company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Bulk IP/Domain Lookup

Threatspy

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO/CTO

DevOps Engineer

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Android

Trojan

Anatsa

loading..
loading..
loading..

Anatsa Android Banking Trojan Targeting U.S, U.K & DACH with New Campaign

Discover the evolving threat landscape with Anatsa Android Banking Trojan. Recent Google Play Store campaigns targeting the US, DACH, & UK regions

27-Jun-2023
6 min read

Related Articles

loading..

Hack

Polish officials lured by a "sexy spy" email? This APT28 attack exposes social e...

## Highly Targeted Phishing Campaign by APT28 Targets Polish Government Networks Recent events reveal a meticulously crafted phishing campaign targeting Polish government institutions. Attributed to APT28, a notorious Russian state-backed threat group, this attack highlights the evolving tactics and techniques employed by nation-state actors in cyberspace. ### **Dissecting the Attack Flow** The attack leveraged social engineering tactics, luring victims with a salacious email narrative involving a "mysterious Ukrainian woman." Clicking the embedded link initiated a series of redirects, ultimately downloading a malicious archive disguised as a JPG image. ### Deconstructing the Malicious Payload** This archive contained a weaponized executable file masquerading as a JPG. Upon execution, it employed DLL side-loading to launch a hidden script. This script, designed to be a distraction, displayed an image in the browser while simultaneously downloading and modifying a malicious CMD file. ### Unveiling the Malicious Intent** The downloaded CMD file, disguised as another JPG, aimed to gather sensitive information from the infected machine, including IP addresses and file listings from specific folders. This intel gathering suggests potential reconnaissance for further exploitation attempts. ### Echoes of Past Campaigns** The attack bears striking similarities to APT28's past operations. Notably, the group used Israel-Hamas themed lures to compromise devices with Headlace malware in a previous campaign. ### A Well-Established Threat Actor** APT28, linked to Russia's GRU military intelligence unit, has a history of high-profile attacks. They stand accused of compromising the DNC servers during the 2016 US elections and breaching the German Bundestag in 2015. ### International Condemnation and Repercussions** This recent Polish incident follows condemnations by NATO, the EU, and the US regarding APT28's cyber espionage activities across Europe. The US Department of State urged Russia to cease such malicious operations. ### Persistent Threat Landscape** The Polish incident underscores the persistent threat posed by state-backed actors. Their sophisticated social engineering tactics and ever-evolving attack methods necessitate robust cybersecurity measures to safeguard critical infrastructure. ### Code Snippet Example (Illustrative Purposes Only)** While the specific code used in this attack is not publicly available, a simplified illustration of a DLL side-loading technique might resemble: ```python def load_dll(dll_path): """Loads a DLL from the specified path.""" try: return ctypes.WinDLL(dll_path) except WindowsError as e: print(f"Error loading DLL: {e}") return None # Example usage (assuming a malicious DLL named "malicious.dll" exists) malicious_dll = load_dll("malicious.dll") if malicious_dll: # Call functions from the loaded DLL (assuming malicious functionality) malicious_dll.run_malicious_function() ``` The Polish incident turns out to be critical in this ever-evolving cyber threat landscape. By meticulously dissecting the attack flow, understanding APT28's tactics, and implementing robust cybersecurity practices, nations can bolster their defenses against such malicious campaigns.

loading..   11-May-2024
loading..   3 min read
loading..

data theft

cyberattack

DocGo Ambulance Service Hit! Patient Data Hack Exposes Medical Records. Is Your ...

