Tag Archive for: hackers

AI vs. Hackers

/in


By WP Creative Group

March 28, 2024

AI, with its ability to automate complex tasks, solve difficult problems and create valuable content, is set to benefit humankind in numerous ways. This includes safeguarding our digital information. Washington Post Creative Group recently caught up with Todd Cramer, Business Development Director at Intel CCG-Business Client Platforms, to learn how Intel is enabling AI as a powerful new cybersecurity tool.

Q

WPCG: Hi Todd. To start off, let’s talk about the threat landscape. Are cyberattacks becoming more frequent and sophisticated?

A man in a suit smiling in front of a blue background.

Todd Cramer: The threat adversaries are always getting better with their techniques, but so are the defenders in the software and hardware security ecosystem. For example, with ransomware, some of the traditional ways that attackers got in – you clicked on an email and it would drop a malware file to the disk of your computer – that’s easily scannable.

Now, these hackers understand how they’re being detected so they’ll do things to hide better across the computing stack itself. There’s something called fileless or malware-free attacks. What that’s doing is executing straight into memory where it can use that as a beachhead to set up persistence and move laterally across the host PC to achieve its ultimate objective … maybe ransomware or some other attack.

That’s also a technique that gives security vendors a lot of trouble because it takes a lot of compute horsepower to scan that memory and you can’t bog down the user’s compute experience to scan as much as needed….

Source…

Hackers Target Google Pixel Zero-Day Exploit

/in


Oh, the world of device and computer security never stops turning. Pay attention, kiddies, because there is job security in working in computer and device security. There’s not a week, or day for that matter, that doesn’t go by where a new security issue is being reported. This time, it’s the Google Pixel smartphone that is the target of hackers. Tomorrow it could be the iPhone or some other piece of software. Here’s what’s going on with the Google Pixel zero-day exploit.

Estimated reading time: 3 minutes

According to security researchers at GrapheneOS, a company that makes a more secure version of Android, hackers have been exploiting zero-day vulnerabilities to attack Google Pixel smartphones. Google has issued an advisory concerning newly discovered bugs that are being used for targeted attacks. “There are indications that the following may be under limited, targeted exploitation,” the advisory says.

According to PCMag, It doesn’t look like traditional cybercriminals or cyber spies have abused the vulnerabilities to attack the phones remotely. Google is crediting the zero-days discovery to Daniel Micay, a cybersecurity researcher and founder of GrapheneOS, an Android-based operating system focused on security. According to GrapheneOS, “forensic companies” have been exploiting the two vulnerabilities to retrieve data from Pixel phones.

Google Pixel

The rear camera bump on the Google Pixel 7a Android smartphone
The rear camera bump on the Google Pixel 7a Android smartphone.

  • The first vulnerability, CVE-2024-29745, involves the Pixel line’s bootloader, which loads the operating system into the phone’s memory.
  • The second vulnerability, CVE-2024-29748, can allow an attacker “to interrupt a factory reset triggered by a device admin app.”

Google plans on rolling out security patches for Google Pixel smartphones soon, so be sure to check your updates for that. If you want to dive a little deeper into the vulnerabilities, PCMag goes a bit more in depth about them in their article, so be sure to visit them.

What do you think of this zero-day exploit? You may comment by using the social media buttons below. Share on your favorite social media site and tag us on Facebook, X, MeWe, and LinkedIn. Or join our Telegram channel here.

In…

Source…

Hackers Update Vultur Banking Malware With Remote Controls

/in


Cybercrime
,
Fraud Management & Cybercrime
,
Governance & Risk Management

Attackers Can Now Download, Alter and Delete Files – Plus Click, Scroll and Swipe

Prajeet Nair (@prajeetspeaks) •
April 2, 2024    

Hackers Update Vultur Banking Malware With Remote Controls
Image: Shutterstock

Threat actors are tricking banking customers with SMS texts into downloading new and improved banking malware named Vultur that interacts with infected devices and alters files.

See Also: Combating Cyber Fraud: Best Practices for Increasing Visibility and Automating Threat Response

First documented in March 2021 by Threat Fabric, Vultur garnered attention for its misuse of legitimate applications such as AlphaVNC and ngrok, enabling remote access to the VNC server on targeted devices. Vultur also automated screen recording and keylogging for harvesting credentials.

The latest iteration of this Android banking malware boasts a broader range of capabilities and enables attackers to assume control of infected devices, hinder application execution, display customized notifications, circumvent lock-screen protections and conduct various file-related operations such as downloading, uploading, installing, searching and deleting.

The new functionalities primarily focus on remote interaction with compromised devices, although Vultur still relies on AlphaVNC and ngrok for remote access, said NCC Group security researchers in a report on Thursday.

Vultur’s creators also…

Source…

Hackers Show Vulnerabilities of RFID-Based Hotel Door Locks

/in


Hackers show vulnerabilities of RFID-based hotel door locks

Apr 02, 2024In a scenario that feels lifted from Oceans 11, a group of hackers have shown the vulnerabilities of RFID-based locks through a hotel room keycard.

A team of security researchers recently revealed a hotel keycard hacking technique they call Unsaflok. The technique exposes a collection of security vulnerabilities that would allow a hacker to open several models of Saflok-brand RFID-based keycard locks sold by lock maker Dormakaba.

The Saflok systems are installed on three million doors worldwide, inside 13,000 properties in 131 countries.

RFID Journal Live

The Hackers Story

As detailed in a story published on Wired, the researchers exploited weaknesses in both Dormakaba’s encryption and the underlying RFID system used, known as MIFARE Classic, according to Ian Carroll and Lennert Wouters.

They started by obtaining any keycard from a target hotel—new or used—in order to read a certain code from that card with a $300 RFID read-write device. After writing two keycards of their own, they were able to first rewrite a certain piece of the lock’s data and then open it.

“Two quick taps and we open the door,” said Wouters, a researcher in the Computer Security and Industrial Cryptography group at the KU Leuven University in Belgium. “And that works on every door in the hotel.”

Dormakaba Solution

Wouters and Carroll shared the full technical details of their hacking technique with Dormakaba in November 2022. Dormakaba says that it’s been working since early last year to make hotels that use Saflok aware of their security flaws and to help them fix or replace the vulnerable locks.

For many of the Saflok systems sold in the last eight years, there’s no hardware replacement necessary for each individual lock. Instead, hotels will only need to update or replace the front desk management system and have a technician carry out a relatively quick reprogramming of each lock, door by door.

But Dormakaba has reportedly only updated 36 percent of installed Safloks. Given that the locks aren’t connected to the internet and some older locks will still need a hardware upgrade, they say the full fix will still likely take months…

Source…