Menu

Blog

Archive for the ‘cybercrime/malcode’ category: Page 48

May 31, 2023

New phishing technique to allows hacking someone using.zip &.mov domains

Posted by in category: cybercrime/malcode

When a victim visits a website ending in. ZIP, a recently developed phishing method known as “file archiver in the browser” may be used to “emulate” file-archiving software in the target’s web browser.

According to information published by a security researcher named mr.d0x last week, “with this phishing attack, you simulate a file archiver software (e.g., WinRAR) in the browser and use a.zip domain to make it appear more legitimate,”

In a nutshell, threat actors could develop a realistic-looking phishing landing page using HTML and CSS that replicates genuine file archiving software. They could then host the website on a.zip domain, which would elevate social engineering tactics to a higher level.

May 31, 2023

CAPTCHA-Breaking Services with Human Solvers Helping Cybercriminals Defeat Security

Posted by in categories: cybercrime/malcode, food, robotics/AI

Cybersecurity researchers are warning about CAPTCHA-breaking services that are being offered for sale to bypass systems designed to distinguish legitimate users from bot traffic.

“Because cybercriminals are keen on breaking CAPTCHAs accurately, several services that are primarily geared toward this market demand have been created,” Trend Micro said in a report published last week.

“These CAPTCHA-solving services don’t use [optical character recognition] techniques or advanced machine learning methods; instead, they break CAPTCHAs by farming out CAPTCHA-breaking tasks to actual human solvers.”

May 31, 2023

Critical Firmware Vulnerability in Gigabyte Systems Exposes ~7 Million Devices

Posted by in category: cybercrime/malcode

Cybersecurity researchers have found “backdoor-like behavior” within Gigabyte systems, which they say enables the UEFI firmware of the devices to drop a Windows executable and retrieve updates in an unsecure format.

Firmware security firm Eclypsium said it first detected the anomaly in April 2023. Gigabyte has since acknowledged and addressed the issue.

“Most Gigabyte firmware includes a Windows Native Binary executable embedded inside of the UEFI firmware,” John Loucaides, senior vice president of strategy at Eclypsium, told The Hacker News.

May 29, 2023

New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids

Posted by in categories: cybercrime/malcode, energy

Mandiant has analyzed a new Russia-linked ICS malware named CosmicEnergy that is designed to cause electric power disruption.

May 29, 2023

New ‘Lobshot’ hVNC Malware Used by Russian Cybercriminals

Posted by in category: cybercrime/malcode

Russian cybercrime group TA505 has been observed using new hVNC (Hidden Virtual Network Computing) malware in recent attacks, threat intelligence company Elastic reports.

Called Lobshot, the malware allows attackers to bypass fraud detection engines and provides them with stealthy, direct access to the infected machines.

The threat actor distributes the malware through malvertising, abusing Google Ads and a network of fake websites to trick users into downloading legitimate-looking installers containing backdoors.

May 28, 2023

What you need to know about the mindset and motivation of ethical hackers

Posted by in categories: cybercrime/malcode, robotics/AI

Join top executives in San Francisco on July 11–12, to hear how leaders are integrating and optimizing AI investments for success. Learn More

Why do people become ethical hackers? Given the negative connotations that the word “hacker” has unfortunately acquired over the past few decades, it’s tough to understand why anyone would ascribe themselves to that oxymoron.

Yet, ethical hackers are playing an increasingly vital role in cybersecurity, and the ranks of the ethical hacking community are growing significantly. If you’re thinking about working with or hiring ethical hackers — or even becoming one yourself — it’s important to understand what makes this unique breed of cyber-pro tick.

May 28, 2023

Solving problems is better than fearmongering

Posted by in categories: business, cybercrime/malcode

W elcome to the TechCrunch Exchange, a weekly startups-and-markets newsletter. It’s inspired by the daily TechCrunch+ column where it gets its name. Want it in your inbox every Saturday? Sign up here.

From cybersecurity to SaaS for restaurants, the key to running a successful business is selling a product that solves your clients’ real problems. — Anna

2022 in cybersecurity.

May 26, 2023

Critical Flaw in Inea ICS Product Exposes Industrial Organizations to Remote Attacks

Posted by in categories: cybercrime/malcode, robotics/AI

A critical vulnerability found in a remote terminal unit (RTU) made by Slovenia-based industrial automation company Inea can expose industrial organizations to remote hacker attacks.

The existence of the vulnerability came to light last week, when the US Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to inform organizations. The vendor has released a firmware update that patches the issue.

The security hole, tracked as CVE-2023–2131 with a CVSS score of 10, impacts Inea ME RTUs running firmware versions prior to 3.36. This OS command injection bug could allow remote code execution, CISA said.

May 26, 2023

How not to get your CCTV cameras hacked?

Posted by in categories: cybercrime/malcode, innovation

At a time when incidents of CCTV Cameras are getting hacked across the world has reached an all-time high, Raxa Security Solutions Ltd, a security company has joined hands with a Bangalore-based IoT cyber security company, Redinent Innovations to address this imperative and serious need.

May 26, 2023

Irrigation Systems in Israel Disrupted

Posted by in categories: cybercrime/malcode, food, sustainability

Automated irrigation systems in the Northern part of Israel were briefly disrupted recently in an attack that once again shows how easy it can be to hack industrial control systems (ICS).

The Jerusalem Post reported that hackers targeted water controllers for irrigation systems at farms in the Jordan Valley, as well as wastewater treatment control systems belonging to the Galil Sewage Corporation.

Farms were warned by Israel’s National Cyber Directorate prior to the incident, being instructed to disable remote connections to these systems due to the high risk of cyberattacks. Roughly a dozen farms in the Jordan Valley and other areas failed to do so and had their water controllers hacked. This led to automated irrigation systems being temporarily disabled, forcing farmers to turn to manual irrigation.

Page 48 of 220First4546474849505152Last