Tag: capabilities | Page 2

OODA Loop – North Korean Hackers Caught Using Malware With Microphone Wiretapping Capabilities

June 23, 2023/in Computer Security

Read more: https://www.securityweek.com/north-korean-hackers-caught-malware-with-microphone-wiretapping-capabilities/Cybersecurity firm AhnLab has reported that a hacking group, identified as APT37 and linked to the North Korean government, has been using new wiretapping malware in recent surveillance attacks. The group employed a Go-based backdoor exploiting the Ably messaging platform, as well as an information stealer with microphone wiretapping capabilities. Spear phishing emails delivering a password-protected document and a disguised CHM payload were used to lure victims into executing the malicious script. The malware exfiltrates files, takes screenshots, steals data from removable devices, logs keystrokes, and conducts unauthorized wiretapping. APT37 has targeted North Korean defectors, human rights activists, journalists, and policymakers for surveillance purposes.

Source…

Researchers Uncover New Data Theft Capabilities

May 28, 2023/in Internet Security

Security researchers have detailed the inner workings of the commercial Android spyware called Predator, which is marketed by the Israeli company Intellexa (previously Cytrox).

Predator was first documented by Google’s Threat Analysis Group (TAG) in May 2022 as part of attacks leveraging five different zero-day flaws in the Chrome web browser and Android.

The spyware, which is delivered by means of another loader component called Alien, is equipped to record audio from phone calls and VoIP-based apps as well as gather contacts and messages, including from Signal, WhatsApp, and Telegram.

Its other functionalities allow it to hide applications and prevent applications from being executed upon rebooting the handset.

“A deep dive into both spyware components indicates that Alien is more than just a loader for Predator and actively sets up the low-level capabilities needed for Predator to spy on its victims,” Cisco Talos said in a technical report.

Spyware like Predator and NSO Group’s Pegasus are carefully delivered as part of highly-targeted attacks by weaponizing what are called zero-click exploit chains that typically require no interaction from the victims and allow for code execution and privilege escalation.

“Predator is an interesting piece of mercenary spyware that has been around since at least 2019, designed to be flexible so that new Python-based modules can be delivered without the need for repeated exploitation, thus making it especially versatile and dangerous,” Talos explained.

Both Predator and Alien are designed to get around security guardrails in Android, with the latter loaded into a core Android process called Zygote to download and launch other spyware modules, counting Predator, from an external server.

It’s currently not clear how Alien is activated on an infected device in the first place. However, it’s suspected to be loaded from shellcode that’s executed by taking advantage of initial-stage exploits.

“Alien is not just a loader but also an executor — its multiple threads will keep reading commands coming from Predator and executing them, providing the spyware with the means to bypass some of the Android framework security features,” the company…

Source…

More Treachery And Risk Ahead As Attack Surface And Hacker Capabilities Grow

March 8, 2023/in Computer Security

Vector of Moving Forward

getty

Every year I peruse emerging statistics and trends in cybersecurity and provide some perspective and analysis on the potential implications for industry and government from the data. While cybersecurity capabilities and awareness seem to be improving, unfortunately the threat and sophistication of cyber-attacks are matching that progress.

The 2023 Digital Ecosystem

Blue glowing futuristic technology, computer generated abstract background, 3D render

getty

The emerging digital ecosystem is treacherous. In our current digital environment, every company is now a reachable target, and every company, large or small, has operations, brand, reputation, and revenue pipelines that are potentially at risk from a breach.

For 2023 and beyond the focus needs to be on the cyber-attack surface and vectors to determine what can be done to mitigate threats and enhance resiliency and recovery. As the interest greatly expands in users, so do the threats, As the Metaverse comes more online it will serve as a new vector for exploitation. Artificial intelligence and machine learning, while great for research & analytics (i.e. ChatGPT). However, AI tools can also be used by hackers for advanced attacks. Deep fakes are already being deployed and bots are continuing to run rampant. and the geopolitics of the Russian invasion of Ukraine has highlighted the vulnerabilities of critical infrastructure (CISA Shields Up) by nation-state threats, including more DDSs attacks on websites and infrastructure. Most ominous was the hacking of a Ukrainian satellite.

Here are some initial digital ecosystem statistics to consider: According to a Deloitte Center for Controllership poll. “During the past 12 months, 34.5% of polled executives report that their organizations’ accounting and financial data were targeted by cyber adversaries. Within that group, 22% experienced at least one such cyber event and 12.5% experienced more than one.” And “nearly half (48.8%) of C-suite and other executives expect the number and size of cyber events targeting their organizations’ accounting and financial data to increase in the year ahead. And yet just 20.3% of those polled say their…

Source…

Malwarebytes Expands Platform With New Application Block Capabilities

February 22, 2023/in Mobile Security

SANTA CLARA, Calif., Feb. 21, 2023 /PRNewswire/ — Malwarebytes™, a global leader in real-time cyberprotection, today announced the addition of Malwarebytes Application Block to its Nebula and OneView endpoint protection platforms. The new threat prevention module helps resource-strained security teams quickly guard against unsafe third-party Windows applications, meet key compliance requirements and encourage productivity without adding management complexity.

Third-party apps pose a serious security threat to businesses with limited IT resources and expertise. Vulnerabilities in Android applications have led to more than one million malicious application downloads, with researchers frequently uncovering malware-ridden applications on Google Play. Since 63% of workers use unauthorized applications, businesses of all sizes can be vulnerable to phishing schemes or exploitation – two of the four leading ways attackers gain access to a company’s network.1

For the over 1.4 billion monthly active Windows 10 or Windows 11 devices2, Application Block allows IT admins to blacklist or restrict access to outdated, untrusted, or unsafe applications with known vulnerabilities or that lack the latest patches. IT security teams can use Application Block’s dashboard to understand what applications are being blocked in real-time, as well as its reporting features to meet key compliance requirements and navigate increasing data protection regulations.

“Third-party applications are essential to productivity, but they also greatly expand organizations’ attack surfaces,” said Malwarebytes Chief Product Officer, Mark Strassman. “Malwarebytes Application Block can be near-instantly deployed, helping resource-strapped organizations to effectively manage secure access to third-party apps and add another protective layer without added complexity.”

Malwarebytes Application Block is immediately available for Windows endpoints within the Malwarebytes Nebula and OneView platforms to help organizations:

Improve Application Security – Stop the execution of vulnerable applications so that companies can test and apply updates or block the vulnerable application until a patch is available.

Encourage…

Source…

https://spinsafe.com/wp-content/uploads/2021/12/og-image.jpg 342 342 SecureTech https://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svg SecureTech2023-02-22 06:00:092023-02-22 06:00:09Malwarebytes Expands Platform With New Application Block Capabilities

Tag Archive for: capabilities