Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 79

Malicious loader programs capable of trojanizing Android applications are being traded on the criminal underground for up to $20,000 as a way to evade Google Play Store defenses.

“The most popular application categories to hide malware and unwanted software include cryptocurrency trackers, financial apps, QR-code scanners, and even dating apps,” Kaspersky said in a new report based on messages posted on online forums between 2019 and 2023.

Dropper apps are the primary means for threat actors looking to sneak malware via the Google Play Store. Such apps often masquerade as seemingly innocuous apps, with malicious updates introduced upon clearing the review process and the applications have amassed a significant user base.

Read more | >

While much-debated AI tools will not automate or elevate every digital assault, phishing scheme or hunt for software exploits, NSA’s Rob Joyce said April 11, what it will do is “optimize” workflows and deception in an already fast-paced environment.

“Is it going to replace hackers and be this super-AI hacking? Certainly not in the near term,” Joyce said at an event hosted by the Center for Strategic and International Studies think tank. “But it will make the hackers that use AI much more effective, and they will operate better than those who don’t.”

U.S. officials consider mastery of AI critical to long-term international competitiveness — whether that’s in defense, finance or another sector. At least 685 AI projects, including several tied to major weapons systems, were underway at the Pentagon as of early 2021.

Read more | >

According to reports, the Taiwanese computer hardware company MSI (Micro-Star International) was recently joined to the list of victims of a new ransomware gang that goes by the name “Money Message.” The perpetrators of the cybercrime say that they have taken source code along with other critical material from the company’s network. MSI is a world-renowned leader in the production of computer components, such as motherboards, graphics cards, desktop computers, laptop computers, servers, and other electronic equipment. It brings in more than $6.5 billion in income every year.

Money Message has included MSI on the website that it maintains for the publication of leaked material and has published images of the company’s CTMS and ERP databases in addition to files that include software source code, private keys, and BIOS firmware. If MSI does not comply with the threat actors’ demand for a ransom payment, they will now threaten to release all of the information that was taken.

The perpetrators of the hack claim to have taken 1.5 terabytes worth of data, including databases and source code, from MSI’s servers. They are holding out for a ransom payment of four million dollars.

Read more | >

Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by various threat actors in hacks targeting unpatched systems.

This entails the abuse of CVE-2022–46169 (CVSS score: 9.8) and CVE-2021–35394 (CVSS score: 9.8) to deliver MooBot and ShellBot (aka PerlBot), Fortinet FortiGuard Labs said in a report published this week.

CVE-2022–46169 relates to a critical authentication bypass and command injection flaw in Cacti servers that allows an unauthenticated user to execute arbitrary code. CVE-2021–35394 also concerns an arbitrary command injection vulnerability impacting the Realtek Jungle SDK that was patched in 2021.

Read more | >

Besides incorporating more anti-analysis and anti-virtualization checks, Typhon Reborn V2 removes its persistence features, instead opting to terminate itself after exfiltrating the data.

The malware ultimately transmits the collected data in a compressed archive via HTTPS using the Telegram API, marking continued abuse of the messaging platform.

“Once the data has been successfully transmitted to the attacker, the archive is then deleted from the infected system,” Brumaghin said. “The malware then calls to terminate execution.”

Read more | >

Cybersecurity researchers have taken the wraps off a previously undocumented ransomware strain called Rorschach that’s both sophisticated and fast.

“What makes Rorschach stand out from other ransomware strains is its high level of customization and its technically unique features that have not been seen before in ransomware,” Check Point Research said in a new report. “In fact, Rorschach is one of the fastest ransomware strains ever observed, in terms of the speed of its encryption.”

The cybersecurity firm said it observed the ransomware deployed against an unnamed U.S.-based company, adding it found no branding or overlaps that connect it to any previously known ransomware actors.

Read more | >

I hacked my brain with a compact electroencephalogram (EEG) and connected it to GPT-4 with the OpenAI API. In this crazy tutorial, you’ll learn how to use JavaScript to read your brainwaves.

#tech #javascript #science.

💬 Chat with Me on Discord.

https://discord.gg/fireship.

🔗 Resources.

Neurosity Crown https://neurosity.co.

Continue reading “I literally connected my brain to GPT-4 with JavaScript” | >

A surge of trojanized Tor Browser installers targets Russians and Eastern Europeans with clipboard-hijacking malware that steals infected users’ cryptocurrency transactions.

Kaspersky analysts warn that while this attack is not new or particularly creative, it’s still effective and prevalent, infecting many users worldwide.

While these malicious Tor installers target countries worldwide, Kaspersky says that most are targeting Russia and Eastern Europe.

Read more | >