#1 Trusted Cybersecurity News Platform
The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Most Trusted Cyber Security and Computer Security Analysis: BlackBerry

Hackers Using Rogue Versions of KeePass and SolarWinds Software to Distribute RomCom RAT

Hackers Using Rogue Versions of KeePass and SolarWinds Software to Distribute RomCom RAT
November 03, 2022Ravie Lakshmanan
The operators of RomCom RAT malware are continuing to evolve their campaigns by distributing rogue versions of software such as SolarWinds Network Performance Monitor, KeePass password manager, and PDF Reader Pro via fake copycat websites. Targets of the operation consist of victims in Ukraine and select English-speaking countries like the U.K. To be noted the malicious software in question is not related to any product developed or released by SolarWinds, and is instead an unlicensed, "cracked" version of an old product. "Given the geography of the targets and the current geopolitical situation, it's unlikely that the RomCom RAT threat actor is cybercrime-motivated," the BlackBerry Threat Research and Intelligence Team  said  in a new analysis. The latest findings  come  a week after the Canadian cybersecurity company disclosed a spear-phishing campaign aimed at Ukrainian entities to deploy a remote access trojan called RomCom RAT. The unknown threat act

Experts Sound Alarm on DCRat Backdoor Being Sold on Russian Hacking Forums

Experts Sound Alarm on DCRat Backdoor Being Sold on Russian Hacking Forums
May 09, 2022Ravie Lakshmanan
Cybersecurity researchers have shed light on an actively maintained remote access trojan called DCRat (aka DarkCrystal RAT) that's offered on sale for "dirt cheap" prices, making it accessible to professional cybercriminal groups and novice actors alike. "Unlike the well-funded, massive Russian threat groups crafting custom malware [...], this remote access Trojan (RAT) appears to be the work of a lone actor, offering a surprisingly effective homemade tool for opening backdoors on a budget," BlackBerry researchers said in a report shared with The Hacker News. "In fact, this threat actor's commercial RAT sells at a fraction of the standard price such tools command on Russian underground forums." Written in .NET by an individual codenamed "boldenis44" and "crystalcoder," DCRat is a full-featured backdoor whose functionalities can be further augmented by third-party plugins developed by affiliates using a dedicated integrated

Initial Access Broker Involved in Log4Shell Attacks Against VMware Horizon Servers

Initial Access Broker Involved in Log4Shell Attacks Against VMware Horizon Servers
January 26, 2022Ravie Lakshmanan
An initial access broker group tracked as Prophet Spider has been linked to a set of malicious activities that exploits the Log4Shell vulnerability in unpatched VMware Horizon Servers. According to new research published by BlackBerry Research & Intelligence and Incident Response (IR) teams today, the cybercrime actor has been opportunistically weaponizing the shortcoming to download a second-stage payload onto the victimized systems. The payloads observed include cryptocurrency miners, Cobalt Strike Beacons, and web shells, corroborating a previous advisory from the U.K. National Health Service (NHS) that  sounded the alarm  on active exploitation of the vulnerabilities in VMware Horizon servers to drop malicious web shells and establish persistence on affected networks for follow-on attacks. Log4Shell  is a moniker used to refer to an exploit affecting the popular Apache Log4j library that results in remote code execution by logging a specially crafted string. Since public

BadAlloc Flaw Affects BlackBerry QNX Used in Millions of Cars and Medical Devices

BadAlloc Flaw Affects BlackBerry QNX Used in Millions of Cars and Medical Devices
August 18, 2021Ravie Lakshmanan
A major vulnerability affecting older versions of BlackBerry's QNX Real-Time Operating System (RTOS) could allow malicious actors to cripple and gain control of a variety of products, including cars, medical, and industrial equipment. The shortcoming (CVE-2021-22156, CVSS score: 9.0) is part of a broader collection of flaws, collectively dubbed  BadAlloc , that was originally disclosed by Microsoft in April 2021, which could open a backdoor into many of these devices, allowing attackers to commandeer them or disrupt their operations. "A remote attacker could exploit CVE-2021-22156 to cause a denial-of-service condition or execute arbitrary code on affected devices," the U.S. Cybersecurity and Infrastructure Security Agency (CISA)  said  in a Tuesday bulletin. As of writing, there is no evidence of active exploitation of the vulnerability. BlackBerry QNX technology is  used  worldwide by over 195 million vehicles and embedded systems across a wide range of industries,

