Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 79

OWASSRF that threat actors are actively exploiting to gain arbitrary code execution through Outlook Web Access (OWA) on vulnerable servers that bypasses ProxyNotShell URL rewrite mitigations.

A recent investigation by CrowdStrike Services found that Microsoft Exchange ProxyNotShell vulnerabilities are probably enabled the common entry vector for several Play ransomware intrusions:

The relevant logs were reviewed by CrowdStrike and no evidence of initial access exploiting CVE-2022–41040 was found.

Read more | >

An Android banking malware named ‘Godfather’ has been targeting users in 16 countries, attempting to steal account credentials for over 400 online banking sites and cryptocurrency exchanges.

The malware generates login screens overlaid on top of the banking and crypto exchange apps’ login forms when victims attempt to log in to the site, tricking the user into entering their credentials on well-crafted HTML phishing pages.

The Godfather trojan was discovered by Group-IB analysts, who believe it is the successor of Anubis, a once widely-used banking trojan that gradually fell out of use due to its inability to bypass newer Android defenses.

Read more | >

Artificial Intelligence has seen many advances recently, with new technologies like deepfakes, deepvoice, and GPT3 completely changing how we see the world. These new technologies bring forth many obvious benefits for in workflow and entertainment, but when technology like this exists, there are those who will try and use it for evil. Today we will be taking a look at how AI is giving hackers and cyber criminals more ways to pull off heists focusing on the story of a $35 million dollar hack that was pulled off using artificial intelligence and deep voice software.

0:00 The History of Social Engineering.
1:12 Early Social Engineering Attacks.
5:02 How Hackers are using Artificial Intelligence.
7:37 The $35 Million Heist.

Join as a member to help support the channel and get perks!
https://www.youtube.com/channel/UCHoRvL_JN1_pqRmMlgfUVsQ/join.

Join the community discord:
https://discord.gg/hYNQN45MdN

Subscribe here:

All music from Epidemic Sound.

Continue reading “How an AI Stole Million” | >

Scientists are trying to teach old crops some new tricks that will let them flourish in these harsher conditions — turning to secrets that reside in plants like pineapples, orchids and agaves. These and certain other plants have hacked photosynthesis in ways that allow them to thrive when it’s hot and dry, and even to withstand blistering periods of drought.

It’s an agricultural moonshot: Scientists hope to increase plant yields by hacking photosynthesis, the process that powers life on Earth.

Read more | >

Microsoft has disclosed details of a now-patched security flaw in Apple macOS that could be exploited by an attacker to get around security protections imposed to prevent the execution of malicious applications.

The shortcoming, dubbed Achilles (CVE-2022–42821, CVSS score: 5.5), was addressed by the iPhone maker in macOS Ventura 13, Monterey 12.6.2, and Big Sur 11.7.2, describing it as a logic issue that could be weaponized by an app to circumvent Gatekeeper checks.

“Gatekeeper bypasses such as this could be leveraged as a vector for initial access by malware and other threats and could help increase the success rate of malicious campaigns and attacks on macOS,” Jonathan Bar Or of the Microsoft 365 Defender Research Team said.

Read more | >

AI-powered assaults will definitely excel at impersonation, a tactic utilized frequently in phishing, as per the study.

A recent cyber analytical report has warned that artificial intelligence (AI) enabled cyberattacks which are quite limited until now, may get more aggressive in the coming years.

The Helsinki-based cybersecurity and privacy firm WithSecure, the Finnish Transport and Communications Agency, and the Finnish National Emergency Supply Agency collaborated on the report, according to an article by Cybernews on Thursday.

Read more | >

More than 15,000 cameras have been placed throughout the eight stadiums and along roads and transportation infrastructure in Doha.

As Lionel Messi faces Kylian Mbappé in Argentina vs France World Cup final match in Qatar, which billions prepare to watch, cybersecurity experts warn that the event may be a hotspot for cyber threats.

“With major sporting events becoming increasingly digitized, the attack surface for threat actors has also increased,” a recent ZeroFox report on World Cup threats stated.

Stephen nadler/ ISI photos/ getty images.

Cyberthreats lurk as five billion people prepare to watch the World Cup final, according to an article by Dark Reading published on Friday.

Read more | >

“Advent has a proven record of strengthening its portfolio companies and a desire to support Maxar in advancing our long-term strategic objectives,” Maxar CEO Daniel Jablonsky said in the statement. “As a private company, we will have enhanced flexibility and additional resources to build on Maxar’s strong foundation, further scale operations and capture the significant opportunities in a rapidly expanding market.”

With some $28 billion invested across the defense, security and cybersecurity sectors in the last three years, Boston-based Advent’s portfolio companies support many satellite and defense platforms which serve the U.S. government and its allies as well as companies across the globe. The firm said it arranged debt and equity financing commitments to finance the acquisition.

The transaction is expected to close mid-2023, subject to customary closing conditions. Maxar, which has 4,400 employees, will operate under the same brand and maintain its headquarters in Westminster, Colorado, and will remain U.S.-controlled and operated.

Read more | >

“The likelihood of a cyber-attacks on Twitter feel very high right now and their ability to be able to counteract that feels very low,” Radcliffe said. “The amount of information that they have on users is considerable and I think that that’s a potential source of concern, particularly in countries in the Middle East and other places where once the information is on the open market and in the public domain it could potentially be harmful to users.”

Partnering with individuals or groups close to authoritarian regimes raises concerns over how Twitter might react should it be pressured by supply information on dissidents or to quell opposition speech. They also raise questions about Musk’s potential conflict of business interests concerning Tesla and Space X’s availability in certain markets.

Such questions have already been brought up by at least one member of the US Congress. But experts say they’re much more concerned about data security should Twitter go under.

Read more | >