Archive for the ‘cybercrime/malcode’ category: Page 11

Jan 26, 2023

Scammers posed as tech support to hack employees at two US agencies last year, officials say

Posted by in categories: cybercrime/malcode, government

Cybercriminals hacked employees of at least two US federal civilian agencies last year as part of a “widespread” fraud campaign that sought to steal money from individuals’ bank accounts, US cybersecurity officials revealed Wednesday.

In one case, the unidentified hackers posed as tech support, convinced a federal employee to call them and then instructed the federal employee to visit a malicious website, according to the advisory from the US Cybersecurity and Infrastructure Security Agency, National Security Agency and a threat-sharing center for state and local governments known as MS-ISAC.

The goal of the scam, which appears to have hit both private sector and government agencies, was to trick victims into sending the scammers money. It was unclear if that happened in the case of the federal employees.

Jan 25, 2023

Malware exploited critical Realtek SDK bug in millions of attacks

Posted by in categories: cybercrime/malcode, electronics

Hackers have leveraged a critical remote code execution vulnerability in Realtek Jungle SDK 134 million attacks trying to infect smart devices in the second half of 2022.

Exploited by multiple threat actors, the vulnerability is tracked as CVE-2021–35394 and comes with a severity score of 9.8 out of 10.

Between August and October last year, sensors from Palo Alto Networks observed significant exploitation activity for this security issue, accounting for more than 40% of the total number of incidents.

Jan 24, 2023

EXCLUSIVE: U.S. airline accidentally exposes ‘No Fly List’ on unsecured server

Posted by in categories: cybercrime/malcode, government, internet

An unsecured server discovered by a security researcher last week contained the identities of hundreds of thousands of individuals from the U.S. government’s Terrorist Screening Database and “No Fly List.”

Located by the Swiss hacker known as maia arson crimew, the server, run by the U.S. national airline CommuteAir, was left exposed on the public internet. It revealed a vast amount of company data, including private information on almost 1,000 CommuteAir employees.

CommuteAir also confirmed the legitimacy of the data, stating that it was a version of the “federal no-fly list” from roughly four years prior.

Continue reading “EXCLUSIVE: U.S. airline accidentally exposes ‘No Fly List’ on unsecured server” »

Jan 24, 2023

Ransomware access brokers use Google ads to breach your network

Posted by in category: cybercrime/malcode

A threat actor tracked as DEV-0569 uses Google Ads in widespread, ongoing advertising campaigns to distribute malware, steal victims’ passwords, and ultimately breach networks for ransomware attacks.

Over the past couple of weeks, cybersecurity researchers MalwareHunterTeam, Germán Fernández, and Will Dormann have illustrated how Google search results have become a hotbed of malicious advertisements pushing malware.

These ads pretend to be websites for popular software programs, like LightShot, Rufus, 7-Zip, FileZilla, LibreOffice, AnyDesk, Awesome Miner, TradingView, WinRAR, and VLC.

Jan 24, 2023

FBI: North Korean hackers stole $100 million in Harmony crypto hack

Posted by in category: cybercrime/malcode

The FBI has concluded its investigation on the $100 million worth of ETH heist that hit Harmony Horizon in June 2022 and validated that the hackers responsible for it are the Lazarus group and APT38.

Jan 24, 2023

ChatGPT Can Be Used to Create Dangerous Polymorphic Malware

Posted by in categories: cybercrime/malcode, robotics/AI

Polymorphic malware could be easily made using ChatGPT. With relatively little effort or expenditure on the part of the attacker, this malware’s sophisticated capabilities can readily elude security tools and make mitigation difficult.

Malicious software called ‘Polymorphic Malware’ has the capacity to alter its source code in order to avoid detection by antivirus tools. It is a very potent threat because it may quickly change and propagate before security systems can catch it.

According to researchers, getting around the content filters that prevent the chatbot from developing dangerous software is the first step. The bot was instructed to complete the task while adhering to a number of constraints, and the researchers were given a working code as an outcome.

Jan 24, 2023

ChatGPT passes Wharton Business School’s MBA exam, gets a B

Posted by in categories: business, cybercrime/malcode, mathematics, robotics/AI

Sometimes, ChatGPT made “surprising” mistakes in school-level math.

Microsoft-backed OpenAI’s AI chatbot ChatGPT has been making headlines ever since it was released to the public on November 30. It can break down complex scientific concepts, compose poems, write stories, code, and create malware…the list is endless. OpenAI has also released a paid version of the chatbot. Known as ‘ChatGPT Professional’, it is available at $42 per month.


Continue reading “ChatGPT passes Wharton Business School’s MBA exam, gets a B” »

Jan 23, 2023

A three-stage authentication system for the metaverse

Posted by in categories: cybercrime/malcode, robotics/AI, space, virtual reality

In recent years, many computer scientists have been exploring the notion of metaverse, an online space in which users can access different virtual environments and immersive experiences, using VR and AR headsets. While navigating the metaverse, users might also share personal data, whether to purchase goods, connect with other users, or for other purposes.

Past studies have consistently highlighted the limitations of password authentication systems, as there are now many cyber-attacks and strategies for cracking them. To increase the of users navigating the metaverse, therefore, password-based authentication would be far from ideal.

This inspired a team of researchers at VIT-AP University in India to create MetaSecure, a password-less authentication system for the metaverse. This system, introduced in a paper pre-published on arXiv, combines three different authentication techniques, namely device attestation, and physical security keys.

Jan 19, 2023

Ransomware attack cuts 1,000 ships off from on-shore servers

Posted by in category: cybercrime/malcode

Get your eyepatch out: Cyber attacks on the high seas are trending.

Jan 18, 2023

Scientist Is Going To Prove The Matrix Is Real

Posted by in category: cybercrime/malcode

A scientist is now aiming to prove that The Matrix is based on fact, and that the simulation we live in can be hacked.

Page 11 of 170First89101112131415Last