Tag Archives: highprofile

Fourth Fappening Hacker Admits to Stealing Celebrity Pics From iCloud Accounts

Fourth Fappening Hacker Admits to Stealing Pics From Celebrities’ iCloud Accounts

Almost three years after the massive leakage of high-profile celebrities’ nude photos—well known as “The Fappening” or “Celebgate” scandal—a fourth hacker has been charged with hacking into over 250 Apple iCloud accounts belonged to Hollywood celebrities.

A federal court has accused George Garofano, 26, of North Branford, of violating the Computer Fraud and Abuse Act, who had been arrested by the FBI.

Garofano has admitted to illegally obtaining credentials for his victims’ iCloud accounts using a phishing scheme, which eventually allowed him to steal personal information on his victims, including sensitive and private photographs and videos.

Among celebrities whose nude photographs were posted online back in 2014 are Jennifer Lawrence, Kim Kardashian, Kirsten Dunst, and Kate Upton. Also, female victims also include American Olympic gold medallist Misty May Treanor and actors Alexandra Chando, Kelli Garner and Lauren O’Neil.

Between April 2013 to October 2014, Garofano engaged in sending phishing emails pretended to be from Apple security team to several celebrities, tricking them into providing their iCloud account credentials, which they stole to access their accounts illegally.

“Garofano admitted that he sent emails to victims that appeared to be from security accounts of Apple and encouraged the victims to send him their usernames and passwords, or to enter them on a third-party website, where he would later retrieve them,” the Justice Department said.

Besides stealing victims’ personal information, including sensitive and private photographs and videos, from their iCloud accounts using stolen credentials, Garofano, in some instances, also traded the stolen credentials, along with the materials he stole from the victims’ accounts, with other individuals.

In a plea agreement signed Thursday in U.S. District Court in Los Angeles, Garofano agreed to plead guilty to one count of unauthorised access to a protected computer to obtain information, facing up to 5 years in prison.

Garofano is the fourth hacker charged in connection with the Celebgate incident. Emilio Herrera, 32, Edward Majerczyk, 28, and Ryan Collins, 36, pleaded guilty last year to being involved in the celebrity photo hack.

While Herrera is waiting for sentencing next month, Majerczyk was sentenced to nine months in prison and Collins was sentenced to 18 months last year.

The investigation into the Celebgate scandal is being conducted by the U.S. Federal Bureau of Investigation.

Hackers Use New Flash Zero-Day Exploit to Distribute FinFisher Spyware

flash-player-zero-day-exploit

FinSpy—the infamous surveillance malware is back and infecting high-profile targets using a new Adobe Flash zero-day exploit delivered through Microsoft Office documents.

Security researchers from Kaspersky Labs have discovered a new zero-day remote code execution vulnerability in Adobe Flash, which was being actively exploited in the wild by a group of advanced persistent threat actors, known as BlackOasis.

The critical type confusion vulnerability, tracked as CVE-2017-11292, could lead to code execution and affects Flash Player 21.0.0.226 for major operating systems including Windows, Macintosh, Linux and Chrome OS.

Researchers say BlackOasis is the same group of attackers which were also responsible for exploiting another zero-day vulnerability (CVE-2017-8759) discovered by FireEye researchers in September 2017.

Also, the final FinSpy payload in the current attacks exploiting Flash zero-day (CVE-2017-11292) shares the same command and control (C&C) server as the payload used with CVE-2017-8759 (which is Windows .NET Framework remote code execution).

So far BlackOasis has targeted victims in various countries including Russia, Iraq, Afghanistan, Nigeria, Libya, Jordan, Tunisia, Saudi Arabia, Iran, the Netherlands, Bahrain, United Kingdom and Angola.

The newly reported Flash zero-day exploit is at least the 5th zero-day that BlackOasis group exploited since June 2015.

The zero-day exploit is delivered through Microsoft Office documents, particularly Word, attached to a spam email, and embedded within the Word file includes an ActiveX object which contains the Flash exploit.

The exploit deploys the FinSpy commercial malware as the attack’s final payload.

“The Flash object contains an ActionScript which is responsible for extracting the exploit using a custom packer seen in other FinSpy exploits,” the Kaspersky Labs researchers say.

FinSpy is a highly secret surveillance tool that has previously been associated with Gamma Group, a British company that legally sells surveillance and espionage software to government agencies across the world.

FinSpy, also known as FinFisher, has extensive spying capabilities on an infected system, including secretly conducting live surveillance by turning ON its webcams and microphones, recording everything the victim types on the keyboard, intercepting Skype calls, and exfiltration of files.

To get into a target’s system, FinSpy usually makes use of various attack vectors, including spear phishing, manual installation with physical access to the affected device, zero-day exploits, and watering hole attacks.

“The attack using the recently discovered zero-day exploit is the third time this year we have seen FinSpy distribution through exploits to zero-day vulnerabilities,” said Anton Ivanov, lead malware analyst at Kaspersky Lab.

“Previously, actors deploying this malware abused critical issues in Microsoft Word and Adobe products. We believe the number of attacks relying on FinSpy software, supported by zero day exploits such as the one described here, will continue to grow.”

Kaspersky Lab reported the vulnerability to Adobe, and the company has addressed the vulnerability with the release of Adobe Flash Player versions 27.0.0.159 and 27.0.0.130.

Just last month, ESET researchers discovered legitimate downloads of several popular apps like WhatsApp, Skype, VLC Player and WinRAR (reportedly compromised at the ISP level) that were also distributing FinSpy.

So, businesses and government organizations around the world are strongly recommended to install the update from Adobe as soon as possible.

Microsoft will also likely be releasing a security update to patch the Flash Player components used by its products.

Powered by WPeMatico