New SPLX research exposes “AI-targeted cloaking,” a simple hack that poisons ChatGPT’s reality and fuels misinformation.
Category: cybercrime/malcode – Page 8
Qilin ransomware abuses WSL to run Linux encryptors in Windows
The Qilin ransomware operation was spotted executing Linux encryptors in Windows using Windows Subsystem for Linux (WSL) to evade detection by traditional security tools.
The ransomware first launched as “Agenda” in August 2022, rebranding to Qilin by September and continuing to operate under that name to this day.
Qilin has become one of the most active ransomware operations, with new research from Trend Micro and Cisco Talos stating that the cybercrime gang has attacked more than 700 victims across 62 countries this year.
Google disputes false claims of massive Gmail data breach
Google was once again forced to announce that it had not suffered a data breach after numerous news outlets published sensational stories about a fake breach that purportedly exposed 183 million accounts.
This claim began over the weekend and into today, with news stories claiming that millions of Gmail accounts were breached, with some outlets saying it affected the full 183 million accounts.
However, as the company explained in a series of posts on Monday, Gmail did not suffer a breach, and the compromised accounts were actually from a compilation of credentials stolen by information-stealing malware and other attacks over the years.
Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack
To sidestep detection, the attack chain involves the execution of PowerShell commands to disable AMSI, turn off TLS certificate validation, and enable Restricted Admin, in addition to running tools such as dark-kill and HRSword to terminate security software. Also deployed on the host are Cobalt Strike and SystemBC for persistent remote access.
The infection culminates with the launch of the Qilin ransomware, which encrypts files and drops a ransom note in each encrypted folder, but not before wiping event logs and deleting all shadow copies maintained by the Windows Volume Shadow Copy Service (VSS).
The findings coincide with the discovery of a sophisticated Qilin attack that deployed their Linux ransomware variant on Windows systems and combined it with legitimate IT tools and the bring your own vulnerable driver (BYOVD) technique to bypass security barriers.
To fight cybercrime, student unravels the layers of 3D printing
To most people, a 3D printer is a cool piece of technology that can make toys, tools or parts in minutes. But for Hala Ali, it can be a partner in crime, and the doctoral student at Virginia Commonwealth University earned national honors recently for her work exploring one of the fastest-growing frontiers in cybercrime.
Ali, a computer science student in the College of Engineering, won best paper at this summer’s 25th annual Digital Forensics Research Conference in Chicago. The paper, “Leveraging Memory Forensics to Investigate and Detect Illegal 3D Printing Activities,” reflects her research into how digital forensics can help investigators uncover whether a 3D printer was used to create weapons or other illegal objects.
“3D printing is a process of creating a physical object from a digital design by laying down successive layers of material until the object is created,” Ali said.