By Habiba Rashid
The cybersecurity researchers at FortiGuard Labs have identified several Adobe ColdFusion vulnerabilities impacting Windows and Mac devices.
This is a post from HackRead.com Read the original post: Hackers Exploit Adobe ColdFusion Vulnerabilities to Deploy Malware

*   Remote attackers can exploit pre-authentication RCE vulnerabilities in Adobe ColdFusion 2021 to seize control of affected systems.

*   Adobe has released security patches to address these vulnerabilities, but attackers are still exploiting them.

*   The attack campaign involves multiple stages, including probing, reverse shells, and the deployment of malware.

*   Four distinct malware strains have been identified: XMRig Miner, Satan DDoS/Lucifer, RudeMiner, and BillGates/Setag backdoor.

*   Users are advised to upgrade their systems promptly and deploy protection mechanisms to thwart ongoing attacks.

Numerous users of both Windows and macOS platforms are currently at risk due to vulnerabilities present in Adobe ColdFusion. This software suite, a popular choice for web application development, recently came under attack as remote attackers discovered and exploited pre-authentication remote code execution (RCE) vulnerabilities. Such vulnerabilities granted attackers the ability to seize control of affected systems, raising the alarm to a critical severity level.

The crux of these attacks targets the WDDX deserialization process within Adobe ColdFusion 2021. While Adobe responded swiftly with security updates (APSB23-40, APSB23-41, and APSB23-47), FortiGuard Labs observed continued exploitation attempts. 

An analysis of the attack patterns uncovered a process executed by the threat actors. They initiated probing activities using tools like “interactsh” to test the exploit’s effectiveness. These activities were observed involving multiple domains including mooo-ngcom, redteamtf, and h4ck4funxyz. The probing phase provided attackers insights into potential vulnerabilities and served as a precursor to more malicious actions.

The attack campaign’s sophistication extended to the utilization of reverse shells. By encoding payloads in Base64, attackers sought to gain unauthorized access to victim systems, enabling remote control. 

Notably, the analysis disclosed a multi-pronged approach, including the deployment of various malware variants. Attacks were launched from distinct IP addresses, raising concerns about the campaign’s widespread reach. Malware payloads were encoded in Base64, concealing their true nature until decoded. Researchers identified four distinct malware strains at play: XMRig Miner, Satan DDoS/Lucifer, RudeMiner, and BillGates/Setag backdoor.

The XMRig Miner, primarily associated with Monero cryptocurrency mining, was harnessed to hijack system processing power. By utilizing version 6.20.0, attackers managed to capitalize on compromised systems for their own financial gain.

Attackers’ webpage (FortiGuard Labs)

A hybrid bot combining cryptojacking and distributed denial of service (DDoS) functionalities, Lucifer emerged as a formidable entity. This malware variant showcased not only its mining capabilities but also its adeptness in command and control operations, propagation through vulnerabilities, and sophisticated DDoS attacks.

RudeMiner, connected to Lucifer, carried a DDoS attack legacy from previous campaigns. Its involvement in the ongoing threat landscape demonstrated its persistence and adaptability, marking it as a significant concern.

The BillGates/Setag backdoor, previously associated with Confluence Server vulnerabilities, resurfaced in this context. Its multifaceted capabilities encompassed system hijacking, C2 communication, and diverse attack methods, including SYN, UDP, ICMP, and HTTP-based attacks.

Despite the availability of security patches, the continuous stream of attacks underscores the urgency of action. Users are strongly advised to upgrade their systems promptly and to deploy protection mechanisms including antivirus services, IPS signatures, web filtering, and IP reputation tracking, to thwart ongoing attacks.

1.  Adobe Reset User Passwords as Precaution Against Data Breach Risks
2.  Apple mistakenly approved malware camouflaged as Adobe Flash Player
3.  Fake Adobe updates installing cryptomining malware while updating Flash

Hackers Exploit Adobe ColdFusion Vulnerabilities to Deploy Malware

By Owais Sultan
FPS games on Android have become trendy thanks to the strong smartphone CPU power and graphics from game developers.
This is a post from HackRead.com Read the original post: The Best FPS Games on Android In 2023: Popular by Demand

In recent years, the mobile gaming industry has witnessed a significant rise in first-person shooter (FPS) games. The year 2023 is well underway, Android users can expect an array of high-quality FPS games that have gained popularity by demand. This article aims to explore the best FPS games available on Android and analyze their appeal to gamers.

At the forefront of this trend is Call of Duty Mobile, which offers a thrilling multiplayer experience with its immersive gameplay and impressive graphics. Additionally, PUBG Mobile continues to captivate players with its intense battle royale mode, providing an adrenaline-fueled gaming experience.

Moreover, Apex Legends Mobile has emerged as a strong contender in the realm of FPS games on Android, offering dynamic gameplay and strategic team-based battles. These three titles exemplify how Android is leading the mobile gaming race by delivering top-notch FPS experiences for enthusiasts.

As we delve deeper into each game’s features and mechanics, it becomes evident why they have become favourites among gamers worldwide. By examining their success and analyzing player feedback, we can understand why these games are in such high demand on Android devices in 2023.

**The Rise of FPS Mobile Gaming in 2023**

In 2023, the popularity of FPS mobile gaming has experienced a significant rise, with Call of Duty Mobile emerging as the highest-played mobile FPS game, followed by PUBG Mobile and Apex Legends Mobile, according to a study by SecureCheats analyzing Google search data and player statistics. 

