Cyber Security News — Past 24 hours | 23.07.2021

Dutch Police Arrest Two Hackers Tied to “Fraud Family” Cybercrime Ring

Law enforcement authorities in the Netherlands have arrested two alleged individuals belonging to a Dutch cybercriminal collective who were involved in developing, selling, and renting sophisticated phishing frameworks to other threat actors in what’s known as a «Fraud-as-a-Service» operation.
The apprehended suspects, a 24-year-old software engineer and a 15-year-old boy, are said to have been the main developer and seller of the phishing frameworks that were employed to collect login data from bank customers.

Cybercrime Ring

Infections involving Fraud Family commences with an email, SMS, or WhatsApp message impersonating well-known local brands containing malicious links that, when clicked, redirect the unsuspecting recipient to adversary-controlled payment info-stealing phishing websites. In an alternative attack scenario, the fraudsters were observed posing as a buyer on a Dutch classified advertising platform to contact a seller and subsequently move the conversation to WhatsApp to trick the latter into visiting a phishing site.

Prevent Ransomware Attacks

«When victims submit their banking credentials, the phishing site sends them to the fraudster-controlled web panel,» Group-IB said. «This one actually notifies the miscreants that a new victim is online. The scammers can then request additional information that will help them to gain access to the bank accounts, including two factor authentication tokens, and personal identifiable information».

Source — https://thehackernews.com/2021/07/dutch-police-arrest-two-hackers-tied-to.html

Wake up! Identify API Vulnerabilities Proactively, From Production Back to Code

After more than 20 years in the making, now it’s official: APIs are everywhere. In a 2021 survey, 73% of enterprises reported that they already publish more than 50 APIs, and this number is constantly growing.

APIs are attractive to attackers, not just businesses

Keep in mind that APIs do more than simply connect your applications; they change the functionality in unpredictable ways.

Are you giving API security testing enough attention?

Shift-left security is already widely accepted in many organizations, allowing for continuous testing throughout development.

Relevant experience and expertise may be in short supply, as API testing is more complicated than other types of testing

With legacy APIs, you might not know about the APIs already implemented or the documentation.

Why do common security testing approaches fail to cover APIs?

After more than 20 years in the making, now it’s official: APIs are everywhere. In a 2021 survey, 73% of enterprises reported that they already publish more than 50 APIs, and this number is constantly growing.

APIs are attractive to attackers, not just businesses

Keep in mind that APIs do more than simply connect your applications; they change the functionality in unpredictable ways.

Are you giving API security testing enough attention?

Shift-left security is already widely accepted in many organizations, allowing for continuous testing throughout development.

Relevant experience and expertise may be in short supply, as API testing is more complicated than other types of testing

With legacy APIs, you might not know about the APIs already implemented or the documentation.

Why do common security testing approaches fail to cover APIs?

As a first step towards a comprehensive approach, it is important to examine the most common attitudes towards application security testing today: static security testing and dynamic security testing.

Source — https://thehackernews.com/2021/07/wake-up-identify-api-vulnerabilities.html

Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software

A malware known for targeting macOS operating system has been updated once again to add more features to its toolset that allows it to amass and exfiltrate sensitive data stored in a variety of apps, including apps such as Google Chrome and Telegram, as part of further «refinements in its tactics».

Stack Overflow Teams

The malware comes with numerous capabilities, such as reading and dumping Safari cookies, injecting malicious JavaScript code into various websites, stealing information from applications, such as Notes, WeChat, Skype, Telegram, and encrypting user files.
Earlier this April, XCSSET received an upgrade that enabled the malware authors to target macOS 11 Big Sur as well as Macs running on M1 chipset by circumventing new security policies instituted by Apple in the latest operating system.

Prevent Data Breaches

With Google Chrome, the malware attempts to steal passwords stored in the web browser — which are in turn encrypted using a master password called «safe storage key» — by tricking the user into granting root privileges via a fraudulent dialog box, abusing the elevated permissions to run an unauthorized shell command to retrieve the master key from the iCloud Keychain, following which the contents are decrypted and transmitted to the server.

Source — https://thehackernews.com/2021/07/nasty-macos-malware-xcsset-now-targets.html

Stay Focused. Stay Vigilant.

Cyber Threat Incident Management Team — Cyber Security Community @ SLIIT

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store