Hackers are using a novel technique that abuses extended attributes for macOS files to deliver a new trojan that researchers call RustyAttr.
The threat actor is hiding malicious code in custom file metadata and also uses decoy PDF documents to help evade detection.
The new technique is similar to how the Bundlore adware in 2020 hid its payloads in resource forks to hide payloads for macOS. It was discovered in a few malware samples in the wild by researchers at cybersecurity company Group-IB.
Scientists have developed an AI-based authentication scheme to enhance vehicle security in the Internet of Vehicles (IoV).
Scientists claim to have developed an artificial intelligence tool to consolidate the privacy of vehicles and their drivers.
How to preserve the privacy of the so-called Internet of Vehicles (IoV) has emerged as a major challenge due to geographical mobility of vehicles and insufficient resources, the scientists say.
The problem has been aggravated, according to the scientists, due to the “limited resources of onboard units (OBUs)” and the shortcomings of embedded sensors installed in vehicles, which “lure the adversaries to launch various types of attacks.”
As quantum computing grows, researchers are urgently preparing for its impact on cybersecurity by developing quantum-resistant cryptographic protocols.
This research, led by experts at the National Center for Supercomputing Applications, focuses on safeguarding supercomputing infrastructures against quantum threats.
Quantum Computing and Cybersecurity.
The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying the Mozi botnet malware.
“This botnet utilizes remote code execution and credential-stealing methods to maintain persistent access, leveraging unpatched vulnerabilities to infiltrate critical infrastructures,” CloudSEK said in a new report.
AndroxGh0st is the name given to a Python-based cloud attack tool that’s known for its targeting of Laravel applications with the goal of sensitive data pertaining to services like Amazon Web Services (AWS), SendGrid, and Twilio.
Hackers are targeting Windows machines using the ZIP file concatenation technique to deliver malicious payloads in compressed archives without security solutions detecting them.
The technique exploits the different methods ZIP parsers and archive managers handle concatenated ZIP files.
This new trend was spotted by Perception Point, who discovered a a concatentated ZIP archive hiding a trojan while analyzing a phishing attack that lured users with a fake shipping notice.
This was Mastercard in March: You probably do it every day without a second thought — shop online with your credit card, or install an update on your phone, or send a confidential file to a co-worker.
Mastercard’s efforts include a pilot to test whether quantum key distribution would work on its complex global network.
By using sensor-embedded sponges and data, Vienna researchers quickly trained robots to clean washbasins.
Thanks to researchers at TU Wein in Vienna, the promise of housecleaning robots is one step closer. The team has developed a self-learning robot to mimic humans to complete simple tasks like cleaning washbasins.
While this might sound mundane, the development is very significant as hard coding a robot to move a sponge over the complex curved edges of a washbasin would be a monumental task. To this end, the research team found a hack by blending observation with tactile data from human teachers to train robots to copy the same task.
A US bank is warning customers of a security “intrusion” that may have compromised Mastercard account numbers and other financial data.
Maryland-based Eagle Bank says it has received a notice from Mastercard, stating an unnamed US merchant allowed unauthorized access to account information between August 15th, 2023, and May 25th, 2024.
The bank revealed the breach in a filing with the Massachusetts state government.