By Owais Sultan
JasmyCoin operates on blockchain technology as a decentralized digital currency, ensuring secure and transparent transactions. 
This is a post from HackRead.com Read the original post: Investing in Ethereum Blockchain-based JasmyCoin: Guide

This article will explore the Ethereum Blockchain-based JasmyCoin market, its advantages, how to get started with JasmyCoin investment, the related risks, and how it relates to other cryptocurrencies. Whether you are a seasoned investor or new to cryptocurrencies, this guide will provide valuable insights to make informed investment decisions.

**The Benefits of Investing in JasmyCoin**

Investing in JasmyCoin offers several benefits:

1.  It provides an opportunity for diversification in your investment portfolio.
2.  Given its increasing value and market demand, JasmyCoin has the potential for high returns.
3.  Investing in JasmyCoin allows for easy and quick transactions, eliminating the need for intermediaries and reducing transaction costs. Get to know the latest JasmyCoin Price and get started. 

**Understanding the JasmyCoin Market: Trends and Insights**

The JasmyCoin market has experienced significant growth and popularity in recent years. JasmyCoin operates on blockchain technology as a decentralized digital currency, ensuring secure and transparent transactions. The market trends and insights indicate a promising future for JasmyCoin, with increasing adoption and acceptance by businesses and individuals worldwide.

**How to Get Started with JasmyCoin Investment**

To get started with JasmyCoin investment, you need to follow a few simple steps. Firstly, choose a reliable cryptocurrency exchange platform that supports JasmyCoin. Create an account and complete the necessary verification process. Once your account is set up, deposit funds into your account and start trading JasmyCoin. It is essential to conduct thorough research, stay updated with market trends and consider consulting with financial advisors before making investment decisions.

**Analyzing the Risks Associated with JasmyCoin Investment**

While JasmyCoin investment offers potential rewards, it is crucial to analyze the associated risks. The cryptocurrency market is highly volatile, and the value of JasmyCoin can fluctuate significantly. Also, there is a risk of security breaches and hacking attempts, which can result in financial losses. Investing only what you can afford to lose and implementing proper security measures to protect your investments is advisable.

**JasmyCoin vs. Other Cryptocurrencies: A Comparative Analysis**

When comparing JasmyCoin to other cryptocurrencies, it is essential to consider factors such as market capitalization, technology, adoption rate and use cases. While Bitcoin remains the most popular and widely accepted cryptocurrency, JasmyCoin offers unique features and advantages. Its focus on privacy, security and scalability sets it apart from other cryptocurrencies, making it an attractive investment option.

In conclusion, investing in JasmyCoin can be a lucrative opportunity for investors. However, it is crucial to understand the market trends, benefits, risks and how it compares to other cryptocurrencies. By following the steps outlined in this guide and staying informed, you can make informed investment decisions and potentially reap the rewards. 

**RELATED ARTICLES**

1.  How To Use ChatGPT To Trade Cryptocurrency
2.  What Makes Bitcoin NFTs Different from Other NFTs?
3.  Tracing the Path: Unraveling the Full History of Toncoin
4.  The Rise of Blockchain Gaming and Secure Marketplaces
5.  Shiba Inu: The Meme Coin Fueling an Open-Source Ecosystem

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Investing in Ethereum Blockchain-based JasmyCoin: Guide

By Owais Sultan
Powered by Oracle Cloud, Stellar Cyber Open XDR offers best-in-class cyberattack detection and response capabilities to Oracle Cloud Infrastructure users.
This is a post from HackRead.com Read the original post: Stellar Cyber and Oracle Cloud Partner for Enhanced Cybersecurity

*   Stellar Cyber partners with Oracle Cloud to enhance cybersecurity capabilities.

*   Stellar Cyber’s Open XDR platform now available on Oracle Cloud Infrastructure (OCI).

*   Joint customers can reduce cyber risk and improve security operations efficiency.

*   Stellar Cyber’s AI-driven platform streamlines threat monitoring and response across diverse environments.

*   OCI customers can access Stellar Cyber solutions through the Oracle Cloud Marketplace.

SAN JOSE – August 14, 2023 – Stellar Cyber, the innovator of Open XDR technology, announced that the Stellar Cyber Open XDR platform is available on Oracle Cloud Infrastructure (OCI) to help users manage their security operations. Joint customers of Oracle and Stellar Cyber can expect to reduce cyber risk and improve security analyst efficiency and effectiveness. 

“We find that OCI is a user-friendly platform, which correlates directly to our commitment to making security operations simpler,” said Andrew Homer, VP of Strategic Alliances for Stellar Cyber. “We are excited to work with OCI to deliver the security solutions our shared customers require and trust.”

With integrations and support for all enterprise data sources, field-vetted AI/ML-driven correlation, and purpose-built intelligent automation, the Stellar Cyber Open XDR platform eliminates manually-intensive security tasks while enabling security teams to quickly monitor, identify, and respond to threats in their cloud, on-premises, OT and hybrid environments. By running on OCI, the Stellar Cyber platform offers its best-in-class security outcomes to OCI users. 

