake software application known as suite.trezor.com is installed in the user’s browser. Punycode characters are used by the website, which allows attackers to impersonate the trezor.com domain by using accented or Cyrillic characters in their message to the user. The official Trezor website is trezor.io, and the user should be aware of this.

     

    Read Also : Hacking group Anonymous Releases 28GB of data stolen from the Russian Central Bank

     

    In a statement sent to The Verge, Mailchimp CISO Siobhan Smyth said “We sincerely apologize to our users for this incident and realize that it brings inconvenience and raises questions for our users and their customers,” Smyth said. “We take pride in our security culture, infrastructure, and the trust our customers place in us to safeguard their data. We’re confident in the security measures and robust processes we have in place to protect our users’ data and prevent future incidents.”

    What is Trezor?

    The Trezor is a cryptocurrency hardware wallet. It’s a device for securely holding cryptocurrency private keys offline in ‘cold’ storage. When you want to make a transaction you can plug in your Trezor and it will provide the keys to sign off on a transaction, which is done by physically pushing buttons on the device.

    Its design protects cryptocurrency by ensuring keys are always offline and by requiring physical interaction to co

  • Lapsus$ Hackers Group Leak nearly 200 Gigabytes of Samsung Source Code In Cyber Attack

    Lapsus$ Hackers Group Leak nearly 200 Gigabytes of Samsung Source Code In Cyber Attack

    Lapsus$ Hackers Group at it again as nearly 200 gigabytes of data, including the source code for numerous technologies and algorithms used in biometric unlocking operations, have been reported stolen and exposed by hackers.

    The stolen data allegedly contains confidential information from Qualcomm, a US chipmaker that supplies chipsets for Samsung handsets sold in the US.

    Access to source code might aid threat actors in identifying security vulnerabilities that would otherwise go undetected, possibly exposing vulnerable devices or systems to exploitation or data exfiltration.

    The breach was claimed by the Lapsus$ hacker group, the same group that penetrated Nvidia and then leaked thousands of employee credentials online.

    Lapsus$ claims to have obtained source code for trusted applets installed in Samsung’s TrustZone environment, which Samsung phones use for sensitive operations, algorithms for all biometric unlock operations, and bootloader source code for all recent Samsung Galaxy devices in a post on its Telegram channel.

    What They Are Saying

    Samsung Spokesperson confirmed a “security breach” related to some internal company data but said no personal data belonging to customers or employees were accessed by the hackers.

    “According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees,” Samsung said. “Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption.”

    When enquired, Qualcomm stated that it was aware of a reported incident involving Samsung.

    Read Also : How To Use Your Smartphone as a CCTV Camera Without Internet.

    We take these claims very seriously and are working expeditiously with Samsung to understand the scope of the incident, as well as to confirm what Qualcomm data, if any, have been impacted. We have no reason to believe that Qualcomm systems or security were impacted as a result of this reported incident,” said Clare Conley, Qualcomm spokesperson.

    Possible Motive Behind The Data Breach

    It’s unclear if Lapsus$ wanted a ransom from Samsung before publishing the data as it did with Nvidia’s increasingly strange requests. The group asked that the American chipmaker deactivate its controversial Lite Hash Rate (LHR) feature and open-source its graphics chip drivers for macOS, Windows, and Linux.

    Although the deadline passed on Friday, the hacker gang has yet to carry out its threat.

    About Samsung

    Samsung is a South Korean electronics manufacturer that is one of the world’s biggest. Samsung manufactures a broad range of consumer and industrial electronics, including appliances, digital media devices, semiconductors, memory chips, and integrated systems, among other things. It has become one of the most well-known technological brands.

    What to know about Lapsus$

    It’s a ransomware group, Lapsus makes money by breaking into business networks and then extorting them for cash. Sometimes they steal data and hold it hostage.

    The group’s notoriety is increasing as they continue to hack and steal data from the world’s tech giants. They hacked Nvidia and were able to expose some personal information onto torrent sites. Then came Samsung, which had vital data about the security of its phones stolen.

  • The NCC CSIRT Discovers Malware That Targets Banking Applications

    The NCC CSIRT Discovers Malware That Targets Banking Applications

    Software that steals Android users’ banking app login information has been made by the Nigerian Communications Commission’s Computer Security Incident Response Team (CSIRT). The CSIRT has found it.


    According to a security advisory from the NCC CSIRT, the malicious software known as “Xenomorph” has a high impact and a high vulnerability rate. It was discovered to target 56 financial institutions in Europe. The primary objective of this infection is to steal passwords and then log in and use potential two-factor authentication tokens via SMS and notification interception. The Xenomorph is spread via a programme snuck into the Google Play store and masquerading as a legal application called “Fast Cleaner,” which is apparently intended to clean garbage, boost device speed, and maximize battery life. In reality, this app is just a way to spread the Xenomorph Trojan quickly and easily.

    Read Also : A Trojan horse for Android devices called Xenomorph has the ability to compromise over 56 different financial apps.


    Before the malware was installed on the remote server, “Fast Cleaner” was given out. This made it hard for Google to figure out that the software was being used for bad things.
    Once installed on a victim’s device, Xenomorph can capture device and Short Messaging Service (SMS) information, intercept notifications and new SMS messages, conduct overlay attacks, and block users from deleting them. Additionally, the threat requests Accessibility Services credentials, which enables it to grant itself additional permissions.


    Additionally, the CSIRT stated that the malware takes victims’ banking information by superimposing false login sites on top of legitimate ones.