Tag Archive for: safe

Windows PCs are now being hit by dangerous malware — here’s the steps you need to take to stay safe

/in


It’s been a while since we heard about malware hiding in PyPI packages, but researchers have now reported finding almost a dozen lurking on the open source Python Package Index (PyPI) repository.

Cybersecurity researchers from Fortinet’s FortiGuard Labs found nine packages delivering the WhiteSnake Stealer. The packages are called nigpal, figflix, telerer, seGMM, fbdebug, sGMM, myGens, NewGends, and TestLibs111. WhiteSnake is a Windows infostealer, capable of working around antivirus programs, and communicates with the C2 server via the Tor protocol, the researchers explained.

Source…

This new macOS backdoor lets hackers take over your Mac remotely — how to stay safe

/in


Hackers are beefing up their efforts to go after the best MacBooks as security researchers have discovered a brand new macOS backdoor which appears to have ties to another recently identified Mac malware strain.

As reported by SecurityWeek, this new Mac malware has been dubbed SpectralBlur and although it was uploaded to VirusTotal back in August of last year, it remained undetected by the best antivirus software until it recently caught the attention of Proofpoint’s Greg Lesnewich.

In a blog post, Lesnewich explained that SpectralBlur has similar capabilities to other backdoors as it can upload and download files, delete files and hibernate or sleep when given commands from a hacker-controlled command-and-control (C2) server. What is surprising about this new Mac malware strain though is that it shares similarities to the KandyKorn macOS backdoor which was created by the infamous North Korean hacking group Lazarus.

Just like SpectralBlur, KandyKorn is designed to evade detection while providing the hackers behind it with the ability to monitor and control infected Macs. Although different, these two Mac malware strains appear to be built based on the same requirements.

Once installed on a vulnerable Mac, SpectralBlur executes a function that allows it to decrypt and encrypt network traffic to help it avoid being detected. However, it can also erase files after opening them and then overwrite the data they contain with zeros.

Mac malware is on the rise

If you thought your Mac was safe from hackers and malware, I’ve got bad news for you. Cybercriminals may have preferred Windows machines in the past but now that Apple’s computers have seen a surge in popularity over the past few years, they’ve become a much more valuable target.

According to a blog post from the non-profit Objective-See (via The Hacker News), 21 new malware strains designed to target macOS were discovered in 2023 alone. This is a significant increase compared to the previous year when only 13 Mac malware strains were identified.

As such, expect to see even more Mac malware this year as hackers and other cybercriminals have seen firsthand just how valuable it can be targeting Apple’s computers over the best…

Source…

New exploit fools users into thinking their hacked iPhone is safe

/in


Lockdown Mode

If an iPhone has already been infected with malware, Jamf has shown how an attacker can trick the user into believing Lockdown Mode is active when it isn’t.

Despite popular belief, iPhones can get infected with malware — but it is rare. Attackers taking advantage of zero-day vulnerabilities and zero-click exploits can infect a user’s device — though these sophisticated attacks are often expensive and difficult to execute.

Jamf Threat Labs has worked out a proof-of-concept post-exploitation tampering technique that makes an iPhone behave like it is in Lockdown Mode when it isn’t. The user can toggle Lockdown Mode and will see visual cues, like an apparent device restart and warnings in Safari that trick the user into a false sense of security.

This isn’t a flaw with Lockdown Mode, iPhone security, or the operating system. The tampering technique only works on devices that have already been infected with malware.

Jamf researched this proof-of-concept to emphasize that Lockdown Mode has limitations. It is a shield that reduces the attack surface on an iOS device, not anti-malware that detects infections and ejects them.

Lockdown Mode is most effective when used on a device before an attack occurs. It reduces the number of entry points available for an attacker.

Warnings tell the user Lockdown Mode is being activated

Warnings tell the user Lockdown Mode is being activated

A system reboot can help stop malware from monitoring the user, but Jamf found a way to force a userspace reboot instead of a system reboot. That way, the injected code can maintain adaptable control over Lockdown Mode.

Lockdown Mode performs several actions, most of which are invisible to the user.

  • Messages — Most message attachments are blocked, and some features are unavailable.

  • FaceTime — Incoming FaceTime calls from people you have not previously called are blocked.

  • Web Browsing — Some web technologies and browsing features are blocked.

  • Shared Albums — Shared albums will be removed from the Photos app, and new Shared Albums invitations will be blocked.

  • Device Connections…

Source…

Local expert tells how to keep your computer and personal information safe

/in


The bad guys may seem like they’re winning, but with time and effort you can protect yourself, your family, your money and your computer and smartphone from attack by hackers, scammers and other cybercriminals.

That was the message of Jim Rome, webmaster for several local nonprofit organizations who spent the latter part of his career at Oak Ridge National Laboratory providing computer security for classified systems. He delivered his message most recently to Friends of ORNL.

Jim Rome tells Friends of Oak Ridge National Laboratory what he does to stay as safe as he can on the internet.Jim Rome tells Friends of Oak Ridge National Laboratory what he does to stay as safe as he can on the internet.

Jim Rome tells Friends of Oak Ridge National Laboratory what he does to stay as safe as he can on the internet.

He mentioned that recently the city of Oak Ridge had been a victim of a “denial of services” malware attack, causing network issues and making its business side unable to process utility payments for days.

Malware, short for malicious software, is a set of computer programs created by cybercriminals that can steal data from and damage or destroy computers and computer systems. It includes viruses, spyware and ransomware – software designed to block access to an individual’s personal data or a company or organization’s computer system until a sum of money (ransom) is paid.

Rome said that the global cost of cybercrime was estimated at more than $7 trillion dollars in 2022. In the first half of 2022, more than 50 million Americans had been affected by cybercrimes, the highest rate of data breaches in the world. The nations that have the most dangerous cybercriminals include China, Russia, Taiwan, India, Brazil and the United States, according to one source.

Rome cited two recent computer attacks that have affected corporations and customers. One cyberattack disrupted operations of the cleaning products maker Clorox, reducing the availability of the company’s products and slashing its quarterly earnings and stock value by 20%.

Jim Rome tells Friends of Oak Ridge National Laboratory what he does to stay as safe as he can on the internet.Jim Rome tells Friends of Oak Ridge National Laboratory what he does to stay as safe as he can on the internet.

Jim Rome tells Friends of Oak Ridge National Laboratory what he does to stay as safe as he can on the internet.

In September, a cyberattack at MGM Resorts International, he added, caused widespread disruption on the Las Vegas Strip. The hotel and casino giant had to require manual check-ins and the use of physical key cards so guests could access their rooms.

Potential…

Source…