TechVertex, Level 17, Unit 1702, High Street South Corporate Plaza, Tower 2, 26th Street, Bonifacio Global City, Fort Bonifacio (2026)

06/10/2024

The FIN7 threat group, a notorious Russian financial cybercrime organization, is now employing artificial intelligence and social engineering in a new, aggressive campaign that promotes a "DeepNude Generator." This tool claims to use deepfake technology to create n**e images, luring individuals into downloading malicious software instead. Research from Silent Push reveals that FIN7 has launched at least seven websites advertising this fake generator, which entices users with free trials or downloads, ultimately leading to the installation of malware like Lumma and Redline, capable of stealing sensitive information and deploying ransomware.

Additionally, FIN7 is continuing its malvertising campaign targeting corporate users with fake content related to well-known brands, tricking them into downloading the NetSupport RAT and .MSIX malware through deceptive browser extension prompts. The group's sophisticated tactics include SEO strategies to improve the visibility of their malicious sites and creating distinct user flows for different attack methods.

Despite ongoing efforts by law enforcement to disrupt their operations, FIN7's ability to adapt and leverage modern technologies indicates they remain a significant threat. To mitigate risks, organizations are advised to develop attack indicators, educate employees about social engineering tactics, and restrict downloads of unknown files from the internet.

20/09/2024

"Escalating Tensions: Israel's Shifting Focus and Deadly Attacks on Hezbollah in Lebanon"

The situation between Israel and Hezbollah has escalated, with Israel acknowledging a shift in focus towards northern operations following two deadly attacks involving explosive walkie-talkies and pagers in Lebanon. At least 20 people were killed and over 450 injured in these incidents, which Hezbollah attributed to Israeli actions.
Lebanon's Foreign Minister expressed concerns about the potential for war, blaming Israel for the attacks. The walkie-talkies that exploded were identified as a discontinued model from ICOM, not officially licensed or vetted by security services, raising questions about their origin.

Israeli defense officials indicated that these attacks signal a "new era" of conflict, suggesting a strategic shift along the Lebanon border. Israel informed the U.S. of its operational plans but withheld specific details. Meanwhile, many of the injured are receiving medical treatment in Syria and Iran, with extensive surgeries performed in Lebanese hospitals.

17/09/2024

The cybersecurity landscape today is marked by rapid technological advancements, including the rise of AI, which introduces new risks and challenges. Despite the drive for innovation, many organizations are failing to address security adequately, leading to increased susceptibility to cyber threats like malware, ransomware, and phishing.

Key Insights:

1. Compliance with AI: As enterprises adopt AI, they must address security risks such as data leakage and prompt injection attacks. Ensuring compliance with cybersecurity guidelines and managing AI access to sensitive data is crucial. Companies focusing on compliance are significantly less likely to experience breaches.

2. Post-Quantum Cryptography (PQC): With the potential future threat of quantum computing, organizations should invest in PQC to protect against "harvest now, decrypt later" attacks. Despite PQC not being an immediate concern, preparing now will position companies favorably for the future.

3. Secrets Management: As technologies like cloud and DevOps evolve, managing secrets securely; such as tokens and passwords—is vital. Adopting a data-centric security approach and integrating strong security practices into DevSecOps can help mitigate risks associated with secrets management.

Overall, while technological innovation accelerates, organizations must prioritize security and compliance to safeguard against evolving threats and avoid repeating past mistakes.

15/09/2024

Cybersecurity researchers have recently identified a new variant of the Android banking trojan TrickMo, which has enhanced its capabilities to avoid detection and steal banking credentials. The updated TrickMo employs sophisticated evasion techniques such as malformed ZIP files and JSONPacker, and is distributed via a dropper app that also uses anti-analysis methods.

Originally discovered by CERT-Bund in 2019, TrickMo targets Android users, primarily in Germany, to steal one-time passwords (OTPs) and other two-factor authentication (2FA) codes for financial fraud. This malware, attributed to the now-defunct TrickBot gang, features advanced obfuscation and anti-analysis tools.

