Hackers Can Use ‘App Mode’ in Chromium Browsers’ for Stealth Phishing Attacks

Hackers Can Use ‘App Mode’ in Chromium Browsers’ for Stealth Phishing Attacks

Advanced Phishing Attacks
In what’s a new phishing technique, it has been demonstrated that the Application Mode feature in Chromium-based web browsers can be abused to create “realistic desktop phishing applications.”
Application Mode is designed to offer native-like experiences in a manner that causes the website to be launched in a separate browser window, while also displaying the website’s favicon and hiding the address bar.
According to security researcher mr.d0x – who also devised the browser-in-the-browser (BitB) attack method earlier this year – a bad actor can leverage this behavior to resort to some HTML/CSS trickery and display a fake address bar on top of the window and fool users into giving up their credentials on rogue login forms.
CyberSecurity
“Although this technique is meant more towards internal phishing, you can technically still use it in an external phishing scenario,” mr.d0x said. “You can deliver these fake applications independently as files.”
This is achieved by setting up a phishing page with a fake address bar at the top, and configuring the –app parameter to point to the phishing site hosting the page.
Advanced Phishing Attacks
On top of that, the attacker-controlled phishing site can make use of JavaScript to take more actions, such as closing the window immediately after the user enters the credentials or resizing and positioning it to achieve the desired effect.
It’s worth noting that the mechanism works on other operating systems, such as macOS and Linux, making it a potential cross-platform threat. However, the success of the attack is predicated on the fact that the attacker already has access to the target’s machine.
CyberSecurity
That said, Google is phasing out support for Chrome apps in favor of Progressive Web Apps (PWAs) and web-standard technologies, and the feature is expected to be fully discontinued in Chrome 109 or later on Windows, macOS, and Linux.
In a statement shared with The Hacker News, the internet giant said that “the –app feature was deprecated before this research was published, and we are taking its potential for abuse into account as we consider its future.”
“Users should be aware that running any file provided by an attacker is dangerous. Google’s Safe Browsing helps protect against unsafe files and websites. While Safe Browsing is enabled by default in Chrome, users may want to enable Enhanced protection, which inspects the safety of your downloads to better warn you when a file may be dangerous.”
The findings come as new findings from Trustwave SpiderLabs show that HTML smuggling attacks are a common occurrence, with .HTML (11.39%) and .HTM (2.7%) files accounting for the second most spammed file attachment type after .JPG images (25.29%).

//e&&!t&&(jQuery.ajax({url:”https://thehackernews.com/feeds/posts/default?alt=json&max-results=4″,type:”get”,cache:!1,dataType:”jsonp”,success:function(e){for(var t=””,s=””,r=0;r
.

LofyGang Distributed ~200 Malicious NPM Packages to Steal Credit Card Data

LofyGang Distributed ~200 Malicious NPM Packages to Steal Credit Card Data

LofyGang NPM Malware
Multiple campaigns that distributed trojanized and typosquatted packages on the NPM open source repository have been identified as the work of a single threat actor dubbed LofyGang.
Checkmarx said it discovered 199 rogue packages totaling thousands of installations, with the group operating for over a year with the goal of stealing credit card data as well as user accounts associated with Discord Nitro, gaming, and streaming services.
“LofyGang operators are seen promoting their hacking tools in hacking forums, while some of the tools are shipped with a hidden backdoor,” the software security company said in a report shared with The Hacker News prior to its publication.
CyberSecurity
Various pieces of the attack puzzle have already been reported by JFrog, Sonatype, and Kaspersky (which called it LofyLife), but the latest analysis pulls the various operations together under one organizational umbrella that Checkmarx is referring to as LofyGang.
LofyGang NPM Malware
Believed to be an organized crime group of Brazilian origin, the attackers have a track record of using sock puppet accounts to advertise their tools and services on GitHub, YouTube, and leaking thousands of Disney+ and Minecraft accounts on underground hacking forums.
It’s also known to employ a Discord server created nearly a year ago on October 31, 2021, to provide technical support and communicate with their members. One of its main offerings is a service that sells fake Instagram followers.

