Tag: worldwide | Page 3

WinRAR Vulnerability Affects Traders Worldwide

August 23, 2023/in Internet Security

Cybersecurity researchers have exposed a zero-day vulnerability (CVE-2023-38831) in the popular WinRAR compression tool, which cyber-criminals have exploited to target traders on specialized forums.

The exploit allows threat actors to craft ZIP archives that contain malicious payloads, posing a significant risk to traders’ financial assets.

The Group-IB Threat Intelligence unit, while investigating the distribution of DarkMe malware in July 2023, stumbled upon the previously unknown vulnerability in WinRAR’s processing of the ZIP file format.

According to an advisory published by Andrey Polovinkin, a malware analyst at Group-IB earlier today, cyber-criminals have been using this vulnerability since April 2023 to create ZIP archives containing malware families including DarkMe, GuLoader and Remcos RAT.

Upon discovering this security flaw, Group-IB promptly notified RARLAB, the developers of WinRAR, about the issue. The company collaborated with the researchers and swiftly released a patch to address the vulnerability. MITRE Corporation assigned the vulnerability the marker CVE-2023-38831 on August 15 2023.

The exploit involves tricking users into opening seemingly harmless files, which then launch malicious scripts. Cyber-criminals are leveraging a tactic in which they spoof file extensions to hide the execution of malicious code within files that appear to be images or text documents. Group-IB explained that these malicious archives were posted on various trading forums, infecting at least 130 devices at the time of reporting.

Once infected, the malware provides threat actors unauthorized access to victims’ brokerage accounts, enabling them to withdraw funds. The financial losses incurred due to this vulnerability are still under investigation. Notably, the same vulnerability was reportedly used in the DarkCasino campaign previously described by NSFOCUS researchers.

Group-IB urged users to keep their software updated, exercise caution when dealing with attachments from unknown sources and implement robust security practices such as using password…

Source…

‘Play’ Ransomware Group Targeting MSPs Worldwide in New Campaign

August 17, 2023/in Internet Security

The fast-rising Play ransomware group that targeted the City of Oakland earlier this year is now hitting managed service providers (MSPs) around the globe in a cyberattack campaign to distribute ransomware to their downstream customers.

One troublesome aspect of the campaign is the threat actor’s use of intermittent encryption — where only parts of a file are encrypted — to try and evade detection.

Wide Range of Victims

Play’s targets appear to be midsized businesses in the finance, legal, software, shipping, law enforcement, and logistics sectors in the US, Australia, UK, Italy, and other countries, Adlumin said in a report this week. Researchers at Adlumin who are tracking the campaign as PlayCrypt say the attacker is also targeting state, local, and tribal entities in these countries as well.

As with other attacks involving MSPs, the Play or PlayCrypt group breaks into MSP systems and uses their remote monitoring and management (RMM) tools to get unfettered access to the networks and systems of customers of the MSPs. It is a tactic that other threat actors have used with substantial impact. The most notable example remains the REvil ransomware group’s attack on multiple MSP via vulnerabilities in Kaseya’s Virtual System Administrator (VSA) network monitoring tool. The attack resulted in the encryption of data on the systems of more than 1,000 customers of these MSPs.

Kevin O’Connor, director of threat research at Adlumin, says his company’s research shows the threat actors gain access to privileged management systems and RMM tools via a phishing campaign that targets employees at MSPs. “[This] leads to compromise of their systems and access either through direct exploitation or credential harvesting and reuse” he says.

Many Exploits, Including via Microsoft Exchange

Once the Play actors gain access to a customer environment — via the victim’s MSP — they move quickly to deploy additional exploits and broaden their foothold, Adlumin said in a report this week. In some cases, they have exploited vulnerabilities in Microsoft Exchange Server. Examples include CVE-2022-41040, a privilege escalation bug that attackers were exploiting before Microsoft had a fix for it and

Source…

Blockchain Iot Market Size, 2023 is Booming Worldwide Business Forecast by 2030

July 6, 2023/in Internet Security

PRESS RELEASE

Published July 6, 2023

Report Ocean recently released a comprehensive report on the global Blockchain Iot market, offering valuable insights into various factors impacting the market’s growth. The report covers crucial information on market restraints, drivers, and opportunities, enabling readers to understand the market dynamics. It also provides a detailed analysis of industry developments and trends that are shaping the global Blockchain Iot market. Furthermore, the report includes a thorough assessment of the market at both global and regional levels, providing comprehensive insights for businesses and stakeholders.

