Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 23

Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year

“This attack highlights not just the creativity and sophistication of attackers but also the danger of trusted system functionality being weaponized to evade traditional detection,” the researchers noted. “It’s not just about spotting malicious activity; it’s about recognizing how legitimate tools and processes can be manipulated and turned against you.”

ReliaQuest told The Hacker News it cannot share any further details regarding when the attack commenced other than noting that the attackers had access to the system for over a year.

“The threat actor likely resorted to this method over an N-day flaw for a simple reason: why use an exploit if they didn’t have to?,” it pointed out. “They likely gained initial access through a weak administrator password and then repurposed a software component into a backdoor.”

Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns

Cybersecurity researchers are calling attention to a new campaign that delivers the Astaroth banking trojan that employs GitHub as a backbone for its operations to stay resilient in the face of infrastructure takedowns.

“Instead of relying solely on traditional command-and-control (C2) servers that can be taken down, these attackers are leveraging GitHub repositories to host malware configurations,” McAfee Labs researchers Harshil Patel and Prabudh Chakravorty said in a report.

“When law enforcement or security researchers shut down their C2 infrastructure, Astaroth simply pulls fresh configurations from GitHub and keeps running.”

Massive multi-country botnet targets RDP services in the US

A large-scale botnet is targeting Remote Desktop Protocol (RDP) services in the United States from more than 100,000 IP addresses.

The campaign started on October 8 and based on the source of the IPs, researchers believe the attacks are launched by a multi-country botnet.

RDP is a network protocol that enables remote connection and control of Windows systems. It is typically used by administrators, helpdesk staff, and remote workers.

AI tools can help hackers plant hidden flaws in computer chips, study finds

Widely available artificial intelligence systems can be used to deliberately insert hard-to-detect security vulnerabilities into the code that defines computer chips, according to new research from the NYU Tandon School of Engineering, a warning about the potential weaponization of AI in hardware design.

In a study published by IEEE Security & Privacy, an NYU Tandon research team showed that like ChatGPT could help both novices and experts create “hardware Trojans,” malicious modifications hidden within chip designs that can leak , disable systems or grant unauthorized access to attackers.

To test whether AI could facilitate malicious hardware modifications, the researchers organized a competition over two years called the AI Hardware Attack Challenge as part of CSAW, an annual student-run cybersecurity event held by the NYU Center for Cybersecurity.

/* */