Hackers Use Weaponized DOCX File to Deploy Stealthy Malware

andreasc
-
0
Hackers Use Weaponized DOCX File to Deploy Stealthy Malware
[ad_1]
Weaponized DOCX File

CERT-UA has identified and addressed a cyber attack on the government information systems of Ukrainian governmental state bodies.

Through investigation, it was discovered that the department’s email address received communications on April 18, 2023, and April 20, 2023, appearing to originate from the authentic email account of the Embassy from Tajikistan (In Ukraine).

Weaponized DOCX File

Suspected to be a result of the compromised state of the embassy, these emails comprised an attachment in the form of a document that contained a macro in the initial case while referring to the same document in the later incident.

When the document is downloaded, and its macro is activated, it creates and opens a DOCX file called “SvcRestartTaskLogon” with a macro that generates another file with the “WsSwapAssessmentTask” macro. 

While it also includes a “SoftwareProtectionPlatform” file categorized as HATVIBE, which can load and execute additional files.

During the course of technical investigation, it was documented that on April 25, 2023, supplementary programs were generated on the computer, possibly facilitated by HATVIBE, under uncertain circumstances.

Here below, we have mentioned those additional generated apps:-

  • LOGPIE keylogger
  • CHERRYSPY backdoor

The files are created with Python and secured with PyArmor, while the “pytransform” module, providing encryption and code obfuscation, is further safeguarded with Themida.

The STILLARCH malware is employed for searching and exfiltrating files, including data from the LOGPIE keylogger, with file extensions such as:-

Further analysis of infrastructure and associated data determined that the group’s targets include organizations from various countries engaging in espionage activities under the code name UAC-0063, which have been monitored since 2021.

To minimize the vulnerability scope, it is advisable to limit user accounts from executing “mshta.exe,” Windows Script Host (“wscript.exe,” “cscript.exe”), and the Python interpreter, thereby reducing the potential attack surface.

Shut Down Phishing Attacks with Device Posture Security – Download Free E-Book

EHA

[ad_2]
Source link

Employee guilty of joining ransomware attack on his own company

andreasc
-
0
Employee guilty of joining ransomware attack on his own company
[ad_1]

An employee that tried to take advantage of a ransomware attack on his own company has pleaded guilty after 5 years of denying he had anything to do with it.

A 28-year old IT Security Analyst pleaded guilty and will consequently be convicted of blackmail and unauthorized access to a computer with intent to commit other offences.

It all started when the UK gene and cell therapy company Oxford BioMedica fell victim to a cybersecurity incident which involved unauthorized access to part of the company’s computer systems on 27 February, 2018. The intruder notified senior staff members at the company and demanded a ransom. As an IT Security Analyst at the company, Ashley Liles was tasked with investigating the incident.

He worked alongside colleagues and the police in an attempt to mitigate the incident. But at some point he must have decided to use the circumstances to enrich himself. According to the South East Regional Organised Crime Unit (SEROCU), Liles commenced a separate and secondary attack against the company.

As part of his plan he changed the Bitcoin payment address of the attacker to his own in emails to the board members. And he set up an email address very similar to that of the attacker. From that email address he began emailing his employer to pressurize the company to pay the ransom.

Unfortunately for Liles, a payment was never made and the unauthorized access to the private emails was noticed during the investigation. Due to some poor choices when it came to his own security, the police arrested Liles and searched his home.

The unauthorized access to the emails could be traced back to his home address, which gave the police sufficient grounds to seize a computer, laptop, phone, and a USB stick. Despite his attempts to wipe the data from his devices, the police was able to recover enough data to act as evidence to prove his crimes and establish his direct involvement.

Liles denied any involvement for five years. But on May 17, 2023 during a hearing at Reading Crown Court, he changed his plea to guilty. The case has now been adjourned for sentencing at the same court on July 11, 2023.

While this definitely qualifies as an insider threat, this one seems to have been opportunistic rather than premeditated. The term is often associated with disgruntled employees, but they can also be coerced, or jump on an opportunity that presents itself, as Liles did. The case emphasizes the need for effective access control policies, even when an emergency presents itself. You do not want to make the scope of the incident worse by giving up your access policies in light of an investigation.

Access to resources should always be limited to what is needed to get the job done. And incidental access should be revoked when the need is no longer there. We’re not saying that every employee should be treated as a suspect or potential insider threat. That will result in an unworkable situation. But you should have measures in place to limit the damage and find any culprit.