The global blockchain IoT market size was US$ 3.5 billion in 2021. The global blockchain IoT market is forecast to grow to US$ 271 billion by 2030, registering a compound annual growth rate (CAGR) of 45.2% during the forecast period from 2022 to 2030.

Request To Download Sample of This Strategic Report @https://reportocean.com/industry-verticals/sample-request?report_id=Pol455

Factors Influencing the Market

The increasing penetration of IoT technology is forecast to benefit the global blockchain IoT market. Growing initiatives to establish smart cities, smart transportation infrastructure, and vehicular connection forecast to play a beneficial role.
The increasing privacy concerns related to IoT devices, such as botnet attacks, Distributed Denial of Service (DDoS) assaults, and insecure ecosystem interfaces, are forecast to benefit the global blockchain IoT market during the forecast period. Blockchain offers an effective solution for IoT security. It enhances data security and protects data from unauthorized access. All of these factors will contribute to market growth.
The increasing focus of companies towards adopting effective solutions is forecast to benefit the global blockchain IoT market. Due to the COVID-19 pandemic, companies are increasingly inclining towards online operations. As a result, the demand for data security is forecast to increase from the government, BFSI, and private companies. However, a lack of knowledge about the technology may hamper the growth of the global blockchain IoT market.

Regional Analysis

The Asia-Pacific…

Source…

Lenovo ThinkReality VRX is now available in select markets worldwide

May 30, 2023/in Mobile Security

Next-level VR headset in a compact form factor with mixed reality capabilities for immersive training, collaboration and 3D design;
End-to-end enterprise solution, supported by cloud software, security features and services to protect and advance business;
Growing open ecosystem of XR applications with Snapdragon Spaces for the most popular enterprise use cases.

Santa Clara, CA — May 30, 2023 — Today, ahead of AWE USA 2023, Lenovo announced the new ThinkReality^™ VRX all-in-one virtual reality (VR) headset engineered for the enterprise is now available for purchase in select markets worldwide. The immersive, comfortable, slim profile, six-degrees-of-freedom (6DoF) VR solution is powered by the Snapdragon® XR2+ Gen 1 processor and provides full-color, high-resolution pass-through capabilities for mixed reality applications. The ThinkReality VRX is also supported by a full suite of end-to-end services to help organizations achieve success and realize ROI faster.

The ThinkReality VRX starts at $1,299 and is expected to be available in select markets worldwide starting in June 2023.¹ Enterprise pricing is available based on volume of deployment. Lenovo offers Device as a Service (DaaS) financing and service models through TruScale so customers can better adopt and scale XR solutions to transform the enterprise. Customers can visit the ThinkReality VRX web page to find out more or contact a local Lenovo sales representative. Attendees will also get an opportunity to demo the ThinkReality VRX on display at Lenovo’s booth (#219) at AWE USA 2023 in Santa Clara, US, between May 31- June 2, 2023.

VR engineered for the enterprise

The enterprise-only Lenovo ThinkReality VRX is built to be the VR solution for workers everywhere. The immediacy and fidelity of new digital tools experienced through extended reality (XR) devices means workforces are becoming nearly unconstrained by time and space. From improving efficiency in employee training and virtual collaboration to expanding design and engineering tasks in 3D, XR technologies are becoming more important than ever for businesses enabling workers to do more.

“Lenovo’s customers are looking for reliable, flexible, and scalable…

Source…

Tag Archive for: worldwide

Wide Range of Victims

Many Exploits, Including via Microsoft Exchange

<img loading="lazy" decoding="async" class="aligncenter size-large wp-image-24165" src="https://spinsafe.com/wp-content/uploads/2023/05/Lenovo-ThinkReality-VRX-is-now-available-in-select-markets-worldwide.png" alt="ThinkReality VRX side shot" width="1024" height="343" />

VR engineered for the enterprise