Mobile healthcare provider DocGo recently disclosed a cyberattack that compromised patient health data. The attack targeted DocGo's US ambulance transportation business, highlighting the vulnerability of healthcare organizations to cybercrime. #### Attack Details: Limited Information, Heightened Concern While DocGo hasn't revealed the specific nature of the attack, the filing mentions unauthorized activity. This could indicate various methods, including malware infections, phishing campaigns, or exploitation of software vulnerabilities. The lack of details surrounding the attack method raises concerns. It's crucial to understand the attack vector to implement effective mitigation strategies and prevent future breaches. #### Data at Risk: Protected Health Information Exposed DocGo confirms that the attackers accessed and stole "protected health information" (PHI) from a limited number of patient records. PHI encompasses a wide range of sensitive data, including names, addresses, Social Security numbers, diagnoses, and treatment details. The breach of PHI can have severe consequences for patients, including identity theft, medical fraud, and emotional distress. #### Incident Response: Standard Measures, Lingering Questions DocGo's response seems to follow standard incident response protocols. They mention containment measures, investigation with cybersecurity experts, and notification of law enforcement. However, details on specific actions taken are missing. Did DocGo shut down affected systems to prevent lateral movement? What forensic analysis are they conducting to identify the scope of the breach? #### Impact Assessment: Business Continuity vs. Patient Risk DocGo downplays the impact, stating no material impact on finances and operations. This prioritizes business continuity, which is crucial. However, the potential impact on patients - identity theft, disrupted care coordination - deserves more emphasis. #### Ransomware Threat: Data as Leverage The report mentions ransomware as a potential motive. Ransomware attacks often involve data exfiltration, where stolen data is used as leverage to extort a ransom payment. If DocGo doesn't comply, the stolen PHI could be leaked online or sold on the dark web. This emphasizes the importance of robust data security practices and potentially having backups that are isolated from the main network.

loading..   11-May-2024
loading..   2 min read
loading..

FTC

privacy

BetterHelp Faces $7.8M Fine for Sharing User Data. Did They Leak Your Mental Hea...

In a move raising concerns about data privacy in the mental health space, online therapy giant BetterHelp has settled charges with the U.S. Federal Trade Commission (FTC) for a hefty $7.8 million. The FTC alleged that BetterHelp engaged in deceptive data practices, compromising the privacy of its users. #### A Viable Alternative, Now Tarnished Founded in 2013, BetterHelp emerged as a leading platform offering convenient and accessible mental health services. By providing text, chat, phone, and video therapy sessions with licensed professionals, BetterHelp became a viable alternative to traditional face-to-face therapy, particularly for individuals seeking help with conditions like depression, anxiety, substance abuse, and PTSD. #### Misuse of Vulnerable Data However, the FTC investigation revealed a disturbing disregard for user privacy. The complaint alleged that BetterHelp collected a wide range of user data, including email addresses, IP addresses, and even responses from preliminary health questionnaires – information explicitly promised to be kept confidential. This sensitive data collection extended beyond users who signed up for therapy, encompassing even those simply visiting the BetterHelp website. #### Fueling Growth Through Broken Promises More concerning was the revelation that BetterHelp allegedly shared this collected data with third-party advertising platforms like Facebook, Snapchat, Criteo, and Pinterest. The FTC contends that this data was used to target potential customers with advertisements, essentially leveraging users' vulnerabilities for financial gain. The complaint further alleges that this practice resulted in a significant increase in user acquisition and revenue for BetterHelp. #### Refunds and Repercussions As part of the settlement, BetterHelp has agreed to pay $7.8 million in refunds to affected consumers. This applies not only to BetterHelp users but also to users of affiliated platforms like MyTherapist, Teen Counseling, Faithful Counseling, Pride Counseling, iCounseling, Regain, and Terappeuta. The FTC estimates that roughly 800,000 consumers are eligible for refunds, highlighting the scale of the alleged data breach. A third-party entity, Ankura Consulting, will oversee the distribution of refunds. Eligible users will receive email notifications outlining the process and available payment options, including checks, Zelle, and PayPal. The deadline to choose a preferred payment method is June 10, 2024, with all refunds expected to be distributed this summer.

loading..   09-May-2024
loading..   2 min read
Company Logo
logo

Secure Blink automates the application and API security testing for developers and security teams, helping them to rapidly identify and mitigate vulnerabilities more effectively than they can today.

Find Us Online

Facebook Logo
Twitter Logo
LinkedIn Logo
Telegram Logo
YouTube Logo
contact@secureblink.com

This website uses cookies to ensure you get the best experience on our website. By continuing on our website, you consent to our use of cookies. To find out more about how we use cookies, please see our Cookies Policy.

contact@secureblink.com

@ Copyright 2024 Secure Blink. All rights reserved.

4th Floor, Plot No- 7-10 Sector 126, Noida, UP -201303