This study conducted by SecureCheats employed an analysis of Google search data and player statistics from the last 12 months to determine the most popular mobile FPS games. Each game was assigned its own total score based on these factors.

Call of Duty Mobile secured the top position in this study, affirming its widespread appeal among gamers. The game offers an immersive first-person shooting experience coupled with impressive graphics and a wide array of gameplay modes. 

PUBG Mobile claimed the second spot in this ranking, showcasing its enduring popularity within the FPS genre. Known for its intense battle royale matches and realistic gunplay mechanics, PUBG Mobile continues to captivate players worldwide.

Apex Legends Mobile secured the third place in this ranking, demonstrating its growing presence in the realm of mobile FPS gaming. With fast-paced gameplay and unique character abilities, it has garnered a dedicated fanbase.

The rise of FPS mobile gaming is evident through these rankings, indicating that players are increasingly gravitating towards engaging and competitive experiences on their smartphones. The dominance of Call of Duty Mobile further reinforces its status as a leading force within this genre.

**Call of Duty Mobile**

Call of Duty Mobile has gained significant traction among gamers for its immersive gameplay experience and realistic graphics. Developed by Tencent Games in collaboration with Activision, this first-person shooter (FPS) game offers a thrilling multiplayer mode that allows players to engage in fast-paced combat across various iconic maps from the Call of Duty franchise.

One of the key strengths of Call of Duty Mobile is its attention to detail in replicating the gameplay mechanics and overall feel of the popular console version. The controls have been optimized for touchscreens, providing smooth and responsive movements that enhance the overall gaming experience. Additionally, players can choose from a wide range of customizable load-outs, allowing them to tailor their playstyle to their preferences.

The graphics in Call of Duty Mobile are impressive, delivering stunning visuals that rival those seen on dedicated gaming consoles. From detailed character models to dynamic environments, every aspect contributes to creating an immersive world for players to explore.

Furthermore, regular updates and additions keep the game fresh and engaging. New maps, game modes, and weapons are frequently introduced, ensuring that players always have something new to discover.

Overall, Call of Duty Mobile stands as a testament to the ever-increasing quality and popularity of FPS games on mobile platforms. Its immersive gameplay experience coupled with realistic graphics make it a top choice among gamers seeking intense action on their Android devices.

**PUBG Mobile**

Developed by PUBG Corporation, PUBG Mobile has captivated gamers worldwide with its expansive open-world gameplay and intense battle royale experience. Released in 2018, the game quickly became a sensation, garnering millions of downloads and earning critical acclaim for its immersive and realistic gameplay.

PUBG Mobile offers players a highly competitive and adrenaline-fueled experience. The game drops 100 players onto an island where they must scavenge for weapons, vehicles, and supplies while eliminating opponents to become the last person standing. With its vast map and stunning graphics, PUBG Mobile provides an incredibly immersive environment that keeps players engaged.

One of the key aspects that sets PUBG Mobile apart from other FPS games is its focus on teamwork. Players can form squads with their friends or join forces with strangers to strategize and outmanoeuvre opponents. This cooperative element adds another layer of depth to the gameplay, fostering communication and coordination among teammates.

Furthermore, PUBG Mobile regularly updates its content to keep players engaged and excited. New maps, weapons, game modes, and events are introduced frequently, ensuring that there is always something fresh for players to explore.

Overall, PUBG Mobile’s combination of expansive open-world gameplay, intense battle royale action, teamwork-oriented mechanics, and regular updates makes it one of the best FPS games available on Android in 2023. Its popularity is a testament to its captivating nature and ability to provide an adrenaline-pumping gaming experience for mobile gamers worldwide.

Apex Legends Mobile, a highly anticipated addition to the popular battle royale genre, offers players an exhilarating and fast-paced gameplay experience. Developed by Respawn Entertainment, this free-to-play game brings the thrilling action of Apex Legends to Android devices.

*   Diverse roster of characters: Apex Legends Mobile features a diverse lineup of legends, each with their own unique abilities and playstyles. From aggressive brawlers to tactical support characters, players can choose from a variety of options that suit their preferred playstyle.
*   Intense squad-based gameplay: In Apex Legends Mobile, teamwork is crucial for victory. Players are encouraged to form squads of three and work together to outmanoeuvre and eliminate opponents. The game promotes strategic decision-making and effective communication among team members.
*   Dynamic map design: The game’s map is meticulously designed with various terrains, providing players with opportunities for both close-quarters combat and long-range engagements. Additionally, the inclusion of jump pads and ziplines adds verticality to the gameplay, allowing for dynamic movement across the map.

With its diverse character roster, intense squad-based gameplay, and dynamic map design, Apex Legends Mobile delivers an immersive experience that has captivated fans of the battle royale genre. As it continues to evolve in popularity on Android devices in 2023, Apex Legends Mobile solidifies its position as one of the best FPS games available on this platform.

**Android Leading the Mobile Gaming Race**

Android has emerged as a dominant force in the mobile gaming industry, displaying its prowess and adaptability by consistently attracting a wide range of players with its diverse selection of games.

With advancements in technology and hardware capabilities, Android has positioned itself as a leading platform for gaming enthusiasts. The popularity of Android devices can be attributed to their affordability, accessibility, and compatibility with various game genres.

One key advantage that Android has over other platforms is its open-source nature, allowing developers to create innovative and immersive gaming experiences. This has resulted in a vast library of high-quality games available on the Google Play Store, catering to different preferences and interests. 

