Menu

Blog

Archive for the ‘cybercrime/malcode’ category: Page 28

Oct 11, 2023

Data Thieves Test-Drive Unique Certificate Abuse Tactic

Posted by in categories: cryptocurrencies, cybercrime/malcode

https://informatech.co/3RVp6BM by Elizabeth Montalbano.


Attackers are employing a new type of certificate abuse in an attempt to spread info-stealing malware, with the aim of collecting credentials and other sensitive data. In some instances, the goal is to steal cryptocurrency from Windows systems.

The campaign uses search engine optimization (SEO) poisoning to deliver search results featuring malicious pages promoting illegal software cracks and downloads. In the background, the pages deliver remote access Trojans (RATs) known as LummaC2, and RecordBreaker (aka Raccoon Stealer V2) researchers from South Korea-based AhnLab revealed in a blog post on Oct. 10.

Continue reading “Data Thieves Test-Drive Unique Certificate Abuse Tactic” »

Oct 11, 2023

Badbox Operation Targets Android Devices in Fraud Schemes

Posted by in categories: cybercrime/malcode, robotics/AI

After a researcher discovered that an Android TV streaming box, known as T95, was infected with preloaded malware, researchers at Human Security released information regarding the extent of infected devices and how malicious schemes are connected to these corrupted products.

Daniel Milisic, a systems security consultant, created a script alongside instructions to help other users mitigate the threat after first coming across the issue. Now, Human Security’s threat intelligence and research team has dubbed the operation “Bandbox,” which it characterizes as a complex, interconnected series of ad fraud schemes on a massive scale.

Human Security describes the operation as “a global network of consumer products with firmware backdoors installed and sold through a normal hardware supply chain.” Once activated, the malware on the devices connect to a command-and-control (C2) server for further instructions. In tandem, a botnet known as Peachpit is integrated with Badbox, and engages in ad fraud, residential proxy services, fake email/messaging accounts, and unauthorized remote code installation.

Oct 10, 2023

Preparing for the Unexpected: A Proactive Approach to Operational Resilience

Posted by in categories: cybercrime/malcode, finance

FS-ISAC executive shares tips on operational resilience in the face of cyber threats. #cyberattacks


Preparing for the unexpected may be a contradiction in terms, but for financial firms it is essential for survival. The sector has long been a target for threat actors, given that this is where the world’s money is. And as the financial ecosystem becomes increasingly interconnected, threats to its security and resilience are rapidly evolving and increasing.

Operational resilience is not just about responding with agility to risks but also maintaining continuity of operations with minimal or — even better — no disruptions. So, whereas cybersecurity is about preventing and defending against cyberattacks, resilience focuses on sustaining operations despite attacks.

Continue reading “Preparing for the Unexpected: A Proactive Approach to Operational Resilience” »

Oct 7, 2023

Attacks on Maximum Severity WS_FTP Bug Have Been Limited — So Far

Posted by in category: cybercrime/malcode

After an early flurry of exploit activity, attacks targeting a maximum-severity flaw that Progress Software disclosed in its WS_FTP Server file transfer product last week appear to have been somewhat limited so far.

However, that’s no reason for organizations to delay patching the vulnerability as soon as possible, given how widely attackers exploited a similarly critical zero-day flaw that Progress reported in its MOVEit file transfer software in May.

CVE-2023–40044 is a. NET deserialization vulnerability in WS_FTP that researchers have shown can be exploited with a single HTTPS POST and some specific multi-part data. Progress disclosed the bug on Sept. 27, with a recommendation for organizations to apply the company’s update for it as soon as possible.

Oct 6, 2023

23andMe Cyberbreach Exposes DNA Data, Potential Family Ties

Posted by in categories: biotech/medical, cybercrime/malcode, genetics

23andMe, the popular DNA testing company, has launched an investigation after client information was listed for sale on a cybercrime forum this week.

On Oct. 1, a post was published on the forum with a link to a sample of allegedly “20 million pieces of data” from the genetic testing company, claiming that it was “the most valuable data you’ll ever see.” The first leak included 1 million lines of data, but on Oct. 4, the threat actor began offering bulk data profiles ranging from $1 to $10 per account in batches of 100, 1,000, 10,000, and 100,000 profiles.

The information leaked in the breach includes names, usernames, profile photos, gender, birthdays, geographical location, and genetic ancestry results.