“Discord, Repl.it, glitch, GitHub, and Heroku are just a few services LofyGang is using as [command-and-control] servers for their operation,” the researchers noted.
What’s more, the fraudulent packages traced back to the group have been found to embed password stealers and Discord-specific malware, some of which are designed to steal credit cards.
To conceal the scale of the supply chain attack, the packages are intentionally published through different user accounts so that other weaponized libraries remain unaffected on the repositories even if one of them is spotted and removed by the maintainers.
CyberSecurity
Furthermore, the adversary has been found using a sneaky technique wherein the top-level package is kept free of malware but have it depend on another package that introduces the malicious capabilities.
That’s not all. Even the hacking tools shared by LofyGang on GitHub depend on malicious packages, effectively acting as a conduit to deploy persistent backdoors on the operator’s machines.
The findings are yet another indication that malicious actors are increasingly setting their sights on the open source ecosystem as a stepping point to widen the scope and effectiveness of their attacks aimed at downstream customers.
“Communities are being formed around utilizing open-source software for malicious purposes,” the researchers concluded. “We believe this is the start of a trend that will increase in the coming months.”

//e&&!t&&(jQuery.ajax({url:”https://thehackernews.com/feeds/posts/default?alt=json&max-results=4″,type:”get”,cache:!1,dataType:”jsonp”,success:function(e){for(var t=””,s=””,r=0;r
.

The essentials of GRC and cybersecurity — How they empower each other

The essentials of GRC and cybersecurity — How they empower each other

GRC and cybersecurity
Understanding the connection between GRC and cybersecurity
When talking about cybersecurity, Governance, Risk, and Compliance (GRC) is often considered the least exciting part of business protection. However, its importance can’t be ignored, and this is why.
While cybersecurity focuses on the technical side of protecting systems, networks, devices, and data, GRC is the tool that will help the entire organization understand and communicate how to do it.
What does it mean?
GRC tools like StandardFusion help companies define and implement the best practices, procedures, and governance to ensure everyone understands the risks associated with their actions and how they can affect business security, compliance, and success.
In simple words, GRC is the medium for creating awareness around cybersecurity’s best practices to reduce risks and achieve business goals.
Why is cybersecurity more relevant than ever before
Cybersecurity aims to protect sensitive business data, intellectual property, personal and health information, and other company systems from cyber-attacks and threats. However, this task has become increasingly harder over the past few years.
Why is that?
Well, because of the ever-increasing global connectivity, new hybrid work models, the popularization of cloud services, and the evolution of technology, among others. Although all of these are great from a business perspective, they introduce new risks and challenges.
Here’s the truth:
Cybersecurity has always been a critical part of organizations; however, in today’s technological and interconnected landscape, they can’t exist without it, at least in the long term.
GRC and cybersecurity
Understanding the principles of GRC
Governance, Risk, and Compliance (GRC) is a business strategy for managing a company’s overall governance, enterprise risk management, and regulatory compliance.
From a cybersecurity standpoint, GRC is a structured approach to aligning IT (people and operations) with business objectives while effectively managing risks and meeting regulatory needs.
In this context, to achieve business objectives and maximize the company’s bottom line, organizations need to follow the best practices and procedures. This is why GRC exists… to mitigate any threat to productivity and the company’s value by creating standards, policies, regulations, and processes.
More importantly, GRC helps build trust in the organization. This trust comes from improved efficiencies, better communication, employees’ confidence to share information, and enhanced business outcomes.
That’s not all.
GRC empowers companies to create a culture of value, giving everyone the education and agency to understand how they can protect the business’s value, reputation and make better decisions.
The crucial role of GRC in cybersecurity
Organizations must align people, systems, and technologies with business objectives to achieve solid and effective cybersecurity. This means everyone should know and take the proper actions when executing their tasks — it’s all about awareness and knowledge.
Governance, Risk, and Compliance is the best tool to create an integrated system that focuses on achieving objectives while addressing risks and acting with integrity.
GRC is crucial because it supports cybersecurity with vital business activities, such as:

  • Standardizing the best practices for everyone to act with integrity and security.
  • Assigns roles and responsibilities to business units and users, enhancing communication.
  • Helping with the implementation of data manipulation procedures.
  • Unifies vocabulary across departments and teams.
  • Supporting internal audits and encourages continuous control monitoring.
  • Assisting with risk mitigation internally and externally
  • Supporting meeting industry and government regulations.

