Malware Alert: Windows Devices in Crosshairs of New Threat Byakugan!

/in


Windows devices are now under a new threat – a malware named Byakugan, stealing sensitive data and providing remote access to attackers.

What is Byakugan?

Byakugan is a sophisticated malware that specifically targets Windows devices. It’s built using node.js and includes a variety of libraries such as a screen monitor, miner, keystroke recorder, file manipulator, and browser info stealer. This allows the intruder to steal sensitive data including cookies, credit card details, downloads, and profiles filled automatically. To add salt to the wound, Byakugan can even mine cryptocurrencies using the victim’s CPU or GPU resources.

Distribution and Infection Method

The malware is primarily distributed via a phishing campaign, where victims are lured with a fake PDF file containing a malicious link. The infection starts when the victim clicks this deceptive link. The process continues as a file named require.exe is deposited followed by the downloading of an installer program into a temporary folder. A DLL file is then manipulated through DLL hijacking, to execute require.exe and download the malware’s main module.

The Main Module

The main module of this malware is downloaded from the site thinkforce.com. This server not only aids in distribution but also doubles as a control panel for the attacker, allowing further exploitation and manipulation of the infected device.

Past Incidents

Similar attacks have been carried out before. Adobe was previously targeted with an infostealer disguised as an Adobe Reader install program, prompting users to download what they thought was Adobe Reader, but in reality was a malicious file. Two harmful files were created and a Windows system file was run with admin rights. The malicious DLL file managed to bypass User Account Control (UAC) through DLL hijacking.

About Acrobat Reader DC by Adobe

Acrobat Reader DC by Adobe is a top-notch office tool that is widely used for reading, commenting, printing, and signing PDF documents. It’s a key competitor to Word but distinguishes itself with its superior efficiency and its seamless connection to Adobe’s cloud. It’s a free and highly recommended software for Windows, Android, and iOS users.

Source…

The Logical Evolution Of Data Security

/in


Manny Rivelo is the CEO of Forcepoint.

Recently, I received a notification from a big hotel chain in Las Vegas of a recent data hacking incident. I’ve only stayed at that hotel once or twice in my life, but my personally identifiable information (PII)—my driver’s license and my credit card information—was now at risk of being spread all over the internet or dark web. It’s a letter no company wants to send to its customers. Data breaches like these are costly and the reputational harm is incalculable. And it does cause me to pause in considering if I will ever stay there again.

Managing an unprecedented volume of data spread across numerous devices is the data management challenge that organizations across industries, such as hospitality, healthcare, financial services and more, face today. The fundamental question that arises for these businesses is: How can they accurately track their data—determine its location, manage access and control user interactions? Addressing these concerns requires an evolution in data security practices that I believe must occur in three crucial areas.

The Modern Convergence Of Data Security And Networking

In the contemporary business environment, most organizations entrust their infrastructure and software management to cloud, SaaS and PaaS providers. However, they’re realizing they need to retain control of their data. Everyone has their own motivations and business reasons for protecting different types of sensitive and critical data, which is dispersed in multiple clouds—in various public clouds, traditional data centers and personal devices far from corporate headquarters.

The theft of intellectual property is a competitive issue, whereas breaches of regulated data like PII, in my case, or personal health information (PHI) trigger compliance mandates and financial penalties. All types of data loss are rapidly becoming board-level, existential threats.

Consequently, data and network security are increasingly intertwined as the network has become key to how sensitive data is accessed. Success in this context hinges on implementing consistent security policies across diverse networks and clouds, supported by robust…

Source…

Quantum hacking is a looming privacy threat. Companies should start worrying now

/in


Now that everyone else has had a turn, quantum hackers are coming for your data.

Well, not quite yet. But they’re working on it.

Quantum computers, which are still in development by players such as Google, IBM, and Microsoft, hold enormous promise to do good as well as harm. The U.S. and Chinese governments are pouring billions into them.

For a primer on this new breed, I turned to Martin Lee, technical lead of security research and EMEA lead at Cisco Talos, the networking giant’s threat intelligence and response group.

Traditional computers operate on binary digits, or bits, that are either one or zero. In a quantum machine, “the bits are one, zero, or everything in between, all at the same time,” Lee says. So it “has the possibility of being able to calculate and consider many different solutions to a problem all at the same time to find the correct answer.”

That’s ideal for calculating the shapes of proteins to discover new drugs, Lee notes, or the thermodynamics of an engine.

It’s also perfect for stealing data.

Because a quantum computer makes calculating the factors of prime numbers much easier, it could swiftly crack many existing encryption algorithms, Lee says.

How soon? Maybe next year, maybe in five years, or maybe never, Lee reckons. But it’s time to start considering the problem so it doesn’t become an emergency, he warns. “Certainly, CIOs and CTOs need to think about ‘How do we prepare for a post-quantum world?’”

In response, companies are already developing and deploying quantum security. One is QuSecure, a California startup whose clients include Cisco, Dell, and the U.S. military.

Hackers are harvesting data now for quantum decryption later, says cofounder, chief product officer, and CTO Rebecca Krauthamer. Prime targets include electronic health and financial records, as well as national security data, Krauthamer adds. “All those kinds of things, they have a shelf life, and that’s why for some sectors, it’s a very urgent problem.”

To ward off quantum attacks, you fight fire with fire, right? Actually, no.

QuSecure’s software sits atop a client’s existing encryption, explains Skip Sanzeri, cofounder, chair, and COO. Besides some…

Source…

A near-miss hack of Linux shows the vulnerability of the internet

/in


One of the most fascinating and frightening incidents in computer security history started in 2022 with a few pushy emails to the mailing list for a small, one-person open source project.

A user had submitted a complex bit of code that was now waiting for the maintainer to review. But a different user with the name Jigar Kumar felt that this wasn’t happening fast enough. “Patches spend years on this mailing list,” he complained. “5.2.0 release was 7 years ago. There is no reason to think anything is coming soon.”.

A month later, he followed up: “Over 1 month and no closer to being merged. Not a suprise.” [sic]

And a month after that: “Is there any progress on this?” Kumar stuck around for about four months complaining about the pace of updates and then was never heard from again.

A few weeks ago, the world learned a shocking twist. “Jigar Kumar” does not seem to exist at all. There are no records of any person by that name outside the pushy emails. He — along with a number of other accounts — was apparently part of a campaign to compromise nearly every Linux-running computer in the world. (Linux is an open source operating system — as opposed to closed systems from companies like Apple — that runs on tens of millions of devices.)

That campaign, experts believe, was likely the work of a well-resourced state actor, one who almost pulled off an attack that could have made it possible for the attackers to remotely access millions of computers, effectively logging in as anyone they wanted. The security ramifications would have been huge.

How to (almost) hack everything

Here’s how events played out: In 2005, software engineer Lasse Collin wrote a series of tools for better-compressing files (it’s similar to the process behind a .zip file). He made those tools available for free online, and lots of larger projects incorporated Collin’s work, which was eventually called XZ Utils.

Collin’s tool became one part of the vast open source ecosystem that powers much of the modern internet. We might think that something as central to modern life as the internet has a professionally maintained structure, but as an XKCD comic published well before the…

Source…