Lifeboat Foundation

An emerging China-backed advanced persistent threat (APT) group targeted organizations in Hong Kong in a supply chain attack that leveraged a legitimate software to deploy the PlugX/Korplug backdoor, researchers have found.

During the attack, the group leveraged as its PlugX installer malware signed with another legitimate entity, a Microsoft certificate, in an abuse of Microsoft’s Windows Hardware Developer Program, a vulnerability already known to the software vendor.

A malicious campaign targeting MacOS, Linux, and Windows systems has been attributed to the North Korean threat group Lazarus. Cybersecurity researchers at ReversingLabs made the disclosure after tracking VMConnect for about a month.

ReversingLabs first spotted the VMConnect campaign in early August. Cybersecurity researcher and blogger Karlo Zanki described it as consisting of two dozen “malicious Python packages” posted on the openly accessible PyPI software repository.

Continue reading “North Korean malicious package targets Windows” »

Infamous Chisel is described as a collection of multiple components that’s designed with the intent to enable remote access and exfiltrate information from Android phones.

Besides scanning the devices for information and files matching a predefined set of file extensions, the malware also contains functionality to periodically scan the local network and offer SSH access.

“Infamous Chisel also provides remote access by configuring and executing TOR with a hidden service which forwards to a modified Dropbear binary providing a SSH connection,” the Five Eyes (FVEY) intelligence alliance said.

Artificial intelligence (AI) has been helping humans in IT security operations since the 2010s, analyzing massive amounts of data quickly to detect the signals of malicious behavior. With enterprise cloud environments producing terabytes of data to be analyzed, threat detection at the cloud scale depends on AI. But can that AI be trusted? Or will hidden bias lead to missed threats and data breaches?

Bias can create risks in AI systems used for cloud security. There are steps humans can take to mitigate this hidden threat, but first, it’s helpful to understand what types of bias exist and where they come from.

A pair of breaches have hit media giant Paramount Global and fashion purveyor Forever 21, exposing personally identifiable information for thousands of people in the latter’s case and setting them up for a raft of follow-on attacks.

In Paramount’s case, the Hollywood bigwig disclosed in a data breach notification letter obtained by media that cyberattackers accessed PII for certain individuals for a month, between May and June of this year. The data included names, birthdates, Social Security numbers, driver’s license numbers, passport numbers, and “information related to [the individual’s] relationship with Paramount.”

It’s unclear if the data pertains to website members, employees, customers, or other profiles — or how many are affected. The data breach notification letter, penned by an operations executive at Nickelodeon Animation Studio, did not elaborate.

A New York-based bank says a global cybersecurity incident has exposed sensitive customer data.

In a letter to customers, M&T Bank says the exploit involves the file transfer tool MOVEit, which is used to securely send and receive confidential information.

According to the bank, the attacker was able to access customer data by targeting one of the lender’s third-party vendors.

Smart devices will be hot items this holiday season. They hook up to the internet and can be controlled by your phone. However, we have a demonstration that shows how easy it is to hack your home.

Every seven minutes a cyber-attack is reported in Australia.

Millions of Australians have had their data stolen in malicious attacks, costing some businesses tens of millions of dollars in ransom. The federal government is warning the country must brace for even more strikes as cyber gangs become more sophisticated and ruthless.

Continue reading “How cyber-crime has become organised warfare | Four Corners” »

For weeks, a cyberattack paralyzed the German district of Anhalt-Bitterfeld in 2021, bringing its whole administration to a standstill. It was a stark illustration of how hackers can knock out entire communities in milliseconds — and how digital technology has become vital for running our societies.

Such “critical digital infrastructure” helps boost efficiency. But it also makes communities ever more vulnerable to hacking. And attacks are on the rise. In this episode of Techtopia, DW Chief Technology Correspondent Janosch Delcker investigates how a criminal industry makes billions by taking computers hostage — and how governments can use similar methods as a political weapon.

Continue reading “Critical digital infrastructure: Why societies are becoming so vulnerable to cyberattacks |Techtopia” »