GRC and cybersecurity
GRC also provides a framework to integrate security and privacy with the organization’s overall goals. Why is this important? Because it allows businesses to make informed decisions regarding data security risks quickly while mitigating the risk of compromising privacy.
The role of GRC in cybersecurity – technical benefits
The following are some of the vital benefits GRC offers cybersecurity:
Third-party vendor selection: Many organizations will use a third-party scorecard to gather basic information about potential vendors. This information includes: Corporate reputation, financials, network security, history of cyber breaches, geographic location, and more. A robust GRC model would support IT and security teams select and vet potential third-party vendors. More importantly, GRC will support the creation of vendor assessments and mitigation strategies.
Risk mitigation: IT can use GRC to understand the scope of cybersecurity and document the strengths and limitations of the current security program. GRC allows organizations to outline and act on different types of threats, potential damages, mitigation plans, and risk treatments.
Regulatory compliance: GRC is vital in keeping compliance in the loop as new regulations evolve worldwide. Moreover, it brings these evolving changes to the security team’s attention ahead of time, providing time to plan and respond. Overall, GRC will help develop and manage the policies, regulations, and standards to meet the often-updated business and industry regulations.
Audit support: Modern organizations extend their procedures and protocols to provide proof and audit material to their auditors. Ensuring processes and best practices are well documented will show that the house is kept in order. Critical audit material may include: Incident response, cybersecurity awareness training, internal control test results, cybersecurity compliance reviews, and more. GRC helps craft and maintain a single source of truth for compliance that allows everyone to be on the right page.
Data privacy: GRC helps organizations stay on top of the ever-changing landscape of privacy regulations. How? by allowing the IT team to ensure that the appropriate protection, logging, geographic storage, etc. are in place to defend customers’ and employees’ data.
Visibility: GRC’s integrated approach allows companies to get visibility into every aspect of their security compliance programs. This is vital as it enables different units, managers, and personnel to see the big picture and make data-drive and informed decisions.
In summary:
A well-planned GRC program enables organizations to:

  • Collect and maintain high-quality information
  • Improve decision making
  • Promote collaboration
  • Increase accountability
  • Build a strong culture
  • Increase efficiency and agility
  • Provide visibility
  • Reduces costs by supporting suitable investments
  • Increase integration
  • Protect the company’s value and reputation

GRC and Cybersecurity: Why do companies need an integrated approach?
Integrating GRC and cybersecurity is imperative for organizations that want to build a long-term, successful security strategy. Aside from faster communication, congruent metrics, collaboration, and decision-making, the integration of GRC and cybersecurity offers other distinct advantages.
An integrated approach minimizes manual input and the potential for human error, reducing costs and giving organizations more time to create more value for the business.
More importantly, a strong integration helps the board to clearly and comprehensively visualize the organization’s security posture. By understanding the cross-functional posture, business directors can tell better security stories to convey trust to customers and empower employees.
To sum up:
GRC and cybersecurity work hand in hand toward a lower-risk future and value creation — they can’t exist without each other. While cybersecurity aims to protect systems, networks, and data (from a technical perspective), GRC communicates the best method and practices to achieve so.
With an integrated approach, organizations will:

  • Increase efficiencies
  • Enhance security posture
  • Tell better security stories
  • Improve visibility across the board
  • Increase support from leadership
  • Avoid compliance/regulatory fines
  • IT and security teams set the tone for the entire company
  • Hand in hand toward a lower-risk future

Empowering cybersecurity through GRC – methodology
The OCEG has developed this Capability Model (Red Book) as an open-source methodology that merges the sub-disciplines of governance, risk, audit, compliance, ethics/culture, and IT into a unified approach.
Organizations can evolve this standard to address specific situations, from small projects to organization-wide rollouts. Some examples are:

  • Anti-corruption projects
  • Business continuity
  • Third-party management

The model is key to framing conversations about GRC capabilities with the board, senior executives, and managers. Also, organizations might use this GRC Capability Model with more specific functional frameworks, such as: ISO, COSO, ISACA, IIA, NIST, and others.
The GRC Capability Model encourages organizations to document best practices to:

  • Unify vocabulary across disciplines
  • Define common components and elements
  • Define common information requirements
  • Standardize practices for things like policies and training
  • Identify communication for everyone involved.

Now, let’s see how it works.
GRC and cybersecurity
The Capability Model has four parts:
1. Learn
The main idea here is to identify the business culture, stakeholders, and organization’s business practices to successfully guide their goals, strategy, and objectives.
As a process, it would look like this:

  • Learning business plans and goals
  • Understanding strategic objectives
  • Being aware of the current and future compliance activities
  • Connecting with the key stakeholders

2. Align
This step focuses on unifying strategy with objectives and actions with strategies. The goal here is to have an integrated approach where senior leadership is engaged and supports the process of decision-making.
In simple words, this process needs:

  • Align business objectives with the strategy
  • Align executives with stakeholders’ expectations
  • Align resource allocation planning with objectives

3. Perform
After aligning business goals and objectives, it’s time to perform. This step defines implementing appropriate controls and policies, preventing and remediating undesired risks, and monitoring to detect issues as soon as possible.
4. Review
As a final step, it’s imperative to review the design and operational performance of the current strategy and actions. More importantly, this step encourages organizations to analyze objectives to constantly enhance the integrated GRC activities.
What is the purpose of this model?
To develop a steady and integral improvement process to reach optimal performance and create value for the organization.
Get your free consultation with StandardFusion and learn how you can design an integrated GRC program to strengthen your cybersecurity and protect your organization’s value.