Furthermore, Android’s ability to support high-end graphics and smooth gameplay enhances the overall user experience.

Additionally, the integration of cloud gaming services such as Google Stadia and NVIDIA GeForce Now further solidifies Android’s position as a frontrunner in the mobile gaming race. These services allow users to stream console-level games directly onto their Android devices without compromising on performance or visual quality.

As more developers continue to prioritize Android development due to its market share and user base, it is expected that the platform will continue to dominate the mobile gaming industry in 2023 and beyond. Its adaptability, diverse game selection, affordability, and technological advancements make it an attractive choice for both casual gamers and hardcore enthusiasts alike.

The Best FPS Games on Android In 2023: Popular by Demand

By Habiba Rashid
Dubbed MalDoc in PDF attack by researchers, the new attack trend utilizes PDF and Word files to spread malware.
This is a post from HackRead.com Read the original post: MalDoc in PDF Attack: Hackers Hiding Malicious Word Files within PDFs

**KEY FINDINGS**

*   Hackers are using polyglot files to embed malicious Word documents within PDFs.

*   These files can appear in one format but can be interpreted as another, depending on the application.

*   The MalDoc in PDF attack can evade conventional detection mechanisms, such as PDF analysis tools, sandboxes, and antivirus software.

*   However, it can be detected by certain analysis tools, such as ‘OLEVBA.’

*   To protect yourself from this attack, disable macros in Microsoft Office and use a multi-layered security approach.

Security experts at Japan’s computer emergency response team (JPCERT) have uncovered a novel cyberattack technique dubbed ‘MalDoc in PDF.’ This innovative method involves embedding malicious Word files within PDF documents, allowing hackers to spread malware while evading conventional detection mechanisms.

The technique relies on the concept of polyglot files, which appear as one format but can be interpreted as another, depending on the application. Japan’s computer emergency response team (JPCERT) investigation into the ‘MalDoc in PDF’ attack capitalizes on polyglots – files containing two distinct formats that can be executed as different types, depending on the opening application. In this case, hackers utilize both PDF and Word document formats, allowing the malicious file to function in either format.

By leveraging polyglot files, cybercriminals create documents that appear harmless in one format but contain malicious code in another. In the ‘MalDoc in PDF’ attack, a PDF document conceals a Word file housing a VBS macro. When opened in Microsoft Office as a .doc file, the macro downloads and installs an MSI malware file on vulnerable systems.

However, it’s important to note that this attack relies on macros being enabled on the victim’s computer; disabling macros remains an effective security measure.

For your information, A polyglot file is a type of computer file that is designed to be valid and functional in multiple formats or applications simultaneously. Essentially, it’s a single file that can be interpreted differently depending on the software that opens it.

This characteristic is often exploited by attackers to create files that appear harmless in one context but contain malicious code in another, thus bypassing security measures that may not be capable of detecting the hidden malicious content.

The ingenuity of the ‘MalDoc in PDF’ can lead to confusion for PDF analysis tools, sandboxes, and antivirus software, which might fail to detect the embedded malicious components. However, certain analysis tools, like ‘OLEVBA,’ can still identify the concealed threats, suggesting that a multi-layered security approach remains effective.

JPCERT shares a Yara rule to aid in identifying files that deploy this method. This rule checks for patterns indicative of both PDF and Word document formats within the same file, offering a way to spot potential threats. 

**RELATED ARTICLES**

1.  Hackers abusing Google App Engine to spread PDF malware
2.  5 PDF Tricks You Should Know To Improve Document Productivity
3.  Banking Malware Delivered via Macro in PDF Embedded Word Document

MalDoc in PDF Attack: Hackers Hiding Malicious Word Files within PDFs

By Waqas
If you are an Airbnb user, you need to be vigilant against cybercriminals who are targeting your device, personal, and financial information.
This is a post from HackRead.com Read the original post: Crooks Using Stealers and Stolen Cookies to Hack Airbnb Accounts

The cybersecurity researchers at SlashNext have unveiled a concerning attack trend that targets unsuspecting users who own Airbnb accounts. This trend involves a wide range of malicious techniques, though not entirely new, that pose a significant threat.

**KEY FINDINGS**

*   Cybercriminals are using a variety of methods to gain unauthorized access to Airbnb accounts, including stealers, stolen cookies, and account checkers.

*   Once cybercriminals have gained access to an Airbnb account, they can use it to book properties, make fraudulent purchases, or even steal the victim’s personal information.

*   The scale of the problem is significant, with thousands of Airbnb accounts available for purchase on digital stores for as low as one dollar.

*   To protect yourself from this type of fraud, it is important to take steps to secure your Airbnb account, such as using a strong password and enabling two-factor authentication.

*   You can also help to protect yourself from Airbnb scams by only booking with hosts who have a good reputation and positive reviews, being wary of offers that seem too good to be true, and never giving out your personal information to anyone you don’t know and trust.

Cybercriminals are constantly finding new ways to exploit popular online platforms, and Airbnb is no exception. In a recent investigation by SlashNext cybersecurity firm, researchers found that cybercriminals are using a variety of methods to gain unauthorized access to **Airbnb** accounts, including stealers, stolen cookies, and account checkers.

Once cybercriminals have gained access to an Airbnb account, they can use it to book properties, make fraudulent purchases, or even steal the victim’s personal information. In some cases, cybercriminals have even used stolen Airbnb accounts to commit identity theft.

