Lifeboat Foundation

A shadow war is a war that, officially, does not exist. As mercenaries, hackers and drones take over the role armies once played, shadow wars are on the rise.

States are evading their responsibilities and driving the privatization of violence. War in the grey-zone is a booming business: Mercenaries and digital weaponry regularly carry out attacks, while those giving orders remain in the shadows.

Continue reading “Drones, hackers and mercenaries — The future of war | DW Documentary” »

The Cybersecurity and Infrastructure Security Agency (CISA) has added nine more security flaws to its list of actively exploited bugs, including a VMware privilege escalation flaw and a Google Chrome zero-day that could be used for remote code execution.

The VMware vulnerability (CVE-2022–22960) was patched on April 6th, and it allows attackers to escalate privileges to root on vulnerable servers due to improper permissions in support scripts.

A Chrome zero-day was also included in CISA’s Known Exploited Vulnerabilities (KEV) catalog, a bug tracked as CVE-2022–1364 and allowing remote code execution due to a V8 type confusion weakness.

“This is the most expansive industrial control system attack tool that anyone has ever documented,” says Sergio Caltagirone, the vice president of threat intelligence at industrial-focused cybersecurity firm Dragos, which contributed research to the advisory and published its own report about the malware. Researchers at Mandiant, Palo Alto Networks, Microsoft, and Schneider Electric also contributed to the advisory. “It’s like a Swiss Army knife with a huge number of pieces to it.”

Dragos says the malware has the ability to hijack target devices, disrupt or prevent operators from accessing them, permanently brick them, or even use them as a foothold to give hackers access to other parts of an industrial control system network. He notes that while the toolkit, which Dragos calls “Pipedream,” appears to specifically target Schneider Electric and OMRON PLCs, it does so by exploiting underlying software in those PLCs known as Codesys, which is used far more broadly across hundreds of other types of PLCs. This means that the malware could easily be adapted to work in almost any industrial environment. “This toolset is so big that it’s basically a free-for-all,” Caltagirone says. “There’s enough in here for everyone to worry about.”

The CISA advisory refers to an unnamed “APT actor” that developed the malware toolkit, using the common acronym APT to mean advanced persistent threat, a term for state-sponsored hacker groups. It’s far from clear where the government agencies found the malware, or which country’s hackers created it—though the timing of the advisory follows warnings from the Biden administration about the Russian government making preparatory moves to carry out disruptive cyberattacks in the midst of its invasion of Ukraine.

Medical tech company Viz.ai, a developer of an AI-powered stroke detection and care platform, has pulled in a new investment of $100 million at a valuation of $1.2 billion, making it Israel’s newest unicorn (a private company valued at over $1 billion).

The company said Thursday that the Series D funding will be used to expand the Viz platform to detect and triage additional diseases and grow its customer base globally.

Viz.ai’s newest round was led by Tiger Global Management, a New York-based investment firm focused on software and financial tech, and Insight Partners, a VC and private equity firm also based in New York. Tiger Global has invested in Israeli companies such as cybersecurity companies Snyk and SentinelOne as well as payroll tech companies Papaya Global and HoneyBook. Insight Partners is a very active foreign investor in Israeli companies, with at least 76 local portfolio startups to its name including privacy startup PlainID, bee tech startup Beewise, and music tech startup JoyTunes.

Closes July 31st at Midnight

The Texas Cyber Summit is a three day multi-track novice to ninja technical cybersecurity event held annually with an expectation of over 1,200 participants in-person. Note that the in-person will take place in September 22nd – 24th, and the Virtual Conference will take place in November 5th. Featuring five dedicated learning tracks for the aspiring Cybersecurity novice to the expert operator. Deeply technical, research and management briefings that address the entire cyber threat landscape. The Texas Cyber Summit is held in Austin, Tx and is a IRS 501C3 Non-Profit Organization.

Austin is home to major fortune 500 companies, Cyber Futures Command, Defense Logistics Agency, and Air force logistics. We host Specialized tracks include teaching, training, responsibilities, and ethics in specialized fields such as digital forensics, Scada, Supply Chain, Red Team Tools, Tactics and Procedures, Blue Team and the Art of Defense, and much more.

A banking trojan for Android that researchers call Fakecalls comes with a powerful capability that enables it to take over calls to a bank’s customer support number and connect the victim directly with the cybercriminals operating the malware.

Disguised as a mobile app from a popular bank, Fakecalls displays all the marks of the entity it impersonates, including the official logo and the customer support number.

When the victim tries to call the bank, the malware breaks the connection and shows its call screen, which is almost indistinguishable from the real one.

Cybersecurity researchers have detailed a “simple but efficient” persistence mechanism adopted by a relatively nascent malware loader called Colibri, which has been observed deploying a Windows information stealer known as Vidar as part of a new campaign.

“The attack starts with a malicious Word document deploying a Colibri bot that then delivers the Vidar Stealer,” Malwarebytes Labs said in an analysis. “The document contacts a remote server at (securetunnel[.]co) to load a remote template named ‘trkal0.dot’ that contacts a malicious macro,” the researchers added.

First documented by FR3D.HK and Indian cybersecurity company CloudSEK earlier this year, Colibri is a malware-as-a-service (MaaS) platform that’s engineered to drop additional payloads onto compromised systems. Early signs of the loader appeared on Russian underground forums in August 2021.

Cybercriminals have started using Static Web Apps, an Azure service, in their phishing attacks against Microsoft 365 (opens in new tab) users.

Researchers from MalwareHunterTeam noted Static Web Apps have two features that are being abused with ease — custom branding for web apps, and web hosting for static content such as HTML, CSS, JavaScript, or images.

Hackers so far are focusing on decentralized finance (DeFi) projects to steal crypto this year, a new report found, a reversal from 2021 when they used scams and online fraud for most of their exploits.

So far, investors have lost over $1.22 billion to hackers in the first three months of the year, nearly eight times more than the $154 million lost in the first quarter of 2021, according to crypto security firm Immunefi. Ninety-nine percent of those losses were from software exploits, the report found, specifically the hacks against Wormhole and Ronin.

This is not an anomaly, experts warn. It’s likely this kind of nefarious activity will become more common, while scamming of investors could wane.