Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 5

AI agents may be skilled researchers—but not always honest ones

Artificial intelligence tools designed to execute end-to-end projects, from coming up with hypotheses to running and writing up experiments, are increasingly popular with researchers—and increasingly skilled.

But a new study shows these tools can stealthily violate norms of research integrity.

VANCOUVER, CANADA— Artificial intelligence (AI) tools designed to execute end-to-end projects, from coming up with hypotheses to running and writing up experiments, are increasingly popular with researchers—and increasingly skilled. But a new study shows these tools can stealthily violate norms of research integrity.

Computer scientist Nihar Shah of Carnegie Mellon University and colleagues looked at two high-profile tools— Agent Laboratory and the AI Scientist v2 —both developed recently to help computer scientists perform experiments within the field of machine learning. The AI Scientist made headlines earlier this year by being the first AI system to have an original research paper accepted by peer review.

But in a presentation at the World Conferences on Research Integrity here today, Shah reported that both systems engaged in acts that aren’t acceptable in research, including making up data and “p-hacking”: running an experiment multiple times but only reporting the best outcome. (The team’s results were previously posted as a preprint on arXiv.) The misbehaviors weren’t obvious and required a lot of sleuthing to track down, suggesting AI-assisted studies might fall victim to such problems without their authors’ knowledge.

Mobile qubits on a chip move us a step closer to everyday quantum computers

For years, quantum computers have lived under a huge bubble of hype, promising to revolutionize numerous fields, from medicine and battery design to materials science and cybersecurity. But realizing their potential on any serious practical level will only be possible if large numbers of qubits (the basic units of information) can interact with each other with high precision and flexibility.

One of the main things holding that back is that traditional qubits are fixed in place, meaning they can only talk to their immediate neighbors. But in a new paper published in Nature, scientists describe how they overcame this limitation by using mobile qubits that can be moved around a chip. Lars R. Schreiber at the JARA-FIT Institute for Quantum Information in Germany has also published a News & Views piece in the same journal.

Hackers abuse Google ads for GoDaddy ManageWP login phishing

A phishing campaign delivered through Google sponsored search results is targeting credentials for ManageWP, GoDaddy’s platform for managing fleets of WordPress websites.

The threat actor is using an adversary-in-the-middle (AitM) approach where the fake login page acts as a real-time proxy between the victim and the legitimate ManageWP service.

ManageWP is a centralized remote administration platform for WordPress websites, enabling users to manage multiple sites from a single panel instead of logging into separate dashboards. Common users include web developers, web agencies managing client sites, and enterprises.

DAEMON Tools devs confirm breach, release malware-free version

Disc Soft Limited, the maker of DAEMON Tools Lite, confirmed that the software had been trojanized in a supply chain attack and released a new, malware-free version.

“Within less than 12 hours of identifying the issue, we were able to implement a solution. Based on our current findings, the issue was limited to the free DAEMON Tools Lite version and did not affect any of our other products,” Disc Soft told BleepingComputer.

“We have not identified evidence supporting claims that all DAEMON Tools users were impacted, and at this stage, we are not in a position to confirm any impact on paid versions customers. Our current analysis indicates that DAEMON Tools Pro and DAEMON Tools Ultra were not affected and absolutely safe.”

New stealthy Quasar Linux malware targets software developers

A previously undocumented Linux implant named Quasar Linux (QLNX) is targeting developers’ systems with a mix of rootkit, backdoor, and credential-stealing capabilities.

The malware kit is deployed in development and DevOps environments in npm, PyPI, GitHub, AWS, Docker, and Kubernetes. This could enable supply-chain attacks where the threat actor publishes malicious packages on code distribution platforms.

Researchers at cybersecurity company Trend Micro analyzed the QLNX implant and found that “it dynamically compiles rootkit shared objects and PAM backdoor modules on the target host using gcc [GNU Compiler Collection].”

CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs

A new version of the CloudZ remote access tool (RAT) is deploying a previously unseen malicious plugin called Pheno that hijacks the Microsoft Phone Link connection to steal sensitive codes from mobile devices.

The malware was discovered in an intrusion that was active since at least January and researchers believe the threat actor’s purpose was to steal credentials and temporary passcodes.

Microsoft Phone Link comes installed on Windows 10 and 11, and allows using the computer to make and take calls, respond to texts, or view notifications received on the mobile device (Android and iOS).

Vimeo data breach exposes personal information of 119,000 people

The ShinyHunters extortion gang stole personal information belonging to over 119,000 people after hacking the Vimeo online video platform in April, according to data breach notification service Have I Been Pwned.

Vimeo is a video hosting and streaming platform publicly traded on the Nasdaq stock market, with over 300 million registered users and over 1,100 employees, and reported revenues of $417 million for FY2024.

The company disclosed on April 27 that customer and user data had been accessed without authorization following a recent breach at Anodot, a data anomaly detection company.

AI fails to make inroads with cybercriminals, study finds

Cybercriminals have been struggling to adopt AI in their work, reports the first-of-its-kind study that analyzed a dataset of 100 million posts from underground cybercrime communities. The study is published on the arXiv preprint server.

In reality, most cybercriminals—often referred to as hackers—lack the skills or resources to support real innovation within their criminal activities, experts say.

/* */