Menu

Blog

Archive for the ‘cybercrime/malcode’ category: Page 30

Sep 14, 2023

Recent Rhysida Attacks Show Focus on Healthcare by Ransomware Actors

Posted by in categories: biotech/medical, cybercrime/malcode, health

The threat group behind the fast-growing Rhysida ransomware-as-a-service operation has claimed credit for an Aug. 19 attack that crippled systems at Singing River Health System, one of Mississippi’s largest healthcare entities.

The attack follows one against California’s Prospect Medical Holdings in August that affected 16 hospitals and more than 160 clinics around the country. The wide scope of that incident prompted an alert from the Health Sector Cybersecurity Coordination Center to other organizations in the industry.

The attack on Singing River impacted three hospitals and some 10 clinics belonging to the system and is likely to reinforce Rhysida’s credentials as a growing threat to healthcare organizations in the US. It’s also a reminder of the surging interest in the sector from ransomware actors who, early in the COVID-19 pandemic, had piously vowed to stay away from attacking hospitals and other healthcare entities.

Sep 14, 2023

When LockBit Ransomware Fails, Attackers Deploy Brand-New ‘3AM’

Posted by in category: cybercrime/malcode

In a recent attack against a construction company, hackers who failed to execute LockBit in a target network were observed deploying a second, never-before-seen ransomware, which managed to break through.

The new tool is rather standard fare, blocking various cybersecurity and backup-related software before locking up files on its host computer. But it distinguishes itself with an adorable little theme: 3 a.m., a time when perhaps only insomniacs, hardcore night owls, and black hat hackers are still up and working away.

In a report this week, researchers from Symantec described the first observed use of 3AM — a double-whammy attack in which the LockBit ransomware was blocked but then 3AM squeaked through in one compromised machine.

Sep 14, 2023

Password-stealing Linux malware served for 3 years and no one noticed

Posted by in category: cybercrime/malcode

A download site surreptitiously served Linux users malware that stole passwords and other sensitive information for more than three years until it finally went quiet, researchers said on Tuesday.

The site, freedownloadmanager[.]org, offered a benign version of a Linux offering known as the Free Download Manager. Starting in 2020, the same domain at times redirected users to the domain deb.fdmpkg[.]org, which served a malicious version of the app. The version available on the malicious domain contained a script that downloaded two executable files to the /var/tmp/crond and /var/tmp/bs file paths. The script then used the cron job scheduler to cause the file at /var/tmp/crond to launch every 10 minutes. With that, devices that had installed the booby-trapped version of Free Download Manager were permanently backdoored.

After accessing an IP address for the malicious domain, the backdoor launched a reverse shell that allowed the attackers to remotely control the infected device. Researchers from Kaspersky, the security firm that discovered the malware, then ran the backdoor on a lab device to observe how it behaved.

Sep 13, 2023

If you worry about humanity, you should be more scared of humans than of AI

Posted by in categories: cybercrime/malcode, existential risks, robotics/AI

Advances in artificial intelligence have prompted extensive public concern about its capacity to contribute to the spread of misinformation, bias, and cybersecurity breaches—and its potential existential threat to humanity. But, if anything, AI can aid human beings in making decisions aimed at improving social equality, safety, productivity—and mitigate some existential threats.

Sep 12, 2023

MGM Resorts hit by ‘cybersecurity issue,’ leading to massive outage

Posted by in category: cybercrime/malcode

MGM Resorts shut down certain systems, impacting gambling at its casinos, on Monday.

Sep 11, 2023

Move over AI, quantum computing will be the most powerful and worrying technology

Posted by in categories: cybercrime/malcode, military, quantum physics, robotics/AI

Head over to our on-demand library to view sessions from VB Transform 2023. Register Here

In 2022, leaders in the U.S. military technology and cybersecurity community said that they considered 2023 to be the “reset year” for quantum computing. They estimated the time it will take to make systems quantum-safe will match the time that the first quantum computers that threaten their security will become available: both around four to six years. It is vital that industry leaders quickly start to understand the security issues around quantum computing and take action to resolve the issues that will arise when this powerful technology surfaces.

Quantum computing is a cutting-edge technology that presents a unique set of challenges and promises unprecedented computational power. Unlike traditional computing, which operates using binary logic (0s and 1s) and sequential calculations, quantum computing works with quantum bits, or qubits, that can represent an infinite number of possible outcomes. This allows quantum computers to perform an enormous number of calculations simultaneously, exploiting the probabilistic nature of quantum mechanics.

Sep 10, 2023

How to Figure Out If Your Phone Has Malware

Posted by in categories: cybercrime/malcode, mobile phones

Has your phone been acting up? Here’s how to check if malware is to blame, and what to do if it is.

Sep 10, 2023

MOVEit Breach Shows Us SQL Injections Are Still Our Achilles’ Heel

Posted by in category: cybercrime/malcode

In late 1998, when I was just beginning my career in technology, I read in the venerable Phrack magazine how poor input sanitization allowed rain.forest.puppy (the pseudonym used by Jeff Forristal) to pass SQL query strings directly to the back-end database of a Web application.

It’s an unfortunate reality that a quarter of a century later, SQL injection — among the lowest hanging of security fruit — is still included in the Open Worldwide Application Security Project (OWASP) Top 10 list of security vulnerabilities. One of the worst attacks ever occurred back in 2008, when Heartland Payment Systems was breached and more than 130 million credit and debit card numbers were compromised. In 2023, the Cl0p ransomware group exploited previously unknown SQL injection vulnerabilities in MOVEit, Progress Software’s file transfer program, and compromised hundreds of victims as part of a supply chain attack.

We do not have insight into Progress Software’s software development life cycle or security practices to ascertain what happened. While a vulnerability assessment system or even a bug hunting program could have potentially identified SQL injection flaws in the code before it was exploited, focusing on producing code that is secure by construction is an even better way to address this class of vulnerability.

Sep 9, 2023

How Meta is using our personal data for AI (and how to opt out)

Posted by in categories: cybercrime/malcode, robotics/AI

Meta is collecting personal data to train AI.

Sep 9, 2023

Microsoft Engineer’s Account Attacked, Leading to Chinese Hack of US Officials

Posted by in category: cybercrime/malcode

This post is also available in: he עברית (Hebrew)

A recent Chinese hack of senior officials at the U.S. State and Commerce departments was apparently a result of the compromise of a Microsoft engineer’s corporate account, and stealing a valuable key, as reported by Microsoft Corp (MSFT.O).

According to Reuters, Microsoft has stated that the engineer’s account had been compromised by the “Storm-0558” hacking group, which allegedly used the key to forge authentication tokens to access email accounts on Microsoft’s cloud servers including top American officials such as Commerce Secretary Gina Raimondo, US Ambassador to China Nicholas Burns and Assistant Secretary of State for East Asia Daniel Kritenbrink.

Page 30 of 212First2728293031323334Last