“Stellar Cyber is committed to providing the critical capabilities security teams need to deliver consistent security outcomes—all for a single license and price on a single platform,” said Jim O’Hara, Chief Revenue Officer at Stellar Cyber. “This simple yet comprehensive model makes it easy for customers to measure how our Open XDR platform dramatically impacts their security ROI.” 

“We designed OCI with a security-first mindset, which is one of the many reasons why enterprises continue to trust Oracle with their data,” said David Hicks, Group Vice President, of Worldwide ISV Cloud Business Development, Oracle. “Stellar Cyber on OCI provides our joint customers with an industry-leading Open XDR solution to manage their cloud security posture and help protect their data.”

Stellar Cyber is a member of Oracle PartnerNetwork (OPN). OCI customers now can purchase Stellar Cyber via the Oracle Cloud Marketplace, applying Oracle Universal Credits (OUCs) toward the purchase price. 

**About Stellar Cyber**

The Stellar Cyber Open XDR platform delivers comprehensive, unified security without complexity, empowering lean security teams of any skill to secure their environments successfully.

With Stellar Cyber, organizations reduce risk with early and precise identiﬁcation and remediation of threats while slashing costs, retaining investments in existing tools, and improving analyst productivity, delivering an 8X improvement in MTTD and a 20X improvement in MTTR. The company is based in Silicon Valley. For more information, contact Stellarcyber.ai.

**About Oracle PartnerNetwork**

Oracle PartnerNetwork (OPN) is Oracle’s partner program designed to enable partners to accelerate the transition to the cloud and drive superior customer business outcomes.

The OPN program allows partners to engage with Oracle through track(s) aligned to how they go to market: Cloud Build for partners that provide products or services built on or integrated with Oracle Cloud; Cloud Sell for partners that resell Oracle Cloud technology; Cloud Service for partners that implement, deploy and manage Oracle Cloud Services; and License & Hardware for partners that build, service or sell Oracle software licenses or hardware products.

Customers can expedite their business objectives with OPN partners who have achieved Expertise in a product family or cloud service.  To learn more visit Oracle.

Charlie Rubin  
Story PR  
charlie@storypr.com  
510-908-3356

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Stellar Cyber and Oracle Cloud Partner for Enhanced Cybersecurity

By Waqas
Trellix's researchers uncovered a series of vulnerabilities in two prominent data center equipment vendors: CyberPower and Dataprobe.
This is a post from HackRead.com Read the original post: Data center flaws spurred disruptions, espionage and malware attacks

*   **Critical vulnerabilities unveiled in popular data center management platforms, posing serious security risks.**

*   **CyberPower’s PowerPanel Enterprise and Dataprobe’s iBoot PDU were found to have multiple vulnerabilities.**

*   **Potential exploitation could lead to power disruption, malware deployment, and digital espionage.**

*   **Urgent fixes released by vendors, urging affected customers to patch their systems immediately.**

*   **Emphasis on network isolation, remote access management, password updates, and regular software updates to mitigate risks.**

Trellix’s Advanced Research Center has unveiled a series of critical vulnerabilities in **data center** management platforms, shedding light on potential security risks that could cripple the foundation of our interconnected world.

**The Vulnerabilities Unveiled**

In an ongoing research effort to bolster cybersecurity and resilience in the digital realm, Trellix’s Advanced Research Center turned its attention to critical vulnerabilities within data center management platforms.

This initiative aligns seamlessly with the recently announced **2023 National Cybersecurity Strategy**, underscoring the importance of securing national critical infrastructures and enhancing overall digital ecosystem security.

The team’s initial focus was on power management and supply technologies, key components of data center infrastructure. Through detailed investigation, Trellix’s researchers uncovered a series of vulnerabilities in two prominent data center equipment vendors: CyberPower and Dataprobe.

**CyberPower’s PowerPanel Enterprise Vulnerabilities**

Trellix’s research identified four vulnerabilities in CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform:

1.  **CVE-2023-3264:** Use of Hard-coded Credentials
2.  **CVE-2023-3267:** OS Command Injection (Authenticated RCE)
3.  **CVE-2023-3266:** Improperly Implemented Security Check for Standard (Auth Bypass)
4.  **CVE-2023-3265:** Improper Neutralization of Escape, Meta, or Control Sequences (Auth Bypass)

These vulnerabilities, if exploited in tandem, could grant attackers full access to these systems. Such access could lead to substantial damage and potentially pave the way for broader network compromise.

**Dataprobe’s iBoot PDU Vulnerabilities**

Dataprobe’s iBoot Power Distribution Unit (PDU) also exhibited five critical vulnerabilities:

1.  **CVE-2023-3261:** Buffer Overflow (DOS)
2.  **CVE-2023-3262:** Use of Hard-coded Credentials
3.  **CVE-2023-3260:** OS Command Injection (Authenticated RCE)
4.  **CVE-2023-3259:** Deserialization of Untrusted Data (Auth Bypass)
5.  **CVE-2023-3263:** Authentication Bypass by Alternate Name (Auth Bypass)

The potential impact of these vulnerabilities is profound, encompassing scenarios such as power disruption, widespread malware deployment, and **digital espionage**.

