Tag: Live | Page 6

Live Updates: Xi Warns of ‘Dangerous Storms’ Facing China

October 16, 2022/in Computer Security

Xi Jinping Thought is ubiquitous in China, detailed in everything from textbooks to collections of Mr. Xi’s writings, from dedicated research centers to apps for studying his works.

In China, having a political philosophy named after a leader carries enormous significance. For Mr. Xi, it is a core expression of his expanding power. At his speech opening the Communist Party’s congress in Beijing on Sunday, he said that “fully implementing” his thought was a key theme.

During the meeting this week, China’s political elite are expected to further elevate the status of the political doctrine — and by extension, Mr. Xi’s authority.

The party is likely to amend its constitution to change the name of the theory, officially known as Xi Jinping Thought on Socialism With Chinese Characteristics for a New Era.

“‘Xi Jinping Thought on Socialism With Chinese Characteristics for a New Era’ is a crown that’s too heavy to wear,” said David Bandurski, the director of the China Media Project, a research organization. “So, he wants a crown he can actually wear.”

Many analysts expect the phrase to be shortened to Xi Jinping Thought. That would make it a “pithy, direct, powerful signal” of his authority, Mr. Bandurski said.

Mr. Xi already had the full phrase inserted into the party charter in 2017. That put Mr. Xi above his most recent predecessors, Hu Jintao and Jiang Zemin, whose own ideological contributions, while mentioned in the same document, don’t carry their names in the titles. It even vaulted him above Deng Xiaoping, whose eponymous input is labeled a “theory.”

The ideology is more than an empty celebration of Mr. Xi. Xi Jinping Thought is a framework for China’s governance and a guide for what it will do under his continuing leadership.

The goal of Mr. Xi’s ideology is to cement the Communist Party’s role as China’s governing body, with a single strong leader — Mr. Xi himself — at the top, dispensing with the more collective leadership style of his recent predecessors.

Mr. Xi has escalated a crackdown on corruption, a widely popular effort that also helps command cadres’ loyalty to him and ensures that the party, not the public at large, decides…

Source…

DIY Web Attacks Might Still Live on via WebAttacker

September 9, 2022/in Computer Security

Age is rarely an issue when it comes to malware campaigns, and that’s certainly true for WebAttacker. WebAttacker is a do-it-yourself (DIY) malware creation kit that became popular back in 2006. It was the first exploit kit made available to cybercriminals in the Russian underground market for as little as US$20.

While you may think it’s no longer active, our research could suggest otherwise. An in-depth look at three email addresses belonging to the WebAttacker operators revealed these findings.

Close to 350 domains were registered using email addresses identified as indicators of compromise (IoCs).
The domains registered with the email addresses were created between 2011 and 2022.
The domains resolved to more than 130 IP addresses.
The IP addresses were spread out across more than a dozen countries.

A sample of the additional artifacts obtained from our analysis is available for download from our website.

Old but Potentially Not Dead

We began the investigation by using the email addresses belonging to the WebAttacker operators as reverse WHOIS search strings. That led to the discovery of 346 domains registered between 2011 and 2022, at least five years after the exploit kit was made available in cybercriminal underground markets. The domain registration peaked in 2021.

Several of the domains look as if they were randomly generated, such as:

ggssg[.]com
sssffvv[.]com
mmzzaa[.]com
ccpppd[.]com
ppoomm[.]com
ppqqd[.]com
ffggll[.]com
ppssbb[.]com
ddssdd[.]com
hhddn[.]com

A few of them also led to what look to be business sites, specifically rental web pages, based on screenshot lookups.

A bulk Threat Intelligence Platform (TIP) malware check, however, showed that only one domain—ddgcc[.]com—was tagged “malicious” by various malware engines. This web property is currently up for sale, so users looking for a domain for their businesses may want to be wary.

DNS lookups for the domains showed that they resolved to 135 IP addresses spread out over a dozen countries. A majority of them were geolocated in the U.S., followed by China, Canada, Germany, Japan, and South Africa.

Interestingly, while only one domain was dubbed “malicious,” 12 of the IP…

Source…

[Update: Fix is live] Windows Defender is reporting a false-positive threat ‘Behavior:Win32/Hive.ZY’; it’s nothing to be worried about

September 5, 2022/in Computer Security

Windows Defender is alerting people of a “threat detected” for “Behavior:Win32/Hive.ZY”
The issue is tied to a recent listing in Microsoft’s Defender update file, which is making a wrong detection
The trigger seems tied to Defender detecting “Electron-based or Chromium-based applications as malware”
Microsoft is expected to patch/update Microsoft Defender to alleviate the issue

Update #1 (1:50 PM ET): According to the Microsoft support forums, the Defender Team indicated they are investigating this and will hopefully release a patch for this soon.

Update #2: (7:50 PM ET): According to Microsoft support forums, “indications from a Microsoft Agent is a fix has been released (Version: 1.373.1537.0)”

In Windows 10/11, select Check for updates in the Windows Security Virus & threat protection screen to check for the latest updates.

Offline installers are available from these links:

64bit downloads

https://go.microsoft.com/fwlink/?LinkID=121721&arch=x64 (opens in new tab)

32bit Download:

https://go.microsoft.com/fwlink/?LinkID=121721&arch=x86 (opens in new tab)

This morning, a listing in Microsoft Defender’s database (or even Windows Update) is causing havoc on people’s Windows PCs.

People on Reddit are “freaking out” over not just a reported threat from Microsoft Defender but one that keeps popping up and recurring despite the alleged threat being blocked.

The threat is revealed in a pop-up message noting that “Behavior:Win32/Hive.ZY” has been detected and is listed as “severe.” However, after taking action to rectify the issue, it does not go away, and the user will keep receiving the same prompt. The reminder may return after 20 seconds, with the cycle repeating endlessly.

We experienced the issue on one PC; see the screenshots below.

Image 1 of 3

(Image credit: Daniel Rubino)

Image 1 of 3

The actual threat is only noted as “This generic detection for suspicious behaviors is designed to catch potentially malicious files.”

The good news is that your computer, should you be experiencing this problem, is not infected with any virus or malware. This detection appears to be a false positive, according to a Microsoft…

Source…