The scale of the problem is significant. In the SlashNext investigation, researchers found that thousands of Airbnb accounts were available for purchase on digital stores for as low as one dollar. This suggests that cybercriminals are regularly stealing Airbnb account information and selling it on the black market.

A recent **blog post** released by cybersecurity firm SlashNext sheds light on the audacious tactics employed by cybercriminals to exploit Airbnb for their nefarious activities.

**Stealers**

Cybercriminals harness a breed of malicious software (malware or trojan), aptly named “stealers,” to extract sensitive information like usernames, passwords and other sensitive logs. from a targeted device. Once collected, these logs are typically routed to servers controlled by crooks.

The deployment of stealers is carried out through a variety of techniques, ranging from manipulating human psychology (**social engineering**) to exploiting software vulnerabilities and leveraging deceptive advertising (**malvertising**).

Beneath the digital underbelly lies a clandestine market where cybercriminals can purchase and vend unauthorized access to devices, referred to as “bots,” “installs,” or “infections,” en masse.

For those willing to invest, cybercriminals can swiftly acquire a repository of thousands, if not tens of thousands, of devices teeming with stealers.

Targeting web application account information across most browsers, stealers neatly package their loot within a structured format. This format comprises columns and rows, encapsulating a slew of data fragments—names, credit card particulars, and more. Aside from harvesting login credentials, stealers can also hijack cookies.

**Cookies: A Gateway to Illicit Access**

**Cookies**, unobtrusive data packets housing users’ online preferences and activities, have unwittingly become pawns in the hands of cybercriminals. These crooks thrive on stealing, trading, and buying Airbnb account cookies on various illicit forums. Armed with these ill-gotten tokens, cybercriminals temporarily breach Airbnb accounts without the need for legitimate usernames or passwords.

Imagine a scenario where cybercriminals purchase a trove of stolen Airbnb cookies, load them onto their browsers, and slip into victims’ accounts undetected. Armed with this unauthorized access, they can masquerade as legitimate users, booking properties or orchestrating other unauthorized transactions without triggering any alarms. It’s imperative to note that such session cookies possess a brief lifespan, compelling cybercriminals to act swiftly.

**Monetizing Stolen Data**

With user accounts compromised and stolen cookies in their arsenal, cybercriminals pivot toward monetizing. A common practice involves directly peddling stolen account data and cookies to other crooks. This trade occurs on online forums, dark web markets and even through **Telegram channels**.

According to SlashNext, the dark web and underground platforms are filled with thousands of Airbnb accounts on sale, a shocking devaluation reducing each account’s worth to a mere dollar.

Evidently, the scale of Airbnb account heists has created the emergence of “account checkers”—automated tools that systematically scrutinize Airbnb credentials stored in a text file.

**Navigating Airbnb Cookie Checkers**

The modus operandi behind account checkers is straightforward: threat actors input a text file crammed with stolen credentials, and the checker discerns the valid from the defunct. Some advanced iterations of these tools even execute specific actions, like making fraudulent bookings.

With a “passion” for innovation, cybercriminals have even initiated a service slashing up to 50% off Airbnb bookings. The profusion of interest in these services is evident, with forum threads racking up tens of thousands of views and hundreds of replies.

The unsettling reality is that cybercriminals have masterminded an array of techniques to exploit Airbnb’s popularity, leveraging stealers and purloined cookies to breach user accounts.

The stolen information is subsequently sold to other criminals or leveraged to offer discounted services on the **black market**. The rampant account theft underscores the pressing need for vigilance and proactive measures to counteract these insidious cyber threats.

Cybercriminals willing to pay for stolen Airbnb accounts – A popular market selling stolen Airbnb accounts – Airbnb account checker (Screenshots: SlashNext)

**Protection**

Hackread.com has compiled a list of steps that can help Airbnb users (or any unsuspecting user online) protect themselves against the growing trend of attacks.

*   Enable two-factor authentication.
*   Use a strong password and change it regularly.
*   Be careful about clicking on links in emails or messages from people you don’t know.
*   If you think your account has been compromised, immediately change your password and contact Airbnb customer support.

In addition to the tips above, here are some other things you can do to protect yourself from Airbnb scams:

*   Be wary of offers that seem too good to be true.
*   Only book with hosts who have a good reputation and positive reviews.
*   Never give out your personal information, such as your credit card number or passport number, to anyone you don’t know and trust.
*   If you have any concerns about a booking, contact Airbnb customer support.

However, the best defence against cybersecurity threats is using common sense. Therefore, employ it at all times.

Crooks Using Stealers and Stolen Cookies to Hack Airbnb Accounts

By Deeba Ahmed
The Qakbot malware is also known as “Qbot” and “Pinkslipbot,” and was used to target critical industries worldwide.
This is a post from HackRead.com Read the original post: Qakbot Botnet Disrupted, Infected 700,000 Computers Globally

*   The FBI and the US DoJ dismantled the Qakbot botnet, which is one of the largest and most sophisticated botnets in the world.

*   The botnet was used to carry out financial fraud, ransomware attacks, and other cybercrimes, resulting in losses of hundreds of millions of dollars to businesses and individuals across the US and abroad.

*   The dismantling of the botnet was a multinational operation involving law enforcement agencies from France, Germany, Romania, the Netherlands, Latvia, the US, and the UK.

*   The FBI obtained lawful access to the botnet’s infrastructure and redirected its traffic to Bureau-controlled servers. This instructed the compromised computers to download an uninstaller file that removed the malware.