Dutch Police Seize Another Company that Sells PGP-Encrypted Blackberry Phones

Dutch Police Seize Another Company that Sells PGP-Encrypted Blackberry Phones
May 11, 2017Swati Khandelwal
The Dutch police arrested four suspects on Tuesday on suspicion of money laundering and involvement in selling custom encrypted BlackBerry and Android smartphones to criminals. The Dutch National High Tech Crime Unit (NHTCU), dedicated team within the Dutch National Police Agency aims to investigate advanced forms of cyber crimes, carried out investigation and found that the phone brand "PGPsafe" was selling customized BlackBerry and Android smartphones with the secure PGP-encrypted network to the "possible criminal end users." PGP (Pretty Good Privacy) is an open source end-to-end encryption standard that can be used to cryptographically sign emails, documents, files, or entire disk partitions in order to protect them from being spied on. Selling custom security-focused encrypted phones does not involve any crime itself, but Dutch police have discovered evidence, which indicates over the years such phones had been sold to organized criminals involved in

How Dutch Police Decrypted BlackBerry PGP Messages For Criminal Investigation

How Dutch Police Decrypted BlackBerry PGP Messages For Criminal Investigation
March 10, 2017Swati Khandelwal
The Dutch police have managed to decrypt a number of PGP-encrypted messages sent by criminals using their custom security-focused PGP BlackBerry phones and identified several criminals in an ongoing investigation. PGP, or Pretty Good Privacy, an open source end-to-end encryption standard that can be used to cryptographically sign emails, files, documents, or entire disk partitions in order to protect them from being spied on. You'll be surprised to know how the police actually decrypted those PGP messages. In April last year, the Dutch Police arrested a 36-year-old man on suspicion of money laundering and involvement in selling customized BlackBerry Phones with the secure PGP-encrypted network to criminals that were involved in organized crimes. At the time, the police also seized a server belonging to Ennetcom, the company owned by Danny Manupassa, which contains data of end-to-end encrypted communications belong to a large number of criminal groups. Later, in Januar

Canadian Police obtained Master Key to Crack BlackBerry Messenger Encryption

Canadian Police obtained Master Key to Crack BlackBerry Messenger Encryption
April 15, 2016Swati Khandelwal
BlackBerry has long been known for its stance on mobile security, as it was the first mobile phone maker to provide end-to-end encryption. But a new report revealed that the company has provided a master backdoor to law enforcement in its secure devices since 2010. The Royal Canadian Mounted Police (RCMP) have been in possession of a global decryption key for BlackBerry phones since 2010, according to a new report from Vice News published yesterday. The report suggests that the Canadian police used the master key to intercept and decrypt over 1 Million messages sent using its own encrypted and allegedly secure BlackBerry Messenger ( BBM ) service in a criminal investigation over the course of 2 years. Single Encryption Key to Protect All Customers The issue with Blackberry's security mechanism is that the company uses a single global encryption key to protect all its regular customers, though the corporate BlackBerry phones use their own encryption keys generated

HeartBleed Bug Explained - 10 Most Frequently Asked Questions

HeartBleed Bug Explained - 10 Most Frequently Asked Questions
April 15, 2014Mohit Kumar
Heartbleed – I think now it's not a new name for you, as every informational website, Media and Security researchers are talking about probably the biggest Internet vulnerability in recent history. It is a critical bug in the OpenSSL's implementation of the TLS/DTLS heartbeat extension that allows attackers to read portions of the affected server's memory, potentially revealing users data, that the server did not intend to reveal. After the story broke online, websites around the world flooded with the heartbleed articles, explaining how it works, how to protect, and exactly what it is. Yet many didn't get it right. So based on the queries of Internet users, we answered some frequently asked questions about the bug. 1.) IS HEARTBLEED A VIRUS? Absolutely NO, It's not a virus. As described in our previous article , The Heartbleed bug is a vulnerability resided in TLS heartbeat mechanism built into certain versions of the popular open source encryption standard Open

