Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 92

CrowdStrike exec explains why the cloud is a ‘net-positive’ for cybersecurity

Check out all the on-demand sessions from the Intelligent Security Summit here.

In recent years, cloud computing has proven itself as one of the fundamental technologies empowering modern enterprises with on-demand connectivity. Without it, the widespread move toward hybrid work wouldn’t have been possible during the COVID–19 pandemic. Yet what about cybersecurity in this new cloud-centric world?

The convenience of instant connectivity has created new vulnerabilities for security teams to confront, and many organizations are still playing catchup, with 81% of organizations experiencing cloud-related security incidents in the past year.

Hackers are mass infecting servers worldwide

An explosion of cyberattacks is infecting servers around the world with crippling ransomware by exploiting a vulnerability that was patched two years ago, it was widely reported on Monday.

The hacks exploit a flaw in ESXi, a hypervisor VMware sells to cloud hosts and other large-scale enterprises to consolidate their hardware resources. ESXi is what’s known as a bare-metal, or Type 1, hypervisor, meaning it’s essentially its own operating system that runs directly on server hardware. By contrast, servers running the more familiar Type 2 class of hypervisors, such as Oracle’s VirtualBox, run as apps on top of a host operating system. The Type 2 hypervisors then run virtual machines that host their own guest OSes, such as Windows, Linux, or, less commonly, macOS.

Linux version of Royal Ransomware targets VMware ESXi servers

Royal Ransomware is the latest ransomware operation to add support for encrypting Linux devices to its most recent malware variants, specifically targeting VMware ESXi virtual machines.

BleepingComputer has been reporting on similar Linux ransomware encryptors released by multiple other gangs, including Black Basta, LockBit, BlackMatter, AvosLocker, REvil, HelloKitty, RansomEXX, and Hive.

The new Linux Royal Ransomware variant was discovered by Will Thomas of the Equinix Threat Analysis Center (ETAC), and is executed using the command line.

7 ways to use ChatGPT at work to boost your productivity, make your job easier, and save a ton of time

Basically I underestimated chat gpt it is Basically much more powerful than I realized not just a Jetson society but it could even bring realities like we have seen in star trek the next generation where one can ask an AI anything and it can do anything given a task. This could also bring upon a superintelligence once programmed much like a wolfram alpha is for homework but for everything. It can nearly do any job and can replace all tech jobs eventually to get to universal basic income or even bring an end to the wild west of the internet it could create a near perfect cyber defense because it could simply know everything and make everything bug free. In short it can a near God like AI to answer and do any digital task. This can make nearly all jobs eventually automated:3.

It’ll be a while before ChatGPT takes your job entirely, and in the meantime you can use it to make work life easier.

Want to build a website? Just ask ChatGPT in plain English

Juan Andres Guerrero-Saade’s speciality is picking apart malicious software to see how it attacks computers.

It’s a relatively obscure cybersecurity field, which is why last month he hosted a weeklong seminar at Johns Hopkins University where he taught students the complicated practice of reverse engineering malware.

Several of the students had little to no coding background, but he was confident a new tool would make it less of a challenge: He told the students to sign up for ChatGPT.

“Programming languages are languages,” Guerrero-Saade, an adjunct lecturer at Johns Hopkins, said, referring to what the ChatGPT software does. “So it has become an amazing tool for prototyping things, for getting very quick, boilerplate code.”

YouTube and TikTok are already rife with videos of people showing how they’ve found ways to have ChatGPT perform tasks that once required a hefty dose of coding ability.

Continue reading “Want to build a website? Just ask ChatGPT in plain English” | >

Until further notice, think twice before using Google to download software

Searching Google for downloads of popular software has always come with risks, but over the past few months, it has been downright dangerous, according to researchers and a pseudorandom collection of queries.

“Threat researchers are used to seeing a moderate flow of malvertising via Google Ads,” volunteers at Spamhaus wrote on Thursday. “However, over the past few days, researchers have witnessed a massive spike affecting numerous famous brands, with multiple malware being utilized. This is not ‘the norm.’”.

Google ads push ‘virtualized’ malware made for antivirus evasion

An ongoing Google ads malvertising campaign is spreading malware installers that leverage KoiVM virtualization technology to evade detection when installing the Formbook data stealer.

KoiVM is a plugin for the ConfuserEx. NET protector that obfuscates a program’s opcodes so that the virtual machine only understands them. Then, when launched, the virtual machine translates the opcodes back to their original form so that the application can be executed.

“Virtualization frameworks such as KoiVM obfuscate executables by replacing the original code, such as NET Common Intermediate Language (CIL) instructions, with virtualized code that only the virtualization framework understands,” explains a new report by SentinelLabs.