Menu

Blog

Archive for the ‘cybercrime/malcode’ category: Page 57

Feb 28, 2023

US Marshals Service hit with ransomware attack

Posted by in category: cybercrime/malcode

The United States Marshals Service (USMS) was hit with a ransomware attack the agency said in a statement. The incident occurred on February 17, and “officials determined that it constitutes a major incident,” according to an agency spokesperson.

Ransomware is a type of malware that locks up computer systems until a “ransom” is paid to unlock the system.

Feb 28, 2023

LastPass says employee’s home computer was hacked and corporate vault taken

Posted by in categories: cybercrime/malcode, encryption

Already smarting from a breach that put partially encrypted login data into a threat actor’s hands, LastPass on Monday said that the same attacker hacked an employee’s home computer and obtained a decrypted vault available to only a handful of company developers.

Although an initial intrusion into LastPass ended on August 12, officials with the leading password manager said the threat actor “was actively engaged in a new series of reconnaissance, enumeration, and exfiltration activity” from August 12 to August 26. In the process, the unknown threat actor was able to steal valid credentials from a senior DevOps engineer and access the contents of a LastPass data vault. Among other things, the vault gave access to a shared cloud-storage environment that contained the encryption keys for customer vault backups stored in Amazon S3 buckets.

Feb 28, 2023

A simple DIY hoodie can fool security cameras

Posted by in categories: cybercrime/malcode, surveillance

Pierce, an artist whose work critically engages with weaponized emerging technologies, recently unveiled their latest ingenious project—an everyday hoodie retrofitted to include an array of infrared (IR) LEDs that, when activated, blinds any nearby night vision security cameras. Using mostly off-the-shelf components like LumiLED lights, an Adafruit microcontroller, and silicone wire, as well as we software Pierce that made open-source for interested DIYers, the privacy-boosting “Camera Shy Hoodie” is designed to enable citizens to safely engage in civic protests and demonstrations. Or, wearers can just simply opt-out of being tracked by unknown third-parties while walking down the street.


A DIY hack for hoodies emits infrared LEDs to obscure wearers’ faces from invasive surveillance camera tracking.

Feb 27, 2023

ChromeLoader Malware Targeting Gamers via Fake Nintendo and Steam Game Hacks

Posted by in category: cybercrime/malcode

A new ChromeLoader malware campaign has been observed being distributed via virtual hard disk (VHD) files, marking a deviation from the ISO optical disc image format.

“These VHD files are being distributed with filenames that make them appear like either hacks or cracks for Nintendo and Steam games,” AhnLab Security Emergency response Center (ASEC) said in a report last week.

ChromeLoader (aka Choziosi Loader or ChromeBack) originally surfaced in January 2022 as a browser-hijacking credential stealer but has since evolved into a more potent, multifaceted threat capable of stealing sensitive data, deploying ransomware, and even dropping decompression bombs.

Feb 23, 2023

New Hacking Cluster ‘Clasiopa’ Targeting Materials Research Organizations in Asia

Posted by in category: cybercrime/malcode

Materials research organizations in Asia have been targeted by a previously unknown threat actor using a distinct set of tools.

Symantec, by Broadcom Software, is tracking the cluster under the moniker Clasiopa. The origins of the hacking group and its affiliations are currently unknown, but there are hints that suggest the adversary could have ties to India.

This includes references to “SAPTARISHI-ATHARVAN-101” in a custom backdoor and the use of the password “iloveindea1998^_^” for a ZIP archive.

Feb 23, 2023

Ben Goertzel — Countering Objections to Mind Uploading

Posted by in categories: cybercrime/malcode, neuroscience

Ben Goertzel in response to some common objections covered in an article on io9 by George Dvorsky ‘You’ll Probably Never Upload Your Mind Into A Computer’: http://io9.com/you-ll-probably-never-upload-your-mind-into-a-computer-474941498

Objections are covered in order as they appear in the article:
1. Brain functions are not computable.
2. We’ll never solve the hard problem of consciousness.
3. We’ll never solve the binding problem.
4. Panpsychism is true.
5. Mind-body dualism is true.
6. It would be unethical to develop.
7. We can never be sure it works.
8. Uploaded minds would be vulnerable to hacking and abuse.

Continue reading “Ben Goertzel — Countering Objections to Mind Uploading” »

Feb 22, 2023

10 Dark Web Monitoring Tools

Posted by in category: cybercrime/malcode

Enterprises looking to get ahead of data breaches and data leaks can benefit from using dark web monitoring tools and scan for personally identifiable information and even respond to attacks. Here is a list of 10 such tools.

Feb 22, 2023

How to Detect New Threats via Suspicious Activities

Posted by in category: cybercrime/malcode

Protect yourself and your organization from the threat of unknown malware. Check out this guide to detecting suspicious behavior.

Feb 22, 2023

U.S. Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog

Posted by in category: cybercrime/malcode

CISA has updated its Known Exploited Vulnerabilities catalog with three new vulnerabilities that are currently being exploited.

Feb 22, 2023

Threat Actors Adopt Havoc Framework for Post-Exploitation in Targeted Attacks

Posted by in categories: cybercrime/malcode, government

An open source command-and-control (C2) framework known as Havoc is being adopted by threat actors as an alternative to other well-known legitimate toolkits like Cobalt Strike, Sliver, and Brute Ratel.

Cybersecurity firm Zscaler said it observed a new campaign in the beginning of January 2023 targeting an unnamed government organization that utilized Havoc.

“While C2 frameworks are prolific, the open-source Havoc framework is an advanced post-exploitation command-and-control framework capable of bypassing the most current and updated version of Windows 11 defender due to the implementation of advanced evasion techniques such as indirect syscalls and sleep obfuscation,” researchers Niraj Shivtarkar and Niraj Shivtarkar said.

Page 57 of 220First5455565758596061Last