*   The department also confirmed seizing around $8.6 million in cryptocurrency in illegal profits (extorted funds).

The US Federal Bureau of Investigation (FBI) has confirmed the dismantling of notorious malware and botnet called Qakbot (QBot and Pinkslipbot). The FBI and the US DoJ (Department of Justice) announced in a joint press release on August 29 that the dismantling was possible through a multinational operation in which law enforcement agencies from France, Germany, Romania, the Netherlands, Latvia, the US, and the UK participated.

Per the DoJ’s press release, this is the largest ever botnet infrastructure’s financial and technical disruption facilitated by the USA. Qakbot botnet was developed in 2008 and used to carry out financial fraud, ransomware attacks, and other cybercrime.

The botnet was used in countless ransomware attacks and cybercrimes, resulting in losses of hundreds of millions of dollars to businesses and individuals across the US and abroad. Many ‘prolific ransomware groups’ such as REvil, Conti, Egregor, Black Basta, and MegaCortex used the Qakbot botnet for initial infection.

The malware was distributed through spam emails containing malicious links/attachments. When the victim clicked on the link and downloaded the malware, it fetched additional payload, including ransomware, on the device and made it a part of Qakbot’s ever-expanding botnet army. 

This allowed the attackers to control the device remotely while the victim remained unaware of the intrusion and exploitation.

According to FBI director Christopher Wray, the bureau ‘neutralized’ this extensive ‘criminal supply chain,’ the victims of which were extremely diverse, including financial institutions on the East Coast, medical device manufacturers on the West Coast, and a critical government infrastructure contractor based in the Midwest.

> “This botnet provided cybercriminals like these with a command-and-control infrastructure consisting of hundreds of thousands of computers used to carry out attacks against individuals and businesses all around the globe.”
> 
> Christopher Wray – FBI

During the operation, the FBI obtained lawful access to the botnet’s infrastructure and detected that it comprised more than 700,000 infected computers worldwide. Around 200,000 were located in the US.

The disruption process involved redirecting Qakbot botnet’s traffic to Bureau-controlled servers, which instructed the compromised computers to download the uninstaller file created to remove the malware.

The uninstaller untethered the computers from the botnet and prevented them from accepting additional malware. The department also confirmed seizing around $8.6 million in cryptocurrency in illegal profits (extorted funds).

Wray appreciated the efforts of FBI Los Angeles, the bureau’s Cyber Division, and participating agencies within and outside the USA.

 “The cyber threat facing our nation is growing more dangerous and complex every day. But our success proves that our own network and our own capabilities are more powerful,” the FBI director said.

**RELATED ARTICLES**

1.  FBI recovers millions in ransom from DarkSide ransomware gang
2.  Hackers behind Mirai botnet to avoid jail for working with the FBI
3.  800+ criminals arrested after FBI turned Anom app into honeypot
4.  FBI accessing computers across US to remove malicious web shells

Qakbot Botnet Disrupted, Infected 700,000 Computers Globally

By Owais Sultan
Korea Blockchain Week 2023 brings together the most sought-after builders, enterprises, thought leaders and innovators to spark crucial…
This is a post from HackRead.com Read the original post: Korea Blockchain Week 2023: Presenting Web3’s Leading Voices

Korea Blockchain Week 2023 brings together the most sought-after builders, enterprises, thought leaders and innovators to spark crucial conversations that shape the future of the industry

**_Seoul, South Korea, August XX, 2023_** — FactBlock, a Web3 ecosystem accelerator and the organizer of KBW2023 along with the co-host Hashed, a prominent Web3 venture fund based in South Korea, are delighted to announce that delegates attending the 6th Edition of the Korea Blockchain Week will get to witness the most influential people in the industry sharing their learnings and insights on every aspect of crypto, Web3 infrastructure and beyond. It’s where the change makers shape the narratives and set the agenda for the future.

This year’s impressive speaker lineup features more than 200 thought leaders and builders including Ethereum Co-founder Vitalik Buterin, Circle CEO Jeremy Allaire, Wemade CEO Henry Chang, Maelstrom CIO Arthur Hayes, Hashed CEO Simon Kim,  BitGo Co-founder and CEO Mike Belshe, Polygon Co-founder Sandeep Nailwal, Line Next’s Business Director Woosuk Kim, and SkyBridge Capital’s Founder and Managing Partner Anthony Scaramucci.

Seonik Jeon, CEO of FactBlock, said, “Established in 2018 to rectify information imbalances in blockchain and cryptocurrency, KBW now enters its sixth year. Evolving annually, we provide global crypto communities with insightful knowledge, networking, and entertainment.”

“This year, in addition to featuring renowned speakers and diverse sessions to share insights at the Impact conference, we are launching a Web 3-based art and music festival. We anticipate all KBW 2023 participants will relish an immersive week-long engagement with shared knowledge, art, music, and culture in Korea,” Jeon added.

Attendees will also have more opportunities than ever before for networking, collaboration, and discussion. As Asia’s most impactful blockchain event, the week-long conference will be a platform where blockchain builders from all over the world discover the future of Web3, and explore its impact on various industries and cultures. The conference will take place from September 4 to September 10, with the main event, KBW: Impact, running from September 5 to 6 at The Shilla Seoul.

Simon Kim, CEO of Hashed, stated “KBW is establishing itself as a B2B platform that goes beyond mere conferences and events, generating practical multinational business collaboration opportunities. In this event, we can anticipate not only the participation of exceptional speakers as mentioned above but also the excitement of more than 150 diverse side events scheduled to take place.”