How to avoid ransomware

  • Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
  • Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
  • Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
  • Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
  • Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
  • Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link

Samsung details Knox Matrix as the security platform turns 10

andreasc
-
0
Samsung details Knox Matrix as the security platform turns 10
[ad_1]

Samsung‘s award-winning mobile security platform Knox is ten years old! The company introduced Knox at Mobile World Congress in February 2013. Over the past decade, it has evolved into one of the most trusted security platforms for mobile devices, safeguarding billions of consumers and businesses on the way. In a recent Newsroom post celebrating the 10th anniversary of Knox, Samsung talked about its vision for the platform in the years ahead, including Knox Matrix.

Samsung Knox Matrix is the future of mobile security

At SDC 2022 in October, Samsung announced Knox Matrix as the security platform of the future. It is a private blockchain-based platform that builds on its existing solution. But instead of safeguarding a single device, it offers the same level of protection to all connected devices in an ecosystem.

According to Samsung, there are already more than 14 billion connected devices on the market. From smartphones, tablets, and TVs to refrigerators, washing machines, and robot vacuum cleaners, people use an array of connected devices in their households. This ecosystem will keep growing, and this poses a massive security risk. Existing security platforms can only protect a single device. If one of the devices in an ecosystem has weaker security, it may allow threat actors to compromise the security of other devices as well.

This is where Samsung’s Knox Matrix comes into play. It enables all devices in the ecosystem to protect one another, ensuring strong security for all. The bigger your device ecosystem is, the stronger its overall security. Moreover, should the security of one of them be compromised, the platform will automatically isolate it from the rest of the ecosystem. This allows you to use your connected devices in the same manner as before while also safeguarding them from potential exploitations.

Samsung says the whole platform relies on three critical technologies. Firstly, Trust Chain enables devices in an ecosystem to monitor each other for threats. Credential Sync secures user information as you move data between devices. Finally, Cross Platform SDK enables consistent Knox Matrix security standards for devices on various operating systems and platforms, including Android, Tizen, Windows, and others. The security platform manages all of this within a private blockchain.

Samsung’s next-gen security platform will arrive in 2024

Samsung originally planned to debut Knox Matrix this year. But the company has now delayed its launch to 2024. It is needing more time to ensure that the platform is interoperable across every device type and security system. “Knox Matrix’s development is going strong, but there are challenges on the way to the next frontier. These include reconciling the many different types of products, with varying operating systems and security standards, into a frictionless system able to work as one,” it said in the Newsroom post.

Samsung now plans to launch the first Knox Matrix-compatible models in 2024. It will start with mobile Galaxy products, such as smartphones and tablets. The Galaxy S24 series could be the first to get the new security system. If not, we might be looking at the 2024 foldables. The company will gradually add more device categories such as home appliance devices within the next two to three years. Partner devices will follow next, though the development for partner device compatibility is already underway.


[ad_2]
Source link

Bill Gates talks about the future of AI and its impact on Big Tech

andreasc
-
0
Bill Gates talks about the future of AI and its impact on Big Tech
[ad_1]

Microsoft co-founder and one of the wealthiest men on the planet Bill Gates has talked about AI and how it can reshape customer behavior. Speaking at the Goldman Sachs and SV Angel event, Gates alluded to the capability of AI to challenge Big Tech companies like Google and Amazon.

Gates predicted that the top AI company in the future would be a company that could build a personal agent to perform tasks for people. He added that AI could “radically” change user behaviors. For example, users don’t need to visit a website or shop in an online store anymore.

“Whoever wins the personal agent, that’s the big thing because you will never go to a search site again, you will never go to a productivity site, you’ll never go to Amazon again,” Gates said.

Bill Gates says a personal digital agent could abolish Google and Amazon

Microsoft co-founder added that the future AI winner could be either a startup or a tech giant, and there is a 50-50 percent chance for it. He controlled the AI-driven personal agent and would be able to understand users’ needs and read them the stuff they normally don’t have time to read.

Bill Gates also said he was impressed by some AI startups like Inflection, which was co-founded by a former DeepMind executive Mustafa Suleyman. Gates added he’d be “disappointed if Microsoft didn’t come in there.”

According to Gates, the AI digital agent still needs a few years to be ready for mainstream use. But the companies will continue to integrate chatbots like ChatGPT into their products. Gates noted that AI could help develop more advanced drugs to cure diseases like Alzheimer’s.