Oct 6, 2023

AI and Emerging Tech Challenges Call for Collaborative Solutions

Posted by in categories: cybercrime/malcode, policy, robotics/AI

Artificial intelligence (AI) and emerging technologies have ushered in a new era, bringing unprecedented opportunities and challenges. In today’s rapidly evolving digital landscape, addressing these multifaceted challenges necessitates a collaborative effort spanning various sectors and calls for policy reforms while emphasizing global cooperation.

The rapid advancement of technologies, particularly artificial intelligence, has introduced transformative possibilities alongside a range of concerns. While AI holds the potential to revolutionize industries and enhance our daily lives, it also raises pressing issues related to data privacy, misinformation, and cybersecurity.

Experts have proposed adopting the “information environment” framework to address these multifaceted challenges. This framework comprises three essential components:

Oct 4, 2023

National Security Agency is starting an artificial intelligence security center

Posted by in categories: cybercrime/malcode, robotics/AI

The — a crucial mission as AI capabilities are increasingly acquired, developed and integrated into U.S. defense and intelligence systems, the agency’s outgoing director announced Thursday.

Army Gen. Paul Nakasone said the center would be incorporated into the NSA’s Cybersecurity Collaboration Center, where it works with private industry and international partners to harden the U.S. defense-industrial base against threats from adversaries led by China and Russia.

“We maintain an advantage in AI in the United States today. That AI advantage should not be taken for granted,” Nakasone said at the National Press Club, emphasizing the threat from Beijing in particular.”

Continue reading “National Security Agency is starting an artificial intelligence security center” »

Oct 3, 2023

Why Big Tech’s bet on AI assistants is so risky

Posted by in categories: cybercrime/malcode, internet, robotics/AI

This is a risky bet, given the limitations of the technology. Tech companies have not solved some of the persistent problems with AI language models, such as their propensity to make things up or “hallucinate.” But what concerns me the most is that they are a security and privacy disaster, as I wrote earlier this year. Tech companies are putting this deeply flawed tech in the hands of millions of people and allowing AI models access to sensitive information such as their emails, calendars, and private messages. In doing so, they are making us all vulnerable to scams, phishing, and hacks on a massive scale.

I’ve covered the significant security problems with AI language models before. Now that AI assistants have access to personal information and can simultaneously browse the web, they are particularly prone to a type of attack called indirect prompt injection. It’s ridiculously easy to execute, and there is no known fix.

In an indirect prompt injection attack, a third party “alters a website by adding hidden text that is meant to change the AI’s behavior,” as I wrote in April. “Attackers could use social media or email to direct users to websites with these secret prompts. Once that happens, the AI system could be manipulated to let the attacker try to extract people’s credit card information, for example.” With this new generation of AI models plugged into social media and emails, the opportunities for hackers are endless.

Oct 2, 2023

Billions of Email and Password Combinations Leaked by DarkBeam

Posted by in category: cybercrime/malcode

This post is also available in: he עברית (Hebrew)

DarkBeam is a digital risk protection firm, which left its interface unprotected and so exposed records with user emails and passwords from previously reported and non-reported data breaches. These leaked logins present cybercriminals with almost limitless attack capabilities.

The CEO of SecurityDiscovery Bob Diachenko first identified the leak, and he states that it contained over 3.8 billion records. DarkBeam has apparently been collecting information to alert its customers in case of a data breach, but this incident will most likely affect more than only DarkBeam users.

Sep 29, 2023

Threat Data Feeds and Threat Intelligence Are Not the Same Thing

Posted by in categories: cybercrime/malcode, electronics

In cybersecurity, “threat data feeds” and “threat intelligence” are often used interchangeably. They are, however, quite different. To make matters worse, the term “threat intelligence” has been co-opted and watered down by vendors, making it even more difficult to define the difference between threat data feeds and threat intelligence.

An easy, and accessible, way to tell the difference is to think about weather forecasts. National TV news shows present a forecast for the entire country. You might get some useful information from this, but usually you just get an idea of what the weather is like nationwide. Local weather, however, drills down into the expected conditions for your specific area — not only temperature and weather, but also wind speed, barometric pressure, times for weather changes, and so on. You can use this information to plan out your actions for the next few days.

Using the weather forecast analogy, threat data feeds provide a high-level view of the security landscape. For example, it is useful to know that there is a vulnerability in a specific type of software, but it can be relatively trivial if that software is not in use at your organization. Likewise, knowing which threat groups are active is useful information, but how do you know if they are targeting your sector or organization and what processes and tools they are using?

Page 28 of 212First2526272829303132Last