**The Implications of Vulnerabilities**

The implications of these vulnerabilities are far-reaching. With data centers forming the backbone of critical services, the risks extend to both consumers and enterprises. The exploitation of such vulnerabilities could lead to the following outcomes:

*   **Power Off:** Attackers could disrupt operations across multiple data centers by cutting power to connected devices, causing extensive outages and financial losses.
*   **Malware at Scale:** Compromised data center equipment could serve as a launchpad for massive ransomware, DDoS, or wiper attacks, potentially surpassing infamous incidents like StuxNet and WannaCry.
*   **Digital Espionage:** Nation-state actors and advanced persistent threats (APTs) could exploit these vulnerabilities for cyberespionage, potentially exposing sensitive information to foreign governments.

It is worth noting that Trellix researchers presented their **findings** on August 12th at the Black Hat security conference in Las Vegas, United States.

Fortunately, these vulnerabilities were discovered before they could be exploited by threat actors, minimizing the risk of malicious exploitation. Nonetheless, data centers remain attractive targets for cybercriminals due to their extensive attack surface and potential for widespread impact.

**Strategies for Mitigation and Future Preparedness**

To address these vulnerabilities, both CyberPower and Dataprobe have promptly released fixes for their affected products. Trellix strongly advises affected customers to implement these patches immediately and adopt additional precautions:

1.  **Network Isolation:** Ensure that data center management platforms are reachable only within secure intranets, shielding them from wider internet exposure.
2.  **Remote Access Management:** Disable remote access to devices and platforms when not needed, reducing potential attack vectors.
3.  **Password Management:** Update passwords for user accounts associated with vulnerable systems and revoke any compromised credentials.
4.  **Regular Updates:** Stay vigilant by applying the latest software and firmware updates promptly to reduce exposure to future vulnerabilities.

**Conclusion**

Trellix’s Advanced Research Center’s findings underscore the critical role played by data centers in modern operations and the urgent need to fortify their defences. By collaborating with vendors, promptly addressing vulnerabilities, and embracing best practices, the digital ecosystem can continue to evolve securely, resiliently, and without compromise.

**RELATED ARTICLES**

1.  China attack National Data Center with watering hole attack
2.  Login Details of Tech Giants Leaked in Two Data Center Hacks
3.  Top sites affected after OVH data center catches disastrous fire
4.  NATO bunker’s dark web data center seized for hosting child porn
5.  BlackCat (ALPHV) Claims Ransomware Attack on NCR Data Center

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Data center flaws spurred disruptions, espionage and malware attacks

By Deeba Ahmed
Cybersecurity researchers at Securelist have discovered a cyberattack against a power-generating firm in South Africa. Reportedly, the firm…
This is a post from HackRead.com Read the original post: South African Power Supplier Hit by DroxiDat Malware

*   **Cybersecurity researchers uncover cyberattack targeting South African power-generating firm.**

*   **Attackers deploy new variant of SystemBC malware, named DroxiDot, with CobaltStrike beacons.**

*   **Speculation that attack could be an initial stage of a ransomware attack, occurring in March 2023.**

*   **DroxiDot variant is a compact 8kb payload, serves as a system profiler, and sets up SOCKS5 proxies on target computers.**

*   **Attacker’s C2 infrastructure linked to energy-oriented domain potentially tied to Russian ransomware group FIN12.**

Cybersecurity researchers at Securelist have discovered a cyberattack against a power-generating firm in South Africa. Reportedly, the firm was targeted with a new variant of the SystemBC malware and a yet unidentified hacking group carried out the attack.

It is worth noting that a variant of SystemBC was also identified in the 2021 cyber attack against Colonial Pipeline, a major American oil pipeline system. In the recent attack, however, attackers deployed the proxy-capable backdoor with CobaltStrike beacons.

According to Securelist, the new SystemBC malware variant is dubbed DroxiDat. Attackers used these tools to compromise systems and remotely access the electricity generator. However, researchers speculated that it could be the “initiate stage of a ransomware attack” that took place in the third or fourth week of March 2023.

For your information, SystemBC payload is a “changing, malicious” malware-as-a-service backdoor available on darknet forums since 2018. It is a C/C++-based commodity malware first observed in 2019.

“This platform is made up of three separate parts: on the server side, a C2 web server with admin panel and a C2 proxy listener; on the target side is a backdoor payload,” Securelist’s report revealed.

Compared to previously detected SystemBC variants that were around 15-30kb+, DroxiDot is a compact, 8kb variant that serves as a system profiler, and its main job is to set up SOCKS5 proxies on target computers so that attackers can tunnel malicious traffic.

The malware can also retrieve usernames, IP addresses, and machine names from an active device, encrypts the data, and transfers it to the attacker’s C2 server. This variant doesn’t feature many of SystemBC’s functionalities and acts as a system profiler to exfiltrate information to a remote server.

However, it doesn’t feature download or executing capabilities and can only connect with “remote listeners, pass data back and forth, and modify the system registry.”

This variant, however, allows attackers to simultaneously target multiple devices through automating tasks. If the credentials are legit, they can even deploy ransomware using built-in Windows tools without manually controlling the process.

