Menu

Blog

Archive for the ‘cybercrime/malcode’ category: Page 126

Apr 19, 2021

Malware That Spreads Via Xcode Projects Now Targeting Apple’s M1-based Macs

Posted by in categories: cryptocurrencies, cybercrime/malcode

Hackers have retooled an Xcode malware campaign to work with Apple’s new M1 chips and steal data from cryptocurrency apps.

Apr 19, 2021

Cambridge Quantum pushes into NLP and quantum computing with new head of AI

Posted by in categories: cybercrime/malcode, quantum physics, robotics/AI

Cambridge Quantum Computing (CQC) hiring Stephen Clark as head of AI last week could be a sign the company is boosting research into ways quantum computing could be used for natural language processing.

Quantum computing is still in its infancy but promises such significant results that dozens of companies are pursuing new quantum architectures. Researchers at technology giants such as IBM, Google, and Honeywell are making measured progress on demonstrating quantum supremacy for narrowly defined problems. Quantum computers with 50–100 qubits may be able to perform tasks that surpass the capabilities of today’s classical digital computers, “but noise in quantum gates will limit the size of quantum circuits that can be executed reliably,” California Institute of Technology theoretical physics professor John Preskill wrote in a recent paper. “We may feel confident that quantum technology will have a substantial impact on society in the decades ahead, but we cannot be nearly so confident about the commercial potential of quantum technology in the near term, say the next 5 to 10 years.”

Continue reading “Cambridge Quantum pushes into NLP and quantum computing with new head of AI” »

Apr 16, 2021

Cybercriminals are selling access to OTP code-generating company servers

Posted by in categories: cryptocurrencies, cybercrime/malcode

Cybersecurity specialists report that a hacker is selling real-time access to a single-use password system, allowing cybercriminals to access Facebook, Twitter, Google, Amazon, Microsoft, Signal, Telegram accounts, among many others without having to obtain multi-factor authentication codes.

This report should be taken seriously, as a related attack could engage billions of users. In turn, cybersecurity experts point out that this is the consequence of using servers that handle OTP requests from online service users.

The first reports on this hacker were published by researcher Rajshekhar Rajaharia, who mentions that the hacker offers 50 GB of data extracted from multiple sources and webshell access to the OTP generating platform. The seller asks for about $5000 USD in cryptocurrency, although Rajaharia notes that initially the hacker planned to sell this information for about $18000 USD.

Apr 15, 2021

Malware Variants: More Sophisticated, Prevalent and Evolving in 2021

Posted by in categories: cybercrime/malcode, evolution

Employees play a vital role in ensuring their company’s cybersecurity bubble remains intact. Many malware campaigns begin by sending an e-mail communication to employees. To learn basic cybersecurity hygiene, employees must become familiar with password management, identify and report security threats, and recognize suspicious behavior. Regular content and training will assist employees in countering any malware threats they encounter.

Adopt a culture of comprehensive security.

Given the ongoing evolution of malware attacks and their capability to surpass what they were capable of, organizations should prioritize a strong malware protection strategy. Consultation with experienced cybersecurity experts like Indusface can help them create a solution that meets their needs.

Apr 15, 2021

1-Click Hack Found in Popular Desktop Apps — Check If You’re Using Them

Posted by in categories: bitcoin, cybercrime/malcode, internet

Multiple one-click vulnerabilities have been discovered across a variety of popular software applications, allowing an attacker to potentially execute arbitrary code on target systems.

The issues were discovered by Positive Security researchers Fabian Bräunlein and Lukas Euler and affect apps like Telegram, Nextcloud, VLC, LibreOffice, OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark, and Mumble.

“Desktop applications which pass user supplied URLs to be opened by the operating system are frequently vulnerable to code execution with user interaction,” the researchers said. “Code execution can be achieved either when a URL pointing to a malicious executable (.desktop,.jar,.exe, …) hosted on an internet accessible file share (nfs, webdav, smb, …) is opened, or an additional vulnerability in the opened application’s URI handler is exploited.”