//e&&!t&&(jQuery.ajax({url:”https://thehackernews.com/feeds/posts/default?alt=json&max-results=4″,type:”get”,cache:!1,dataType:”jsonp”,success:function(e){for(var t=””,s=””,r=0;r
.

Facebook Detects 400 Android and iOS Apps Stealing Users Log-in Credentials

Facebook Detects 400 Android and iOS Apps Stealing Users Log-in Credentials

Facebook hack
Meta Platforms on Friday disclosed that it had identified over 400 malicious apps on Android and iOS that it said targeted online users with the goal of stealing their Facebook login information.
“These apps were listed on the Google Play Store and Apple’s App Store and disguised as photo editors, games, VPN services, business apps, and other utilities to trick people into downloading them,” the social media behemoth said in a report shared with The Hacker News.
CyberSecurity
42.6% of the rogue apps were photo editors, followed by business utilities (15.4%), phone utilities (14.1%), games (11.7%), VPNs (11.7%), and lifestyle apps (4.4%). Interestingly, a majority of the iOS apps posed as ads manager tools for Meta and its Facebook subsidiary.
Besides concealing its malicious nature as a set of seemingly harmless apps, the operators of the scheme also published fake reviews that were designed to offset the negative reviews left by users who may have previously downloaded the apps.
The apps ultimately functioned as a means to steal the credentials entered by users by displaying a “Login With Facebook” prompt.
Facebook hack
Facebook hack
“If the login information is stolen, attackers could potentially gain full access to a person’s account and do things like message their friends or access private information,” the company said.
CyberSecurity
All the apps in question have been taken down from both app stores. The list of 402 apps (355 Android and 47 iOS apps) can be accessed here.
As always with apps like these, it’s essential to exercise caution before downloading apps and granting access to Facebook to access the promised functionality. This includes scrutinizing app permissions and reviews, and also verifying the authenticity of the app developers.
The disclosure also comes as Meta-owned WhatsApp filed a lawsuit against three companies based in China and Taiwan for allegedly misleading over a million users into compromising their own accounts by distributing bogus versions of the messaging app.

//e&&!t&&(jQuery.ajax({url:”https://thehackernews.com/feeds/posts/default?alt=json&max-results=4″,type:”get”,cache:!1,dataType:”jsonp”,success:function(e){for(var t=””,s=””,r=0;r
.

19-Year-Old Teen Arrested for Using Leaked Optus Breach Data in SMS Scam

19-Year-Old Teen Arrested for Using Leaked Optus Breach Data in SMS Scam

Optus Breach SMS Scam
The Australian Federal Police (AFP) has arrested a 19-year-old teen from Sydney for allegedly attempting to leverage the data leaked following the Optus data breach late last month to extort victims.
The suspect is said to have carried out a text message blackmail scam, demanding that the recipients transfer $2,000 to a bank account or risk getting their personal information misused for fraudulent activities.
The source of the data, the agency said, was a sample database of 10,200 records that was posted briefly on a cybercrime forum accessible on the clearnet by an actor named “optusdata,” before taking it down.
CyberSecurity
Details of the scam were previously shared by 9News Australia reporter Chris O’Keefe on September 27, 2022.
The AFP further said it executed a search warrant at the home of the offender, leading to the seizure of a mobile phone used to send the text messages to about 93 Optus customers. “At this stage it appears none of the individuals who received the text message transferred money to the account,” it noted.
The unnamed individual has been charged with using a telecommunication network with the intent to commit a serious offense and dealing with identification information. Both the charges are punishable by a maximum penalty of imprisonment for 10 and 7 years, respectively.
CyberSecurity
The arrest comes as Optus, earlier this week, confirmed that the breach impacted nearly 2.1 million of its current and former customers, exposing their license numbers and Medicare ID numbers.
The development also follows the launch of Operation Guardian by the law enforcement agency to identify the affected 10,200 individuals and monitor internet forums for threat actors attempting to exploit the released information for financial benefit.
Also set up in the aftermath of the breach is Operation Hurricane, which aims to unmask the threat actor responsible for the breach. To that end, the AFP said it’s aggressively pursuing all lines of enquiry.

//e&&!t&&(jQuery.ajax({url:”https://thehackernews.com/feeds/posts/default?alt=json&max-results=4″,type:”get”,cache:!1,dataType:”jsonp”,success:function(e){for(var t=””,s=””,r=0;r
.