Archive for the ‘cybercrime/malcode’ category: Page 8

Oct 22, 2023

Inside the Underground World of Black Market AI Chatbots

Posted by in categories: cryptocurrencies, cybercrime/malcode, encryption, law, robotics/AI

If you wanted to, you could access an “evil” version of OpenAI’s ChatGPT today—though it’s going to cost you. It also might not necessarily be legal depending on where you live.

However, getting access is a bit tricky. You’ll have to find the right web forums with the right users. One of those users might have a post marketing a private and powerful large language model (LLM). You’ll connect with them on an encrypted messaging service like Telegram where they’ll ask you for a few hundred dollars in cryptocurrency in exchange for the LLM.

Once you have access to it, though, you’ll be able to use it for all the things that ChatGPT or Google’s Bard prohibits you from doing: have conversations about any illicit or ethically dubious topic under the sun, learn how to cook meth or create pipe bombs, or even use it to fuel a cybercriminal enterprise by way of phishing schemes.

Oct 20, 2023

Patch Now: APTs Continue to Pummel WinRAR Bug

Posted by in categories: cybercrime/malcode, government


State-sponsored threat actors from Russia and China continue to throttle the remote code execution (RCE) WinRAR vulnerability in unpatched systems to deliver malware to targets.

Researchers at Google’s Threat Analysis Group (TAG) have been tracking attacks in recent weeks that exploit CVE-2023–38831 to deliver infostealers and backdoor malware, particularly to organizations in Ukraine and Papua New Guinea. The flaw is a known and patched vulnerability in RarLab’s popular WinRAR file archiver tool for Windows, but systems that haven’t been updated remain vulnerable.

Continue reading “Patch Now: APTs Continue to Pummel WinRAR Bug” »

Oct 20, 2023

Discord: A Playground for Nation-State Hackers Targeting Critical Infrastructure

Posted by in categories: cybercrime/malcode, evolution, internet

🕵️‍♂️ Nation-state hackers are turning to Discord. Discover how they’re using this social platform for potential cyber-espionage and target critical infrastructure.


In what’s the latest evolution of threat actors abusing legitimate infrastructure for nefarious ends, new findings show that nation-state hacking groups have entered the fray in leveraging the social platform for targeting critical infrastructure.

Continue reading “Discord: A Playground for Nation-State Hackers Targeting Critical Infrastructure” »

Oct 20, 2023

New Admin Takeover Vulnerability Exposed in Synology’s DiskStation Manager

Posted by in categories: cybercrime/malcode, futurism

A vulnerability in Synology’s DSM has been revealed, allowing attackers to remotely hijack admin accounts.

Learn how to safeguard your data:

Oct 20, 2023

Zero-Day Alert: Thousands of Cisco IOS XE Systems Now Compromised

Posted by in category: cybercrime/malcode

Zero-day alert: 10K cisco IOS XE systems now compromised:

Just a day after Cisco disclosed CVE-2023–20198, it remains unpatched, and one vendor says a Shodan scan shows at least 10,000 Cisco devices with an implant for arbitrary code execution on them. The vendor meanwhile has updated the advisory with more mitigation steps.

Oct 20, 2023

Lazarus Group Targeting Defense Experts with Fake Interviews via Trojanized VNC Apps

Posted by in category: cybercrime/malcode

🚨 Korean hacking group Lazarus Group targets defense industry and nuclear engineers with fake job interviews, using trojanized VNC apps to steal data and execute commands.

Oct 20, 2023

‘Etherhiding’ Blockchain Technique Hides Malware in WordPress Sites

Posted by in categories: blockchains, cryptocurrencies, cybercrime/malcode

‘Etherhiding’ Blockchain Technique Hides Malicious Code in WordPress Sites: https://informatech.co/3S3tw

A threat actor has been abusing proprietary blockchain technology to hide malicious code in a campaign that uses fake browser updates to spread various malware, including the infostealers RedLine, Amadey, and Lumma.

While abuse of blockchain is typically seen in attacks aimed at stealing cryptocurrency — as the security technology is best known for protecting these transactions — EtherHiding demonstrates how attackers can leverage it for other types of malicious activity.

Continue reading “‘Etherhiding’ Blockchain Technique Hides Malware in WordPress Sites” »

Oct 19, 2023

The Most Popular IT Admin Password Is Totally Depressing

Posted by in category: cybercrime/malcode

After sifting through more than 1.8 million pages identified as admin portals, researchers made a disheartening discovery — 40,000 of them used “admin” as its password, making it the most popular credential used by IT administrators.

The research was conducted on 2023 passwords between January and September by a team with Outpost24, which also found an increased reliance on default passwords.

The top 10 passwords discovered by the analysis included common defaults and easy-to-guess options:

Oct 17, 2023

How Google Chrome Vulnerability can Put Millions of Users in Danger — Safeguard Your Data Now!

Posted by in categories: cybercrime/malcode, space

The digital realm, while offering boundless possibilities, is also a fertile ground for myriad cybersecurity threats. One such peril that has recently come to light is the User-After-Free vulnerability in Google Chrome, specifically identified as CVE-2023–5218. This vulnerability not only poses a significant threat to user data and system integrity but also opens a Pandora’s box of potential cyber-attacks and exploitations.

The User-After-Free vulnerability is a type of cybersecurity flaw that surfaces when a program continues to utilize memory space after it has been freed or deleted. This flaw allows attackers to execute arbitrary code or potentially gain unauthorized access to a system. CVE-2023–5218, identified within Google Chrome, was noted to be potentially exploitable to perform such malicious actions, thereby putting users’ data and privacy at substantial risk.

CVE-2023–5218 was unveiled to the public through various cybersecurity platforms and researchers who detected unusual activities and potential exploitation trails leading back to this particular flaw. This vulnerability was identified to be present in a specific Chrome component, prompting Google to release a flurry of updates and patches to mitigate the associated risks.

Oct 17, 2023

Silent Predator Unveiled: Decoding WebWyrm Stealthy Malware affecting 50 countries

Posted by in categories: cryptocurrencies, cybercrime/malcode, employment, evolution, finance, military

In the intricate landscape of global cybersecurity, Webwyrm malware has surfaced as a formidable adversary, casting its ominous shadow across 50 nations and leaving in its wake over 100,000 compromised victims. This insidious digital menace successfully emulates in excess of 1,000 reputable companies globally, with the ensuing potential financial fallout estimated to surpass a staggering $100 million. It is imperative for cybersecurity professionals and organizations alike to comprehend the multifaceted nature of this threat to devise and implement robust defensive strategies effectively.

In the dynamic realm of cyber threats, malicious actors incessantly refine their Tactics, Techniques, and Procedures (TTPs), exploiting extant vulnerabilities and augmenting the efficacy of their malicious campaigns. Webwyrm epitomizes this relentless pursuit of evolution, embodying a level of sophistication reminiscent of infamous cyber threats of yore, such as the notorious ‘Blue Whale Challenge.’

WebWyrm malware orchestrates a complex, deceptive narrative aimed at duping unsuspecting job seekers into relinquishing their cryptocurrency. Initiating contact predominantly via WhatsApp, the malefactors likely leverage data procured from employment portals to pinpoint and engage individuals predisposed to their deceptive overtures. Prospective victims are enticed with promises of lucrative weekly remuneration, ranging between $1200 and $1500, contingent upon the completion of daily task “packets” or “resets.”

Page 8 of 194First56789101112Last