Lifeboat Foundation

A recently discovered hacking group known for targeting employees dealing with corporate transactions has been linked to a new backdoor called Danfuan.

This hitherto undocumented malware is delivered via another dropper called Geppei, researchers from Symantec, by Broadcom Software, said in a report shared with The Hacker News.

The dropper “is being used to install a new backdoor and other tools using the novel technique of reading commands from seemingly innocuous Internet Information Services (IIS) logs,” the researchers said.

O’Rourke soon started his own board, TacoLand, which was freewheeling and largely about punk music. “This was the counterculture: Maximum Rock & Roll[magazine], buying records by catalog you couldn’t find at record stores,” he said.

When he was younger, he was arrested on drunk-driving charges and played in a punk band. Now 46, he still skateboards.

Interestingly I played in Punk Rock bands in New Orleans, and used CDC’s BO2k to show my friend KJ that Southwest Research’s network was not safe. I also used it in Austin to show my friend Jacob Grimes’ boss that his network was not safe. It was a handy tool for hackers and security researchers back in the day. Texans know all too much about it. This gave Beto major cool points in my book. Hacktivismo still continues today with people like Johnny Long, and I would hope me too. I loved the Ninja Strike Force back in the day.

Continue reading “Beto O’Rourke’s secret membership in America’s oldest hacking group” »

There is a mix of excitement and fear and lots of memes.

After much back and forth and a lawsuit, four days ago, Elon Musk completed his $44 billion takeover of the social media platform Twitter. Musk had put the deal on hold after his initial offer earlier this year. Later he backed out, citing a high number of fake or spam accounts on the platform, a point that then-CEO Aggarwal had publicly denied.

Musk was then taken to court by Twitter’s lawyers. The court had given the two parties time till the month’s end to work out a deal.

Continue reading “Here are some of the best internet reactions to Elon Musk buying Twitter” »

Researchers have developed a hackable and multi-functional 3D printer for soft materials that is affordable and open design. The technology has the potential to unlock further innovation in diverse fields, such as tissue engineering, soft robotics, food, and eco-friendly material processing—aiding the creation of unprecedented designs.

Cybercriminals used two point-of-sale malware strains (POS) to steal the details of more than 167,000 credit cards worth nearly $3.34 million.

SpaceX didn’t want to cooperate, so the researchers had to figure things out the hard way.

The notorious Emotet botnet has been linked to a new wave of malspam campaigns that take advantage of password-protected archive files to drop CoinMiner and Quasar RAT on compromised systems.

In an attack chain detected by Trustwave SpiderLabs researchers, an invoice-themed ZIP file lure was found to contain a nested self-extracting (SFX) archive, the first archive acting as a conduit to launch the second.

While phishing attacks like these traditionally require persuading the target into opening the attachment, the cybersecurity company said the campaign sidesteps this hurdle by making use of a batch file to automatically supply the password to unlock the payload.

A now-patched vulnerability in VMware Workspace ONE Access has been observed being exploited to deliver both cryptocurrency miners and ransomware on affected machines.

“The attacker intends to utilize a victim’s resources as much as possible, not only to install RAR1Ransom for extortion, but also to spread GuardMiner to collect cryptocurrency,” Fortinet FortiGuard Labs researcher Cara Lin said in a Thursday report.

Microsoft this week confirmed that it inadvertently exposed information related to thousands of customers following a security lapse that left an endpoint publicly accessible over the internet sans any authentication.

“This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services,” Microsoft said in an alert.

The misconfiguration of the Azure Blob Storage was spotted on September 24, 2022, by cybersecurity company SOCRadar, which termed the leak BlueBleed. Microsoft said it’s in the process of directly notifying impacted customers.