БЛОГ

Archive for the ‘cybercrime/malcode’ category: Page 123

Apr 12, 2021

3 Key Cybersecurity Trends To Know For 2021 (and On …)

Posted by in categories: cybercrime/malcode, robotics/AI

3 Key Cybersecurity Trends To Know For 2021 (and on…)


Other mitigation efforts can be done by employing new technologies that monitor, alert, and analyze activities in the network. Emerging technologies such as artificial intelligence and machine learning tools can help provide visibility and predictive analytics. It is also good to have diversification and multiple sourcing for suppliers in the event of a breach. Preparation and redundancy are advantageous in crisis scenarios. But like most issues in cybersecurity, it comes down to people, vigilant processes, and technologies coupled with risk factors constantly being reviewed.

Of course, there are many other compelling trends and threats to the cybersecurity ecosystem. More to cover in future articles. I have highlighted the more immediate trends of the expanding cyber-attack surface remote work, IoT supply chain, ransomware as a cyber weapon of choice and threats to critical infrastructure via ICS, OT/IT cyber-threat convergence. The most important tasks based on analyzing trends is to be have a mitigation strategy, be vigilant, try to fill gaps, and learn from lessons of the recent cyber-breaches.

Continue reading “3 Key Cybersecurity Trends To Know For 2021 (and On …)” »

Apr 8, 2021

Google Warns of Zero-Click Bluetooth Flaws in Linux-based Devices

Posted by in category: cybercrime/malcode

Google security researchers are warning of a new set of zero-click vulnerabilities in the Linux Bluetooth software stack that can allow a nearby unauthenticated, remote attacker to execute arbitrary code with kernel privileges on vulnerable devices.

According to security engineer Andy Nguyen, the three flaws — collectively called BleedingTooth — reside in the open-source BlueZ protocol stack that offers support for many of the core Bluetooth layers and protocols for Linux-based systems such as laptops and IoT devices.

Continue reading “Google Warns of Zero-Click Bluetooth Flaws in Linux-based Devices” »

Apr 6, 2021

New ‘Silver Sparrow’ Malware Infected Nearly 30,000 Apple Macs

Posted by in categories: cybercrime/malcode, mobile phones

Days after the first malware targeting Apple M1 chips was discovered in the wild, researchers have disclosed yet another previously undetected piece of malicious software that was found in about 30000 Macs running Intel x86_64 and the iPhone maker’s M1 processors.

However, the ultimate goal of the operation remains something of a conundrum, what with the lack of a next-stage or final payload leaving researchers unsure of its distribution timeline and whether the threat is just under active development.

Calling the malware “Silver Sparrow,” cybersecurity firm Red Canary said it identified two different versions of the malware — one compiled only for Intel x86_64 and uploaded to VirusTotal on August 31, 2020 (version 1), and a second variant submitted to the database on January 22 that’s compatible with both Intel x86_64 and M1 ARM64 architectures (version 2).

Apr 6, 2021

Hackers are using shared Xcode projects to infect Apple developers

Posted by in category: cybercrime/malcode

Developers for Apple’s platforms are being hacked through importing shared Xcode projects infected with malware.

Researchers from SentinelOne detailed the growing trend after discovering a macOS malware dubbed XcodeSpy.

“Threat actors are abusing the Run Script feature in Apple’s Xcode IDE to infect unsuspecting Apple Developers via shared Xcode Projects,” the researchers explained.

Apr 6, 2021

Hackers Targeting professionals With ‘more_eggs’ Malware via LinkedIn Job Offers

Posted by in category: cybercrime/malcode

A new spear-phishing campaign is targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated backdoor trojan called “more_eggs.”

To increase the odds of success, the phishing lures take advantage of malicious ZIP archive files that have the same name as that of the victims’ job titles taken from their LinkedIn profiles.

“For example, if the LinkedIn member’s job is listed as Senior Account Executive—International Freight the malicious zip file would be titled Senior Account Executive—International Freight position (note the ‘position’ added to the end),” cybersecurity firm eSentire’s Threat Response Unit (TRU) said in an analysis. “Upon opening the fake job offer, the victim unwittingly initiates the stealthy installation of the fileless backdoor, more_eggs.”

Apr 4, 2021

Data from 500 mn Facebook accounts posted online: reports

Posted by in category: cybercrime/malcode

Data affecting more than 500 million Facebook users that was originally leaked in 2019, including email addresses and phone numbers, has been posted on an online hackers forum, according to media reports and a cybercrime expert.

“All 533000, 000 Facebook records were just leaked for free,” Alon Gal, at the Hudson Rock cybercrime intelligence firm, said Saturday on Twitter.

He denounced what he called the “absolute negligence” of Facebook.

Apr 3, 2021

533 million Facebook users’ phone numbers and personal data have been leaked online

Posted by in category: cybercrime/malcode

A user in a low level hacking forum has published the phone numbers and personal data of hundreds of millions of Facebook users for free online.

The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses.

Insider reviewed a sample of the leaked data and verified several records by matching known Facebook users’ phone numbers with the IDs listed in the data set. We also verified records by testing email addresses from the data set in Facebook’s password reset feature, which can be used to partially reveal a user’s phone number.

Apr 3, 2021

Intel’s website records and tracks keystrokes, mouse clicks, and user cursor movement

Posted by in categories: cybercrime/malcode, law

Cybersecurity specialists report that Intel is facing a class action lawsuit for violating an anti–wiretapping law in the state of Florida, US. The plaintiffs argue that the company hid software on its website that allowed it to record users’ keystrokes and mouse movements without their express consent.

This is a new case of practice known as session replay, used by multiple companies to take detailed records of how their users interact with their websites, involving the capture of mouse movements, clicks and information queries on the page visited.

Continue reading “Intel’s website records and tracks keystrokes, mouse clicks, and user cursor movement” »

Apr 1, 2021

Brown Under Cyberattack: Some Systems Shut Down, University Calls Incident “Utmost Priority”

Posted by in categories: cybercrime/malcode, education

Brown University is facing a cyberattack that has forced the school to shut some systems down — in an event that Brown is calling an “utmost priority.”

Jack Wrenn, a fifth-year doctoral candidate, said that official information was still “frustratingly scant” as of Wednesday night.

Wrenn provided a timeline as to what he understood transpired, and when the university community was notified.

Mar 30, 2021

‘We have your porn collection’: The rise of extortionware

Posted by in category: cybercrime/malcode

Cyber-security companies are warning about the rise of so-called ‘extortionware’ where hackers embarrass victims into paying a ransom.


Hacked firm’s IT Manager named and shamed by hackers in extortion technique.