Billions of Smartphone Users affected by Heartbleed Vulnerability

Billions of Smartphone Users affected by Heartbleed Vulnerability
April 14, 2014Swati Khandelwal
Heartbleed has left a worst impression worldwide affecting millions of websites and is also supposed to put millions of Smartphones and tablets users at a great risk. Heartbleed is a critical bug ( CVE-2014-0160 ) in the popular OpenSSL cryptographic software library, that actually resides in the OpenSSL's implementation of the TLS/DTLS heartbeat extension, which allows attackers to read portions of the affected server's memory, potentially revealing users data such as usernames, passwords, and credit card numbers, that the server did not intend to reveal. OpenSSL is a widely-used cryptographic library which implements the SSL and TLS protocol and protects communications on the Internet, and mostly every websites use either SSL or TLS, even the Apache web server that powers almost half of the websites over internet utilizes OpenSSL. But to assume that the users using desktop browsers to visit websites are vulnerable to the Heartbleed bug, will be wrong. Despite 40

NSA can access your data on Smartphones including iPhone, BlackBerry and Android devices

NSA can access your data on Smartphones including iPhone, BlackBerry and Android devices
September 08, 2013Mohit Kumar
National Security Agency (NSA)  has the capability to access a broad range of data on most Smartphones out there, including iPhone, BlackBerry, and Android devices, according to the  documents provided by former US intelligence contractor Edward Snowden to the  German news agency Der Spiegel report. A 2009 NSA document states that it can " see and read SMS traffic ". This data includes Contact, call lists, SMS traffic, notes and location data about where a user has been, the NSA has set up teams to specialize in cracking each operating system. The leaked information also revealed that the NSA has organized a working group for each operating system. The documents also state the NSA has successfully accessed BlackBerry email data, a system previously thought to be very secure. Recently, two Guardian reporters , the Newspaper primarily responsible with leaking NSA documents, discovered a mystery app on their iPhones . It has no title, no identifying image,

Israel's Verint Systems get a contract from Indian government for interception program

Israel's Verint Systems get a contract from Indian government for interception program
July 29, 2013Mohit Kumar
Soon in December this year, India's new surveillance program - Centralized Monitoring System (CMS) will be able to analyze all telecommunications and Internet communications in India by the government and its agencies.  This means that everything we say or text over the phone, write, post or browse over the Internet will be centrally monitored by Indian authorities. Law enforcement and government agencies intercept, monitor, and analyze communications in order to uncover leads and build the evidence needed to neutralize terrorism and crime. Few days back, BlackBerry has given the necessary permissions for the Indian government to intercept messages sent from BlackBerry devices . According to latest reports - Verint Systems , Israel's cyber intelligence solutions provider , are soon to get a contract from the Indian government to track encrypted communication services such as Gmail, Yahoo . mail, BlackBerry services, Skype and so on. " Verint's leade

BlackBerry allows Indian government to Intercept emails and Chats

BlackBerry allows Indian government to Intercept emails and Chats
July 13, 2013Mohit Kumar
In 2010 the Indian authorities threatened to shut down BlackBerry's infrastructure unless it agreed to comply with lawful access requirements providing the government a way to intercept messages in order to prevent terrorist attacks. The long time dispute between the Indian government and BlackBerry over monitoring, tracking and interception is now resolved. Blackberry is ready to provide the Indian authorities with a way to lawful intercept consumers' messages sent and received on its platform including mails and peripherals, chats and browsing history on BlackBerry devices. But BlackBerry Enterprise Server has been left out of the interception solution which means corporate emails won't be under scrutiny. According to an internal document of the Department of Telecommunications (DoT), nine out of 10 telecom networks offering Blackberry services were in the process of making it possible for authorities to carry out intercepts. Blackberry train 5