Finally, Bill Gates said generative AI technologies that can produce texts would affect white-collar workers. Additionally, humanoid robots that are cheaper than actual human workers will greatly impact blue-collar workers.

“As we invent these robots, we just need to make sure they don’t get Alzheimer’s,” Gates said.


[ad_2]
Source link

AI generated Pentagon explosion photograph goes viral on Twitter

andreasc
-
0
AI generated Pentagon explosion photograph goes viral on Twitter
[ad_1]

We take a look at a viral hoax on Twitter which used AI generated imagery to claim an explosion had occurred close to the Pentagon.

Twitter’s recent changes to checkmark verification continue to cause chaos, this time in the realm of potentially dangerous misinformation. A checkmarked account claimed to show images of explosions close to important landmarks like the Pentagon. These images quickly went viral despite being AI generated and containing multiple overt errors for anyone looking at the supposed photographs.

How did this happen?

Until recently, the social media routine when an important news story breaks would be as follows:

  • Something happens, and it’s reported on by verified accounts on Twitter
  • This news filters out to non-verified accounts

“Verified” accounts are now paid for by anybody who wants to sign up to the $8 a month Twitter Blue service. There’s no real guarantee that a checkmarked video game company, celebrity, or news source is in fact who they claim to be. There have been many instances of this new policy injecting some mayhem into social media already. Fake Nintendo dispensing offensive images and the infamous “Insulin is free” Tweet causing a stock dive spring to mind.

People have taken the “anything goes in checkmark land” approach and are running with it.

What’s happening now is:

  • Fake stories are promoted by checkmarked accounts
  • Those stories filter out to non-checkmarked accounts
  • People in search of facts try to find non-checkmarked (but real) journalists and news agencies while ignoring the checkmarked accounts.

This is made more difficult by changes to how Twitter displays replies, as paid accounts “float” to the top of any conversation. As a result, a situation where a checkmarked account goes viral through a combination of real people, genuine “verified” accounts, and those looking to spread misinformation can potentially result in disaster.

In this case, several checkmarked accounts made claims of explosions near the Pentagon and then the White House.  Bellingcat investigators quickly debunked the imagery for what it is: Poorly done, with errors galore.

Despite how odd the images looked, with no people, mashed up railings, and walls that melt into one another, it made no difference. The visibility of the bogus tweets rocketed and soon there was the possibility of a needless terror-attack panic taking place.

Many US Government, law enforcement, and first responder accounts no longer have a checkmark as they declined to pay for Twitter Blue. Thankfully some have the new grey Government badge, and Arlington County Fire Department was able to confirm that there was no explosion.

What’s interesting about this one is that it highlights how you can post terrible, amateur imagery with no attempt to polish it and enough people will still believe it to make it go viral. In this case, it went viral to the extent that the Pentagon Force Protection Agency had to help debunk it. As Bleeping Computer notes, the PFPA isn’t even verified anymore.

There is no easy answer or collection of tips for avoiding this kind of thing on social media. At least, not on Twitter in its current setup. A once valuable source for breaking, potentially critical warnings about dangerous weather or major incidents simply cannot be trusted as it used to be.

The very best you can do is follow the Government or emergency response accounts which sport the grey badge. There are also gold checkmarks for “verified organisations”, but even there problems remain. A fake Disney Junior account was recently granted a gold check mark out of the blue and chaos ensued.

No, South Park is not coming to Disney Junior.

As for the aim of the accounts pushing misinformation, it’s hard to say. Many paid accounts are simply wanting to troll. Others could be part of dedicated dis/misinformation farms, run by individuals or collectives. It’s also common to see accounts go viral with content, and then switch out to something else entirely once enough reach has been gained. It might be about a different topic, or it could be something harmful.

Even outside the realm of paid accounts, misinformation and fakes can flourish. Just recently, Twitter experienced a return of fake NHS nurses, after having experienced a similar wave back in 2020.

Should any of the fake nurse accounts decide to pay $8 a month, they’ll have the same posting power as the profiles pushing fake explosions. Spam is becoming a big problem on publicly posted and private messages:

AI is already capable of producing realistic looking images, yet the spammers and scammers are using any old picture without care for how convincing it looks. The combination of “breaking news” messaging and an official looking checkmark easily tips it over the edge, and those liable to fall for it simply don’t examine imagery in detail in the first place. Twitter is going to have to invest some serious time into clamping down on spam and bots which naturally help feed the disinformation waves. The big question is: Can the embattled social media giant do it?

