Russian Ministry Software Backdoored with North Korean KONNI Malware

andreasc
-
0
Russian Ministry Software Backdoored with North Korean KONNI Malware
[ad_1]

Discover the latest cybersecurity revelation: KONNI malware, linked to North Korean cyber operations, targets the Russian Ministry of Foreign Affairs. Learn about the sophisticated tactics and geopolitical implications

German cybersecurity firm DCSO has discovered a malware sample uploaded to VirusTotal in January 2024, believed to be part of North Korea-linked activity targeting the Russian Ministry of Foreign Affairs (MID). The malware is believed to be KONNI, a North Korean nexus tool used since 2014.

KONNI, first discovered in 2014, is associated with the Democratic People’s Republic of Korea (DPRK)-nexus actors like Konni Group and TA406. The malware has unique stealer functionality and remote administration capability. It’s installed in an MSI file, with C2 servers encrypted with AES-CTR, and a CustomAction for detection and payload selection.

In the latest discovery, researchers noted that KONNI’s command set remains unchanged, allowing operators to execute commands, upload/download files, specify sleep intervals, communicate via HTTP, and compress file extensions into .CAB archives.

Interestingly, the sample DCSO analyzed was delivered via a backdoored Russian language software installer, similar to a previously observed KONNI delivery technique. The sample was for a tool called “Statistika KZU”, which is believed to be intended for internal use within the Russian MID. The software is used for relaying annual report files from overseas consular posts to the MID’s Consular Department via a secure channel.

Additionally, two user manuals were found in the backdoored installer, detailing the installation and usage of the “Statistika KZU” program. The first manual explains installing the program on an administrative account, providing minimum software requirements and screenshots.

The second 22-pager manual, “StatRKZU_Pyкoвoдcтвo,” outlines how to use the software for generating annual report files on KZU consular activities, including templates for calculating registered and detained citizens.

The MID’s software, identified as “GosNIIAS” (a Russian federal research institute primarily involved in aerospace research), was tested offline and found legitimate. Despite no direct correlations between GosNIIAS and Statistika KZU, references to contracts were found, including a procurement order for automated system maintenance and data protection software.

This discovery comes amid increasing geopolitical proximity between Russia and the DPRK, following Russia’s renewed invasion of Ukraine in 2022.

Russia and North Korea’s Cyber Standoff

This is not the first time Russia and North Korea have made collective headlines over cybersecurity threats. In August 2023, the world witnessed another significant incident when “elite North Korean hackers” affiliated with OpenCarrot and the Lazarus group breached NPO Mashinostroyeniya, a key Russian missile developer. This breach, lasting for at least five months, revealed the alarming capabilities and determination of the attackers.

Previous Use of KONNI Backdoor

KONNI has been used in many cyberespionage campaigns targeting Russian agencies. FortiGuard Labs discovered a KONNI malware campaign in November 2023, targeting Windows systems through Word documents with malicious macros. Malwarebytes researchers discovered a campaign in mid-2021 using Russian language lures concerning Russian-Korean trade and economic issues and a meeting of a Russian-Mongolian intergovernmental commission.

An unknown hacking group targeted North Korean organizations using KONNI Malware in 2017. Three campaigns were identified back then- two by Talos Intelligence, a Cisco-owned cybersecurity firm, and the third reported by Cylance security firm.

For insights into this, we reached out to John Bambenek, President at Bambenek Consulting, who emphasised that “It is not uncommon for intelligence agencies to spy even on their putative allies, if for nothing else, for insights to either strengthen the relationship or to identify and mitigate threats.”

Mr. Bambenek highlighted that “The use of a backdoor in software used almost exclusively by the Russian Foreign Ministry stands out and shows that the DPRK did their research here for a particular hook into their victims and is, ironically, a more targeted and precise adaptation of the approach Russian intelligence used with NotPetya.”

“Espionage has a couple of nuances where sometimes you want more sophisticated tools and for some attacks, you want narrow and simpler tools. For espionage, you want long-term persistent infection and sophisticated and interactive tools provide defenders more opportunities for detection. It’s not uncommon to see tools used for espionage that lack some of the obfuscation commonly observed in cybercrime tools,” he added.

