Tag Archive for: trick

Hackers Use “chatgpt5[.]zip” to Trick Users into Download Malware

/in


Hackers Use “chatgpt5 [.]zip” to Trick Users into Downloading Malware. Phishing remains a severe cybersecurity threat, deceiving employees with cleverly disguised malicious links and malware attachments, potentially causing company-wide troubles for over a decade.

The 2022 FortiGuard Labs report and the 2023 Global Ransomware Research both highlight phishing as the leading initial access method in network breaches, setting the stage for subsequent attack stages.

Threat actors employ creative names to disguise phishing attacks, with a new TLD ‘ .ZIP’ introducing a potential threat by chatgpt5 leading to malicious sites.

Reach Expansion

TLDs are vital components of domain names, like ‘.COM,’. ‘NET,. ‘ ‘.ORG,’ represents the highest level in the DNS hierarchy, shaping the structure of the web.

With internet evolution, countless gTLDs emerged for personalized web addresses, offering branding chances but also phishing opportunities that demand alertness.

The availability of public ‘.ZIP’ domains has created an unfortunate opportunity for the threat actors seeking new exploits and techniques.

The inclusion of ‘.ZIP’ as a gTLD adds complexity to phishing detection, particularly due to its association with compressed files, increasing confusion and providing phishers with a potent new tool for their attacks.

Exploiting ChatGPT

The cybersecurity researchers acknowledge the security risks of the ‘.ZIP’ TLD, but responsible individuals are actively working to mitigate the abuse of such domain names.

The hype around ChatGPT lead to the creation and registration of  “chatgpt5 [.]zip ” on May 20th, supposedly for the next GPT iteration, but surprisingly, it holds a neutral text message instead of malware.

New .ZIP domain (Source – Fortinet)
Harmless text message (Source – Fortinet)

To trick the users by claiming to safeguard students from malware, “assignment[.]zip” was registered by the threat actors on May 15th, redirecting visitors to a download of a ZIP archive containing files that are completely safe.

Fake attack for students (Source – Fortinet)

Exploiting the widespread use of the .ZIP extension, malicious actors create campaigns and websites reminiscent…

Source…

New cryptojacking malware can hack in Kubernetes clusters using this easy trick

/in


Dero is a relatively new cryptocurrency that places a strong emphasis on privacy. It utilizes directed acyclic graph (DAG) technology, which allows it to make the claim that its transactions are completely anonymous. The combination of anonymity and a greater rewards ratio makes it potentially attractive for cryptojacking organizations in comparison to Monero, which is the coin that is most often used by attackers or groups conducting miner operations. CrowdStrike has discovered the first-ever Dero cryptojacking operation targeting Kubernetes infrastructure. 

A cryptojacking operation using Monero was also discovered; this operation is aware of the Dero effort and is actively competing with it. The Monero campaign mines XMR on the host by elevating their privileges via the usage of DaemonSets and mounting the host as the root user.

Attackers specifically targeted Kubernetes clusters running on non-standard ports by scanning for and locating exposed vulnerable Kubernetes clusters that had the authentication setting —anonymous-auth=true. This setting enables anonymous access to the Kubernetes API and was the target of the attackers’ attention. It is possible for a user with adequate access to mistakenly expose a secure Kubernetes API on the host where kubectl is operating by performing the “Kubectl proxy” command. This is a less apparent approach to expose the secure Kubernetes cluster without authentication. The Kubernetes control plane application programming interface does not provide anonymous access out of the box in Kubernetes. Nevertheless, since the choice to make secure-by-default the default was delayed, and there are a variety of ways in which Kubernetes might be inadvertently exposed, there is still a legacy of exposed systems on the internet.