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link

Samsung makes more profit from Galaxy tablets than smartphones

andreasc
-
0
Samsung makes more profit from Galaxy tablets than smartphones
[ad_1]

Samsung is reportedly making more money off Galaxy tablets than smartphones. No, not the tablet business as a whole but per unit sold. According to Twitter tipster @Tech_Reve, the company’s operating profit margin for tablets was at around ten percent in the first quarter of this year. In comparison, the profit margin for smartphones and smartwatches was around 7-8 percent.

This is likely because of the stark difference in the market size of tablets and smartphones. When you go to buy a new Android tablet, there aren’t many options out there. In fact, Samsung is the only brand that regularly launches flagship Android tablets today. It is preparing to launch three new flagship models later this year (Galaxy Tab S9 series), following up on last year’s three Galaxy Tab S8 models.

On the other hand, the smartphone market is too crowded. There are dozens of options in every price range you look at. Even if you have strictly set your budget with no flexibility, you would find a handful of models to pick from. This stiff price competition makes companies keep their margins low so they can potentially sell more units. Smartwatches, meanwhile, don’t sell in huge volume, thus lowering their profitability.

Overall, Samsung made about KRW 300 billion (roughly $224 million) from tablets in Q1 2023. That’s almost half of the company’s total net operating profit of KRW 640 billion during that period. However, the Korean behemoth suffered massive losses from the semiconductor business in the first three months of 2023. We are talking about a loss of KRW 4.58 trillion (over $345 billion). So the profit from tablets is peanuts in the grand scheme of things. But the bottom line is that Samsung makes more money from each Galaxy tablet sold than a Galaxy smartphone or smartwatch.

The new Samsung flagship tablets may arrive in late July

As mentioned above, Samsung is gearing up to launch the Galaxy Tab S9 series later this year. The new flagship tablets will break cover during the company’s next Galaxy Unpacked event. Usually, the second Unpacked of the year takes place in August. But Samsung is said to be bringing it forward this year by 2-3 weeks. We are looking at a late July date. The new tablets will be accompanied by the Galaxy Z Fold 5 and Galaxy Z Flip 5 foldables, as well as the Galaxy Watch 6 series. We might get a new pair of TWS earbuds as well. Stay tuned for the official date of the next Galaxy Unpacked.


[ad_2]
Source link

Android phones are vulnerable to fingerprint brute-force attacks

andreasc
-
0
Android phones are vulnerable to fingerprint brute-force attacks
[ad_1]

It’s no secret that over the past few years, the threat of hackers exploiting vulnerabilities to gain access to information has prompted many smartphone companies to implement robust cybersecurity measures. However, researchers from Tencent Labs and Zhejiang University have discovered a new type of attack that targets fingerprint authentication systems on modern smartphones. Dubbed BrutePrint, the attack aims to bypass user authentication by repeated trial-and-error attempts, posing a significant threat to accounts and individuals.

How does the BrutePrint attack work?

To execute the BrutePrint attack, researchers identified and exploited two zero-day vulnerabilities named Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL), which allowed them to overcome existing safeguards on smartphones, such as attempt limits and liveness detection. Additionally, the researchers also discovered that the data on fingerprint sensors’ Serial Peripheral Interface (SPI) was unprotected, thus making it susceptible to an attack.

The attack functions by systematically attempting to unlock the device using databases sourced from academic datasets, leaked biometric data, and similar sources. However, it is important to note that the time required for a successful breach depends on the number of stored fingerprints. For example, on smartphones with only one registered fingerprint, the attack can take between 2.9 and 13.9 hours. However, on devices with multiple registered fingerprints, the attack only takes about 0.66 to 2.78 hours, as the probability of finding the right fingerprint increases dramatically.

Devices vulnerable to the attack

In their report, researchers stated that they tested the attack on ten popular smartphone models and found that all Android devices were vulnerable. Therefore, if an attacker gains access to your device, they would only need to disable the safeguards, have ample time, and minimal hardware costing around $15. On the other hand, iOS devices were much more secure, and the researchers could only gain ten additional attempts on iPhone SE and iPhone 7 models, rendering the attack ineffective.