 The attacker’s C2 infrastructure involved an energy-oriented domain “powersupportplancom,” which resolved to a suspicious IP host. Researchers believe this host was previously used in an APT activity to improve the attack’s potential.

Furthermore, researchers discovered that DroxiDot was used in another healthcare-related incident during the same time when it delivered Nokoyawa ransomware.

Regarding the attackers, researchers claim that evidence suggests the involvement of a Russian ransomware group, probably FIN12 (also known as Pistachio Tempest). This group is known for deploying SystemBC with Cobalt Strike Beacons to launch ransomware attacks against healthcare facilities in 2022.

**RELATED ARTICLES**

1.  Fake Tor Browser Installers Distributing Clipper Malware
2.  Big Head Ransomware Found in Fake Windows Updates
3.  SmugX: Chinese Hackers Targeting Embassies in Europe
4.  Hackers targeting embassies with trojanized TeamViewer
5.  Cyber-Partisans hit Belarus railroad system with ransomware
6.  New malware hides behind free VPN, pirated security software

South African Power Supplier Hit by DroxiDat Malware

By Waqas
The victim of the data breach is the Roberto Polizzi Plastic Surgery Clinic based in Belo Horizonte, Brazil.
This is a post from HackRead.com Read the original post: Hackers Leak PII Data and Photos of Brazilian Plastic Surgery Patients

*   **Thesnake02 hacker group exposes sensitive data from Brazilian Plastic Surgery Clinic.**

*   **Breach occurred in July 2023, leaking 1.25 GB of private patient data, including surgery-related images and financial documents.**

*   **Trend of healthcare cyberattacks continues; Roberto Polizzi Plastic Surgery Clinic joins the list of victims.**

*   **Detailed analysis reveals trove of confidential patient info, nude images, and PII, but no passwords or credit/debit card data.**

*   **While primarily in Portuguese, leaked nude images pose significant risks; potential for exploitation by cybercriminals.**

*   **Previous cybercrime groups like REvil, The Dark Overlord, and Tsar Team targeted plastic surgery clinics, extorting ransom payments and leaking data.**

*   **Breach underscores urgent need for improved healthcare cybersecurity to protect patient confidentiality and data.**

A group of hackers operating under the alias Thesnake02 have leaked a trove of sensitive data belonging to the Roberto Polizzi Plastic Surgery Clinic based in Belo Horizonte, Brazil.

The breach, which occurred on July 26th, 2023, has resulted in the leak of approximately 1.25 GB of highly sensitive and private data, including surgery-related images, financial documents, and personal information of patients.

The clinic, managed by Dr. Roberto Polizzi, has become the latest victim of a growing trend of cyberattacks targeting healthcare and medical institutions. The leaked data, initially made public on the latest version of Breach Forums, has been closely examined by Hackread.com.

Post of the Breach Forums (Screenshot: Hackread.com)

Detailed analysis of the compromised data reveals a vast trove of confidential patient information, including nude images related to surgical procedures, WhatsApp messages, audio notes, receipts, CVs, invoices, internal clinic documents, and contact details.

The breach also exposed a wealth of personally identifiable information (PII), such as driver’s licenses, CPF IDs (Brazil’s equivalent of social security numbers), Covid certificates, and more. Importantly, no credit card or debit card information was among the leaked data.

The leaked data has been blurred over privacy concerns. (Screenshot: Hackread.com)

While the leaked records are primarily in Portuguese, we warn that the exposure of surgery-related nude images carries substantial potential risks. Cybercriminals could exploit this sensitive content in various harmful ways, including extortion and blackmail.

In the past, several notorious cybercrime syndicates, including REvil hackers (also known as the Sodinokibi group), The Dark Overlord, and Tsar Team, were involved in cyberattacks targeting plastic surgery clinics. These groups would extort ransom payments from their victims and, when these demands went unmet, proceeded to expose sensitive data online.

In December 2020, The Hospital Group, situated in Manchester, England, fell victim to REvil’s cyber attack. The plastic surgery clinic London Bridge Plastic Surgery (LBPS) was targeted by The Dark Overlord in October 2017, while Tsar Team successfully hacked and subsequently leaked data from Grozio Chirurgija, a cosmetic surgery clinic located in Kaunas, Lithuania back in May 2017.

As for the Roberto Polizzi Plastic Surgery Clinic, given the language barrier, the immediate impact of this breach might be somewhat limited. However, the incident underscores the critical need for enhanced cybersecurity measures within the healthcare sector, where patient confidentiality and data protection are of paramount importance.

