Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 105

The publication in the Military-Industrial Kurier (VPK) on February 26, 2013, of an article by the Russian Chief of the General Staff, General Valery Gerasimov, entitled “The Value of Science in Foresight” [in Russian], has been seen by some analysts as a turning point in Russian military doctrine and the beginning of an explicit strategy of hybrid warfare. Indeed, information and cyber operations were an integral feature of Russia’s annexation of the Crimean Peninsula in 2014. Yet, the principal thesis of Gerasimov’s article is that alternative methods of conflict can be found to offset asymmetric disadvantages created by a superior enemy force. Such methods demand the application of the entire military-industrial complex to yield innovations in technology and tactics – the results of which can be seen in the proliferation of APT actors and computational propaganda operations observed by Western countries and their allies.

While we can only hope for a rapid cessation of the fighting in Ukraine, the consequences of Russian military intervention will extend far beyond the battlefield in years to come. Renewed focus and accelerated innovation and adoption of new technologies to protect the data and applications that Western societies depend on is now an imperative, not a choice – this is Gerasimov’s lesson.

The distinctions between war and peace, combatant and civilian, state actor and criminal proxy, are blurred in what has been termed the “fifth domain” of military operations. Collective cybersecurity in response to the increased prospect of cyberattack will demand not only political leadership, international cooperation, and industrial collaboration, but also the active participation of companies and individuals in the manner of civil defense, reminiscent of the Cold War. With the change in the world order brought about by Russia’s military action in Ukraine, we are all now standing on the frontline of cybersecurity.

Read more | >

The researcher also told BleepingComputer that websites, such as LinkedIn, detect man-in-the-middle (MiTM) attacks and deactivate accounts after successful logins.

To overcome this obstacle, mr.d0x came up with a devious new phishing technique that uses the noVNC remote access software and browsers running in kiosk mode to display email login prompts running on the attacker’s server but shown in the victim’s browser.

VNC is a remote access software that allows remote users to connect to and control a logged-in user’s desktop. Most people connect to a VNC server through dedicated VNC clients that open the remote desktop in a similar manner to Windows Remote Desktop.

Read more | >

WASHINGTON, Feb 17 (Reuters) — A single activist helped turn the tide against NSO Group, one of the world’s most sophisticated spyware companies now facing a cascade of legal action and scrutiny in Washington over damaging new allegations that its software was used to hack government officials and dissidents around the world.

It all started with a software glitch on her iPhone.

An unusual error in NSO’s spyware allowed Saudi women’s rights activist Loujain al-Hathloul and privacy researchers to discover a trove of evidence suggesting the Israeli spyware maker had helped hack her iPhone, according to six people involved in the incident. A mysterious fake image file within her phone, mistakenly left behind by the spyware, tipped off security researchers.

Read more | >

Final Words

Digitization in all its forms is exciting. The development of technology is met with zeal and zest, primarily as it eases people’s lives all over and eradicates several problems. However, in all its glamour, the cybersecurity aspects of these digitizations are often undermined, as evident with the metaverse.

Although the metaverse is a genuinely remarkable concept and could help the world in several ways, it is crucial to realize that it might all fail if the cybersecurity aspect is ignored. Therefore, within all this hype on its development, cybersecurity is a topic that needs a lot more attention than it is getting.

Read more | >

The endless parade of bad news for Israeli malware merchant NSO Group continues. While it appears someone might be willing to bail out the beleaguered company, it still has to do business as the poster boy for the furtherance of human rights violations around the world. That the Israeli government may have played a significant part in NSO’s sales to known human rights violators may ultimately be mitigating, but for now, NSO is stuck playing defense with each passing news cycle.

Late last month, the New York Times revealed some very interesting things about NSO Group. First, it revealed the company was able to undo its built-in ban on searching US phone numbers… provided it was asked to by a US government agency. The FBI took NSO’s powerful Pegasus malware for a spin in 2019, but under an assumed name: Phantom. With the permission of NSO and the Israeli government, the malware was able to target US numbers, albeit ones linked to dummy phones purchased by the FBI.

The report noted the FBI liked what it saw, but found the zero-click exploit provided by NSO’s bespoke “Phantom” (Pegasus, but able to target US numbers) might pose constitutional problems the agency couldn’t surmount. So, it walked away from NSO. But not before running some attack attempts through US servers — something that was inadvertently exposed by Facebook and WhatsApp in their lawsuit against NSO over the targeting of WhatsApp users. An exhibit declared NSO was using US servers to deliver malware, something that suggested NSO didn’t care about its self-imposed restrictions on US targeting. In reality, it was the FBI and NSO running some tests on local applications of zero-click malware that happened to be caught by Facebook techies.

Read more | >