Tag Archive for: images

Ransomware hackers used fake images created by AI, Microsoft flaw in campaign

/in


NEW YORK (BLOOMBERG) – A group of ransomware hackers used a variety of techniques to try breaching hundreds of companies last year, exploiting a vulnerability in Microsoft’s Windows and using artificial intelligence technology to create fake LinkedIn profiles, Alphabet’s Google found.

The group, which Google refers to as Exotic Lily in research published Thursday (March 17), is known as an initial access broker. Such groups specialise at breaking into corporate computer networks, and then providing that access to other cyber criminal syndicates that deploy malware that locks computers and demands a ransom.

The findings help illuminate the ransomware-as-a-service model, a cyber-criminal business strategy in which different hacking groups pool their resources to extort victims, then split the proceeds.

The Exotic Lily group sent over 5,000 malicious e-mails a day, Google observed, to as many as 650 organisations around the world, often leveraging a flaw in MSHTML, a proprietary browser engine for Windows.

Microsoft issued a security fix for the Windows vulnerability in late 2021. Google did not identify victims by name.

“Up until November 2021, the group seemed to be targeting specific industries such as IT, cyber security and health care, but as of late we have seen them attacking a wide variety of organisations and industries, with less specific focus,” Google said in a blog post.

Google also observed that Exotic Lily is associated with notorious Russian-speaking ransomware group Conti. That group, accused of using digital extortion to reap US$200 million (S$271 million) in 2021, is currently in turmoil after a suspected insider leaked a trove of internal chat logs, revealing hackers’ tactics to the public.

What makes Exotic Lily unique, according to Google, is the level of human interaction behind each of its attacks. Creating fake LinkedIn profiles to add legitimacy to the group’s malicious e-mails requires an extra level of effort.

One of the fake LinkedIn profiles cited by Google was a fictitious Amazon.com employee who appeared to be located in the United Kingdom. The hackers sometimes used a publicly available service to generate a fake profile picture using artificial…

Source…

DICOM file security: How malware can hide behind HIPAA-protected images

/in


What are DICOM files?

A DICOM file is an image from a medical scan saved in the Digital Imaging and Communications in Medicine (DICOM) format. DICOM is the international 30-year-old standard protocol for managing and transmitting medical images, such as ultrasounds, MRIs, X-rays, and CT scans. In addition, these files often include the patient’s identification data, including name, age, date of birth, height, weight, and medical condition. DICOM files facilitate the digital transfer of these images and related data between healthcare entities, eliminating the need for physical films and avoiding compatibility issues.

In 2016, the Box DICOM Viewer – a cloud-based solution designed to enable storing, sharing and viewing any DICOM file on a browser or mobile device – was approved as a class II medical device by the Food and Drug Administration (FDA). As a class II device, medical professionals can use the Box DICOM Viewer for diagnostic purposes. FDA approval was granted after a three-year process during which Box had to demonstrate that through the entire process of uploading, storing, sharing, accessing, viewing, and downloading a DICOM file, there would be no loss of fidelity in the images. Unfortunately, securing these files was not part of the consideration.

How is a DICOM file constructed?

Every DICOM file contains a Preamble, a 128-byte section at the beginning of the file that enables compatibility with image viewers that cannot read DICOM but support other web image formats, such as JPG, PNG, or TIFF. There are no limitations for the data that can be inserted into a DICOM file’s Preamble; as long as the sequence is less than 128 or bytes, it can be inserted in full conformance with the DICOM standard.

How can DICOM files be weaponized?

DICOM files are large due to the amount of data they contain. They are similar to an archival file, functioning as a file that includes other files, providing plenty of space for attackers to hide a malicious element within – a process made even easier by DICOM ports mistakenly exposed on the internet. These can be found using Shodan, a search engine for internet-connected devices that is often used by hackers to locate…

Source…

Study reveals images of the coronavirus forming tentacles in cells — but monstrous discovery helps identify new treatment – Milwaukee Journal Sentinel

/in

Study reveals images of the coronavirus forming tentacles in cells — but monstrous discovery helps identify new treatment  Milwaukee Journal Sentinel
“HTTPS hijacking” – read more

Aussie surfer’s hacked Instagram sent sexually explicit images to her 40,000 followers

/in

18-year-old Blaze Angel Roberts is a talented surfer with 40,000 Instagram followers.

Unfortunately, her popularity also seems to have drawn the unwanted attention of hackers, who successfully tricked her into clicking on a phishing link, and handing over the password to her email account.

Graham Cluley