Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 86

How I Hacked The US Government Aged 16 | Minutes With | @LADbible

In this weeks episode of Minutes With we sat down with Mustafa Al-Bassam, a former member of Anonymous and one of the founders of LulzSec.

Mustafa tells us how he got in to hacking and how he ended up getting involved in attacks on The Sun, The Westboro Baptist Church and even the US Government.

Subscribe To Our Channel: http://bit.ly/SubscribeLADbible.
Facebook: https://www.facebook.com/ladbible/
Instagram: https://www.instagram.com/ladbible/
Twitter: https://twitter.com/ladbible.

#LADbible #UNILAD

To license this video please email: [email protected]

GlobalData warns of cybersecurity threat to travel & tourism

The travel and tourism sector has become a prime focus for cyberattacks in recent times, resulting in ransomware incidents arising from data breaches. Against this backdrop, cybersecurity concerns within the industry have escalated with a 4 pc year-on-year (YoY) rise in 2022, reflecting the prevailing sentiment, says GlobalData, a leading data and analytics company.

In its report, Company Filing Analytics Database, GlobalData says that sentiment for airlines, travel services, and lodging rose by 6 pc, 4 pc, and 1 pc, respectively, in 2022 over 2021.

“Companies are consistently working on information and network security projects to set up a reliable technical protection and security management mechanism to ensure customer security and prevent data leakage. A severe data security incident can lead to operational disturbances and cause significant financial damage to the business,” says Misa Singh, Business Fundamentals Analyst at GlobalData.

A review of existing studies investigating online romance fraud

Online romance fraud is an increasingly common phenomenon, which can affect people of all ages worldwide. This type of fraud occurs when a malicious individual or members of a criminal organization engage with users online pretending to be romantically interested in them, while trying to trick them into sending money or sharing confidential information with them.

Online scams can have a detrimental effect on a victim’s life, causing them to spend all their savings, become indebted, and even be subjected to blackmail or identity theft. A team of researchers at Abertay University in the U.K. recently reviewed existing literature focusing on romance and then summarized some of the most recurring findings in a paper pre-published on arXiv.

“Romance fraud has been growing over the last decade or so and was exacerbated by the COVID-19 pandemic which saw a surge in cybercrime and cyberattacks,” Dr. Lynsay Shepherd, one of the researchers who carried out the study, told Tech Xplore. “Our paper provides a comprehensive overview of romance fraud research, which could serve as a starting point for future research in the field.”

OpenAI launches $20k Bug Bounty Program to make its products safer

The company is offering rewards ‘for exceptional discoveries’.

OpenAI, the creator of conversational chatbot ChatGPT, has announced a Bug Bounty program where users can report “vulnerabilities, bugs, or security flaws” and be financially rewarded for finding them. The company has announced rewards ranging from $200 to $20,000 depending on the severity of the flaw and teamed up with a popular bug-finding platform to streamline the process.

OpenAI’s ChatGPT has ushered in a race for artificial intelligence (AI) models that provide comprehensive solutions to user queries and can even simulate intriguing imagery with the help of a few text prompts.

Sestovic/iStock.

While the technology is advancing at a breathtaking pace and producing some mind-boggling results, there are also concerns about these products’ safety. AI researchers like Stuart Russell have warned that unchecked, the rise of AI could result in a Chernobyl-like incident for the tech industry.

Cybercriminals Turn to Android Loaders on Dark Web to Evade Google Play Security

Malicious loader programs capable of trojanizing Android applications are being traded on the criminal underground for up to $20,000 as a way to evade Google Play Store defenses.

“The most popular application categories to hide malware and unwanted software include cryptocurrency trackers, financial apps, QR-code scanners, and even dating apps,” Kaspersky said in a new report based on messages posted on online forums between 2019 and 2023.

Dropper apps are the primary means for threat actors looking to sneak malware via the Google Play Store. Such apps often masquerade as seemingly innocuous apps, with malicious updates introduced upon clearing the review process and the applications have amassed a significant user base.

AI tools like ChatGPT likely to empower hacks, NSA cyber boss warns

While much-debated AI tools will not automate or elevate every digital assault, phishing scheme or hunt for software exploits, NSA’s Rob Joyce said April 11, what it will do is “optimize” workflows and deception in an already fast-paced environment.

“Is it going to replace hackers and be this super-AI hacking? Certainly not in the near term,” Joyce said at an event hosted by the Center for Strategic and International Studies think tank. “But it will make the hackers that use AI much more effective, and they will operate better than those who don’t.”

U.S. officials consider mastery of AI critical to long-term international competitiveness — whether that’s in defense, finance or another sector. At least 685 AI projects, including several tied to major weapons systems, were underway at the Pentagon as of early 2021.

Computer hardware company MSI hacked, BIOS source code and private keys stolen

According to reports, the Taiwanese computer hardware company MSI (Micro-Star International) was recently joined to the list of victims of a new ransomware gang that goes by the name “Money Message.” The perpetrators of the cybercrime say that they have taken source code along with other critical material from the company’s network. MSI is a world-renowned leader in the production of computer components, such as motherboards, graphics cards, desktop computers, laptop computers, servers, and other electronic equipment. It brings in more than $6.5 billion in income every year.

Money Message has included MSI on the website that it maintains for the publication of leaked material and has published images of the company’s CTMS and ERP databases in addition to files that include software source code, private keys, and BIOS firmware. If MSI does not comply with the threat actors’ demand for a ransom payment, they will now threaten to release all of the information that was taken.

The perpetrators of the hack claim to have taken 1.5 terabytes worth of data, including databases and source code, from MSI’s servers. They are holding out for a ransom payment of four million dollars.

Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation

Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by various threat actors in hacks targeting unpatched systems.

This entails the abuse of CVE-2022–46169 (CVSS score: 9.8) and CVE-2021–35394 (CVSS score: 9.8) to deliver MooBot and ShellBot (aka PerlBot), Fortinet FortiGuard Labs said in a report published this week.

CVE-2022–46169 relates to a critical authentication bypass and command injection flaw in Cacti servers that allows an unauthenticated user to execute arbitrary code. CVE-2021–35394 also concerns an arbitrary command injection vulnerability impacting the Realtek Jungle SDK that was patched in 2021.