Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 4

Credential-stealing Chrome extensions target enterprise HR platforms

Malicious Chrome extensions on the Chrome Web Store masquerading as productivity and security tools for enterprise HR and ERP platforms were discovered stealing authentication credentials or blocking management pages used to respond to security incidents.

The campaign was discovered by cybersecurity firm Socket, which says it identified five Chrome extensions targeting Workday, NetSuite, and SAP SuccessFactors, collectively installed more than 2,300 times.

“The campaign deploys three distinct attack types: cookie exfiltration to remote servers, DOM manipulation to block security administration pages, and bidirectional cookie injection for direct session hijacking,” reports Socket.

New PDFSider Windows malware deployed on Fortune 100 firm’s network

Ransomware attackers targeting a Fortune 100 company in the finance sector used a new malware strain, dubbed PDFSider, to deliver malicious payloads on Windows systems.

The attackers employed social engineering in their attempt to gain remote access by impersonating technical support workers and to trick company employees into installing Microsoft’s Quick Assist tool.

Researchers at cybersecurity company Resecurity found PDFSider during an incident response and describe it as a stealthy backdoor for long-term access, noting that it shows “characteristics commonly associated with APT tradecraft.”

How AI and Quantum, And Space Are Redefining Cybersecurity

Sharing my latest Forbes article: by Chuck Brooks.

Thanks for reading and sharing!

#cybersecurity #tech #ai #quantum #space Forbes

Artificial intelligence and quantum computing are no longer speculative technologies. They are reshaping cybersecurity, economic viability, and managing risk in real time.

LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing

Security experts have disclosed details of a new campaign that has targeted U.S. government and policy entities using politically themed lures to deliver a backdoor known as LOTUSLITE.

The targeted malware campaign leverages decoys related to the recent geopolitical developments between the U.S. and Venezuela to distribute a ZIP archive (“US now deciding what’s next for Venezuela.zip”) containing a malicious DLL that’s launched using DLL side-loading techniques. It’s not known if the campaign managed to successfully compromise any of the targets.

The activity has been attributed with moderate confidence to a Chinese state-sponsored group known as Mustang Panda (aka Earth Pret, HoneyMyte, and Twill Typhoon), citing tactical and infrastructure patterns. It’s worth noting that the threat actor is known for extensively relying on DLL side-loading to launch its backdoors, including TONESHELL.

StealC hackers hacked as researchers hijack malware control panels

A cross-site scripting (XSS) flaw in the web-based control panel used by operators of the StealC info-stealing malware allowed researchers to observe active sessions and gather intelligence on the attackers’ hardware.

StealC emerged in early 2023 with aggressive promotion on dark web cybercrime channels. It grew in popularity due to its evasion and extensive data theft capabilities.

In the following years, StealC’s developer added multiple enhancements. With the release of version 2.0 last April, the malware author introduced Telegram bot support for real-time alerts and a new builder that could generate StealC builds based on templates and custom data theft rules.

Black Basta boss makes it onto Interpol’s ‘Red Notice’ list

The identity of the Black Basta ransomware gang leader has been confirmed by law enforcement in Ukraine and Germany, and the individual has been added to the wanted list of Europol and Interpol.

Germany’s Federal Criminal Police Office (BKA) identified Oleg Evgenievich Nefedov, a 35-year-old Russian national, as the leader of the Black Basta ransomware gang.

The Ukrainian police in collaboration with German authorities also identified two additional individuals allegedly working for the ransomware operation and conducted raids at two locations in the Ivano-Frankivsk and Lviv regions.

Gootloader now uses 1,000-part ZIP archives for stealthy delivery

The Gootloader malware, typically used for initial access, is now using a malformed ZIP archive designed to evade detection by concatenating up to 1,000 archives.

In doing so, the malware, which is an archived JScript file, causes many tools to crash when trying to analyze it.

According to researchers, the malicious file is successfully unpacked using the default utility in Windows, but tools relying on 7-Zip and WinRAR fail.

The Quantum Security Problem No One Is Ready For

Quantum computers are expected to deliver dramatic gains in processing speed and capability, with the potential to reshape fields ranging from scientific research to commercial innovation.

However, those same advantages could also make these machines attractive targets for cyberattacks, according to Swaroop Ghosh, a professor of computer science and electrical engineering at the Penn State School of Electrical Engineering and Computer Science.

Ghosh and co-author Suryansh Upadhyay, who recently earned his doctorate in electrical engineering from Penn State, examined these concerns in a new research paper that outlines key security weaknesses in current quantum computing systems. Published in the Proceedings of the Institute of Electrical and Electronics Engineers (IEEE), the study argues that protecting quantum computers will require more than software safeguards, emphasizing the importance of securing the underlying hardware as well.

/* */