Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 85

A review of existing studies investigating online romance fraud

Online romance fraud is an increasingly common phenomenon, which can affect people of all ages worldwide. This type of fraud occurs when a malicious individual or members of a criminal organization engage with users online pretending to be romantically interested in them, while trying to trick them into sending money or sharing confidential information with them.

Online scams can have a detrimental effect on a victim’s life, causing them to spend all their savings, become indebted, and even be subjected to blackmail or identity theft. A team of researchers at Abertay University in the U.K. recently reviewed existing literature focusing on romance and then summarized some of the most recurring findings in a paper pre-published on arXiv.

“Romance fraud has been growing over the last decade or so and was exacerbated by the COVID-19 pandemic which saw a surge in cybercrime and cyberattacks,” Dr. Lynsay Shepherd, one of the researchers who carried out the study, told Tech Xplore. “Our paper provides a comprehensive overview of romance fraud research, which could serve as a starting point for future research in the field.”

OpenAI launches $20k Bug Bounty Program to make its products safer

The company is offering rewards ‘for exceptional discoveries’.

OpenAI, the creator of conversational chatbot ChatGPT, has announced a Bug Bounty program where users can report “vulnerabilities, bugs, or security flaws” and be financially rewarded for finding them. The company has announced rewards ranging from $200 to $20,000 depending on the severity of the flaw and teamed up with a popular bug-finding platform to streamline the process.

OpenAI’s ChatGPT has ushered in a race for artificial intelligence (AI) models that provide comprehensive solutions to user queries and can even simulate intriguing imagery with the help of a few text prompts.

Sestovic/iStock.

While the technology is advancing at a breathtaking pace and producing some mind-boggling results, there are also concerns about these products’ safety. AI researchers like Stuart Russell have warned that unchecked, the rise of AI could result in a Chernobyl-like incident for the tech industry.

Cybercriminals Turn to Android Loaders on Dark Web to Evade Google Play Security

Malicious loader programs capable of trojanizing Android applications are being traded on the criminal underground for up to $20,000 as a way to evade Google Play Store defenses.

“The most popular application categories to hide malware and unwanted software include cryptocurrency trackers, financial apps, QR-code scanners, and even dating apps,” Kaspersky said in a new report based on messages posted on online forums between 2019 and 2023.

Dropper apps are the primary means for threat actors looking to sneak malware via the Google Play Store. Such apps often masquerade as seemingly innocuous apps, with malicious updates introduced upon clearing the review process and the applications have amassed a significant user base.

AI tools like ChatGPT likely to empower hacks, NSA cyber boss warns

While much-debated AI tools will not automate or elevate every digital assault, phishing scheme or hunt for software exploits, NSA’s Rob Joyce said April 11, what it will do is “optimize” workflows and deception in an already fast-paced environment.

“Is it going to replace hackers and be this super-AI hacking? Certainly not in the near term,” Joyce said at an event hosted by the Center for Strategic and International Studies think tank. “But it will make the hackers that use AI much more effective, and they will operate better than those who don’t.”

U.S. officials consider mastery of AI critical to long-term international competitiveness — whether that’s in defense, finance or another sector. At least 685 AI projects, including several tied to major weapons systems, were underway at the Pentagon as of early 2021.

Computer hardware company MSI hacked, BIOS source code and private keys stolen

According to reports, the Taiwanese computer hardware company MSI (Micro-Star International) was recently joined to the list of victims of a new ransomware gang that goes by the name “Money Message.” The perpetrators of the cybercrime say that they have taken source code along with other critical material from the company’s network. MSI is a world-renowned leader in the production of computer components, such as motherboards, graphics cards, desktop computers, laptop computers, servers, and other electronic equipment. It brings in more than $6.5 billion in income every year.

Money Message has included MSI on the website that it maintains for the publication of leaked material and has published images of the company’s CTMS and ERP databases in addition to files that include software source code, private keys, and BIOS firmware. If MSI does not comply with the threat actors’ demand for a ransom payment, they will now threaten to release all of the information that was taken.

The perpetrators of the hack claim to have taken 1.5 terabytes worth of data, including databases and source code, from MSI’s servers. They are holding out for a ransom payment of four million dollars.

Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation

Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by various threat actors in hacks targeting unpatched systems.

This entails the abuse of CVE-2022–46169 (CVSS score: 9.8) and CVE-2021–35394 (CVSS score: 9.8) to deliver MooBot and ShellBot (aka PerlBot), Fortinet FortiGuard Labs said in a report published this week.

CVE-2022–46169 relates to a critical authentication bypass and command injection flaw in Cacti servers that allows an unauthenticated user to execute arbitrary code. CVE-2021–35394 also concerns an arbitrary command injection vulnerability impacting the Realtek Jungle SDK that was patched in 2021.

Typhon Reborn Stealer Malware Resurfaces with Advanced Evasion Techniques

Besides incorporating more anti-analysis and anti-virtualization checks, Typhon Reborn V2 removes its persistence features, instead opting to terminate itself after exfiltrating the data.

The malware ultimately transmits the collected data in a compressed archive via HTTPS using the Telegram API, marking continued abuse of the messaging platform.

“Once the data has been successfully transmitted to the attacker, the archive is then deleted from the infected system,” Brumaghin said. “The malware then calls to terminate execution.”

Rorschach Ransomware Emerges: Experts Warn of Advanced Evasion Strategies

Cybersecurity researchers have taken the wraps off a previously undocumented ransomware strain called Rorschach that’s both sophisticated and fast.

“What makes Rorschach stand out from other ransomware strains is its high level of customization and its technically unique features that have not been seen before in ransomware,” Check Point Research said in a new report. “In fact, Rorschach is one of the fastest ransomware strains ever observed, in terms of the speed of its encryption.”

The cybersecurity firm said it observed the ransomware deployed against an unnamed U.S.-based company, adding it found no branding or overlaps that connect it to any previously known ransomware actors.