  1. Gone: Russian Central Bank hacked; $31 million stolen
  2. 2 Russian Industrial Firms Hacked, 112GB of Data Leaked
  3. Anonymous Leaks 128 GB of Data from Russian ISP Convex
  4. Elite North Korean Hackers Breach Russian Missile Developer
  5. Anonymous Hacks Central Bank of Russia; Leaks 28GB of Data

[ad_2]
Source link

Intel aims to surpass TSMC in advanced chip-manufacturing

andreasc
-
0
Intel aims to surpass TSMC in advanced chip-manufacturing
[ad_1]

Intel has revealed its strategy to surpass its biggest rival TSMC in advanced chip manufacturing, aiming to regain its position as the maker of the world’s fastest and most sophisticated chips. At the IFS Direct Connect 2024 event in San Jose, California, the company disclosed its roadmap, including the use of Intel 18A and Intel 14A manufacturing technologies, with Microsoft set to utilize its 18A technology for a custom computing chip.

Intel’s ambitious plans mark a significant effort to reclaim its dominance in chip manufacturing. The company aims to outpace TSMC later this year with its Intel 18A technology, followed by extending this lead into 2026 with the introduction of Intel 14A. With Microsoft on board as a customer for its 18A technology, Intel expects to see an increase in foundry orders, now projecting $15 billion compared to the previously estimated $10 billion.

TSMC remains tight-lipped about the competitiveness of its advanced technologies

Meanwhile, TSMC is keeping quiet about the competitiveness of its advanced technologies, despite Intel’s push to regain market leadership. TSMC’s stock performance reflects its current dominance in producing advanced chips for AI applications, with its Taipei-listed stock surging nearly 17% this year.

The unveiling of Intel’s 14A technology marks the company’s first detailed roadmap beyond 2025, a deadline set by Intel CEO Pat Gelsinger to regain chipmaking supremacy. Intel’s focus on attracting outside customers and securing government subsidies underscores its commitment to revitalizing its chip manufacturing operations. The company hopes to leverage its geographic diversity and partnerships with institutions like ARM and universities to strengthen its position in the market.

Intel’s effort to entice outside customers, including potential collaborations with industry leaders like Nvidia, is seen as crucial for its turnaround strategy. While Nvidia has not announced a deal with Intel yet, analysts believe Intel’s special technology for AI chips could be appealing to companies in the AI chip market.

Overall, Intel’s roadmap signals a determined effort to regain its competitive edge in chip manufacturing, with the success of its strategy dependent on attracting key customers and executing its plans effectively over the coming years.

Intel Core Ultra Specs Benchmarks Features (1)


[ad_2]
Source link

Outlook Users Beware 0-Day Exploit Released on Hacking Forums

andreasc
-
0
Outlook Users Beware 0-Day Exploit Released on Hacking Forums
[ad_1]

Outlook has identified a security flaw that affects how it handles certain hyperlinks. 

Malware actors actively exploit the vulnerability in real-world attacks.

The assigned CVE number for this vulnerability is CVE-2024-21413, with a severity rating of 9.8 (Critical).

Microsoft has successfully resolved the vulnerability in question and implemented the fix in their February 2024 Patch Tuesday release.

In case of successful exploitation of the vulnerability, a malicious actor can bypass the protected view of Office and open a file in editing mode instead of the protected mode.

Outlook 0-Day RCE Flaw

According to the Checkpoint report, if the hyperlink starts with http:// or https://, Outlook uses Windows’s default browser to open the URL.

If there are additional protocols, such as the “Skype” URL protocol, clicking on the hyperlink will trigger a security warning.

In other cases, like the “file://” protocol, Outlook did not display a warning dialog box.

A slight modification in the “file://” protocol link bypasses the previously shown security restriction and proceeds to access the resource.

According to experts, utilizing this particular resource involves utilizing the SMB protocol.

However, this protocol has a flaw where it inadvertently reveals the local NTLM credentials during the access process.

Exploit on Hacking Forums

The Daily Dark Web recently reported that specific hacking forums have been discussing an exploit for CVE-2024-21413.

This exploit allows attackers to access NTLM information and execute remote code.

The vulnerability can exploit the Office Protected View and use it as a means of attack to target other Office applications.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are extremely harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


[ad_2]
Source link

Resilience to Acquire BreachQuest for an undisclosed price

andreasc
-
0
Resilience to Acquire BreachQuest for an undisclosed price
[ad_1]

In a strategic move to enhance its cyber risk management capabilities, Resilience has announced the acquisition of BreachQuest, an innovative incident response technology firm.