With the rising technology, institutional fever, and mass adoption in focus, the organizers aim to make KBW2023 an idea lab rather than an echo chamber. It’s where builders, investors, legacy finance executives, policymakers, and crypto-curious newcomers flock to exchange ideas, collaborate, and find solutions to some of the thorniest challenges facing the industry. 

The biggest highlight of the upcoming conference will be KBW: IMPACT, the main 2-day event that brings together thought leaders and crypto-curious from around the world to spark discussions along the following core themes: 

*   **Fundamentals**– Dedicated to answering the fundamental questions of blockchain and crypto. 
*   **Kingdom of Ethereum** – Shining light on the future of Ethereum infrastructure and community.
*   **Oil the Wheels** – Addressing subjects that make blockchain ecosystem and developers’ growth.
*   **Way to Billions** – Analyzing the key challenges and contributors to mass adoption.
*   **What’s on Chain** – Showcasing and harnessing the power of on-chain data for research, analysis, DeFi, risk management, and more.
*   **Regional Taste** – A look at how the unique strengths of markets like Korea, Japan, India and Southeast Asia are helping them embrace blockchain technology.
*   **Tech Unleashed** – A deep dive into emerging trends and technologies such as zero knowledge, shared sequencing, orderbook DEXes, privacy, interoperability, and more.
*   **Digital Nation** – Dedicated to exploring how blockchain technology will shape the social structures with DAOs, decentralized social graphs, and metaverse.
*   **Institutional Fever** – Dedicated to the B2B side of blockchain, it would serve as a bridge between Web2 enterprises, financial conglomerates, and Web3 projects.
*   **Code in Law** – To help the industry players understand the regulatory landscape.

The week-long industry gathering will spotlight three main events, an official afterparty, and almost two hundred side events. Highlights include the two-day keystone conference “Impact” on September 5th and 6th; the two-day immersive digital art experience “The Gateway: Korea” with NFT now on September 7th and 8th; and the two-day music festival “Micro Seoul: Seoulbound” as the official closing ceremony of KBW.

Rounding off the week, “Beyond Seoul” will take center stage as the official KBW afterparty from September 7th to 10th, celebrating the intersection of technology, culture, and self-expression. With over a hundred registered side events, attendees can expect a week brimming with engagement and insight.

****About Korea Blockchain Week****

Korea Blockchain Week is the premier blockchain and cryptocurrency event in Asia, bringing together industry leaders, investors, and enthusiasts worldwide to discuss and explore the latest developments and trends. Organized by Factblock and co-hosted by Hashed, the conference features a series of speeches and panel discussions by the leading minds of the blockchain space, as well as a rich selection of side events and networking opportunities to foster collaboration within the Korean and global blockchain community.

1.  Buy Tickets 
2.  Attend as Media
3.  Discover Sponsors
4.  Check out FAQ

Korea Blockchain Week 2023: Presenting Web3’s Leading Voices

By Habiba Rashid
In a move that has caught global attention, the hacktivist group GhostSec announced a successful breach of the…
This is a post from HackRead.com Read the original post: GhostSec Claim Breaching Iranian Govt Surveillance Software Tool

*   **GhostSec claims to breach the FANAP Behnama software, which is apparently used by the Iranian government to surveil and monitor its citizens.**

*   **The breach has uncovered a treasure trove of data, including approximately 20GB of information on face recognition and motion detection systems.**

*   **The revelation of this data comes at a time when Iranian citizens are increasingly concerned about civil rights violations.**

*   **GhostSec plans to make the data public in order to raise awareness about the Iranian government’s surveillance practices.**

*   **The data also includes tools for car number plate recognition and a system linked to the Single Sign-On (SSO) platform.**
*   **At the time of writing, the official website of the company running the software was offline (fanap-infra.com).**

In a move that has caught global attention, the hacktivist group GhostSec announced a successful breach of the FANAP Behnama software, unmasking what it terms the “Iran regime’s very own privacy-invading software.” 

GhostSec, which was formed around a decade ago to combat online extremism, claims that this breach has uncovered a treasure trove of data – approximately 20GB – including face recognition and motion detection systems utilized by the Iranian government to surveil and monitor its citizens.

The revelation by GhostSec comes at a time when Iranian citizens have expressed widespread outrage over civil rights violations, sparked by the tragic death of Mahsa Amini in custody last year. This incident, followed by waves of protests that have led to more detentions and casualties, has ignited a fervent debate about individual rights and privacy within Iran.

GhostSec, in a statement posted on their Telegram channel, boldly declared, “FANAP software, Behnama, was entirely breached. A total of around 20GB compressed have been analyzed during the last two months.” In a demonstration of their commitment to the cause, the group intends to make this data public, citing a concern not just for the Iranian people’s rights, but also for the broader implications this breach has on privacy worldwide. 

The cybersecurity analyst firm Cyberint believes that GhostSec’s actions are aligned with their pursuit of human rights for privacy and equality. Cyberint stated, “This exposure seeks to empower the Iranian populace to demand privacy rights in the wake of increased awareness about government surveillance.” 

GhostSec’s move is not just about technology – it represents a fight for civil liberties, a balance of power, and a voice against the intrusive scrutiny that undermines fundamental human rights.