**RELATED ARTICLES**

1.  Hacked Finnish psychotherapy clinic files for bankruptcy
2.  Dental clinic alerted to ransomware attack via hacker phone call
3.  Plastic surgery tech firm leaks images of 100,000s of customers
4.  Breast Cancer Charity Exposed Sensitive Images of U.S. Patients
5.  Medical software firm leaked personal data of 3.1 million patients

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Hackers Leak PII Data and Photos of Brazilian Plastic Surgery Patients

By Deeba Ahmed
MoustachedBouncer is a Belarusian government-backed hacking group that has been active since 2014.
This is a post from HackRead.com Read the original post: MoustachedBouncer Hackers Caught Spying on Embassies

*   **Belarusian MoustachedBouncer hacking group exposed for state-sponsored espionage on foreign embassies.**

*   **ESET Research reveals a years-long campaign targeting diplomats in South Asia, Africa, and Europe.**

*   **Hackers employ diverse techniques, including C++ backdoors and ISP-level attacks.**

*   **MoustachedBouncer tampered with victims’ internet access, tricking Windows with fake captive portals.**

*   **Researchers recommend encrypted VPNs for enhanced security against this sophisticated spying.**

According to ESET Research’s cybersecurity researchers, the Belarusian government had been spying upon foreign diplomats in the country for years through the MoustachedBouncer hacking group.

The research has confirmed that at least one embassy from South Asia, one from Africa, and two from Europe have been the targets of a state-sponsored espionage campaign, active since 2014.

The hackers utilized a wide range of attack techniques, including C++ modular backdoors, adversary-in-the-middle attacks, and email-based C&C protocols and performed attacks at the ISP level from within the country for spying.

“To compromise their targets, MoustachedBouncer operators tamper with their victims’ internet access, probably at the ISP level, to make Windows believe it’s behind a captive portal,” ESET’s report read.

For your information, adversary-in-the-middle attacks rely on ‘lawful interception’ espionage infrastructure e.g. SORM. In Russia and many other countries, it is deployed by security services on ISP premises.

****Campaign Active Since 2014****

The espionage activity started in 2014, which is surprising considering that this is the first time it has been disclosed. Since 2014, the group has used numerous malware families to achieve network intervention.

Initially, MoustachedBouncer used email protocols (SMTP and MAP) based malware frameworks and later switched to droppers that could steal files, take screenshots, and record conversations.

****Hackers Backed by the State** **

Researchers suspect that MoustachedBouncer had full backing from the Belarusian government and probably ties with other hacking groups. This view is strengthened by the fact that MoustachedBouncer has a close affiliation with another highly active hacking group, Winter Vivern.

The Winter Vivern group was discovered in 2021 and is known for targeting European diplomats. Their attack techniques resonate with two different threat actors called StrongPity and Turla. Both trojanized software installers at the ISP level.

****Attack Tactic Analysis****

Per ESET’s report, authored by malware researcher Matthieu Faou, the hackers fiddled with their target’s traffic to display genuine-looking but fake Windows Update URLs. This page promised them critical system security updates they needed to install urgently.

Fake Windows update website and fake Windows update on the Microsoft Edge browser are both part of the MoustachedBouncer attack. (Screenshot: ESET)

Per ESET telemetry this page delivered a fake update file containing the malicious executable, and two local ISP networks contributed to this campaign, including Beltelecom and Unitary Enterprise A1.

“We strongly recommend that foreign organizations in Belarus use an end-to-end encrypted VPN tunnel, ideally out-of-band (i.e., not from the endpoint), providing internet connectivity from a trusted network,” Faou wrote.

There is evidence that since June 2017, diplomats from four countries were targeted by MoustachedBouncer, two from Europe, one from Northeast Africa and one from South Asia. One of the two European diplomats was targeted twice between Nov 2020 and July 2022.

Timeline of MoustachedBouncer’s malicious activities (Screenshot: ESET)

****About MoustachedBouncer****

This previously undocumented cyberespionage group only targets foreign embassies in Belarus and has most likely been performing ISP-level adversary-in-the-middle attacks since 2020. This hacking group prefers using NightClub and Disco toolsets and used them in this campaign as well. 

Researchers have documented MoustachedBouncer as an independent group, but believe it works in collaboration with Winter Vivern. It was discovered in 2021. Proofpoint reported that the group used the Zimbra mail portal’s XSS vulnerability to steal the webmail credentials of diplomats from European countries.

**RELATED ARTICLES**

1.  Fake Tor Browser Installers Distributing Clipper Malware
2.  Big Head Ransomware Found in Fake Windows Updates
3.  SmugX: Chinese Hackers Targeting Embassies in Europe
4.  Hackers targeting embassies with trojanized TeamViewer
5.  Cyber-Partisans hit Belarus railroad system with ransomware

MoustachedBouncer Hackers Caught Spying on Embassies

By Habiba Rashid
The new attack has been dubbed Phishing 3.0.
This is a post from HackRead.com Read the original post: Phishing 3.0: Crooks Leverage AWS in Deceptive Email Campaigns

*   Cybercriminals are adopting advanced phishing tactics, using legitimate services like Amazon Web Services (AWS) to launch convincing attacks that bypass traditional security measures.

*   The Check Point report highlights the emergence of Business Email Compromise 3.0 (BEC 3.0), where attackers host phishing sites on AWS S3 Buckets to send seemingly genuine emails with phishing links.

*   Hackers manipulate users with social engineering and credential harvesting, often posing as password reset requests, leading victims to click on AWS S3 Bucket URLs that redirect to fake login pages.

*   Phishing attempts rely on exploiting human behaviour and urgency associated with password resets, making it crucial for users to scrutinize email URLs and remain cautious.

