Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode

The threat actor known as Paper Werewolf has been observed exclusively targeting Russian entities with a new implant called PowerModul.

The activity, which took place between July and December 2024, singled out organizations in the mass media, telecommunications, construction, government entities, and energy sectors, Kaspersky said in a new report published Thursday.

Paper Werewolf, also known as GOFFEE, is assessed to have conducted at least seven campaigns since 2022, according to BI.ZONE, with the attacks mainly aimed at government, energy, financial, media, and other organizations.

Read more | >

The clone websites identified by DTI include a carousel of images that, when clicked, download a malicious APK file onto the user’s device. The package file acts as a dropper to install a second embedded APK payload via the DialogInterface. OnClickListener interface that allows for the execution of the SpyNote malware when an item in a dialog box is clicked.

“Upon installation, it aggressively requests numerous intrusive permissions, gaining extensive control over the compromised device,” DTI said.

“This control allows for the theft of sensitive data such as SMS messages, contacts, call logs, location information, and files. SpyNote also boasts significant remote access capabilities, including camera and microphone activation, call manipulation, and arbitrary command execution.”

Read more | >

As websites incorporate more third-party tracking technologies, robust CSRF attack prevention becomes paramount. This case study illustrates how a misconfigured third-party vendor exposed CSRF tokens on a major retailer’s website, highlighting the risks of inadequate third-party security.

The Problem

A misconfiguration allowed a third-party pixel used by a major online retailer to access CSRF tokens and authentication tokens, which, as we noted, are critical security elements for preventing unauthorized actions. This exposure transmitted the tokens to remote third-party servers, creating a significant vulnerability that risked potential data breaches.

Read more | >

Sensata Technologies (known as Sensata) has suffered a ransomware attack last weekend that encrypted parts of the company network and disrupted operations.

In an 8-K filing to the U.S. Securities and Exchange Commission (SEC), Sensata says that the attack occurred on Sunday, April 6, and involved data theft, too.

“The incident has temporarily impacted Sensata’s operations, including shipping, receiving, manufacturing production, and various other support functions,” reads the notification.

Read more | >

UTSA researchers recently completed one of the most comprehensive studies to date on the risks of using AI models to develop software. In a new paper, they demonstrate how a specific type of error could pose a serious threat to programmers that use AI to help write code.

Joe Spracklen, a UTSA doctoral student in computer science, led the study on how (LLMs) frequently generate insecure code.

His team’s paper, published on the arXiv preprint server, has also been accepted for publication at the USENIX Security Symposium 2025, a cybersecurity and privacy conference.

Read more | >