Lifeboat Foundation

A recent report notes that a hacking group is employing search engine optimization (SEO) tactics to trick users into attracting them to over 100000 legitimate-looking malicious websites through the Google browser.

The goal of this campaign is to install a Remote Access Trojan (RAT) on vulnerable devices, which would allow the deployment of subsequent attacks and infections. The eSentire signature experts detected this campaign, mentioning that malicious web pages appear in browser results when the user searches for terms related to invoices, receipts, questionnaires and resume.

Continue reading “Thousands of devices infected with the SolarMarket Trojan via malicious websites” »

With full court approval.

In what’s believed to be an unprecedented move, the FBI is trying to protect hundreds of computers infected by the Hafnium hack by hacking them itself, using the original hackers’ own tools (via TechCrunch).

The hack, which affected tens of thousands of Microsoft Exchange Server customers around the world and triggered a “whole of government response” from the White House, reportedly left a number of backdoors that could let any number of hackers right into those systems again. Now, the FBI has taken advantage of this by using those same web shells / backdoors to remotely delete themselves, an operation that the agency is calling a success.

Continue reading “The FBI is remotely hacking hundreds of computers to protect them from Hafnium” »

Up to 97 percent of organizations reported facing mobile threats that used multiple attack vectors during 2020, as cybercriminals continue to adopt new tactics to target mobile devices.

MIT Technology Review Insights, in association with AI cybersecurity company Darktrace, surveyed more than 300 C-level executives, directors, and managers worldwide to understand how they’re addressing the cyberthreats they’re up against—and how to use AI to help fight against them.

Cyberattacks continue to grow in prevalence and sophistication. With the ability to disrupt business operations, wipe out critical data, and cause reputational damage, they pose an existential threat to businesses, critical services, and infrastructure. Today’s new wave of attacks is outsmarting and outpacing humans, and even starting to incorporate artificial intelligence (AI). What’s known as “offensive AI” will enable cybercriminals to direct targeted attacks at unprecedented speed and scale while flying under the radar of traditional, rule-based detection tools.

Some of the world’s largest and most trusted organizations have already fallen victim to damaging cyberattacks, undermining their ability to safeguard critical data. With offensive AI on the horizon, organizations need to adopt new defenses to fight back: the battle of algorithms has begun.

Continue reading “Preparing for AI-enabled cyberattacks” »

3 Key Cybersecurity Trends To Know For 2021 (and on…)

Other mitigation efforts can be done by employing new technologies that monitor, alert, and analyze activities in the network. Emerging technologies such as artificial intelligence and machine learning tools can help provide visibility and predictive analytics. It is also good to have diversification and multiple sourcing for suppliers in the event of a breach. Preparation and redundancy are advantageous in crisis scenarios. But like most issues in cybersecurity, it comes down to people, vigilant processes, and technologies coupled with risk factors constantly being reviewed.

Of course, there are many other compelling trends and threats to the cybersecurity ecosystem. More to cover in future articles. I have highlighted the more immediate trends of the expanding cyber-attack surface remote work, IoT supply chain, ransomware as a cyber weapon of choice and threats to critical infrastructure via ICS, OT/IT cyber-threat convergence. The most important tasks based on analyzing trends is to be have a mitigation strategy, be vigilant, try to fill gaps, and learn from lessons of the recent cyber-breaches.

Continue reading “3 Key Cybersecurity Trends To Know For 2021 (and On …)” »

Google security researchers are warning of a new set of zero-click vulnerabilities in the Linux Bluetooth software stack that can allow a nearby unauthenticated, remote attacker to execute arbitrary code with kernel privileges on vulnerable devices.

According to security engineer Andy Nguyen, the three flaws — collectively called BleedingTooth — reside in the open-source BlueZ protocol stack that offers support for many of the core Bluetooth layers and protocols for Linux-based systems such as laptops and IoT devices.

Continue reading “Google Warns of Zero-Click Bluetooth Flaws in Linux-based Devices” »

Days after the first malware targeting Apple M1 chips was discovered in the wild, researchers have disclosed yet another previously undetected piece of malicious software that was found in about 30000 Macs running Intel x86_64 and the iPhone maker’s M1 processors.

However, the ultimate goal of the operation remains something of a conundrum, what with the lack of a next-stage or final payload leaving researchers unsure of its distribution timeline and whether the threat is just under active development.

Calling the malware “Silver Sparrow,” cybersecurity firm Red Canary said it identified two different versions of the malware — one compiled only for Intel x86_64 and uploaded to VirusTotal on August 31, 2020 (version 1), and a second variant submitted to the database on January 22 that’s compatible with both Intel x86_64 and M1 ARM64 architectures (version 2).

Developers for Apple’s platforms are being hacked through importing shared Xcode projects infected with malware.

Researchers from SentinelOne detailed the growing trend after discovering a macOS malware dubbed XcodeSpy.

“Threat actors are abusing the Run Script feature in Apple’s Xcode IDE to infect unsuspecting Apple Developers via shared Xcode Projects,” the researchers explained.

A new spear-phishing campaign is targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated backdoor trojan called “more_eggs.”

To increase the odds of success, the phishing lures take advantage of malicious ZIP archive files that have the same name as that of the victims’ job titles taken from their LinkedIn profiles.

“For example, if the LinkedIn member’s job is listed as Senior Account Executive—International Freight the malicious zip file would be titled Senior Account Executive—International Freight position (note the ‘position’ added to the end),” cybersecurity firm eSentire’s Threat Response Unit (TRU) said in an analysis. “Upon opening the fake job offer, the victim unwittingly initiates the stealthy installation of the fileless backdoor, more_eggs.”