Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 88

Rorschach Ransomware Emerges: Experts Warn of Advanced Evasion Strategies

Cybersecurity researchers have taken the wraps off a previously undocumented ransomware strain called Rorschach that’s both sophisticated and fast.

“What makes Rorschach stand out from other ransomware strains is its high level of customization and its technically unique features that have not been seen before in ransomware,” Check Point Research said in a new report. “In fact, Rorschach is one of the fastest ransomware strains ever observed, in terms of the speed of its encryption.”

The cybersecurity firm said it observed the ransomware deployed against an unnamed U.S.-based company, adding it found no branding or overlaps that connect it to any previously known ransomware actors.

I literally connected my brain to GPT-4 with JavaScript

I hacked my brain with a compact electroencephalogram (EEG) and connected it to GPT-4 with the OpenAI API. In this crazy tutorial, you’ll learn how to use JavaScript to read your brainwaves.

#tech #javascript #science.

💬 Chat with Me on Discord.

https://discord.gg/fireship.

🔗 Resources.

Neurosity Crown https://neurosity.co.

Continue reading “I literally connected my brain to GPT-4 with JavaScript” | >

Trojanized Tor browsers target Russians with crypto-stealing malware

A surge of trojanized Tor Browser installers targets Russians and Eastern Europeans with clipboard-hijacking malware that steals infected users’ cryptocurrency transactions.

Kaspersky analysts warn that while this attack is not new or particularly creative, it’s still effective and prevalent, infecting many users worldwide.

While these malicious Tor installers target countries worldwide, Kaspersky says that most are targeting Russia and Eastern Europe.

D3dcompiler_47.dll: If AV raises an alerts about this Microsoft signed dll file, you are in trouble

Threat actors used a well-liked piece of corporate communication software from 3CX, according to security experts. In particular, reports state that a desktop client for the 3CX VoIP (Voice over Internet Protocol) service was used to specifically target 3CX’s clients.

It is believed that the attack is a multi-part process, with the first stage using a hacked version of the 3CX desktop application. Although the.exe file and the MSI package have the same name, preliminary research indicates that the MSI package is the one that may include DLLs that have been maliciously modified.

The beginning of the infection process occurs when 3CXDesktopApp.exe loads the ffmpeg.dll file. After that, ffmpeg.dll will read the encrypted code from d3dcompiler_47.dll and then decode it. It seems that the decrypted code is the backdoor payload that attempts to visit the IconStorage GiHub page in order to access an ICO file that contains the encrypted C&C server that the backdoor connects to in order to acquire the probable ultimate payload.

600,000 companies networks using 3CX VoIP software infected with malware. Biggest supply chain attack

Researchers from multiple security companies have reported that a massive supply chain attack on users of 3CX, a widely utilized voice and video calling desktop client, was carried out by computer hackers working on behalf of the government of North Korea. The attack targeted users of the Windows and macOS operating systems. 3CX users may make calls, examine the status of colleagues, chat, plan a video conference, and check voicemails all from the desktop program by using the 3CXDesktopApp, which is accessible for Windows, macOS, Linux, and mobile devices.

The attack resulted in the compromising of the software build system that was used to generate and distribute versions of the app for Windows and macOS. The app delivers VoIP and PBX services to “over 600,000 clients,” some of which include American Express, Mercedes-Benz, and Price Waterhouse Cooper. Since the attackers controlled the software development system, they were able to insert malware into 3CX applications, even though those applications had been digitally signed using the official signing key for the firm.

This is a traditional kind of attack on supply chains, and its purpose is to take advantage of the trust connections that exist between an organization and third parties.

Powered by GPT-4: Microsoft’s new AI Security Copilot to enhance cybersecurity

According to Microsoft, 1,287 password attacks occur every second around the world.

Microsoft is now focusing on cybersecurity as part of its ongoing efforts to incorporate generative artificial intelligence into the majority of its products. The company previously announced an AI-powered assistant for Office apps.

To enhance cyber security, Microsoft Corp has announced the implementation of the next generation of AI in its security products.

Lcva2/iStock.

According to Microsoft, 1,287 password attacks occur every second around the world. And the number of attacks has increased by 67 percent in the last five years.

Supply chain cyberattack with possible links to North Korea could have thousands of victims globally

Hackers modified an enterprise communication company’s installation software in an attack that could steal credentials and other information from companies around the world, according to an analysis published Wednesday.

Researchers with cybersecurity firm SentinelOne’s SentinelLabs team traced illicit activity flagged by its detection systems back to the installation software from a company called 3CX, which according to its website provides video conferencing and online communication products to companies such as Toyota, McDonalds, Pepsi and Chevron. In total, the company says it serves some 12 million customers globally.

This sort of large-scale attack that takes advantage of a company’s supply chain — similar to how attackers leveraged a flaw within a SolarWinds product update to install backdoors inside its customers’ networks — can be difficult to defend against and could lead to devastating consequences for victims. It’s also the kind of operation that is typically associated with a nation-state hacking group.

WiFi protocol flaw allows attackers to hijack network traffic

Cybersecurity researchers have discovered a fundamental security flaw in the design of the IEEE 802.11 WiFi protocol standard, allowing attackers to trick access points into leaking network frames in plaintext form.

WiFi frames are data containers consisting of a header, data payload, and trailer, which include information such as the source and destination MAC address, control, and management data.

These frames are ordered in queues and transmitted in a controlled matter to avoid collisions and to maximize data exchange performance by monitoring the busy/idle states of the receiving points.

ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation

One more. I hope it’s not posted yet. Even AI isn’t safe.

ChatGPT creator OpenAI has confirmed a data breach caused by a bug in an open source library, just as a cybersecurity firm noticed that a recently introduced component is affected by an actively exploited vulnerability.

OpenAI said on Friday that it had taken the chatbot offline earlier in the week while it worked with the maintainers of the Redis data platform to patch a flaw that resulted in the exposure of user information.

The issue was related to ChatGPT’s use of Redis-py, an open source Redis client library, and it was introduced by a change made by OpenAI on March 20.

Hacking phones remotely without touching via new inaudible ultrasound attack

The Near–Ultrasound Invisible Trojan, or NUIT, was developed by a team of researchers from the University of Texas at San Antonio and the University of Colorado Colorado Springs as a technique to secretly convey harmful orders to voice assistants on smartphones and smart speakers.

If you watch videos on YouTube on your smart TV, then that television must have a speaker, right? According to Guinevere Chen, associate professor and co-author of the NUIT article, “the sound of NUIT harmful orders will [be] inaudible, and it may attack your mobile phone as well as connect with your Google Assistant or Alexa devices.” “That may also happen in Zooms during meetings. During the meeting, if someone were to unmute themself, they would be able to implant the attack signal that would allow them to hack your phone, which was placed next to your computer.

The attack works by playing sounds close to but not exactly at ultrasonic frequencies, so they may still be replayed by off-the-shelf hardware, using a speaker, either the one already built into the target device or anything nearby. If the first malicious instruction is to mute the device’s answers, then subsequent actions, such as opening a door or disabling an alarm system, may be initiated without warning if the first command was to silence the device in the first place.