Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 103

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has removed a Windows security flaw from its catalog of known exploited vulnerabilities due to Active Directory (AD) authentication issues caused by the May 2022 updates that patch it.

This security bug is an actively exploited Windows LSA spoofing zero-day tracked as CVE-2022–26925, confirmed as a new PetitPotam Windows NTLM Relay attack vector.

Unauthenticated attackers abuse CVE-2022–26925 to force domain controllers to authenticate them remotely via the Windows NT LAN Manager (NTLM) security protocol and, likely, gain control over the entire Windows domain.

Read more | >

Crafty hackers can make a tool to eavesdrop on some 6G wireless signals in as little as five minutes using office paper, an inkjet printer, a metallic foil transfer and a laminator.

The wireless security hack was discovered by engineering researchers from Rice University and Brown University, who will present their findings and demonstrate the attack this week in San Antonio at ACM WiSec 2022, the Association for Computing Machinery’s annual conference on security and privacy in wireless and mobile networks.

“Awareness of a future threat is the first step to counter that threat,” said study co-author Edward Knightly, Rice’s Sheafor-Lindsay Professor of Electrical and Computer Engineering. “The frequencies that are vulnerable to this attack aren’t in use yet, but they are coming and we need to be prepared.”

Read more | >

As the world rapidly shifts to EV transport, the automotive industry is experiencing some major teething issues. The global charging network is having to keep pace with more and more EVs on the road, and as manufacturers expand their networks, cracks are starting to appear in their grand schemes. We recently reported that a long string of EV chargers outside of Moscow were hacked by Ukrainian programmers to display anti-war and anti-Putin messaging, and there have even been cases in the UK where charging station displays showed graphic images. Hacking EV infrastructure is becoming more commonplace, and it could be a bigger issue than many might think.

Read more | >

R&D & Innovation For U.S. Security & Resilience — Kathryn Coulter Mitchell, Acting Under Secretary for Science and Technology, DHS Science and Technology Directorate, Department of Homeland Security.

Kathryn Coulter Mitchell (https://www.dhs.gov/person/kathryn-coulter-mitchell), is Acting Under Secretary for Science and Technology (S&T), at the U.S. Department of Homeland Security, where as the science advisor to the Homeland Security Secretary, she heads the research, development, innovation and testing and evaluation activities in support of the Department of Homeland Security’s (DHS) operational Components and first responders across the nation.

The Science and Technology Directorate is responsible for identifying operational gaps, conceptualizing art-of-the-possible solutions, and delivering operational results that improve the security and resilience of the nation.

Continue reading “Kathryn Coulter Mitchell — R&D For US Security & Resilience — Science & Technology Directorate — DHS” | >

A recently discovered backdoor malware called BPFdoor has been stealthily targeting Linux and Solaris systems without being noticed for more than five years.

BPFdoor is a Linux/Unix backdoor that allows threat actors to remotely connect to a Linux shell to gain complete access to a compromised device.

The malware does not need to open ports, it can’t be stopped by firewalls, and can respond to commands from any IP address on the web, making it the ideal tool for corporate espionage and persistent attacks.

Read more | >

On the “World Password Day”, which was on May 5, Google, Microsoft and Apple joined hands to “kill” the password.

The three technology giants have vowed to create a future where your phone will be the primary source of online authentication. The new standard is being referred to as “muti-device FIDO credential”.

In a rare show of alliance, Apple, Google and Microsoft have joined forces to expand support for passwordless logins across mobile, desktop and browsers.

Passwords are notoriously insecure, with weak and easily guessable credentials accounting for more than 80% of all data breaches, per Verizon’s annual data breach report. While password managers and multi-factor technologies offer incremental improvements, Apple, Google and Microsoft are working together to create sign-in technology that is more convenient and more secure.

Through the new system, users will be able to sign-in to their accounts “through the same action that they take multiple times each day to unlock their devices, such as a simple verification of their fingerprint or face, or a device PIN.”

Continue reading “Apple, Google and Microsoft team up on passwordless logins” | >

Those who call for mandatory reporting have the right intent, but if it’s not implemented in the right way, it will cause more harm than good.

Mandatory reporting almost always puts companies at risk, either legally or through financial penalties. Penalizing an organization for not reporting a breach in time puts it in a worse cybersecurity posture because it is a strong incentive to turn a blind eye to attacks. Alternatively, if a company knows of a breach, it will find ways to “classify” it in a way that falls into a reporting loophole.

The reporting timelines in the law are arbitrary and not based in the reality of effective incident response. The first hours and days after a breach are integral to the actual incident reporting process, but they are chaotic, and teams are sleep-deprived. Working with lawyers to determine how to report and figuring out the evidence that companies do and don’t want to “see” just makes the process harder.

Read more | >

A new malicious campaign has been spotted taking advantage of Windows event logs to stash chunks of shellcode for the first time in the wild.

“It allows the ‘fileless’ last stage trojan to be hidden from plain sight in the file system,” Kaspersky researcher Denis Legezo said in a technical write-up published this week.

The stealthy infection process, not attributed to a known actor, is believed to have commenced in September 2021 when the intended targets were lured into downloading compressed. RAR files containing Cobalt Strike and Silent Break.

Read more | >