Lifeboat Foundation

This post is also available in: עברית (Hebrew)

Ukraine’s security agency claims that the Russian military intelligence service GRU can access compromised Android devices with a new malware called Infamous Chisel, which is associated with the threat actor Sandworm, previously attributed to the Russian GRU’s Main Centre for Special Technologies (GTsST).

Sandworm uses this new malware to target Android devices used by the Ukrainian military, enables unauthorized access to compromised devices, and is designed to scan files, monitor traffic, and steal information.

Digital information exchange can be safer, cheaper and more environmentally friendly with the help of a new type of random number generator for encryption developed at Linköping University, Sweden. The researchers behind the study believe that the new technology paves the way for a new type of quantum communication.

In an increasingly connected world, cybersecurity is becoming increasingly important to protect not just the individual, but also, for example, national infrastructure and banking systems. And there is an ongoing race between hackers and those trying to protect information. The most common way to protect information is through encryption. So when we send emails, pay bills and shop online, the information is digitally encrypted.

To encrypt information, a random number generator is used, which can either be a computer program or the hardware itself. The random number generator provides keys that are used to both encrypt and unlock the information at the receiving end.

Please see my new FORBES article:

Thanks and please follow me on Linkedin for more tech and cybersecurity insights.

More remarkably, the advent of artificial intelligence (AI) and machine learning-based computers in the next century may alter how we relate to ourselves.

Continue reading “Artificial Intelligence: Transforming Healthcare, Cybersecurity, and Communications” »

An emerging China-backed advanced persistent threat (APT) group targeted organizations in Hong Kong in a supply chain attack that leveraged a legitimate software to deploy the PlugX/Korplug backdoor, researchers have found.

During the attack, the group leveraged as its PlugX installer malware signed with another legitimate entity, a Microsoft certificate, in an abuse of Microsoft’s Windows Hardware Developer Program, a vulnerability already known to the software vendor.

A malicious campaign targeting MacOS, Linux, and Windows systems has been attributed to the North Korean threat group Lazarus. Cybersecurity researchers at ReversingLabs made the disclosure after tracking VMConnect for about a month.

ReversingLabs first spotted the VMConnect campaign in early August. Cybersecurity researcher and blogger Karlo Zanki described it as consisting of two dozen “malicious Python packages” posted on the openly accessible PyPI software repository.

Continue reading “North Korean malicious package targets Windows” »

Infamous Chisel is described as a collection of multiple components that’s designed with the intent to enable remote access and exfiltrate information from Android phones.

Besides scanning the devices for information and files matching a predefined set of file extensions, the malware also contains functionality to periodically scan the local network and offer SSH access.

“Infamous Chisel also provides remote access by configuring and executing TOR with a hidden service which forwards to a modified Dropbear binary providing a SSH connection,” the Five Eyes (FVEY) intelligence alliance said.

Artificial intelligence (AI) has been helping humans in IT security operations since the 2010s, analyzing massive amounts of data quickly to detect the signals of malicious behavior. With enterprise cloud environments producing terabytes of data to be analyzed, threat detection at the cloud scale depends on AI. But can that AI be trusted? Or will hidden bias lead to missed threats and data breaches?

Bias can create risks in AI systems used for cloud security. There are steps humans can take to mitigate this hidden threat, but first, it’s helpful to understand what types of bias exist and where they come from.

A pair of breaches have hit media giant Paramount Global and fashion purveyor Forever 21, exposing personally identifiable information for thousands of people in the latter’s case and setting them up for a raft of follow-on attacks.

In Paramount’s case, the Hollywood bigwig disclosed in a data breach notification letter obtained by media that cyberattackers accessed PII for certain individuals for a month, between May and June of this year. The data included names, birthdates, Social Security numbers, driver’s license numbers, passport numbers, and “information related to [the individual’s] relationship with Paramount.”

It’s unclear if the data pertains to website members, employees, customers, or other profiles — or how many are affected. The data breach notification letter, penned by an operations executive at Nickelodeon Animation Studio, did not elaborate.

A New York-based bank says a global cybersecurity incident has exposed sensitive customer data.

In a letter to customers, M&T Bank says the exploit involves the file transfer tool MOVEit, which is used to securely send and receive confidential information.

According to the bank, the attacker was able to access customer data by targeting one of the lender’s third-party vendors.