Apr 15, 2021

Thousands of devices infected with the SolarMarket Trojan via malicious websites

Posted by in category: cybercrime/malcode

A recent report notes that a hacking group is employing search engine optimization (SEO) tactics to trick users into attracting them to over 100000 legitimate-looking malicious websites through the Google browser.

The goal of this campaign is to install a Remote Access Trojan (RAT) on vulnerable devices, which would allow the deployment of subsequent attacks and infections. The eSentire signature experts detected this campaign, mentioning that malicious web pages appear in browser results when the user searches for terms related to invoices, receipts, questionnaires and resume.

Continue reading “Thousands of devices infected with the SolarMarket Trojan via malicious websites” »

Apr 14, 2021

The FBI is remotely hacking hundreds of computers to protect them from Hafnium

Posted by in categories: cybercrime/malcode, government, internet

With full court approval.


In what’s believed to be an unprecedented move, the FBI is trying to protect hundreds of computers infected by the Hafnium hack by hacking them itself, using the original hackers’ own tools (via TechCrunch).

The hack, which affected tens of thousands of Microsoft Exchange Server customers around the world and triggered a “whole of government response” from the White House, reportedly left a number of backdoors that could let any number of hackers right into those systems again. Now, the FBI has taken advantage of this by using those same web shells / backdoors to remotely delete themselves, an operation that the agency is calling a success.

Continue reading “The FBI is remotely hacking hundreds of computers to protect them from Hafnium” »

Apr 13, 2021

Threat Groups Prey on Mobile With Evolving Malware, Tactics

Posted by in category: cybercrime/malcode

Up to 97 percent of organizations reported facing mobile threats that used multiple attack vectors during 2020, as cybercriminals continue to adopt new tactics to target mobile devices.

Apr 13, 2021

Preparing for AI-enabled cyberattacks

Posted by in categories: business, cybercrime/malcode, existential risks, information science, robotics/AI

MIT Technology Review Insights, in association with AI cybersecurity company Darktrace, surveyed more than 300 C-level executives, directors, and managers worldwide to understand how they’re addressing the cyberthreats they’re up against—and how to use AI to help fight against them.


Cyberattacks continue to grow in prevalence and sophistication. With the ability to disrupt business operations, wipe out critical data, and cause reputational damage, they pose an existential threat to businesses, critical services, and infrastructure. Today’s new wave of attacks is outsmarting and outpacing humans, and even starting to incorporate artificial intelligence (AI). What’s known as “offensive AI” will enable cybercriminals to direct targeted attacks at unprecedented speed and scale while flying under the radar of traditional, rule-based detection tools.

Some of the world’s largest and most trusted organizations have already fallen victim to damaging cyberattacks, undermining their ability to safeguard critical data. With offensive AI on the horizon, organizations need to adopt new defenses to fight back: the battle of algorithms has begun.

Continue reading “Preparing for AI-enabled cyberattacks” »

Apr 12, 2021

3 Key Cybersecurity Trends To Know For 2021 (and On …)

Posted by in categories: cybercrime/malcode, robotics/AI

3 Key Cybersecurity Trends To Know For 2021 (and on…)


Other mitigation efforts can be done by employing new technologies that monitor, alert, and analyze activities in the network. Emerging technologies such as artificial intelligence and machine learning tools can help provide visibility and predictive analytics. It is also good to have diversification and multiple sourcing for suppliers in the event of a breach. Preparation and redundancy are advantageous in crisis scenarios. But like most issues in cybersecurity, it comes down to people, vigilant processes, and technologies coupled with risk factors constantly being reviewed.

Of course, there are many other compelling trends and threats to the cybersecurity ecosystem. More to cover in future articles. I have highlighted the more immediate trends of the expanding cyber-attack surface remote work, IoT supply chain, ransomware as a cyber weapon of choice and threats to critical infrastructure via ICS, OT/IT cyber-threat convergence. The most important tasks based on analyzing trends is to be have a mitigation strategy, be vigilant, try to fill gaps, and learn from lessons of the recent cyber-breaches.

Continue reading “3 Key Cybersecurity Trends To Know For 2021 (and On …)” »