Researchers discovered a new stealth malware, dubbed SockDetour, that operates filelessly and socketlessly on compromised systems.
Russia ramped up its cyberattacks on Ukraine prior to its physical invasion, potentially foreshadowing how future conflicts will play out.
The researcher also told BleepingComputer that websites, such as LinkedIn, detect man-in-the-middle (MiTM) attacks and deactivate accounts after successful logins.
To overcome this obstacle, mr.d0x came up with a devious new phishing technique that uses the noVNC remote access software and browsers running in kiosk mode to display email login prompts running on the attacker’s server but shown in the victim’s browser.
VNC is a remote access software that allows remote users to connect to and control a logged-in user’s desktop. Most people connect to a VNC server through dedicated VNC clients that open the remote desktop in a similar manner to Windows Remote Desktop.
WASHINGTON, Feb 17 (Reuters) — A single activist helped turn the tide against NSO Group, one of the world’s most sophisticated spyware companies now facing a cascade of legal action and scrutiny in Washington over damaging new allegations that its software was used to hack government officials and dissidents around the world.
It all started with a software glitch on her iPhone.
An unusual error in NSO’s spyware allowed Saudi women’s rights activist Loujain al-Hathloul and privacy researchers to discover a trove of evidence suggesting the Israeli spyware maker had helped hack her iPhone, according to six people involved in the incident. A mysterious fake image file within her phone, mistakenly left behind by the spyware, tipped off security researchers.
Final Words
Digitization in all its forms is exciting. The development of technology is met with zeal and zest, primarily as it eases people’s lives all over and eradicates several problems. However, in all its glamour, the cybersecurity aspects of these digitizations are often undermined, as evident with the metaverse.
Although the metaverse is a genuinely remarkable concept and could help the world in several ways, it is crucial to realize that it might all fail if the cybersecurity aspect is ignored. Therefore, within all this hype on its development, cybersecurity is a topic that needs a lot more attention than it is getting.
The endless parade of bad news for Israeli malware merchant NSO Group continues. While it appears someone might be willing to bail out the beleaguered company, it still has to do business as the poster boy for the furtherance of human rights violations around the world. That the Israeli government may have played a significant part in NSO’s sales to known human rights violators may ultimately be mitigating, but for now, NSO is stuck playing defense with each passing news cycle.
Late last month, the New York Times revealed some very interesting things about NSO Group. First, it revealed the company was able to undo its built-in ban on searching US phone numbers… provided it was asked to by a US government agency. The FBI took NSO’s powerful Pegasus malware for a spin in 2019, but under an assumed name: Phantom. With the permission of NSO and the Israeli government, the malware was able to target US numbers, albeit ones linked to dummy phones purchased by the FBI.
The report noted the FBI liked what it saw, but found the zero-click exploit provided by NSO’s bespoke “Phantom” (Pegasus, but able to target US numbers) might pose constitutional problems the agency couldn’t surmount. So, it walked away from NSO. But not before running some attack attempts through US servers — something that was inadvertently exposed by Facebook and WhatsApp in their lawsuit against NSO over the targeting of WhatsApp users. An exhibit declared NSO was using US servers to deliver malware, something that suggested NSO didn’t care about its self-imposed restrictions on US targeting. In reality, it was the FBI and NSO running some tests on local applications of zero-click malware that happened to be caught by Facebook techies.
Disappointed with the lack of US response to the Hermit Kingdom’s attacks against US security researchers, one hacker took matters into his own hands.
The infamous Pegasus spyware created by Israeli firm NSO can turn any infected smartphone into a remote microphone or camera. Here’s how to stay safe and know if you’ve been hacked.
PROVIDENCE, R.I. [Brown University] — Whether for use in cybersecurity, gaming or scientific simulation, the world needs true random numbers, but generating them is harder than one might think. But a group of Brown University physicists has developed a technique that can potentially generate millions of random digits per second by harnessing the behavior of — tiny magnetic anomalies that arise in certain two-dimensional materials.
Their research, published in Nature Communications, reveals previously unexplored dynamics of single, the researchers say. Discovered around a half-decade ago, have sparked interest in physics as a path toward next-generation computing devices that take advantage of the magnetic properties of particles — a field known as spintronics.
“There has been a lot of research into the global dynamics of, using their movements as a basis for performing computations,” said Gang Xiao, chair of the Department of Physics at Brown and senior author of the research. “But in this work, we show that purely random fluctuations in the size of can be useful as well. In this case, we show that we can use those fluctuations to generate random numbers, potentially as many as 10 million digits per second.”