*   To counter this threat, cybersecurity experts recommend implementing multi-indicator phishing detection systems, and comprehensive security measures including document scanning, and URL protection mechanisms.

Cybercriminals are now leveraging legitimate services to launch highly convincing phishing attacks that evade traditional security measures. A recent report from cybersecurity firm Check Point’s subsidiary Avanan has revealed that hackers are now utilizing Amazon Web Services (AWS) as a platform for sending out phishing links, adding a new layer of sophistication to their deceptive campaigns.

Phishing attacks have long been a menace in the digital landscape, but the latest trend involves hackers exploiting reputable services to slip through the cracks of cybersecurity defences. This tactic has been previously witnessed with services such as Google, QuickBooks, and PayPal, where attackers create accounts and send out seemingly genuine emails directly from these platforms, making them difficult to identify and block.

The Check Point Harmony Email researchers shed light on how hackers are now using AWS to facilitate their phishing endeavours. In this novel attack variant, cybercriminals are hosting phishing sites on AWS S3 Buckets, which are legitimate storage containers within AWS. This approach allows the attackers to send emails containing phishing links that appear convincingly genuine, as they originate from AWS S3 Buckets.

The attack method, known as Business Email Compromise 3.0 (BEC 3.0), relies heavily on social engineering and credential harvesting techniques to manipulate users into divulging their sensitive information.

The phishing email typically mimics a password reset request, a familiar scenario that prompts users to take action. While some users might be cautious and recognize the email as suspicious due to sender address discrepancies, the attackers cunningly employ AWS S3 Bucket URLs to redirect victims to seemingly legitimate login pages.

Upon clicking the link, victims are led to a webpage that bears the hallmarks of a Microsoft login page, complete with pre-populated email addresses and password fields. While this technique requires a slightly more advanced skill set from the attackers, it remains accessible enough for the average cybercriminal to execute.

The phishing email and phishing login page aim at the login credentials of Microsoft users. (Screenshot: Avanan)

The ultimate goal is to obtain victims’ login credentials, granting the attackers unauthorized access to sensitive accounts and potentially confidential information. According to a blog post published by Jeremy Fuchs of Avanan, users can protect themselves against these increasingly sophisticated attacks by paying close attention to the URLs presented in the emails.

However, the attackers’ well-crafted scenarios and the common urgency associated with password resets can often lead users to disregard this caution. This reliance on human behaviour is precisely what the hackers are banking on, as it offers them a higher chance of success.

In response to this emerging threat, Check Point researchers promptly alerted Amazon about the campaign on July 25th. To mitigate the risks associated with such attacks, cybersecurity professionals are advised to adopt multi-indicator phishing detection systems, implement comprehensive security measures that extend to document scanning and incorporate URL protection mechanisms.

**RELATED ARTICLES**

1.  Google Drive accounted for 50% of malicious Office Docs downloads
2.  LinkedIn Phishing Scam Steals Gmail Credentials Through Google Docs
3.  Google Docs Phishing Scam Cost Minnesota State Thousands of Dollars
4.  Royal Ransomware: New Threat Uses Google Ads and Cracked Software
5.  Research sector targeted in new spear phishing attack using Google Drive

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Phishing 3.0: Crooks Leverage AWS in Deceptive Email Campaigns

By Waqas
The new study has identified a cybersecurity training gap and an alarming lack of preparedness in countering emerging threats.
This is a post from HackRead.com Read the original post: Email Hacking Reigns as Top Cybersecurity Threat, Indusface Study

*   **Sector Vulnerabilities:** Indusface’s research reveals that the Education sector is the most susceptible to cyber attacks, with a staggering 78% of businesses in this domain having experienced such threats.

*   **Email Hacking Dominates:** Email hacking emerged as the most common form of cyber attack, affecting 64% of respondents across various industries, necessitating enhanced training and defences against phishing and related tactics.

*   **Financial Services Resilience:** In contrast, the Financial Services sector demonstrated stronger cyber resilience, with only 26% reporting cyber attacks, potentially due to robust cybersecurity investment and training.

*   **Training Deficits:** The study highlights a concerning lack of employee training in cyber security across various sectors, with 83% of Education sector businesses neglecting this crucial aspect.

*   **Expert Insights:** Venky Sundar, Indusface’s Founder and President, underscores the diverse methods cyber attackers employ and emphasizes the importance of proactive employee training, security assessments, and Web Application and API Protection (WAAP) solutions.

A study conducted by Indusface in July 2023 and recently shared with Hackread.com delved deep into the state of cybersecurity, unearthing insights into the sectors most targeted by cyber attacks and shedding light on the prevailing types of cyber assaults faced by enterprises. Here’s what the company found:

**The Perilous Terrain: A Sector-Wise Analysis**

Indusface embarked on an extensive investigation, surveying 2,200 respondents across 16 diverse industries, to unveil the contours of cyber attacks on businesses. The results showcased an alarming reality – nearly half (49%) of UK businesses had fallen victim to a cyber attack. Such statistics underscored the pressing need for robust cybersecurity strategies in the corporate world.

