Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 78

Security researchers have found a new piece of malware targeting Microsoft SQL servers. Named Maggie, the backdoor has already infected hundreds of machines all over the world.

Maggie is controlled through SQL queries that instruct it to run commands and interact with files. Its capabilities extend to brute-forcing administrator logins to other Microsoft SQL servers and doubling as a bridge head into the server’s network environment.

The backdoor was discovered by German analysts Johann Aydinbas and Axel Wauer of the DCSO CyTec. Telemetry data shows that Maggie is more prevalent in South Korea, India, Vietnam, China, Russia, Thailand, Germany, and the United States.

Read more | >

Millions of people could suddenly lose electricity if a ransomware attack just slightly tweaked energy flow onto the U.S. power grid.

No single power utility company has enough resources to protect the entire grid, but maybe all 3,000 of the grid’s utilities could fill in the most crucial gaps if there were a map showing where to prioritize their security investments.

Purdue University researchers have developed an to create that map. Using this tool, regulatory authorities or cyber insurance companies could establish a framework that guides the security investments of power utility companies to parts of the grid at greatest risk of causing a blackout if hacked.

Read more | >

A popular Chinese-language YouTube channel has emerged as a means to distribute a trojanized version of a Windows installer for the Tor Browser.

Kaspersky dubbed the campaign OnionPoison, with all of the victims located in China. The scale of the attack remains unclear, but the Russian cybersecurity company said it detected victims appearing in its telemetry in March 2022.

The malicious version of the Tor Browser installer is being distributed via a link present in the description of a video that was uploaded to YouTube on January 9, 2022. It has been viewed over 64,500 times to date.

Read more | >

Researchers have disclosed details about a now-patched high-severity security flaw in Packagist, a PHP software package repository, that could have been exploited to mount software supply chain attacks.

“This vulnerability allows gaining control of Packagist,” SonarSource researcher Thomas Chauchefoin said in a report shared with The Hacker News. Packagist is used by the PHP package manager Composer to determine and download software dependencies that are included by developers in their projects.

The disclosure comes as planting malware in open source repositories is turning into an attractive conduit for mounting software supply chain attacks.

Read more | >

This post is also available in: he עברית (Hebrew)

As everyday technologies get more and more advanced, cyber security must be at the forefront of every customer. Cyber security services have become common and are often used by private companies and the public sector in order to protect themselves from potential cyber attacks.

One of these services goes under the name Darktrace and has recently been acquired by Cybersprint, a Dutch provider of advanced cyber security services and a manufacturer of special tools that use machine learning algorithms to detect cyber vulnerabilities. Based on attack path modeling and graph theory, Darktrace’s platform represents organizational networks as directional, weighted graphs with nodes where multi-line segments meet and edges where they join. In order to estimate the probability that an attacker will be able to successfully move from node A to node B, a weighted graph can be used. Understanding the insights gained will make it easier for Darktrace to simulate future attacks.

Read more | >

Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.

Cybercriminals are growing ever more relentless and deft with their attacks, with data breaches and system disruptions due to cyberattacks rising every year. Therefore, finding and strengthening cybersecurity weak spots, or vulnerabilities, is key to thwarting these attacks.

A key vulnerability is apps. Many organizations rely on productivity software and apps built in-house or from IT service providers to be competitive in today’s market. However, while these solutions boost productivity and employee and customer experiences, many of them have weak security measures that can expose the organization to cyberattackers.

Read more | >

A new, multi-functional Go-based malware dubbed Chaos has been rapidly growing in volume in recent months to ensnare a wide range of Windows, Linux, small office/home office (SOHO) routers, and enterprise servers into its botnet.

“Chaos functionality includes the ability to enumerate the host environment, run remote shell commands, load additional modules, automatically propagate through stealing and brute-forcing SSH private keys, as well as launch DDoS attacks,” researchers from Lumen’s Black Lotus Labs said in a write-up shared with The Hacker News.

A majority of the bots are located in Europe, specifically Italy, with other infections reported in China and the U.S., collectively representing “hundreds of unique IP addresses” over a one-month time period from mid-June through mid-July 2022.

Read more | >

A California university is refusing to release a cache of grisly photos of monkeys reportedly injured during experiments testing Elon Musk’s Neuralink brain implant technology, in spite of a lawsuit aiming to force the school’s hand.

In a press release, the Physicians Committee for Responsible Medicine (PCRM) advocacy group said that it had learned that the University of California, Davis is in possession of 371 photos of the experimented-upon monkeys that were subjected to Neuralink tests, which took place at the school’s veterinary lab facilities.

Earlier this year, Neuralink admitted that a fifth of the 23 rhesus macaques monkeys it used to test its brain-hacking implants had been euthanized after developing infections and malfunctions. Bolstering PCRM’s credibility, that admission came in the wake of its a complaint it filed against Neuralink.

Read more | >