Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 141

Here are some of the best internet reactions to Elon Musk buying Twitter

There is a mix of excitement and fear and lots of memes.

After much back and forth and a lawsuit, four days ago, Elon Musk completed his $44 billion takeover of the social media platform Twitter. Musk had put the deal on hold after his initial offer earlier this year. Later he backed out, citing a high number of fake or spam accounts on the platform, a point that then-CEO Aggarwal had publicly denied.

Musk was then taken to court by Twitter’s lawyers. The court had given the two parties time till the month’s end to work out a deal.

As soon as Musk acquired Twitter, he proceeded to fire CEO Parag Aggarwal, finance executive Ned Segal, and legal and policy executive Vijaya Gadde.

Billionaire CEO Elon Musk has finally bought Twitter after a long saga of back-and-forth negotiations and even a lawsuit. The internet is both excited and afraid, and people are expressing their opinions in all kinds of ways.

A hackable, multi-functional, and modular extrusion 3D printer for soft materials

Researchers have developed a hackable and multi-functional 3D printer for soft materials that is affordable and open design. The technology has the potential to unlock further innovation in diverse fields, such as tissue engineering, soft robotics, food, and eco-friendly material processing—aiding the creation of unprecedented designs.

Emotet Botnet Distributing Self-Unlocking Password-Protected RAR Files to Drop Malware

The notorious Emotet botnet has been linked to a new wave of malspam campaigns that take advantage of password-protected archive files to drop CoinMiner and Quasar RAT on compromised systems.

In an attack chain detected by Trustwave SpiderLabs researchers, an invoice-themed ZIP file lure was found to contain a nested self-extracting (SFX) archive, the first archive acting as a conduit to launch the second.

While phishing attacks like these traditionally require persuading the target into opening the attachment, the cybersecurity company said the campaign sidesteps this hurdle by making use of a batch file to automatically supply the password to unlock the payload.

Multiple Campaigns Exploit VMware Vulnerability to Deploy Crypto Miners and Ransomware

A now-patched vulnerability in VMware Workspace ONE Access has been observed being exploited to deliver both cryptocurrency miners and ransomware on affected machines.

“The attacker intends to utilize a victim’s resources as much as possible, not only to install RAR1Ransom for extortion, but also to spread GuardMiner to collect cryptocurrency,” Fortinet FortiGuard Labs researcher Cara Lin said in a Thursday report.

Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies’ Data Leak

Microsoft this week confirmed that it inadvertently exposed information related to thousands of customers following a security lapse that left an endpoint publicly accessible over the internet sans any authentication.

“This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services,” Microsoft said in an alert.

The misconfiguration of the Azure Blob Storage was spotted on September 24, 2022, by cybersecurity company SOCRadar, which termed the leak BlueBleed. Microsoft said it’s in the process of directly notifying impacted customers.

Almost 900 servers hacked using Zimbra zero-day flaw

Almost 900 servers have been hacked using a critical Zimbra Collaboration Suite (ZCS) vulnerability, which at the time was a zero-day without a patch for nearly 1.5 months.

The vulnerability tracked as CVE-2022–41352 is a remote code execution flaw that allows attackers to send an email with a malicious archive attachment that plants a web shell in the ZCS server while, at the same time, bypassing antivirus checks.

According to the cybersecurity company Kaspersky, various APT (advanced persistent threat) groups actively exploited the flaw soon after it was reported on the Zimbra forums.

Tales of the Turing Church

My book “Tales of the Turing Church: Hacking religion, enlightening science, awakening technology” is available for readers to buy on Amazon (Kindle | paperback).

Please note that there are two separate editions of the book, dated December 2018 and February 2020. The content of the two editions is identical, but the size and price of the paperback version are different.

See also “Tales of the Turing Church: Reactions and Reviews.”

/* */