**Education: The Bullseye of Cyber Attacks**

Within this backdrop, the Education sector emerged as the most besieged by cyber threats, with a staggering 78% of businesses revealing that they had experienced an attack. This revelation demands attention, particularly when coupled with the fact that a significant 83% of organizations within the Education sector were found to lack proactive employee training in cybersecurity – a vulnerability that cybercriminals can exploit.

**Arts, Entertainment, and Recreation: Second in Line**

Coming in second place, the Arts, Entertainment, and Recreation sector encountered cyber attacks at a rate of 68%. Disturbingly, over 30% of businesses in this sector were not actively training their personnel in cybersecurity protocols. This lack of preparation exposes these businesses to a range of attacks, including the ever-pervasive threat of email hacking.

**The Email Hacking Conundrum**

Indeed, email hacking stood tall as the most prevalent form of cyber attack, affecting a significant 64% of respondents from various business domains. This emphasizes the necessity for bolstered training in email security, encompassing a comprehensive approach to thwart phishing attempts, account takeovers, and credential stuffing.

**Navigating the Dangers: Financial Services Bypassed**

Contrasting the widespread cyber attacks on various sectors, the Financial Services industry exhibited resilience, reporting a lower incidence rate of 26%. This positive outcome was possibly influenced by the sector’s commitment to cybersecurity investment and training. It is evident that proactive measures play a pivotal role in safeguarding businesses from cyber threats.

**Expert Insights: Securing the Future**

Venky Sundar, Founder and President of Indusface, elucidated the significance of cybersecurity investment across all sectors. He highlighted that while email hacking remains a prevalent threat, the methods used are diverse, ranging from phishing to sophisticated attacks like SQL injection vulnerabilities.

Sundar emphasized the importance of training employees against phishing attacks, coupled with the implementation of robust security assessments and Web Application and API Protection (WAAP) solutions.

**A Call to Action**

As cyber threats continue to evolve in sophistication and impact, businesses must heed the findings of this research. Implementing comprehensive cybersecurity strategies, investing in training programs, and staying updated with the latest security solutions are imperatives that transcend industry boundaries.

In conclusion, the Indusface study serves as a clarion call to businesses to fortify their cyber defences. The relentless march of technology necessitates a united front against cybercriminals. With the insights gained from this research, businesses can navigate the complex landscape of cyber threats with resilience and vigilance.

**RELATED ARTICLES**

1.  AI Flagged as “Chronic Risk” in UK Gov Risk Register 2023
2.  SSH Remains Most Targeted Service in Cado’s Threat Report
3.  Russian Dark Net Markets Dominate the Global Illicit Drug Trade
4.  Submarine Cables Face Escalating Cybersecurity Threats, Report
5.  US, India, China Most Targeted in DDoS Attacks, StormWall Report

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Email Hacking Reigns as Top Cybersecurity Threat, Indusface Study

By Habiba Rashid
The EvilProxy phishing kit is a malicious tool that has emerged as a key player, as it exploits MFA's limitations. So far, it has targeted over 100 firms.
This is a post from HackRead.com Read the original post: EvilProxy Phishing Kit Hits 100+ Firms, Bypasses MFA via Reverse Proxy

*   Proofpoint’s report highlights a rise in account takeovers, contradicting expectations of MFA’s effectiveness.
*   Malicious EvilProxy phishing kit emerges as a key player, exploiting MFA’s limitations.
*   EvilProxy employs a complex infection chain, utilizing legitimate redirectors and reverse proxy architecture.
*   High-level executives are targeted due to their access to sensitive data; 39% of compromised users held C-level positions.
*   Organizations urged to enhance email, cloud, and web security, and consider better authentication methods like FIDO-based keys.

Cybersecurity firm Proofpoint’s recent report has revealed a surge in account takeovers, defying the expectation that multi-factor authentication (MFA) would curb such incidents. The firm’s research showed that at least 35% of compromised users over the past year were equipped with MFA protection. It seems threat actors have found a way to exploit this defence.

The key protagonist in this narrative is the malicious phishing kit dubbed EvilProxy. As MFA gained traction, attackers responded with sophisticated methods to bypass this layer of security. EvilProxy, a reverse proxy-based phishing kit, has taken center stage in these endeavours, demonstrating its prowess by targeting thousands of users, including a significant number of C-suite executives.

Reverse Proxy (Proofpoint)

The method of attack involves a complex multi-step infection chain. Phishing emails, often impersonating trusted services like DocuSign and Adobe, contain malicious links that redirect users through a labyrinth of legitimate redirectors, including YouTube, malicious cookies, and 404 redirects. At the core of this campaign lies EvilProxy’s reverse proxy architecture. The kit intercepts MFA requests, obtains valid session cookies, and leverages them for authentication in the actual domain.

What is striking about this campaign is the attackers’ discrimination in targeting. They prioritized high-level executives due to their potential access to sensitive data and financial assets. Proofpoint’s study indicated that out of numerous compromised users, approximately 39% held C-level executive positions, including 17% who were chief financial officers and 9% who were presidents and CEOs.

Roles compromised in the attack (Proofpoint)

Once the attackers obtain access, their post-compromise activities include establishing persistence within the organization’s cloud environment. They leverage Microsoft 365 applications for MFA manipulation, further cementing their control. This persistent access opens avenues for lateral movement and potential malware deployment.