This acquisition marks a significant step in Resilience’s efforts to combat the escalating threat of Business Email Compromise (BEC) attacks and other cyber threats.

Document
Live Account Takeover Attack Simulation

Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks.

Strengthening Defenses Against Cyber Threats

BreachQuest is renowned for its cutting-edge platform that integrates seamlessly into cloud office systems, providing invaluable insights for incident forensics and expediting response efforts.

Integrating BreachQuest’s technology into Resilience’s cyber risk management software is expected to significantly enhance incident response mechanisms, particularly against BEC attacks, which have become a significant concern in the digital landscape.

BEC attacks have increased, with the U.S. Government’s Internet Crime Complaint Center (IC3) reporting losses exceeding $2.7 billion in 2022.

In 2023, these incidents ranked as the second leading cause of financial loss for Resilience clients, highlighting the urgent need for advanced risk management strategies.

Shaun Gordon, co-founder and CEO of BreachQuest, expressed pride in his team’s work and enthusiasm for scaling their mission through integration with Resilience’s software.

“Resilience shares our mission in helping improve a client’s cyber resilience and lowering the impact of costly cyber incidents,” Gordon stated, emphasizing the synergy between the two companies’ approaches to incident management.

Vishaal “V8” Hariprasad, co-founder and CEO of Resilience, highlighted the growing sophistication of cybercriminals, particularly with the advent of generative AI technologies.

“Cybercriminals are becoming smarter and faster in executing business email compromise, and with the addition of tools like generative AI, the threat is only growing,” Hariprasad said.

He expressed excitement about welcoming BreachQuest to Resilience, noting that their team and technology have been proven to reduce the financial impact of their clients’ cyber risks.

Enhancing Incident Preparedness

The acquisition of BreachQuest is part of Resilience’s broader strategy to adapt to evolving cyber threats and enhance incident preparedness.

This move follows a period of significant expansion for Resilience, underscoring the company’s commitment to leveraging data and technology to stay ahead of cyber adversaries.

Tim Riley, SVP of Business Development at Resilience, highlighted client benefits, emphasizing the synergy between BreachQuest’s platform and Resilience’s proactive incident management approach.

This collaboration is expected to reduce the financial impact of cyber threats for clients, further enhancing their security posture in the face of evolving digital risks.

In conclusion, acquiring BreachQuest by Resilience significantly advances the fight against cyber threats.

By integrating BreachQuest’s innovative technology into its cyber risk management software, Resilience aims to provide its clients with enhanced protection against the growing menace of BEC attacks and other cyber risks.

This strategic move demonstrates both companies’ shared commitment to improving cyber resilience and lowering the impact of costly cyber incidents.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are extremely harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


[ad_2]
Source link

Patent shows that Google wants a dual-view feature for Maps

andreasc
-
0
Patent shows that Google wants a dual-view feature for Maps
[ad_1]

Even though navigating via Google Maps is very convenient, it can still be a bit of a hassle when trying to navigate certain roads. The thing is, having a map view of your location isn’t always the most convenient. However, a new patent shows that Google may want to incorporate a dual-view mode for Google Maps.

We’re all familiar with Google Street View. This gives you a more personal View of the streets you’re trying to navigate. You’re able to navigate streets and parking lots as though you’re actually there. Well, based on this patent, Google might have some plans for Street View.

A new patent shows that Google May develop a dual-view mode for Google Maps

As stated, this is just a patent; it’s only Google reserving the technology mentioned in the case it wants to pursue an actual feature like that. It’s not an indication that Google is actively working on this feature. So, don’t hold your breath. In any case, this kind of feature seems well within the realm of possibility for Google.

A new patent shows an example of Google Maps running with two separate views one on top of the other. The top view shows a typical map view that you would see when navigating. However, the bottom half of the screen will show the Street View. This means that you will simultaneously be able to view your location via the map and Street View.

Google maps dual view

This feature could be very useful. There are times when using Google Maps that we stumble upon a pretty complicated set of roads that need to be navigated a certain way. Well, this is the kind of information that you just don’t get with the map view. This results in us passing our destinations and having to backtrack.

However, simultaneously showing the Street View can be a major benefit. You’ll be able to see what types of streets or buildings are around your location, so you’ll be able to go off of that information rather than trust the map view. Since this is just a patent, there’s no telling when/ if Google is going to actually make this a feature. We will just have to wait and see.


