Breaking News

•••  All important news related to new attacks and see the solutions we can offer you  •••

28/10/2020

Abbadon remote access trojan (RAT) gets commands via Discord

Read the original article here
Cyber Defense

The new 'Abaddon' remote access trojan may be the first to use Discord as a full-fledged command and control server that instructs the malware on what tasks to perform on an infected PC.

Abaddon implements data-stealing feature, it was designed to steal multiple data from the infected host, including Chrome cookies, saved credit cards, and credentials, Steam credentials, Discord tokens and MFA information.

The malware also collects system information such as country, IP address, and hardware information.
According to Bleeping Computer the malware supports the following commands:

  • Steal a file or entire directories from the computer
  • Get a list of drives
  • Open a reverse shell that allows the attacker to execute commands on the infected PC.
  • Launch in-development ransomware (more later on this).
  • Send back any collected information and clear the existing collection of data.
Contact us for a test with Cymulate Breach and Attack Simulation
26/10/2020

T-RAT 2.0 Telegram-controlled RAT, a new security threat

Read the original article here
Cyber Defense

T-RAT 2.0 is a Trojan being advertised and sold on Russian forums, according to a posting on the G DATA Security Blog.
The most notable feature of T-RAT 2.0 is that it can be controlled using the Telegram app.

 

Apparently, here’s what T-RAT 2.0 can do to your system, once it infects it:

  • Retrieve cookies and passwords from your browser
  • Grant the attacker full access to your file system
  • Perform audio recordings (requires an audio input device such as a microphone)
  • Log your keystrokes
  • Disable your Taskbar
  • Use your webcam to perform video recordings or take pictures
  • Fetch clipboard content
  • Snap screenshots of your current view
  • Disable your Task Manager
  • Hijack transactions for several services, including Ripple, Dogecoin, Qiwi, and Yandex.Money
  • Execute CMD & PowerShell commands
  • Restrict your access to various websites and services
  • Forcefully terminate processes on your computer
  • Use RDP and/or VNC to perform additional remote control operations

 

More so, it’s compatible with most Chromium-based browsers (v80 and up), and its Stealer component supports the following apps:

  • Steam
  • Telegram
  • Skype
  • Viber
  • FileZilla XML
  • NordVPN
  • Discord

 

 

Contact us for a test with Cymulate Breach and Attack Simulation
22/10/2020

British Airways fined £20m for Magecart hack that exposed 400k folks' credit card details to crooks

Read the original article here
Cyber Defense

British Airways is to pay a £20m data protection fine after its 2018 Magecart hack – even though the Information Commissioner’s Office discovered the airline had been saving credit card details in plain text since 2015.

The fine, announced this morning by the UK's data watchdog, is almost exactly at the reduced £19.8m level that BA parent company the International Airlines Group had expected back in August.

Read about Reflectiz, and how it can protect your organization and your clients against magecart
Load more