БЛОГ

Archive for the ‘cybercrime/malcode’ category: Page 49

May 15, 2023

CISA warns of critical Ruckus bug used to infect Wi-Fi access points

Posted by in categories: cybercrime/malcode, internet

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today of a critical remote code execution (RCE) flaw in the Ruckus Wireless Admin panel actively exploited by a recently discovered DDoS botnet.

While this security bug (CVE-2023–25717) was addressed in early February, many owners are likely yet to patch their Wi-Fi access points. Furthermore, no patch is available for those who own end-of-life models affected by this issue.

Attackers are abusing the bug to infect vulnerable Wi-Fi APs with AndoryuBot malware (first spotted in February 2023) via unauthenticated HTTP GET requests.

May 12, 2023

Netgear Routers’ Flaws Expose Users to Malware, Remote Attacks, and Surveillance

Posted by in categories: cybercrime/malcode, habitats, surveillance

Attention Netgear RAX30 users! Five new flaws revealed! Hackers could hijack your devices, tamper with settings, and control your smart home.

May 12, 2023

Lessons from ‘Star Trek: Picard’ — a cybersecurity expert explains how a sci-fi series illuminates today’s threats

Posted by in categories: cybercrime/malcode, futurism

‘Star Trek: Picard’ is set 400 years in the future, but, like most science fiction, it deals with issues in the here and now. The show’s third and final season provides a lens on cybersecurity.

May 12, 2023

OneNote documents have emerged as a new malware infection vector

Posted by in categories: cybercrime/malcode, encryption

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.

Intro

In February 2022, Microsoft disabled VBA macros on documents due to their frequent use as a malware distribution method. This move prompted malware authors to seek out new ways to distribute their payloads, resulting in an increase in the use of other infection vectors, such as password-encrypted zip files and ISO files.

May 12, 2023

Massive data breach leaves Intel scrambling for solutions

Posted by in category: cybercrime/malcode

MSI suffered a major data breach, but it’s not the only company impacted — all Intel users may be at risk.

May 9, 2023

Researchers Uncover SideWinder’s Latest Server-Based Polymorphism Technique

Posted by in categories: cybercrime/malcode, mobile phones

Over the past year, SideWinder has been linked to a cyber attack aimed at Pakistan Navy War College (PNWC) as well as an Android malware campaign that leveraged rogue phone cleaner and VPN apps uploaded to the Google Play Store to harvest sensitive information.

The latest infection chain documented by BlackBerry mirrors findings from Chinese cybersecurity firm QiAnXin in December 2022 detailing the use of PNWC lure documents to drop a lightweight. NET-based backdoor (App.dll) that’s capable of retrieving and executing next-stage malware from a remote server.

What makes the campaign also stand out is the threat actor’s use of server-based polymorphism as a way to potentially sidestep traditional signature-based antivirus (AV) detection and distribute additional payloads by responding with two different versions of an intermediate RTF file.

May 6, 2023

Hackers promise AI, install malware instead

Posted by in categories: cybercrime/malcode, robotics/AI

Meta on Wednesday warned that hackers are using the promise of generative artificial intelligence like ChatGPT to trick people into installing malicious code on devices.

Over the course of the past month, analysts with the social-media giant have found malicious software posing as ChatGPT or similar AI tools, chief information security officer Guy Rosen said in a briefing.

“The latest wave of malware campaigns have taken notice of generative AI technology that’s been capturing people’s imagination and everyone’s excitement,” Rosen said.

May 6, 2023

Google Launches New Cybersecurity Analyst Training Program

Posted by in category: cybercrime/malcode

Google on Thursday announced a new cybersecurity training program. Those who sign up for the class will prepare for a cybersecurity analyst career and they will receive a professional certificate from Google when they graduate.

The new Cybersecurity Certificate is part of the company’s Grow With Google initiative. The program was built by Google experts and it’s hosted by online course provider Coursera.

Interested individuals can sign up for a 7-day free trial, after which they will have to pay $49 per month to continue learning.

May 4, 2023

Researchers Uncover New Exploit for PaperCut Vulnerability That Can Bypass Detection

Posted by in category: cybercrime/malcode

Cybersecurity researchers have found a way to exploit a recently disclosed critical flaw in PaperCut servers in a manner that bypasses all current detections.

Tracked as CVE-2023–27350 (CVSS score: 9.8), the issue affects PaperCut MF and NG installations that could be exploited by an unauthenticated attacker to execute arbitrary code with SYSTEM privileges.

While the flaw was patched by the Australian company on March 8, 2023, the first signs of active exploitation emerged on April 13, 2023.

May 4, 2023

Hugging Face and ServiceNow release a free code-generating model

Posted by in categories: cybercrime/malcode, law, robotics/AI

AI startup Hugging Face and ServiceNow Research, ServiceNow’s R&D division, have released StarCoder, a free alternative to code-generating AI systems along the lines of GitHub’s Copilot.

Code-generating systems like DeepMind’s AlphaCode; Amazon’s CodeWhisperer; and OpenAI’s Codex, which powers Copilot, provide a tantalizing glimpse at what’s possible with AI within the realm of computer programming. Assuming the ethical, technical and legal issues are someday ironed out (and AI-powered coding tools don’t cause more bugs and security exploits than they solve), they could cut development costs substantially while allowing coders to focus on more creative tasks.

According to a study from the University of Cambridge, at least half of developers’ efforts are spent debugging and not actively programming, which costs the software industry an estimated $312 billion per year. But so far, only a handful of code-generating AI systems have been made freely available to the public — reflecting the commercial incentives of the organizations building them (see: Replit).

Page 49 of 219First4647484950515253Last