Proofpoint’s findings have shone a spotlight on the relentless evolution of cyber threats, highlighting that even the most secure of defences can be outmanoeuvred. The rise of EvilProxy as a tool of choice for such attacks has exposed critical vulnerabilities in organizational defence strategies. With a 100% increase in cloud account takeover incidents targeting high-level executives in the past six months, the battle between attackers and defenders continues to escalate.

Organizations are urged to strengthen their defences against these advanced hybrid threats by focusing on email security, cloud security, web security, and user awareness, and considering adopting better authentication methods, such as FIDO-based physical security keys. 

**RELATED ARTICLES**

1.  Warning as hackers breach MFA to target cloud services
2.  Global CDN Service ‘jsdelivr’ Exposed Users to Phishing Attacks
3.  FortiGuard Labs Discovers .ZIP Domains Fueling Phishing Attacks
4.  New Phishing Attack Spoofs Microsoft 365 Authentication System
5.  “Picture in Picture” Tactic Exploited in New Deceptive Phishing Attack

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

EvilProxy Phishing Kit Hits 100+ Firms, Bypasses MFA via Reverse Proxy

By Habiba Rashid
Operating from Europe, Lolek Hosted offered services that shielded clients' identities and turned a blind eye to the content they posted.
This is a post from HackRead.com Read the original post: Feds Seize Bulletproof Hosting Service ”Lolek Hosted”

1.  **Lolek Hosted, a prominent bulletproof hosting provider, has been dismantled in a coordinated operation by US and Polish authorities.**
2.  **The joint effort aimed to curb cybercriminals’ access to crucial tools for malicious activities by targeting the hosting platform.**
3.  **The takedown was marked by a banner on the seized website displaying logos of the FBI and IRS-CI, confirming the seizure.**
4.  **Both US and Polish authorities, along with law enforcement agencies, played vital roles in the operation, though details remain undisclosed.**
5.  **This action aligns with a broader trend of international law enforcement agencies intensifying efforts to dismantle cybercriminal networks and their supportive platforms.**

In a significant blow to cybercriminals’ anonymous infrastructure, authorities from the United States and Poland successfully dismantled the notorious bulletproof hosting provider, Lolek Hosted, this week. The joint effort aims to curtail cybercriminals’ unfettered access to critical tools for carrying out malicious activities.

As of the early hours of Tuesday, visitors to the Lolek Hosted website were met with a banner prominently displaying the logos of the Federal Bureau of Investigation (FBI) and the Internal Revenue Service – Criminal Investigation (IRS-CI). The banner stated:

> “This domain has been seized by the Federal Bureau of Investigation and Internal Revenue Service – Criminal Investigation as part of a coordinated law enforcement action taken against Lolek Hosted.”

The operation also saw the active involvement of the U.S. Attorney’s Office for the Middle District of Florida and the Computer Crime and Intellectual Property Section of the Department of Justice.

Domain seizure notice uploaded by authorities (Screenshot: Hackread.com)

Additionally, Polish authorities played a crucial role, with significant support provided by the Regional Prosecutor’s Office in Katowice and the Central Bureau for Combating Cybercrime in Krakow.

An official spokesperson from the IRS confirmed the legitimacy of the seizure notice, affirming its role in the takedown. However, both the FBI and Polish authorities refused to provide any details regarding the seizure.

Lolek Hosted, a widely used bulletproof hosting provider, has been operating since 2009 and has established itself as a key player in the realm of anonymous hosting platforms.

Operating from a European data center, the company offered services that shielded clients’ identities and turned a blind eye to the content they posted. This approach made bulletproof hosting services a haven for criminals seeking to disseminate malware, orchestrate botnet attacks, and execute various forms of cybercrime and fraud.

Archive view of the now seized Lolek Hosted domain (Screenshot: Hackread.com)

In recent years, authorities have escalated their efforts to dismantle bulletproof hosting services and other platforms aiding cybercrime by bringing the individuals responsible to justice. Notable cases include the seizure of DoubeVPN, the takedown of the infamous Safe-Inet VPN service, and the INTERPOL’s collaborative effort to dismantle the ’16shop’ phishing platform, resulting in arrests.

The joint operation involving INTERPOL, Indonesian, Japanese, and US authorities, as well as private sector partners, dismantled the ’16shop’ phishing-as-a-service platform. The platform offered phishing kits to hackers, enabling email scams to steal sensitive information from victims. 

Nevertheless, these joint efforts serve as a clear indicator that law enforcement agencies worldwide are intensifying their efforts to dismantle the foundations of cybercriminal networks, leaving no safe haven for those seeking to exploit the digital realm for illicit gains.

1.  13 Domains Linked to DDoS-For-Hire Services Seized
2.  NetWire Malware Site and Server Seized, Admin Arrested
3.  Researcher Exposes Crypto Scam Network of 300 Domains
4.  7 Domains Used in Pig Butchering Cryptocurrency Scam Seized
5.  Seized: 9 Crypto Laundering Sites Used by Ransomware Gangs

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.