World's most secure messaging service offers £10,000 if you crack it

World's most secure messaging service offers £10,000 if you crack it
May 01, 2013Mohit Kumar
Privacy conscious phone users are being offered a new app that claims to be the world's first totally secure messaging service. A London-based iPhone messaging app claims to be unhackable and is offering reward to anyone who can intercept a message sent by it.  Redact believes that messages sent via the app are completely secure, and to prove it a reward of £10,000 has been offered. The application creates a secure and encrypted peer-to-peer network between two iPhones, with messages sent directly from one phone to another and not through the company's servers.  The company has already offered its Secure Messenger service for free to MPs and submitted the technology to CESG, the Government's National Technical Authority for Information Assurance, which provides advice on the security of communications and electronic data. With Redact there are no user names, phone numbers or email addresses. Instead, new users are automatically assigned a unique PIN, simi

Android developer said 'F-Secure can say that anything is malware'

Android developer said 'F-Secure can say that anything is malware'
March 07, 2013Wang Wei
As the popularity of Android has boomed, more and more malware is targeting the platform. Digital miscreants are using fraudulent developer accounts on Google's Play marketplace to spread malware. According to latest  Mobile Threat report from F-Secure , Android malware continued to gain in share in 2012 and was responsible for 79 percent of all threats for the year, up from 66 percent in 2011, but Google developer responded with," F-Secure can say that anything is malware ". F-secure report said, In the fourth quarter alone, 96 new families and variants of Android threats were discovered, which almost doubles the number recorded in the previous quarter.  According to official Google figures, there are over 700,000 apps and games in the Play marketplace and malware on Android jumped 850 percent between 2012 and this year. Whereas an Google Android developer reply to TechCrunch technology generalist ," They say they detected Trojans  but they di

BlackBerry Enterprise Servers vulnerable to TIFF Image based Exploit

BlackBerry Enterprise Servers vulnerable to TIFF Image based Exploit
February 19, 2013Wang Wei
If you are a BlackBerry Enterprise Network user, here is something you need to be careful about. BlackBerry Enterprise Server (BES) users have been warned that an image-based exploit could allow hackers to access and execute code on the servers used to support corporate users of BlackBerry smartphones.  The flaw that been rated as high severity and actual vulnerability in BlackBerry Enterprise Servers resulted from how the server processes image files. Scenario to Exploit Vulnerability :  A malicious person writes a special code and then embeds it in a TIFF image file. The person then convinces a Blackberry smart phone user (whose phone is connected to a corporate BES) to view the TIFF file. As soon as the image file loads on the phone, the code runs on the Blackberry Enterprise server and either opens up a back door in the network or causes the network to crash altogether as instructed in the basic code. " RIM is not aware of any attacks on or specifically target

Indian Government Wiretapping and started BlackBerry interception

Indian Government Wiretapping and started BlackBerry interception
January 05, 2013Mohit Kumar
According to a report, All major Indian telecom companies, including Bharti Airtel, Vodafone India and Tata Tele services, have agreed to share real-time interception of BlackBerry calls and data services on their networks with Security agencies to meet the December 31 deadline fixed by the Indian government . Research In Motion (RIM), the manufacturer of BlackBerry, has been directed to provide the resolution and web-browsing needs of the BlackBerry Internet Services. This is to be done in discussion with concerned service providers and law interception organisations. Earlier in 2011, the government set the deadline for RIM to come up with facilities for interception, or face closure of their operations in India. The security agencies in the country have been trying to get the company to install local servers so they could access and monitor the stream of messages going back and forth to implement better security in the country. The Ministry for Home Affairs ordered in
Deals — IT Courses and Software

Sign up for our cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.