After the first engagement with the Kubernetes API, the attacker will next install a Kubernetes DaemonSet with the name “proxy-api.” On every node in the Kubernetes cluster, the DaemonSet installs a pod that contains malicious code. This makes it easier for attackers to operate a cryptojacking operation by simultaneously using the resources of all of the nodes in the network. The mining efforts that are…

Source…

New Cybersecurity Technique Could Trick Hackers

/in


Sandia National Laboratories research team members Christy Sturgill, Jacob Hazelbaker, Eric Vugrin and Nicholas Troutman, from left to right, onboard a C-130 transport aircraft at Kirtland Air Force Base. (Credit: Craig Fritz, Sandia National Laboratories)

An international team of researchers led by Purdue University examine how a new cybersecurity technique could help keep aircrafts such as a military jet, a commercial airliner, and even a spacecraft technologically safe from cyberattacks. This study holds the potential to address the potential pitfalls of living in a world that is becoming more and more reliant on computers for everything we do.

“When we talk about protecting our computer systems, frequently there are two main pieces we rely on,” said Dr. Eric Vugrin, who is a Sandia National Laboratories cybersecurity senior scientist and a co-author on the study. “The first approach is just keeping the bad guy out and never permitting access to the system. The physical analogue is to build a big wall and don’t let him in in the first place. And the backup plan is, if the wall doesn’t work, we rely on detection. Both of those approaches are imperfect. And so, what moving target defense offers as a complementary strategy is, even if those two approaches fail, moving target confuses the attacker and makes it more difficult to do damage.”

Many aircraft systems use an onboard computer network called the military standard 1553, also known as MIL-DTS-1553 or simply 1553, which is a very efficient system that allows the various aircraft systems to talk to each other. Because of the importance of this system in controlling aircraft, it also makes it very vulnerable to cyberattacks.

For the study, the researchers pitted moving target defenses (MTDs) algorithms against machine learning (ML) and deep learning (DL) models to examine the algorithm’s effectiveness against the models trying to attack it in real-time systems. They put emphasis on examining one such algorithm that randomizes address assignments to see if the models could overcome the defenses. Essentially, it…

Source…

Hackers’ latest trick looks like free movie streaming

/in


The recent FIFA World Cup brought out another round of bad actors capitalizing on the streaming demand of the popular games.

Instead of delivering a link to a legit way of watching, those who took the bait are sent to malicious sites that install malware on devices.

That’s the trouble with linking to what appear to be free streams and downloads of movies, video and music sources.

Blind linking can lead to more danger for your device than you may realize.

CLICK TO GET KURT’S CYBERGUY NEWSLETTER WITH QUICK TIPS, TECH REVIEWS, SECURITY ALERTS AND EASY HOW-TO’S TO MAKE YOU SMARTER

Criminals and hackers everywhere want to make it their mission to trick people into giving them their money, private information, or both.

Criminals and hackers everywhere want to make it their mission to trick people into giving them their money, private information, or both.
(Kurt Knutsson)

What is the risk of downloading movies illegally?

Criminals and hackers everywhere want to make it their mission to trick people into giving them their money, private information, or both. They do this with movies and popular online entertainment by providing downloadable links that look super convincing.  People who end up clicking them usually think that they’ll be able to consume what they want to watch at no cost.

HOW SCAMMERS ARE POSING AS YOUR CABLE AND INTERNET PROVIDERS

In reality, many of these links contain all kinds of malware that will give the hacker access to your information. And what’s worse, hackers are working overtime to figure out ways for these downloadable files to sneak past any kind of antivirus software that may stop them in their tracks.

What will happen to my device?

The change in your device may not happen immediately when you try downloading these pirated films. But eventually, you may notice your device becoming much slower, random apps opening and closing without your knowledge, and even your battery draining quickly.

For example, back in 2021, ReasonLabs found a new form of malware disguising itself as a way to watch the latest SpiderMan film for free online while it was still in theaters.  It was a malicious file containing cryptocurrency mining malware, which can steal your device’s resources and hunt for online currencies.

See my expert review of the best antivirus protection for your Windows, Mac, Android & iOS devices by searching ‘Best Antivirus’ at CyberGuy.com.

See my expert review of the best antivirus protection for your Windows, Mac,…

Source…