TrickMo can record screen activity, log keystrokes, capture photos and SMS messages, and perform various malicious actions through Android's accessibility services. The dropper app, disguised as Google Chrome, prompts users to update Google Play Services, leading to the installation of TrickMo under the guise of "Google Services."

Researchers from Cleafy uncovered a significant security lapse in TrickMo’s command-and-control server, which exposed 12 GB of sensitive data including credentials and images. This data breach puts victims at risk of identity theft, unauthorized account access, and financial fraud.

The malware’s abuse of accessibility services allows it to intercept SMS messages, handle notifications, and perform HTML overlay attacks, further compromising device security. Google is addressing these issues by enhancing security measures around sideloading apps to better protect users.

11/09/2024

Western intelligence agencies have linked Russia's notorious Unit 29155 to recent cyber-attacks on Ukrainian allies. The unit, previously known for espionage and sabotage, has been involved in disrupting aid efforts to Ukraine and targeting critical infrastructure in multiple countries. This includes attacks on government, private, and civil society sectors across Europe, NATO member states, and even beyond. The joint statement highlights a broader scope of activity than previously reported, indicating ongoing cyber threats and preparation for potential future attacks.

03/09/2024

Cybersecurity researchers have analyzed a new ransomware called Cicada3301, which bears similarities to the now-defunct BlackCat (ALPHV).

Cicada3301 mainly targets small and medium-sized businesses (SMBs) through opportunistic attacks exploiting vulnerabilities. Morphisec reported that the ransomware, written in Rust, can affect both Windows and Linux/ESXi systems. It first appeared in June 2024, advertising its ransomware-as-a-service (RaaS) on the RAMP underground forum.

A key feature of Cicada3301 is its use of compromised user credentials to run PsExec, a tool for remote program ex*****on. The ransomware also mirrors BlackCat’s methods, using ChaCha20 for encryption, fsutil for symbolic link evaluation, and IISReset.exe to stop IIS services and encrypt locked files.

Cicada3301 also deletes shadow copies, disables system recovery, increases MaxMpxCt for higher traffic, and clears event logs, similar to BlackCat's tactics. It stops local virtual machines (VMs) and terminates backup services and various processes.

The ransomware targets 35 file extensions and maintains a list of excluded files and directories. Morphisec also found tools like EDRSandBlast, which bypass EDR detections using a vulnerable signed driver, a technique previously used by BlackByte.

Truesec’s analysis of Cicada3301’s ESXi version suggests that the group might be linked to the Brutus botnet for initial access. There are speculations about whether Cicada3301 is a rebrand of ALPHV or merely inspired by it.

Cicada3301’s attacks on VMware ESXi systems include intermittent encryption for large files and a “no_vm_ss” parameter to encrypt files without shutting down VMs. Meanwhile, a non-political group with a similar name has clarified that it has no connection to the ransomware.

02/09/2024

SEATTLE—Seattle-Tacoma International Airport (SEA) reports that most systems are now back to normal following a cyberattack that disrupted operations last weekend. While domestic flights are largely unaffected with standard bag check procedures, international flights and some low-volume carriers are still experiencing issues, including manual processing of bag tags and boarding passes. Security lines are moving at their usual pace, and travelers should rely on airline apps for flight status and baggage claim updates since digital boards remain out of service. Over 500,000 passengers are expected to travel through SEA around Labor Day, and airport staff are assisting with customer service near baggage carousels.

To ensure a smooth experience at SEA, it's best to use your airline's app for real-time flight and baggage information due to ongoing issues with digital boards. If possible, avoid checking bags to sidestep potential delays.

21/08/2024

Firewalls are crucial for protecting your network from various threats and ensuring robust security. They play a vital role in managing traffic, detecting and blocking malicious activity, and providing layered defense against potential vulnerabilities. Each type of firewall offers unique features to address specific security needs and enhance overall protection.

Take a look at the different types of firewalls depicted in the image to see their various functions and benefits. TechVertex offers all these advanced firewall solutions, ensuring that you have the right tools to safeguard your network effectively.

18/08/2024

Social Engineering 2.0 uses advanced technology and psychological manipulation to execute highly convincing attacks. It combines deepfake tech, AI-driven personalization, data mining and more to exploit individuals and organizations more effectively than traditional methods.

