Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 46

Australian researchers have designed an algorithm that can intercept a man-in-the-middle (MitM) cyberattack on an unmanned military robot and shut it down in seconds.

In an experiment using deep learning to simulate the behavior of the human brain, artificial intelligence experts from Charles Sturt University and the University of South Australia (UniSA) trained the robot’s operating system to learn the signature of a MitM eavesdropping cyberattack. This is where attackers interrupt an existing conversation or .

The algorithm, tested in real time on a replica of a United States army combat ground vehicle, was 99% successful in preventing a malicious attack. False positive rates of less than 2% validated the system, demonstrating its effectiveness.

Read more | >

WASHINGTON, Oct 11 (Reuters) — Internet companies Google, Amazon and Cloudflare say they have weathered the internet’s largest-known denial of service attack and are sounding the alarm over a new technique they warn could easily cause widespread disruption.

Alphabet Inc-owned Google (GOOGL.O)said in a blog post published Tuesday that its cloud services had parried an avalanche of rogue traffic more than seven times the size of the previous record-breaking attack thwarted last year.

Internet protection company Cloudflare Inc (NET.N)said the attack was “three times larger than any previous attack we’ve observed.” Amazon.com Inc’s (AMZN.O) web services division also confirmed being hit by “a new type of distributed denial of service (DDoS) event.”

Read more | >

https://informatech.co/3RVp6BM by Elizabeth Montalbano.

Attackers are employing a new type of certificate abuse in an attempt to spread info-stealing malware, with the aim of collecting credentials and other sensitive data. In some instances, the goal is to steal cryptocurrency from Windows systems.

The campaign uses search engine optimization (SEO) poisoning to deliver search results featuring malicious pages promoting illegal software cracks and downloads. In the background, the pages deliver remote access Trojans (RATs) known as LummaC2, and RecordBreaker (aka Raccoon Stealer V2) researchers from South Korea-based AhnLab revealed in a blog post on Oct. 10.

Notably, the malware uses abnormal certificates featuring Subject Name and Issuer Name fields that have unusually long strings, which means they require specific tools or infrastructure to inspect the certificates and are not visible in Windows systems. Specifically, the signature strings include Arabic, Japanese, and other non-English languages, along with special characters and punctuation marks, diverging from the typical English character string structures, the researchers noted.

Continue reading “Data Thieves Test-Drive Unique Certificate Abuse Tactic” | >

After a researcher discovered that an Android TV streaming box, known as T95, was infected with preloaded malware, researchers at Human Security released information regarding the extent of infected devices and how malicious schemes are connected to these corrupted products.

Daniel Milisic, a systems security consultant, created a script alongside instructions to help other users mitigate the threat after first coming across the issue. Now, Human Security’s threat intelligence and research team has dubbed the operation “Bandbox,” which it characterizes as a complex, interconnected series of ad fraud schemes on a massive scale.

Human Security describes the operation as “a global network of consumer products with firmware backdoors installed and sold through a normal hardware supply chain.” Once activated, the malware on the devices connect to a command-and-control (C2) server for further instructions. In tandem, a botnet known as Peachpit is integrated with Badbox, and engages in ad fraud, residential proxy services, fake email/messaging accounts, and unauthorized remote code installation.

Read more | >

FS-ISAC executive shares tips on operational resilience in the face of cyber threats. #cyberattacks

Preparing for the unexpected may be a contradiction in terms, but for financial firms it is essential for survival. The sector has long been a target for threat actors, given that this is where the world’s money is. And as the financial ecosystem becomes increasingly interconnected, threats to its security and resilience are rapidly evolving and increasing.

Operational resilience is not just about responding with agility to risks but also maintaining continuity of operations with minimal or — even better — no disruptions. So, whereas cybersecurity is about preventing and defending against cyberattacks, resilience focuses on sustaining operations despite attacks.

Recognizing the necessity of operational resilience, regulators are emphasizing the need to be prepared for unforeseen incidents. A prominent example is the EU’s Digital Operational Resilience Act (DORA), which provides a framework for the finance industry to detect, prevent, contain, and recover from attacks associated with information and communication technology (ICT).

Continue reading “Preparing for the Unexpected: A Proactive Approach to Operational Resilience” | >

After an early flurry of exploit activity, attacks targeting a maximum-severity flaw that Progress Software disclosed in its WS_FTP Server file transfer product last week appear to have been somewhat limited so far.

However, that’s no reason for organizations to delay patching the vulnerability as soon as possible, given how widely attackers exploited a similarly critical zero-day flaw that Progress reported in its MOVEit file transfer software in May.

CVE-2023–40044 is a. NET deserialization vulnerability in WS_FTP that researchers have shown can be exploited with a single HTTPS POST and some specific multi-part data. Progress disclosed the bug on Sept. 27, with a recommendation for organizations to apply the company’s update for it as soon as possible.

Read more | >

23andMe, the popular DNA testing company, has launched an investigation after client information was listed for sale on a cybercrime forum this week.

On Oct. 1, a post was published on the forum with a link to a sample of allegedly “20 million pieces of data” from the genetic testing company, claiming that it was “the most valuable data you’ll ever see.” The first leak included 1 million lines of data, but on Oct. 4, the threat actor began offering bulk data profiles ranging from $1 to $10 per account in batches of 100, 1,000, 10,000, and 100,000 profiles.

The information leaked in the breach includes names, usernames, profile photos, gender, birthdays, geographical location, and genetic ancestry results.

Read more | >