To this end, GhostSec has established a dedicated Telegram channel named “IRAN EXPOSED” where they are systematically sharing insights into the breached data. The group has gone a step further by uploading portions of the compromised Behnama code, including configuration files and API data, providing the public with a behind-the-scenes view of the surveillance software’s capabilities. 

The uploaded data allegedly includes tools for facial recognition-based video surveillance, car number plate recognition, and even a system linked to the Single Sign-On (SSO) platform, all of which are intricately intertwined with citizens’ lives to construct profiles for extensive surveillance.

**RELATED ARTICLES**

1.  Speakers and Mics hacked to turn Music Into Surveillance Tool
2.  India’s COVID-19 surveillance tool exposed millions of user data
3.  Deepfakes Are Being Used to Circumvent Facial Recognition Systems

GhostSec Claim Breaching Iranian Govt Surveillance Software Tool

By Deeba Ahmed
Researchers believe that this time instead of cyber espionage, Chinese threat actors may have opted for more complex information ops.
This is a post from HackRead.com Read the original post: Microsoft: Chinese APT Flax Typhoon uses legit tools for cyber espionage

**KEY FINDINGS**

*   **Microsoft has identified a Chinese government-backed APT group called Flax Typhoon.**

*   **The group has been targeting Taiwanese organizations since mid-2021.**

*   **Flax Typhoon does not rely heavily on malware to maintain persistence on the targeted networks.**

*   **Instead, the group uses tools built into the operating system and some benign software.**

*   **The group’s goal is to conduct cyber espionage and maintain access to organizations across a broad range of industries.**

Microsoft has not observed Flax Typhoon act on final objectives in this campaign, but the group’s activities could pose a threat to businesses outside Taiwan.

Microsoft Threat Intelligence Team has shared exclusive details of a newly detected Chinese government-backed Advanced Persistent Threat (APT) group Flax Typhoon’s activities. The group (aka Ethereal Panda) has been installing a network of long-term, persistent infections across Taiwanese organizations. 

It is worth noting that the group doesn’t rely too much on malware to retain persistence on the targeted networks but uses tools built into the operating system with some benign software for this purpose.

Moreover, researchers observed that the group uses the access to carry out many different activities apart from espionage, which means it is an information-gathering campaign active since mid-2021.

> “Flax Typhoon’s discovery and credential access activities do not appear to enable further data-collection and exfiltration objectives. While the actor’s observed behavior suggests Flax Typhoon intents to perform espionage and maintain their network footholds, Microsoft has not observed Flax Typhoon act on final objectives in this campaign.”
> 
> Microsoft

So far, dozens of organizations across a wide range of sectors/industries have been targeted in this campaign, indicating that this could be an extensive cyber espionage activity.

However, Microsoft believes its scope may not be limited to Taiwanese businesses in the near future. The group uses legit tools and utilities built into the Windows OS (e.g. LOLbins) for its stealthy operations, which it can reuse to target organizations outside Taiwan.  

Researchers revealed that companies may easily fall into the trap of Flax Typhoon because it uses commonplace techniques that may be overlooked by organizations. 

In its report, the tech giant noted that This APT group focuses on persistence, credential access, and lateral movement. Detecting and mitigating this threat is challenging because compromised accounts might be modified or closed, and infected systems will be isolated.

Companies/entities in the government, education, IT, and manufacturing sectors across Southeast Asia, Africa, and North America have been the targets of Flax Typhoon’s previous campaigns. 

The group prefers using the China Chopper web shell, Bad Potato and Juicy Potato privilege escalation tools, Metasploit, Mimikatz, SoftEther virtual private network (VPN) client and specializes in exploiting known vulnerabilities in publicly accessible servers and targets a range of services, including VPN, web, Java, and SQL applications.

After gaining initial access, the group uses command-line tools for establishing persistence and then deploys a VPN connection to the attacker’s C2 infrastructure. Lastly, it steals credentials and scans for further vulnerabilities using VPN access.

Flax Typhoon attack chain (Microsoft)

This isn’t the first time China has targeted Taiwan, which it considers a renegade province. The country has launched espionage and DDoS attacks against the country in the past. This time, China might want access to sensitive data as well as maintain access to organizations across the broadest range of industries.

Microsoft has notified targeted/impacted customers and is helping them secure their systems.

**RELATED ARTICLES**

1.  Microsoft warns of Nobelium hackers using FoggyWeb backdoor
2.  New Phishing Attack Spoofs Microsoft 365 Authentication System
3.  Reply URL Flaw Allowed Unauthorized MS Power Platform API Access

Microsoft: Chinese APT Flax Typhoon uses legit tools for cyber espionage

By Deeba Ahmed
So far, the potent Android trojan MMRat has remained undetected on VirusTotal.
This is a post from HackRead.com Read the original post: New MMRat Android Trojan Uses Fake App Stores for Bank Fraud

*   **MMRat is a new Android banking trojan targeting Southeast Asian users.**

*   **It is distributed through phishing websites disguised as official app stores.**

*   **It uses a customized Protobuf-based C2 protocol to improve its performance.**

*   **It captures screenshots, controls devices, collects extensive device, personal data.**

*   **Users can protect themselves from MMRat by downloading apps from trusted sources and avoiding suspicious websites.**

Cybersecurity researchers at Trend Micro Mobile Application Reputation Service (MARS) have discovered a stealthy new Android trojan targeting Southeast Asian mobile phone users since late June 2023.

