Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 139

A new spear-phishing campaign is targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated backdoor trojan called “more_eggs.”

To increase the odds of success, the phishing lures take advantage of malicious ZIP archive files that have the same name as that of the victims’ job titles taken from their LinkedIn profiles.

“For example, if the LinkedIn member’s job is listed as Senior Account Executive—International Freight the malicious zip file would be titled Senior Account Executive—International Freight position (note the ‘position’ added to the end),” cybersecurity firm eSentire’s Threat Response Unit (TRU) said in an analysis. “Upon opening the fake job offer, the victim unwittingly initiates the stealthy installation of the fileless backdoor, more_eggs.”

Read more | >

Data affecting more than 500 million Facebook users that was originally leaked in 2019, including email addresses and phone numbers, has been posted on an online hackers forum, according to media reports and a cybercrime expert.

“All 533000, 000 Facebook records were just leaked for free,” Alon Gal, at the Hudson Rock cybercrime intelligence firm, said Saturday on Twitter.

He denounced what he called the “absolute negligence” of Facebook.

Read more | >

A user in a low level hacking forum has published the phone numbers and personal data of hundreds of millions of Facebook users for free online.

The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses.

Insider reviewed a sample of the leaked data and verified several records by matching known Facebook users’ phone numbers with the IDs listed in the data set. We also verified records by testing email addresses from the data set in Facebook’s password reset feature, which can be used to partially reveal a user’s phone number.

Read more | >

Cybersecurity specialists report that Intel is facing a class action lawsuit for violating an anti–wiretapping law in the state of Florida, US. The plaintiffs argue that the company hid software on its website that allowed it to record users’ keystrokes and mouse movements without their express consent.

This is a new case of practice known as session replay, used by multiple companies to take detailed records of how their users interact with their websites, involving the capture of mouse movements, clicks and information queries on the page visited.

Under the lawsuit filed in Lake County Circuit Court, Florida, Intel is violating the state Communications Security Act, enacted in 2020 and which, among other things, prohibits companies from intentionally intercepting any electronic communication without consent.

Read more | >

Brown University is facing a cyberattack that has forced the school to shut some systems down — in an event that Brown is calling an “utmost priority.”

Jack Wrenn, a fifth-year doctoral candidate, said that official information was still “frustratingly scant” as of Wednesday night.

Wrenn provided a timeline as to what he understood transpired, and when the university community was notified.

Read more | >

Google stops western government hacking.

“Instead of focusing on who was behind and targeted by a specific operation, Google decided to take broader action for everyone. The justification was that even if a Western government was the one exploiting those vulnerabilities today, it will eventually be used by others, and so the right choice is always to fix the flaw today.”

A decision to shut down exploits being used by “friendly” hackers has caused controversy inside the company’s security teams.

Read more | >

Hungarian mathematician László Lovász and Israeli computer scientist Avi Wigderson will share the prize, worth 7.5 million Norwegian kroner (US$886000), “for their foundational contributions to theoretical computer science and discrete mathematics, and their leading role in shaping them into central fields of modern mathematics”, the Norwegian Academy of Science and Letters announced on 17 March.

The work of winners László Lovász and Avi Wigderson underpins applications from Internet security to the study of networks.

Read more | >