[ad_2]
Source link

Elon Musk hints at Xmail, an alternative to Google’s Gmail

andreasc
-
0
Elon Musk hints at Xmail, an alternative to Google’s Gmail
[ad_1]

As Google goes full damage control following Gemini’s “woke” critiques, Elon Musk has just hinted at a Gmail alternative; Xmail. X, formerly Twitter, has been promising alternatives to many mainstream services as of late. The point of these alternatives, according to Musk, is to provide the user with an unbiased tool that’s not pre-fed prejudiced data. An example of this is the Grok AI; an alternative to OpenAI’s ChatGPT. Now, it appears Musk might be looking to make moves in the email service industry as well.

“It’s coming” says Elon Musk about Xmail

The whole ordeal gained popularity quickly when Nathan McGrady, Senior Security Engineer at X, asked when they were going to make Xmail. Nathan tweeted “When we making Xmail?”. The tweet might have seemed like a throwaway joke, had Elon himself not responded to it saying “It’s coming” right after.

The comments, predictably, exploded with people praising the potential alternative to Google’s Gmail. Memes and personal gripes with Gmail were found galore under Musk’s tweet. One user said, “Awesome! I will switch over from Gmail when it is ready. I look forward to this.”

Others began to come up with more ideas for alternative tools named after X. Search engines, smartphones, and alternatives to services like Google Docs were top of the list. Some users said they couldn’t wait to ditch Google for its “woke” tendencies, a point of contention recently in the spotlight after Google’s Gemini AI was criticized for its forced racial diversity in historically inaccurate settings.

What Xmail could mean for Google going forward

It’s not actually confirmed if Xmail will be a thing, though it definitely seems very likely now. If such a service does come out, there will most definitely be a mass exodus from Gmail. Since his acquisition of X, Elon Musk has become a sort of “champion of the people” among a subset of online users. His popularity and elite position certainly help sell his critiques of modern society.

When Grok AI was released, quite a large number of users subscribed to use it to escape ChatGPT’s “nagging” and politically correct humor. An X search engine would be a definite blow to Google. The company has been facing accusations of biased search results from even before Musk bought Twitter. And if an X smartphone does come out, it’s sure to gain an immediate cult following. Even if it doesn’t reach the popularity of Samsung or Apple.


[ad_2]
Source link

Gemini can help you organize your life in Google Keep

andreasc
-
0
Gemini can help you organize your life in Google Keep
[ad_1]

You’re about to go on a shopping trip for dinner, but you don’t quite have the time to jot down every item to be featured on the list. Well, this is where a new Google Keep AI feature comes in. Google Keep is getting a new feature called Help me create a list. This will, as the name suggests, assist you in jotting down an extended list with little input.

This isn’t the only news surrounding Google Keep. Google is preparing the ability to assign a default note-taking app in your Android phone. When it does this, the company is planning on having Google Keep the first app compatible with it. This means that you will be able to quickly start a note right from the lock screen using a dedicated shortcut. Google hasn’t released this functionality just yet. However, the company is well on the way to getting it functional.

Google Keep could gain a feature called Help me create a list

Much like many of Google’s new products released lately, this involves generative AI, and that generative AI will be delivered through Gemini. We’re all familiar with the Help me write feature that’s present across Google Workspace and Google Chrome. Well, a similar feature’s coming to Google Keep.

Google calls this feature Help me create a list. If you have to quickly jot down a list of items for any reason, you will be able to ask Gemini for help. When the feature arrives for you, you will see a new button at the bottom of the screen when you start a new list. When you tap on the button, you will see a text field appear.

Google Keep help me create list

Just like with any other generative AI tool, you will simply type a query into the text field, and the AI will do the rest. For example, if you are going on a camping trip, you simply type “camping trip “. Then, the app will give you suggestions of items you should pack in order to have a successful camping trip.

Also, just like with any chatbot, you can be as specific as you want. So, if you’re going to a specific location, bringing a specific number of people, packing for a specific type of weather, Etc., you can tell Google Keep this, and it will generate results based on that input.

Right now, Google is still testing this out, so there’s a chance that you won’t see it yet.


[ad_2]
Source link

PS VR2 is being tested for PC use to expand the game library

andreasc
-
0
PS VR2 is being tested for PC use to expand the game library
[ad_1]

Sony has confirmed that it’s testing PC support for the PS VR2 headset. It’s a revelation that VR enthusiasts are most certainly excited about. And rightfully so, because it could mean that eventually, the list of games you can play with Sony’s second-generation VR headset will grow by a significant amount.

