Airbnb scammers hijack user accounts with good ratings to rob hosts’ homes: In a blog post on 13 April, the home rental company said online scammers have been taking over guests accounts with good ratings and reviews on Airbnb using stolen passwords. Airbnb is cracking down on malicious scammers hijacking users\’ accounts after an investigation found several people’s homes were robbed by guests using stolen accounts. ” Now, Airbnb will use two-factor authentication whenever a user logs in from a new device that has not been previously used to access the account. “Historically, we’ve defended against account takeovers by using a machine learning model that predicts the probability that each login or action on Airbnb is being performed by the true account owner,” Airbnb CTO Nathan Blecharczyk wrote. The problem also works in reverse as well with some hackers taking over hosts accounts to try and extort money from travellers. After infiltrating the account, the scammer then tweaks some of the personal details such as the name and contact information and then uses it to book stays at various hosts homes. One victim said he was burgled after leasing his apartment to a seemingly verified guest while he was away for a few days to celebrate his birthday. Airbnb’s official Facebook page is filled with numerous complaints from users claiming their accounts were compromised as well.
This new dark web ransomware-as-a-service is customised so any script kiddie can launch attacks: A new dark web ransomware-as-a-service (RaaS) has been uncovered by security researchers, which according to experts, is selling a new ransomware variant called “Karmen. Despite the fact that the Karmen ransomware variant was found for sale on the dark web in March 2017, first infections with Karmen were found to date back to December 2016, according to security researchers at Recorded Future. The customised ransomware is being sold by a Russian-speaking cybercriminal “DevBitox,” who goes by the username “Dereck1” on an unspecified “top-tier cyber criminal community”, according to researchers who discovered Karmen. According to Recorded Future researchers, using the control panel would be simple for those that purchase the Karmen ransomware strain as it “requires very minimal technical knowledge. According to a recent analysis by Kaspersky, 75% of ransomware strains that they uncovered were found to have been developed by Russian cybercriminals, indicating the key role they play in the propagation of ransomware. IBTimes UK has reached out to Recorded Future for further clarity on how the ransomware strain was discovered and the way RaaS models have evolved in the past year. The ransomware, which like other variants, encrypts victims data and demands a ransom to provide them with the decryption key.
Did the NSA hack SWIFT? Shadow Brokers latest leak suggests agency spied on global bank transfers: New Shadow Brokers dump shows that NSA hacked a bunch of banks, oil and investment companies in Palestine, UAE, Kuwait, Qatar, Yemen, more. ” According to Matt Suiche, founder of the UAE-based cybersecurity firm Comae Technologies, who has reviewed the Shadow Brokers release, the hacker groups dump included Excel files detailing a list of computers on the network of a service bureau, usernames, passwords and more such data. The Shadow Brokers latest NSA dump indicates that Dubai-based firm EastNets, which oversees SWIFT transfers for various Middle Eastern clients, was hacked by the NSA. In what is now considered to be one of the most damaging leaks ever to come to light, the hacker group has unleashed exploits that could enable hackers across the world to launch fraud and cyberattack campaigns that could likely drain banks of millions, according to reports. Cris Thomas strategist of Tenable Network Security told today’s Shadow Brokers data dump seems to be the largest and most damaging release to date. The Shadow Brokers released documents on Friday (14 April), which experts believe suggest that the NSA monitored global bank transfers.
‘BankBot’ malware targeting hundreds of Android apps sneaks onto Google Play Store: On 17 April (Monday) the strain, dubbed “BankBot”, was discovered in an application called “HappyTimes Videos” on Google’s Play Store. In total, security researchers believe the app is now targeting over 400 Android-based applications. In January, security researchers warned that Android users may soon face a spike in malware attacks after the source code of a banking Trojan leaked online. Google.com, addressed BankBot concerns, saying: “Users should research an app carefully before they install it on their phones. Now, confirming the fears, Google is taking action after sneaky malware crept onto its official app store. Dr Web, a Russian anti-malware firm, was among the first to reveal how BankBot works by showing a fake login window over a victim’s legitimate application. A slew of other escalated privileges obtained by the malware – which circulates via third-party app stores – can give an attacker the ability to send text messages; intercept call data; intercept text messages; obtain all contact list phone numbers and track device geolocation via GPS.
Hackers hijacked and defaced McAfee’s LinkedIn page: McAfee told it was this password that presumably allowed the hackers access McAfee’s LinkedIn page, as victim’s LinkedIn account was listed as an administrator on McAfee’s company page. According to Salted Hash’s report, the recycled credentials used to compromise McAfee’s Linked page were garnered from a separate failed attempt to hack into an unspecified Twitter account. The unspecified alleged ex-OurMine hacker said that the McAfee LinkedIn page hijack was made possible due to reused credentials. McAfee’s LinkedIn page was reportedly hacked on Sunday (16 April. However, attackers realised that what they assumed was the individual’s Twitter password was actually the person’s LinkedIn password. However, the firm’s logo, which was changed by the attackers during the attack, was propagated to numerous staff accounts and was found to still exist even after the firm took down its business page. The hacker told Salted Hash that McAfee did not have two-factor authentication enabled on its account, which if true, could be embarrassing for a security firm. An unnamed hacker reportedly claimed responsibility of the attack, adding that he/she used to be a member of the OurMine hacker group, which rose to fame after targeting the social media accounts of high-profile individuals and organisations.