While this type of attack might not appeal to the average hacker since it requires physical access to the smartphone, researchers have warned that state-sponsored actors and law enforcement agencies can exploit this technique to access data. Therefore, device manufacturers will need to act swiftly and patch these zero-day vulnerabilities as soon as possible.

bruteprint fingerprint attack devices


[ad_2]
Source link

Ford’s Level 3 driver-assist isn’t well-built for busy cities

andreasc
-
0
Ford’s Level 3 driver-assist isn’t well-built for busy cities
[ad_1]

One example of the many autonomous driving technologies out there is the Ford Level 3 driver-assist feature. This is the American automobile company’s take on autonomous driving currently making a wave in the industry. Well, despite the efforts Ford and its team of engineers have put into this feature, it still has its flaws.

These flaws hold it back from being put to use in very busy areas with lots of vehicles, cyclists, and pedestrians. An example of some areas where this driver-assist feature from Ford might flop is in high metropolitan cities. In an event that took place on Monday the 22nd of May, Ford gave out information on two autonomous driving systems.

Both systems will be available on future Ford vehicles with separate use cases. The first feature will handle braking, acceleration, lane keep assist, and automatic lane change when activated by the driver. But the second feature (Ford Level 3 driver-assist feature) under consideration in this article will take things a step further.

Ford Level 3 driver-assist feature is an engineering marvel that will need some work

The Ford Level 3 driver-assist feature and the BlueCruise Level 2 system are autonomous driving features from Ford. BlueCruise focuses on aspects of autonomous driving like acceleration, braking, lane keep assist, and so on. But the Ford Level 3 driver-assist feature is built to aid drivers in more complex driving situations.

Level 3 autonomous driving features are under strong criticism from experts as they pose a risk to drivers and other road users. These driving features assist drivers in busy areas with a lot of road users. It takes over the steering at the driver’s command while on the highway. With the use of sensors, it guides the car to its destination with minimal effort from the driver.

Lots of car manufacturers are working on or already have Level 3 autonomous driving systems. But regarding the Ford Level 3 driver-assist feature, the company’s vice president points out that it might be faulty under certain circumstances. For this reason, Ford plans to perfect this technology and users will wait till after 2025 to get this feature.

Whilst packing a ton of sensors and smart features, Ford’s L3 autonomous driving systems fail to understand certain things. These things are quite clear to the driver, but the system might overlook them, and this can be fatal. The system is not ready to handle busy city streets with lots of traffic signs, cyclists, and pedestrians.

Leaving driving to the Ford Level 3 system in a busy city will be a big risk. Ford will limit its autonomous driving system to steering, braking, acceleration, and lane-keep assistance on long rides to avoid such risks. In the coming years, Ford will work to perfect this system to make it more usable in big cities with little or no risk to the driver or other road users.


[ad_2]
Source link

Bard can now use Google Image Search

andreasc
-
0
Bard can now use Google Image Search
[ad_1]

After its little slip-up earlier this year, Google Bard is well on the way to becoming one of the most useful AI chatbots on the market. Shortly after we got news of a bunch of updates coming to Bard, Google gave it the ability to search for and give you images in your results.

If you’re looking to try out some of the new experiments that Google is doing with Bard, you can join the waitlist for the Google Search Labs. When you’re added on, you will be able to try out some of the new and experimental features that Google is trying out on the AI front. You can click here to sign up.

Google Bard can now search through Google Images

One of the main things about ChatGPT is the fact that it’s on an island. It can’t really connect or integrate with any other services as of yet. In the case of Google Bard, well, it has Google; so, it’s connected to pretty much everything. The search Bard can integrate with several Google products, and that includes Google Images.

According to Android Authority, Google Bard can now search Google images to give you a visual aid when you’re using it. Say, you are looking up popular tourist attractions. Bard can simply tell you, but it can also give you images to help you visualize what you’re searching for.

It will also give you the links to where those pictures are from. So, you’ll be able to navigate to the respective pages if you’re planning on visiting there. Bard will give you image results if your search happens to warrant images. However, you can simply type in “Can you show me images of…”, and it will bring them up as well.

This feature will actually work both ways; you won’t only be able to request images from Bard, but you’ll also be able to put images into it. You’ll use images as input and ask Bard to perform actions based on the image.

For example, say you enter an image of a forest at night. You’ll be able to ask Bard to write a poem based on what it is. Bard will use its intelligence to identify that it’s a forest in the nighttime. Then, it will be able to generate a poem based on the perceived mood of the picture. This feature isn’t out just yet, but Google will launch it in the near future. However, Bard can give you image results now.


[ad_2]
Source link
1...1,2241,2251,226...1,470Page 1,225 of 1,470