Details of the testing are scant and Sony barely touches on the subject in its recent official PlayStation Blog post. That’s understandable, given the post is mostly about new games coming soon to PS VR2. The post starts by talking about upcoming games. So it’s easy to miss the blurb that Sony sneaks in before diving into each game individually. But if you don’t skip by the last few sentences, you’ll see Sony’s reference about the testing. “Also, we’re pleased to share that we are currently testing the ability for PS VR2 players to access additional games on PC to offer even more game variety in addition to the PS VR2 titles available through PS5,” Sony says.

There is absolutely no talk at all about what games the headset will be able to play. Or if it’ll be able to access VR apps or just games. That being said, it wouldn’t be a surprise if the headset simply worked with something like Steam as your chosen headset. And whatever VR games you owned there could be used with PS VR2, provided developers added support.

PC support for the PS VR2 planned for 2024 release

While Sony doesn’t mention specific games or an exact time for release, it does mention a general release window. Sony says that PC support is planned for 2024. If it’s able to keep things on schedule and things go smoothly, then later this year PS VR2 owners could be linking the headset up to their PC to play VR games.

However, it’s only February 23. That leaves A LOT of time between now and the end of 2024. Just over 10 months to be precise. So just because testing is currently happening and a rollout is planned for this year, it doesn’t mean Sony plans to roll things out soon. Unless you consider some time in the same year as being soon. Also worth noting is that Sony doesn’t mention any operating systems. As MSPowerUser points out, Windows isn’t mentioned in the blog post. Nor is Mac, nor is Linux.

That being said, not adding support for Windows would be a very strange move. Considering all of Sony’s current PC ports for its PlayStation games are on Windows. Road To VR also poses one important question for a detail that Sony doesn’t clarify. What kind of PC support is this? It’s unclear if Sony plans to allow the PS VR2 to work with PC through a direct connection. And given Sony’s increased effort to improve cloud gaming for its platform, it’s not unreasonable to assume that it’s at least possible Sony may require users to have a PlayStation 5 and that VR gameplay is somehow streamed to the headset via the PC, while it’s physically connected to the console.

That would of course be a weird way to do things. And it’s probably more convoluted than it would need to be. But, stranger things and all that.


[ad_2]
Source link

Genshin Impact performance problems fixed on Galaxy S24

andreasc
-
0
Genshin Impact performance problems fixed on Galaxy S24
[ad_1]

Genshin Impact is one of the most popular games on Android, and that goes for the Galaxy S24 series of phones, but performance has been an issue for them since launch. That should no longer be the case following an update this week. If you missed it before or simply didn’t notice, Galaxy S24 users have had issues with performance in Genshin Impact to the point where the game wasn’t running at the proper frame rates.

This was apparently all caused by the Game Booster app. As SamMobile reports, the Game Optimization Service in Samsung’s Game Booster was causing frame rate issues even if the option was disabled. In other words, the throttling was happening either way. But that seems to have been fixed. At least, that’s hopefully the case. Samsung had a similar problem with the Game Optimization Service before with the Galaxy S22 series. At that time, users discovered that Samsung was throttling game performance if temperatures went past a certain point.

Users didn’t like this, so Samsung gave them a way to make the throttling less aggressive. The issue seemed to have returned with the Galaxy S24 series just this week. But Samsung was quick to patch things.

Samsung fixes Genshin Impact performance issues on Galaxy S24 with Game Booster Plus update

Samsung’s Game Booster Plus app should have started receiving an update this week that tackles this problem. SamMobile states that Samsung started rolling out this update already and that it should be available in the Galaxy App Store right now. If you have any of the three Galaxy S24 devices, check to see if the update is available for you and then you should be good.

That being said, this may not be available for all users yet. There’s no mention of the update being available in the US so far. But that doesn’t mean it’s not available. It does seem to be available for users in South Korea. A user on X who discovered the update notes that it contains the Game Booster fix. It seems that the update was pushed out for users in the region on February 22.

With this in mind, keep an eye out for the update to Game Booster in your own region. As it might be rolling out very quickly, if it hasn’t already.


[ad_2]
Source link
1...391392393...1,476Page 392 of 1,476