Tag: images | Page 2

Hackers hide a nasty secret in James Webb telescope images

August 31, 2022/in Computer Security

Space images from the James Webb telescope are being used by hackers to hide and distribute malware.

As reported by Bleeping Computer, a new malware campaign titled ‘GO#WEBBFUSCATOR’ has been uncovered, which also involves both phishing emails and malicious documents.

A depiction of a hacked computer sitting in an office full of PCs. — Getty Images

A phishing email named “Geos-Rates.docx” is initially sent to victims, who would then unknowingly download a template file if they fall for the trap.

Should the target system’s Office suite have the macros element enabled, the aforementioned file subsequently auto-executes a VBS macro. This will then allow a JPG image to be downloaded remotely, after which it is decoded into an executable format, and then finally loaded onto the machine.

If the file itself is opened with an image viewer application, the image displays the galaxy cluster SMACS 0723, captured by the recently launched James Webb telescope. That said, opening the same file with a text editor reveals how the image disguises a payload that turns into a malware-based 64-bit executable.

After it’s successfully launched, the malware allows a DNS connection to the command and control (C2) server to be set up. Hackers can then execute commands via the Windows cmd.exe tool.

To help avoid detection, the threat actors incorporated the use of XOR for the binary in order to conceal Golang (a programming language) assemblies from analysts. These assemblies also utilize case alteration so it’s not picked up by security tools.

As for Golang, Bleeping Computer highlights how it’s becoming increasingly popular for cybercriminals due to its cross-platform (Windows, Linux, and Mac) capabilities. And as evidenced above, it’s harder to detect.

Researchers from Securonix have found that domains used for the malware campaign were registered as recently as May 29, 2022. The payloads in question have yet to be flagged as malicious by antivirus scanning systems via VirusTotal.

It’s been a busy year for hackers looking to deliver malware. In addition to the regular tried and tested methods to spread malicious files and the like, they’re even delaying the launch of their dangerous codes once it’s found its way into PCs by up to a month.

Fake…

Source…

Orange Park Man Pleads Guilty To Receipt Of Child Sex Abuse Images Over The Internet | USAO-MDFL

July 28, 2022/in Internet Security

Jacksonville, Florida – United States Attorney Roger B. Handberg announces that Charles Lelande Boston (32, Orange Park) today pleaded guilty to receiving materials over the internet depicting the sexual abuse of children. Boston faces a minimum mandatory term of 5 years, and up to 20 years, in federal prison. Boston was arrested on August 12, 2021, and remains in custody. A sentencing hearing has not yet been scheduled.

According to the plea agreement, the Clay County Sheriff’s Office (CCSO) conducted an online investigation on a file-sharing network for files containing materials depicting the sexual abuse of children. In January, March, and April 2021, a CCSO detective connected with a computer that had files depicting the sexual abuse of children available online for sharing. Homeland Security Investigations and CCSO later executed a search warrant at the residence associated with that computer and Boston was determined to be the owner of the computer. An examination of Boston’s computer revealed a folder of downloaded files containing approximately 80 files depicting the sexual abuse of children.

This case was investigated by the Clay County Sheriff’s Office and Homeland Security Investigations. It is being prosecuted by Assistant United States Attorney Ashley Washington.

It is another case brought as part of Project Safe Childhood, a nationwide initiative launched in May 2006 by the Department of Justice to combat the growing epidemic of child sexual exploitation and abuse. Led by the United States Attorneys’ Offices and the Criminal Division’s Child Exploitation and Obscenity Section, Project Safe Childhood marshals federal, state, and local resources to locate, apprehend, and prosecute individuals who sexually exploit children, and to identify and rescue victims. For more information about Project Safe Childhood, please visit www.justice.gov/psc.

Source…

Server hack yields harrowing images of life inside Chinese detention camps

May 25, 2022/in Computer Security

A hack on police servers in China’s Xinjiang region has yielded thousands of graphic images and videos of Uighur detainees suffering in detention camps in one of the starkest accounts yet of the ongoing humanitarian crisis caused by the country’s persecution of ethnic minorities.

The images are accompanied by training manuals, detailed police work rosters, and instructions for guarding the camps. Using a euphemism to describe inmates, one document states: “If students do not respond to warning shots and continue to try to escape, the armed police shoot to kill,” the BBC reported. Images show one prisoner in an iron torture device known as a tiger chair, which immobilizes the arms. Der Spiegel, one of the other outlets that published the tranch of hacked photos and documents, said it confirmed their authenticity in part by analyzing GPS data included in some of the images.

“The material is unprecedented on several levels,” Dr. Adrian Zenz, director and senior fellow in China Studies at the Victims of Communism Memorial Foundation, who obtained the files and shared them with news outlets, wrote on Twitter. His thread provided a broad overview of the leaked materials that included “high-level speeches, implicating top leadership and containing blunt language,” “camp security instructions, far more detailed than China Cables [that] describe heavily armed strike units with battlefield assault rifles,” and other evidence of Uighur oppression at the hands of the Chinese government.

The material is unprecedented on several levels:
1. High-level speeches, implicating top leadership and containing blunt language

2. Camp security instructions, far more detailed than China Cables, describe heavily armed strike units with battlefield assault rifles pic.twitter.com/tQUSXJU0pF

— Adrian Zenz (@adrianzenz) May 24, 2022

Most of the images and documents are available on a dedicated site. Contents include the images of 2,884 detainees, training images and Powerpoint documents for security drills, and speeches and directives from top government officials…

Source…

Ransomware hackers used AI Images, Microsoft Flaw in campaign to create fake LinkedIn profiles

March 19, 2022/in Computer Security

A group of ransomware hackers used a variety of techniques to try breaching hundreds of companies last year, exploiting a vulnerability in Microsoft and using AI to create fake LinkedIn profiles, Alphabet Inc.’s Google found.

A group of ransomware hackers used a variety of techniques to try breaching hundreds of companies last year, exploiting a vulnerability in Microsoft Corp.’s Windows and using artificial intelligence technology to create fake LinkedIn profiles, Alphabet Inc.’s Google found.

The group, which Google refers to as Exotic Lily in research published Thursday, is known as an initial access broker. Such groups specialize at breaking into corporate computer networks, and then providing that access to other cybercriminal syndicates that deploy malware that locks computers and demands a ransom.

The findings help illuminate the ransomware-as-a-service model, a cybercriminal business strategy in which different hacking groups pool their resources to extort victims, then split the proceeds.

The Exotic Lily group sent over 5,000 malicious emails a day, Google observed, to as many as 650 organizations around the world, often leveraging a flaw in MSHTML, a proprietary browser engine for Windows. Microsoft issued a security fix for the Windows vulnerability in late 2021. Google did not identify victims by name.

“Up until November 2021, the group seemed to be targeting specific industries such as IT, cybersecurity and health care, but as of late we have seen them attacking a wide variety of organizations and industries, with less specific focus,” Google said in a blog post.

Google also observed that Exotic Lily is associated with notorious Russian-speaking ransomware group Conti. That group, accused of using digital extortion to reap $200 million in 2021, is currently in turmoil after a suspected insider leaked a trove of internal chat logs, revealing hackers’ tactics to the public.

What makes Exotic Lily unique, according to Google, is the level of human interaction behind each of its attacks. Creating fake LinkedIn profiles to add legitimacy to the group’s malicious emails requires an extra…

Source…

Tag Archive for: images