Researchers believe hackers with connections to the North Korean government have been pushing a Trojanized version of the PuTTY networking utility in an attempt to backdoor the network of organizations they want to spy on. Researchers from security firm Mandiant said on Thursday that at least one customer it serves had an employee who installed the fake network utility by accident. The incident caused the employer to become infected with a backdoor tracked by researchers as Airdry.v2. The file was transmitted by a group Mandiant tracks as UNC4034. “Mandiant identified several overlaps between UNC4034 and threat clusters we suspect have a North Korean nexus,” company researchers wrote. “The AIRDRY.V2 C2 URLs belong to compromised website infrastructure previously leveraged by these groups and reported in several OSINT sources.”
Satellite navigation and tracking via GPS has become a critical link in the world’s rapidly growing logistics and freight carrying ecosystem. Companies use GPS to track trucks and keep them on time and their cargo secure. Little wonder, then, that criminals are turning to cheap GPS jamming devices to ransack the cargo on roads and at sea, a problem that’s getting worse but may be ameliorated with a new generation of safety technology designed to overcome threats from jamming. In case you aren’t a master criminal or a secret agent, here’s some background. The core problem for any system using GPS is that the signals are extremely weak, an inevitable byproduct of the vast distances those signals need to travel.
While Google Chrome still dominates as the top browser, Microsoft Edge, which is based on the Chromium source code, is gradually gaining more users. Perhaps more importantly, it is the default browser on the Microsoft Windows platform and as such some segments of its user base are of particular interest to fraudsters. We have tracked and observed a malvertising campaign on the Microsoft Edge News Feed used to redirect victims to tech support scam pages. The scheme is simple and relies on threat actors inserting their advertisements on the Edge home page and trying to lure users with shocking or bizarre stories.
LastPass says the attacker behind the August security breach had internal access to the company’s systems for four days until they were detected and evicted. In an update to the security incident notification published last month, Lastpass’ CEO Karim Toubba also said that the company’s investigation (carried out in partnership with cybersecurity firm Mandiant) found no evidence the threat actor accessed customer data or encrypted password vaults. “Although the threat actor was able to access the Development environment, our system design and controls prevented the threat actor from accessing any customer data or encrypted password vaults,” Toubba said.
Rockstar Games appears to be the victim of a massive security breach, as a hacker reportedly stole at least 90 video clips from the company showing off an early build of Grand Theft Auto 6. The clips appear to have surfaced online late on Saturday night on GTAForums, a message board dedicated to the Grand Theft Auto series. A user named “teapotuberhacker” posted a folder containing 90 video clips, noting that the link contained “GTA 5 and 6 source code and assets, GTA 6 testing build.” The hacker notes that they may “leak more data soon,” indicating that this could just be the beginning of a much longer leak.
In a blog post, the team of security researchers explains: “Some of the largest websites in the world have exposure to sending Google and Microsoft sensitive user PII, including username, email, and passwords, when users are logging in or filling out forms. An even more significant concern for companies is the exposure this presents to the company’s enterprise credentials to internal assets like databases and cloud infrastructure”. There is the additional warning: If you click on ‘show password’, the enhanced spellcheck even sends your password, essentially Spell-Jacking your data.