1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Scammers take to GitHub to hoodwink other cybercriminals

    From TechnologyDaily@1337:1/100 to All on Tue Oct 4 15:45:03 2022
    Scammers take to GitHub to hoodwink other cybercriminals

    Date:
    Tue, 04 Oct 2022 14:25:35 +0000

    Description:
    Latest Microsoft Exchange flaw scheme discovered on GitHub shows there really is no honor among thieves.

    FULL STORY ======================================================================

    Cybersecurity researchers have discovered multiple GitHub accounts selling fake proof-of-work concept exploits for the latest zero-day vulnerabilities discovered in Microsoft Exchange.

    The warning follows the discovery of two new zero-day vulnerabilities in Microsoft Exchange: CVE-2022-41040 and CVE-2022-41082. These are a
    server-side request forgery (SSRF) flaw, and remote code execution (RCE)
    flaw, with both said to be being used by threat actors in the wild.

    Microsoft confirmed the existence of both the flaws and threat actors using it, and said to be working on a patch . Until that happens, it wont share
    more details about the vulnerabilities, so as to not to give any new ideas to hackers - however, some saw this as an opportunity to make a quick buck. Fake accounts selling fake exploits

    As reported by BleepingComputer , researchers found at least two separate fraud campaigns: one comprised of five accounts looking to sell fake exploits ('jml4da', 'TimWallbey', 'Liu Zhao Khin (0daylabin)', 'R007er', and
    'spher0x), and another one impersonating Kevin Beaumont, aka GossTheDog, a popular cybersecurity expert.

    The GitHub repositories for sale luckily don't hold any malware . They dont hold any important files either, just a README.md that details whats known about the vulnerabilities so far, and a pitch on how the crooks are selling a copy of a PoC exploit for the zero-days. Read more

    More Microsoft Exchange zero-days exploited in the wild


    Microsoft Exchange Online is making some major access changes


    These are the best endpoint protection tools at the moment

    "This means it can go unnoticed by the user and potentially by the security team as well. Such a powerful tool should not be fully public, there is strictly only 1 copy available so a REAL researcher can use it: https://satoshidisk.com/pay/xxx," the document reads.

    The file then leads to a SatoshiDisk page where gullible hackers can buy the fake exploit for 0.0182 Bitcoin, or roughly $420.

    This should already be considered a red flag, as flaws like this one should cost at least a thousand times as much. Apparently, IT company Zerodium
    offers $250,000 for RCE flaws in Microsoft Exchange. Here are the best antivirus solutions right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/scammers-take-to-github-to-hoodwink-other-cyber criminals/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)