Here are the key components:

1. Social Engineering Tactics:
• Techniques used to manipulate individuals into divulging confidential information or performing actions that compromise security.

2. Advanced Phishing:
• Sophisticated phishing attacks that use refined methods, such as personalized emails or websites, to deceive targets and steal sensitive information.

3. AI-Driven Scams:
• Fraudulent schemes powered by artificial intelligence, which create highly convincing fake messages or scenarios to deceive victims.

4. Deepfake Threats:
• Use of artificial intelligence to create realistic but fake videos or audio recordings designed to impersonate individuals or mislead audiences.

5. Behavioral Manipulation:
• Psychological techniques employed to influence individuals’ decisions and actions, often by exploiting their emotions or cognitive biases.

6. Data Exploitation:
• The misuse or unauthorized access to personal or organizational data, often for malicious purposes such as fraud or identity theft.

7. Targeted Attacks:
• Cyber attacks specifically designed to target a particular individual or organization based on detailed information about them.

8. Personal Data Security:
• Measures and practices aimed at protecting an individual's private information from unauthorized access or theft.

9. Digital Deception:
• The use of digital tools and techniques to create misleading or false information, with the intent to deceive or manipulate.

10. Cyber Attack Simulation:
• Controlled exercises designed to mimic real-world cyber attacks in order to test and improve an organization’s security posture and response capabilities.

16/08/2024

Stay Alert: Cybercriminals are increasingly using synthetic media—such as fake audio and video calls—to deceive individuals into disclosing confidential information. Safeguard yourself from these advanced social engineering tactics!

Recommendation:

• Verify Identities: Always authenticate requests for sensitive information through a secondary method, like a direct phone call or face-to-face confirmation.
• Educate and Train: Regularly update training programs to help employees identify and respond to synthetic media and social engineering schemes.
• Use Multi-Factor Authentication (MFA): Enhance security with MFA to provide an additional layer of protection beyond just passwords.
• Monitor and Alert: Implement systems to flag unusual requests and set up clear procedures for reporting suspicious activities.
• Stay Informed: Keep abreast of the latest cybersecurity threats and emerging trends to effectively defend against new and evolving attack methods.

13/08/2024

On October 10th, the group known as Deathnote Hackers International publicly demonstrated a vulnerability in the E-LGU System by posting a defacement page. Their intention was to highlight a significant security flaw related to unrestricted file uploads, which they claimed could have serious implications if exploited further. The hackers warned that such vulnerabilities might lead to severe issues, including data breaches or unauthorized server access. Their message served as an urgent call for the Department of Information and Communications Technology (DICT) to address this security gap to prevent potential risks. This incident underscores the importance of robust cybersecurity measures, particularly as the DICT aims to centralize government operations, a move that could increase the system’s exposure to cyber threats.

As a cybersecurity firm, TechVertex advises both private and public sector organizations to use this example as a catalyst for enhancing their security protocols. Conduct a thorough security review to identify and rectify similar vulnerabilities. Ensure that necessary patches are applied, access controls are reinforced, and continuous monitoring is established. Proactively addressing these issues will help protect your systems and sensitive data from potential threats.

10/08/2024

New Research Shows AI Can Decode HDMI Signals from a Distance

Researchers from Uruguay have developed a method to intercept and decode video signals from HDMI cables using AI to analyze electromagnetic radiation. This “Deep-TEMPEST” technique can extract video content with up to 70% accuracy, even without direct access to the target computer. While more effective than previous methods, this approach is mostly a concern for high-security environments and sensitive data, prompting a need for enhanced electromagnetic shielding.

Three scientists from the University of the Republic in Montevideo published their findings on https://arxiv.org/abs/2407.09717

TechVertex

06/10/2024

20/09/2024

17/09/2024

15/09/2024

11/09/2024

03/09/2024

02/09/2024

21/08/2024

18/08/2024

16/08/2024

13/08/2024

10/08/2024

Address

Telephone

Website

Alerts

Contact The Business

Shortcuts

Share

Category