A new wave of #ransomware attacks is exploiting a #VMware vulnerability to target #ESXi hypervisor servers.
Category: cybercrime/malcode – Page 92
Until further notice, think twice before using Google to download software
Searching Google for downloads of popular software has always come with risks, but over the past few months, it has been downright dangerous, according to researchers and a pseudorandom collection of queries.
“Threat researchers are used to seeing a moderate flow of malvertising via Google Ads,” volunteers at Spamhaus wrote on Thursday. “However, over the past few days, researchers have witnessed a massive spike affecting numerous famous brands, with multiple malware being utilized. This is not ‘the norm.’”.
Cybersecurity Budgets Are Going Up. So Why Aren’t Breaches Going Down?
Stay ahead of the game with top-notch cybersecurity measures. The attacks may be becoming more severe, but so are our defenses.
Google ads push ‘virtualized’ malware made for antivirus evasion
An ongoing Google ads malvertising campaign is spreading malware installers that leverage KoiVM virtualization technology to evade detection when installing the Formbook data stealer.
KoiVM is a plugin for the ConfuserEx. NET protector that obfuscates a program’s opcodes so that the virtual machine only understands them. Then, when launched, the virtual machine translates the opcodes back to their original form so that the application can be executed.
“Virtualization frameworks such as KoiVM obfuscate executables by replacing the original code, such as NET Common Intermediate Language (CIL) instructions, with virtualized code that only the virtualization framework understands,” explains a new report by SentinelLabs.
Hackers weaponize Microsoft Visual Studio add-ins to push malware
Security researchers warn that hackers may start using Microsoft Visual Studio Tools for Office (VSTO) more often as method to achieve persistence and execute code on a target machine via malicious Office add-ins.
The technique is an alternative to sneaking into documents VBA macros that fetch malware from an external source.
Since Microsoft announced it would block the execution of VBA and XL4 macros in Office by default, threat actors moved to archives (.ZIP,.ISO) and. LNK shortcut files to distribute their malware.
Over 1,800 Android phishing forms for sale on cybercrime market
A threat actor named InTheBox is promoting on Russian cybercrime forums an inventory of 1,894 web injects (overlays of phishing windows) for stealing credentials and sensitive data from banking, cryptocurrency exchange, and e-commerce apps.
The overlays are compatible with various Android banking malware and mimic apps operated by major organizations used in dozens of countries on almost all continents.
Being available in such numbers and at low prices, allows cybercriminals to focus on other parts of their campaigns, development of the malware, and to widen their attack to other regions.
Performing matrix multiplications at the speed of light for enhanced cybersecurity
“All things are numbers,” avowed Pythagoras. Today, 25 centuries later, algebra and mathematics are everywhere in our lives, whether we see them or not. The Cambrian-like explosion of artificial intelligence (AI) brought numbers even closer to us all, since technological evolution allows for parallel processing of a vast amounts of operations.
Progressively, operations between scalars (numbers) were parallelized into operations between vectors, and subsequently, matrices. Multiplication between matrices now trends as the most time-and energy-demanding operation of contemporary AI computational systems. A technique called “tiled matrix multiplication” (TMM) helps to speed computation by decomposing matrix operations into smaller tiles to be computed by the same system in consecutive time slots. But modern electronic AI engines, employing transistors, are approaching their intrinsic limits and can hardly compute at clock-frequencies higher than ~2 GHz.
The compelling credentials of light—ultrahigh speeds and significant energy and footprint savings—offer a solution. Recently a team of photonic researchers of the WinPhos Research group, led by Prof. Nikos Pleros from the Aristotle University of Thessaloniki, harnessed the power of light to develop a compact silicon photonic computer engine capable of computing TMMs at a record-high 50 GHz clock frequency.
Gootkit Malware Continues to Evolve with New Components and Obfuscations
The threat actors associated with the Gootkit malware have made “notable changes” to their toolset, adding new components and obfuscations to their infection chains.
Google-owned Mandiant is monitoring the activity cluster under the moniker UNC2565, noting that the usage of the malware is “exclusive to this group.”
Gootkit, also called Gootloader, is spread through compromised websites that victims are tricked into visiting when searching for business-related documents like agreements and contracts via a technique called search engine optimization (SEO) poisoning.