AI Vs AI: Hackers use Artificial Intelligence for deepfakes and smart malware, while defenders counter with AI threat detection and predictive security.
Category: cybercrime/malcode – Page 14
Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors
The threat actor known as Paper Werewolf has been observed exclusively targeting Russian entities with a new implant called PowerModul.
The activity, which took place between July and December 2024, singled out organizations in the mass media, telecommunications, construction, government entities, and energy sectors, Kaspersky said in a new report published Thursday.
Paper Werewolf, also known as GOFFEE, is assessed to have conducted at least seven campaigns since 2022, according to BI.ZONE, with the attacks mainly aimed at government, energy, financial, media, and other organizations.
SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps
The clone websites identified by DTI include a carousel of images that, when clicked, download a malicious APK file onto the user’s device. The package file acts as a dropper to install a second embedded APK payload via the DialogInterface. OnClickListener interface that allows for the execution of the SpyNote malware when an item in a dialog box is clicked.
“Upon installation, it aggressively requests numerous intrusive permissions, gaining extensive control over the compromised device,” DTI said.
“This control allows for the theft of sensitive data such as SMS messages, contacts, call logs, location information, and files. SpyNote also boasts significant remote access capabilities, including camera and microphone activation, call manipulation, and arbitrary command execution.”
Case Study: Are CSRF Tokens Sufficient in Preventing CSRF Attacks?
As websites incorporate more third-party tracking technologies, robust CSRF attack prevention becomes paramount. This case study illustrates how a misconfigured third-party vendor exposed CSRF tokens on a major retailer’s website, highlighting the risks of inadequate third-party security.
The Problem
A misconfiguration allowed a third-party pixel used by a major online retailer to access CSRF tokens and authentication tokens, which, as we noted, are critical security elements for preventing unauthorized actions. This exposure transmitted the tokens to remote third-party servers, creating a significant vulnerability that risked potential data breaches.
Sensata Technologies hit by ransomware attack impacting operations
Sensata Technologies (known as Sensata) has suffered a ransomware attack last weekend that encrypted parts of the company network and disrupted operations.
In an 8-K filing to the U.S. Securities and Exchange Commission (SEC), Sensata says that the attack occurred on Sunday, April 6, and involved data theft, too.
“The incident has temporarily impacted Sensata’s operations, including shipping, receiving, manufacturing production, and various other support functions,” reads the notification.
