Tag Archive for: Gear

Mallox Ransomware Group Activity Shifts Into High Gear

/in


A ransomware actor with a penchant for breaking into target networks via vulnerable SQL servers has suddenly become very active over the past several months and appears poised to become an even bigger threat than it is already.

The group, tracked as Mallox — aka TargetCompany, Fargo, and Tohnichi — first surfaced in June 2021 and claims to have infected hundreds of organizations worldwide since then. The group’s victims include organizations in the manufacturing, retail, wholesale, legal, and professional services sectors.

Sudden Surge

Starting earlier this year, threat activity related to the group has surged, particularly in May, according to researchers at Palo Alto Networks’ Unit 42 threat intelligence team. Palo Alto’s telemetry, and that from other open threat intelligence sources, show a startling 174% increase in Mallox-related activity so far this year, compared to 2022, the security vendor said in a blog this week.

Previously, Mallox was known for being a relatively small and closed ransomware group, says Lior Rochberger, senior security researcher at Palo Alto Networks, attributes the explosive activity to concerted efforts by group leaders to grow Mallox operations.

“In the beginning of 2023, it appears that the group started putting more efforts into expanding its operations by recruiting affiliates,” she says. “This can potentially explain the surge we observed during this year, and especially more recently, around May.”

The Mallox group’s typical approach for gaining initial access on enterprise networks is to target vulnerable and otherwise insecure SQL servers. Often they start with a brute-force attack where the adversary uses a list of commonly used passwords or known default passwords against an organization’s SQL servers.

Targeting Insecure SQL Servers

Researchers have observed Mallox exploiting at least two remote code execution vulnerabilities in SQL — CVE-2020-0618 and CVE-2019-1068, Rochberger says.

So far, Unit 42 has only observed Mallox infiltrating networks via SQL servers. But other researchers have reported recent attempts to distribute Mallox via phishing emails, suggesting that new affiliate groups are involved now as well, Rochberger says.

“After…

Source…

Illumina, Feds Say Genetic Testing Gear at Risk of Hacking

/in


Endpoint Security
,
Healthcare
,
Industry Specific

Feds Warn of Vulnerabilities Affecting Illumina’s Universal Copy Service Software

Marianne Kolbasuk McGee (HealthInfoSec) •
April 27, 2023    

Illumina, Feds Say Genetic Testing Gear at Risk of Hacking
Flaws in Illumina’s Universal Copy Service software could allow hackers to take over certain genetic testing gear, warn federal authorities. (Image: Illumina)

Federal authorities are warning that hackers could take over genetic testing devices manufactured by Illumina, although neither the manufacturer nor the Food and Drug Administration has received reports of attacks.

See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources

The FDA said the vulnerabilities affect Illumina’s proprietary Universal Copy Service software. Illumina posted a list of affected devices.

In a separate Thursday alert, the Cybersecurity and Infrastructure Security Agency warned that a remote code execution bug tracked as CVE-2023-1966 allows hackers to “change settings, configurations, software, or access sensitive data.”

Another, CVE-2023-1968, allows attackers to use UCS to listen on all IP addresses in a network, including those capable of accepting remote communications.

Alex Aravanis, Illumina chief technology officer, in a post Thursday on LinkedIn said that upon identifying the vulnerabilities, “our team worked diligently to develop mitigations to protect our instruments and customers.”

The company is providing customers with “a simple software update at no cost, requiring little to no downtime for most” to address the issues, he said.

Besides the software updates, CISA also recommended users take “defensive measures” to…

Source…

GPT-4 kicks AI security risks into higher gear

/in


Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success. Learn More

As Arthur C. Clarke once put it, any sufficiently advanced technology is “indistinguishable from magic.”

Some might say this is true of ChatGPT, too — including, if you will, black magic. 

Immediately upon its launch in November, security teams, pen testers and developers began discovering exploits in the AI chatbot — and those continue to evolve with its newest iteration, GPT-4, released earlier this month. 

“GPT-4 won’t invent a new cyberthreat,” said Hector Ferran, VP of marketing at BlueWillow AI. “But just as it is being used by millions already to augment and simplify a myriad of mundane daily tasks, so too could it be used by a minority of bad actors to augment their criminal behavior.”

Event

Transform 2023

Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.

 


Register Now

Evolving technologies, threats

In January, just two months after launch, ChatGPT reached 100 million users — setting a record for the fastest user growth of an app. And as it has become a household name, it is also a shiny new tool for cybercriminals, enabling them to quickly create tools and deploy attacks. 

Most notably, the tool is being used to generate programs that can be used in malware, ransomware and phishing attacks. 

BlackFog, for instance, recently asked the tool to create a PowerShell attack in a “non-malicious” way. The script was generated quickly and was ready to use, according to researchers. 

CyberArk, meanwhile, was able to bypass filters to create polymorphic malware, which can repeatedly mutate. CyberArk also used ChatGPT to mutate code that became highly evasive and difficult to detect. 

And, Check Point Research was able to use ChatGPT to create a convincing spear-phishing attack. The company’s…

Source…

LIVE: Internet suspended in Punjab as cops gear up to arrest Amritpal Singh – Hindustan Times

/in



LIVE: Internet suspended in Punjab as cops gear up to arrest Amritpal Singh  Hindustan Times

Source…