This Android banking trojan, dubbed MMRat due to its distinctive package called com.mm.user, features a long list of capabilities as it can capture screenshots, remotely control victims’ devices, monitor user input, and perform many other tasks apart from bank fraud while staying undetected.

MARS researchers wrote in a blog post published on August 29, 2023, that the malware remained undetected on VirusTotal.

**How is MMRat Distributed?**

Most MMRat samples were downloaded from phishing websites disguised as official app stores in different languages to expand their reach. It is worth noting that researchers couldn’t determine how victims were lured into visiting these fake app stores.

This “potent” malware has been declared a “considerable threat” to mobile phone users. It uses a specially designed, fully customized Protobuf-based C2 protocol, a rare feature in Android banking trojans. This feature improves the malware’s performance while transferring large data volumes.

**Attack Sequence**

MMRat’s primary focus is on conducting bank fraud. The attack relies on the victim downloading and installing the malware on their device and granting it the required permissions. Once done, the malware quickly establishes communication with its remote server, sending copious amounts of data, including personal and mobile data, keylogging data, device status, etc.

Moreover, the malware operator can remotely turn on the device when not in use, unlock the screen, and carry out bank fraud. They may also capture screens for server-size visualization. After performing its malicious tasks, MMRat can self-uninstall and remove every trace of the manipulation.

Attack Sequence (Trend Micro)

**MMRat Capabilities**

As mentioned above, MMRat is a highly capable malware that can capture user input/screen content and allow remote control of the device. Relying on the Android Accessibility service and MediaProjection API for its functioning, the malware can easily detect when the device is on or off and reboot it by registering a receiver on the system.

Furthermore, the trojan avoids suspicion by disguising itself as an official government or dating app and enters the victim’s device through a phishing website. It also launches a 1×1-sized pixel activity to stay persistent.

**What Data Does it Collect?**

According to Trend Micro’s blog post, MMRat can collect extensive device and personal data such as screen and battery data such as whether the screen is locked and current activities, installed apps, contact lists, and network data, e.g., signal strength and network type.

The Android trojan also schedules a time task to collect data at regular intervals. This timer executes every second, and the counter resets every 60 seconds. It looks for victims’ contact lists and installed app info to get maximum personal details. 

After obtaining Accessibility permission, it can obtain extended permission and modify device settings by bypassing user intervention. It is also interested in lock screen patterns, which it collects when the victim unlocks the device and sends it to the C2 server so that the malware operator can unlock the device when desired.

What’s worse, it captures real-time screen content and streams it to a remote server via the MediaProjection API. MMRat also uses the “user terminal state” approach for capturing screen data, in which it doesn’t record the screen as a video but dumps the child nodes in Windows every second.

**How to Stay Protected?**

Users must download apps from trusted platforms like Google Play Store or Apple App Store and avoid suspicious websites posing as app stores. It is equally important to keep updating device software to mitigate security threats like MMRat. Lastly, be very careful when granting Accessibility permissions to an app.

**RELATED ARTICLES**

1.  WhatsApp Pink is malware spreading through group chats
2.  Android apps on APKPure store caught spreading malware
3.  Fake reviews & third-party apps cause 50% of Android threats

New MMRat Android Trojan Uses Fake App Stores for Bank Fraud

By Waqas
A concerning trend is emerging on the global stage: a rise in cyberattacks targeting government agencies.
This is a post from HackRead.com Read the original post: Cyberattacks Targeting Government Agencies on the Rise

The United States was the most targeted country, with 16% of the attacks specifically aimed at the government.

According to a recent report by Atlas VPN, there were 49 significant cyber incidents involving government agencies in the first half of 2023, a rise of 11% from the same time last year. The attacks affected government bodies in at least 27 countries across the world.

The United States was the most targeted country, with 16% of the attacks specifically aimed at the government. Other countries that were heavily targeted include Ukraine, Russia, and France.

The report, which is based on the findings of the Center for Strategic and International Studies (CSIS), also found that Russian hackers were responsible for the majority of the attacks, followed by Chinese and Iranian cybercriminals.

There are a number of reasons why government agencies are being targeted by cyberattacks. One reason is that they often store a significant amount of sensitive data, such as personal information about individual citizens. This data can be sold on the dark web or held hostage until a ransom is paid.

Another reason is that government agencies are often involved in sensitive activities, such as national security or intelligence gathering. This makes them attractive targets for state-sponsored cyberespionage campaigns.

The report also found that hacktivists were responsible for a small number of attacks targeting government agencies. These attacks are often motivated by political or ideological goals.

The rise in cyberattacks targeting government agencies is a serious concern. These attacks can have a significant impact on the functioning of government, as well as the privacy and security of citizens. It is crucial for government agencies to take steps to improve their cybersecurity posture in order to protect themselves from these attacks.

Here are some tips for government agencies to improve their cybersecurity posture:

*   Implement robust security measures, such as firewalls, intrusion detection systems, and encryption.

*   Train employees on cybersecurity best practices.

*   Conduct regular security assessments to identify and fix vulnerabilities.

*   Back up data regularly to prevent data loss in the event of an attack.

*   Work with a cybersecurity firm to develop and implement a comprehensive cybersecurity plan.

By taking these steps, government agencies can help to protect themselves from cyberattacks and keep sensitive data safe.

**RELATED ARTICLES**

1.  Major Magecart skimming attack hits 8 local US government sites
2.  Hackers stole 738 GB of data from Australian government agency
3.  9,517 unsecured databases identified with 10 billion records globally

Source

HackRead