Shadow Brokers new leaks allegedly link NSA to Stuxnet worm used to hit Iran: Despite the various connections to Stuxnet reportedly uncovered by various security experts, the Shadow Brokers latest dump does not appear to contain any definitive evidence of a conclusive connection between the NSA and the Stuxnet worm. In the Shadow Brokers’ latest dump, an exploit for Windows MOF files was uncovered, which Symantec security researcher Liam O’Murchu told Motherboard, uses “almost the exact same script” used in Stuxnet. One such tool uncovered by security researchers hints at the first real connection between the NSA and the infamous Stuxnet worm, which made headlines in 2010 after it was used against Iran, in what is considered as one of the first targeted cyberespionage attacks. Hacker group Shadow Brokers released a fresh batch of alleged NSA (National Security Agency) hacking tools on Friday (14 April), which security experts said contain a whole host of exploits capable of causing widespread cyber panic. ” The connection is not definitive, according to O’Murchu, as the script originally discovered in Stuxnet was also added by researchers to a popular open source hacking toolkit called Metasploit. “There is a strong connection between Stuxnet and the Shadow Brokers dump,” O’Murchu added.
Microsoft patched ‘NSA hack’ Windows flaws before leak: “If Shadow Brokers’ claims are indeed verified, it seems that the NSA sought to totally capture the backbone of the international financial system to have a God’s eye view into a Swift Service Bureau - and potentially the entire Swift network,” blogged security researcher Matt Suiche after the latest leak. The allegation is that third parties – known as Swift Service Bureaus – that provide access to Swift’s network were targeted by the NSA, rather than Swift itself. ‘God’s eye’ Whisteblower Edward Snowden had previously leaked documents in 2013 that alleged the NSA had carried surveillance of the Brussels-based Society for Worldwide Interbank Financial Telecommunication (Swift) for several years, but did not specify how. Swift allows the world’s banks to send payment orders and other messages about large financial transactions in a “secure and reliable” manner. “Customers have expressed concerns around the risk Shadow Brokers disclosure potentially creates,” it said in a security update. Microsoft says it had already fixed software flaws linked to an alleged breach of the global banking system before they were exposed last week.
The way people tilt their smartphone ‘can give away passwords and pins’: Most smartphones, tablets, and other wearables are now equipped with a multitude of sensors (gyroscope, rotation sensors, accelerometer, etc. “The team said it was able to identify 25 different sensors which come as standard on most devices. They said they’d told all the major tech companies, like Google and Apple, about the risks but no-one has been able to come up with an answer so far. “The research suggests there’s a problem in the tech industry because of the number of different sensors used by competing companies. Dr Mehrnezhad said: “On some browsers we found that if you open a page on your phone or tablet which hosts one of these malicious codes and then open [another one], then they can spy on every personal detail you enter. “But because mobile apps and websites don’t need to ask permission to access most of them, malicious programmes can covertly ‘listen in’ on your sensor data. “People were far more concerned about the camera and GPS than they were about the silent sensors. So on a known webpage, the team was able to work out which part of the page the user was clicking on, and what they were typing, by the way it was tilted. The researchers found that everything you do – from clicking, scrolling and holding to tapping – led to people holding their phone in a unique way. The team is now looking at the risks around personal fitness trackers linked to online profiles.
Callisto Group hackers targeted Foreign Office data: F-Secure said the Callisto Group had, since 2015, attacked “military personnel, government officials, think tanks and journalists” mainly in Eastern Europe and the South Caucasus, as well as in the Ukraine and the UK. The company says the domains were created by hackers that it calls the Callisto Group, which it says is still active. F-Secure told the BBC that it did notice some similarity between the Callisto Group’s hacking and previous attacks that have been linked to Russia. However, it said despite some similarities in the tactics, techniques, procedures and targets of the Callisto Group, and the Russia-linked group known as APT28, it believed the two were “operationally” separate. Hacking Team’s surveillance tools were previously exposed in a cyberattack, first reported in 2015. Two of the phishing domains used by the hackers were once linked to an IP address mentioned in a US government report into Grizzly Steppe. However, the cybersecurity expert noted that this connection between the phishing domain and Grizzly Steppe may be a coincidence, as over 300 other domains – many of them not hacking-related – were linked to the same IP address. “The government’s Active Cyber Defence programme is developing services to block, prevent and neutralise attacks before they reach inboxes,”