Category: cybercrime/malcode – Page 93
Roman Yampolskiy is an AI safety & security researcher. He’s a tenured associate professor at the University of Louisville and the director of the Cyber Security Laboratory.
The Human Podcast is a new show that explores the lives and stories of a wide range of individuals. New episodes are released every week — subscribe to stay notified.
AUDIO:
Spotify — Online Shortly.
Apple Podcasts — Online Shortly.
SOCIAL:
Elon Musk is finally revealing some specifics of his Twitter content moderation policy. Assuming he completes the buyout he initiated at $44 billion in April, it seems the tech billionaire and Tesla CEO is open to a “hands-on” approach — something many didn’t expect, according to an initial report from The Verge.
This came in reply to an employee-submitted question regarding Musk’s intentions for content moderation, where Musk said he thinks users should be allowed to “say pretty outrageous things within the law”, during an all-hands meeting he had with Twitter’s staff on Thursday.
Elon Musk views Twitter as a platform for ‘self-expression’
This exemplifies a distinction initially popularized by Renée DiResta, a disinformation authority — according to the report. But, during the meeting, Musk said he wants Twitter to impose a stricter standard against bots and spam, adding that “it needs to be much more expensive to have a troll army.”
A new hack called Hertzbleed can read snippets of data from computer chips remotely and could leave cryptography algorithms vulnerable to attack.
A new peer-to-peer botnet named Panchan appeared in the wild around March 2022, targeting Linux servers in the education sector to mine cryptocurrency.
Panchan is empowered with SSH worm functions like dictionary attacks and SSH key abuse to perform rapid lateral movement to available machines in the compromised network.
At the same time, it has powerful detection avoidance capabilities, such as using memory-mapped miners and dynamically detecting process monitoring to stop the mining module immediately.
Cybersecurity researchers have discovered adware and information-stealing malware on the Google Play Store last month, with at least five still available and having amassed over two million downloads.
Adware infections displaying unwanted advertisements that can be particularly intrusive, degrade the user experience, deplete the battery, generate heat, and even cause unauthorized charges.
This software generally tries to hide by masquerading as something else on the host device and makes money for remote operators by forcing the victim to perform views or clicks on affiliated advertisements.
Internet infrastructure firm Cloudflare said today that it mitigated a 26 million request per second distributed denial-of-service (DDoS) attack, the largest HTTPS DDoS attack detected to date.
The record-breaking attack occurred last week and targeted one of Cloudflare’s customers using the Free plan.
The threat actor behind it likely used hijacked servers and virtual machines seeing that the attack originated from Cloud Service Providers instead of weaker Internet of Things (IoT) devices from compromised Residential Internet Service Providers.
Microsoft says BlackCat ransomware affiliates are now attacking Microsoft Exchange servers using exploits targeting unpatched vulnerabilities.
In at least one incident that Microsoft’s security experts observed, the attackers slowly moved through the victim’s network, stealing credentials and exfiltrating information to be used for double extortion.
Two weeks after the initial compromise using an unpatched Exchange server as an entry vector, the threat actor deployed BlackCat ransomware payloads across the network via PsExec.
A pair of ransomware attacks crippled parts of the country—and rewrote the rules of cybercrime.