Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 34

This AI Agent Will Defend You From Cyber Attacks

Coming out of stealth, cybersecurity startup Twine announced today $12 million in seed funding, co-led by Ten Eleven Ventures and Dell Technologies Capital, with participation from angel investors including the founders of Wiz. Twine plans to address cybersecurity’s critical talent shortage by developing AI agents or “digital employees” to augment companies’ security teams. Alex, Twine’s first digital employee, is an expert in identity and access management or IAM.

Alex is deployed as a SaaS platform, connecting to different systems within the customer’s environment. “The user interacts with the Alex interface in order to ask him questions or assign tasks,” explains Benny Porat, Twine’s co-founder and CEO. “For any task assigned, Alex creates a plan, seeks approval, provides full visibility, and proceeds with an A-to-Z execution of the plan.”

In a report published a few months ago, the World Economic Forum warned that the “cybersecurity industry faces a critical global shortage of nearly 4 million professionals.” This at a time when the rapid adoption of cloud computing, remote work and new AI solutions has significantly increased the number of cyber attacks.

Microsoft Patch Tuesday, November 2024 Edition

Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November’s patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed prior to today.

The zero-day flaw tracked as CVE-2024–49039 is a bug in the Windows Task Scheduler that allows an attacker to increase their privileges on a Windows machine. Microsoft credits Google’s Threat Analysis Group with reporting the flaw.

Global Fintech Giant Finastra Investigating Data Breach

Finastra, a global leader in financial technology that serves 45 of the world’s top 50 banks, has confirmed a major data breach impacting its internal file transfer system. The London-based firm, which facilitates vital banking and wire transfers for over 8,100 financial institutions worldwide, detected the breach on Nov. 7.

The breach targeted Finastra’s internally hosted Secure File Transfer Platform, or SFTP, which was exploited using stolen credentials—essentially, a username and password. The attacker claims to have leveraged IBM Aspera, a high-speed file transfer tool to exfiltrate data from Finastra’s systems.

The cybercriminal, known by the alias “abyss0,” first advertised the stolen data for sale on BreachForums, a notorious online marketplace for cybercrime, on October 31. Initially priced at $20,000, the data’s asking price was later halved to $10,000. After gaining attention, “abyss0” disappeared, erasing their presence on both BreachForums and Telegram. This sudden retreat suggests they either secured a buyer or sought to avoid further scrutiny.

New Stealthy BabbleLoader Malware Spotted Delivering WhiteSnake and Meduza Stealers

Cybersecurity researchers have shed light on a new stealthy malware loader called BabbleLoader that has been observed in the wild delivering information stealer families such as WhiteSnake and Meduza.

BabbleLoader is an “extremely evasive loader, packed with defensive mechanisms, that is designed to bypass antivirus and sandbox environments to deliver stealers into memory,” Intezer security researcher Ryan Robinson said in a report published Sunday.

Evidence shows that the loader is being used in several campaigns targeting both English and Russian-speaking individuals, primarily singling out users looking for generic cracked software as well as business professionals in finance and administration by passing it off as accounting software.

Identity Security Is The Cornerstone Of Modern Cyber Defense

The Semperis Hybrid Identity Protection conference kicked off today in New Orleans, gathering identity security experts, practitioners, and thought leaders to explore the evolving world of hybrid identity. This year’s conference, more relevant than ever, highlights a fundamental shift in how organizations approach identity—not just as a tool for managing user access but as a critical layer of cybersecurity that shapes an organization’s defensive posture. In an era of remote work, cloud adoption, and advanced cyber threats, identity has become the new perimeter, making events like HIP essential for fostering innovation, resilience, and collective knowledge in the industry.

Historically, identity management was an IT utility—a straightforward way to grant employees access to necessary resources. However, as digital transformations swept through organizations, the role of identity shifted dramatically. Identity is now central to security strategies, especially with the explosion of SaaS applications, remote access, and mobile workforces. For many organizations, identity is not just about provisioning accounts; it’s the first and last line of defense against unauthorized access and data breaches.

This transition has led to a realignment within organizations, where identity management is increasingly overseen by CISOs rather than traditional IT teams. CISOs recognize that identity management is a security function with direct implications on risk mitigation, compliance, and resilience.

You Can Lock Your Social Security Number After a Data Breach. Here’s How

Your Social Security number is essential for finding employment, filing taxes and applying for credit. It can also be a nightmare to recover if thieves get a hold of your SSN and use it to apply for jobs, open accounts in your name and steal your tax refund.

Blocking electronic access to your SSN may feel extreme — it’s certainly inconvenient. But if you’ve been a victim of identity theft or your personal identifiable information was compromised in a recent data breach, like the hacks of Change Healthcare or National Public Data, where hundreds of millions of people were impacted, locking your SSN may protect you from future harm.

Blocking access or “locking” your SSN will make it extremely difficult for an identity thief to use your SSN for malicious actions. This, coupled with a credit freeze, can help stop identity thieves in their tracks.

Hackers use macOS extended file attributes to hide malicious code

Hackers are using a novel technique that abuses extended attributes for macOS files to deliver a new trojan that researchers call RustyAttr.

The threat actor is hiding malicious code in custom file metadata and also uses decoy PDF documents to help evade detection.

The new technique is similar to how the Bundlore adware in 2020 hid its payloads in resource forks to hide payloads for macOS. It was discovered in a few malware samples in the wild by researchers at cybersecurity company Group-IB.