Menu

Blog

Archive for the ‘cybercrime/malcode’ category: Page 107

Nov 21, 2021

Microsoft Exchange servers hacked in internal reply-chain attacks

Posted by in category: cybercrime/malcode

Threat actors are hacking Microsoft Exchange servers using ProxyShell and ProxyLogon exploits to distribute malware and bypass detection using stolen internal reply-chain emails.

When threat actors conduct malicious email campaigns, the hardest part is to trick users into trusting the sender enough so that they open up linked to or included malware-distributing attachments.

TrendMicro researchers have discovered an interesting tactic used of distributing malicious email to a company’s internal users using the victim’s compromised Microsoft exchange servers.

Nov 20, 2021

Can Time Be Hacked? Here’s How One Hacker Demonstrated It Can

Posted by in category: cybercrime/malcode

Cher sang about manipulating it while Doctor Who dramatized it. This hacker went one better and did it. Here’s how time got hacked.

During a 1961 address to the National Association of Manufacturers in New York City, John F. Kennedy said that “we must use time as a tool, not as a couch.” Fast forward fifty years, and one hacker has demonstrated exactly how to do that: by hacking time.

What is time anyway? What is time? That’s not an easy question to answer definitively.

Continue reading “Can Time Be Hacked? Here’s How One Hacker Demonstrated It Can” »

Nov 19, 2021

Serious security vulnerabilities in DRAM memory devices

Posted by in categories: cybercrime/malcode, mobile phones

Researchers at ETH Zurich have discovered major vulnerabilities in DRAM memory devices, which are widely used in computers, tablets and smartphones. The vulnerabilities have now been published together with the National Cyber Security Centre, which for the first time has assigned an identification number for it.

When browsing the internet on a laptop computer or writing messages on a smartphone, we all like to think that we are reasonably safe from as long as we have installed the latest software updates and anti-virus software. But what if the problem lies not with the software, but with the hardware? A team of researchers led by Kaveh Razavi at ETH Zurich, together with colleagues at the Vrije Universiteit Amsterdam and Qualcomm Technologies, have recently discovered fundamental vulnerabilities affecting the memory component called DRAM at the heart of all modern computer systems.

The results of their research have now been accepted for publication at a flagship IT security conference, and the Swiss National Cyber Security Centre (NCSC) has issued a Common Vulnerabilities and Exposures (CVE) number. This is the first time that a CVE identification has been issued by the NCSC in Switzerland (see box below). On a scale of 0 to 10, the severity of the vulnerability has been rated as 9.

Nov 17, 2021

Researchers Demonstrate New Way to Detect MitM Phishing Kits in the Wild

Posted by in category: cybercrime/malcode

Researchers demonstrated new way to catch advanced MITM phishing toolkits in the wild.

Nov 17, 2021

Notorious Emotet Botnet Makes a Comeback with the Help of TrickBot Malware

Posted by in categories: cybercrime/malcode, law enforcement

The notorious Emotet malware is staging a comeback of sorts nearly 10 months after a coordinated law enforcement operation dismantled its command-and-control infrastructure in late January 2021.

According to a new report from security researcher Luca Ebach, the infamous TrickBot malware is being used as an entry point to distribute what appears to be a new version of Emotet on systems previously infected by the former. The latest variant takes the form of a DLL file, with the first occurrence of the deployment being detected on November 14.

Nov 14, 2021

Scientists Create Artificial Mitochondria That Can Make Energy for Damaged Cells

Posted by in categories: biotech/medical, chemistry, cybercrime/malcode

And it can be hacked.

The authors of a new study in Nature Catalysis reprogrammed these blobs—called exosomes—into an army of living nanobioreactors. It’s a seemingly simple process of mix and match: each blob is filled with a different chemical that’s involved in a biological reaction. By bringing two together, the blobs merge into a single squishy container, allowing the two chemicals to react.

The results were explosive. The tiny bioreactors pumped out energy molecules, called ATP, inside living cells. The burst of energy saved injured cells, providing them with a boost of power to fight back against dangerous molecules that otherwise lead to cell death.

Nov 13, 2021

China’s next generation of hackers won’t be criminals. That’s a problem

Posted by in categories: biotech/medical, cybercrime/malcode, education, government

The TechCrunch Global Affairs Project examines the increasingly intertwined relationship between the tech sector and global politics.

Criminals have a long history of conducting cyber espionage on China’s behalf. Protected from prosecution by their affiliation with China’s Ministry of State Security (MSS), criminals turned government hackers conduct many of China’s espionage operations. Alarming as it may sound, this is not a new phenomenon. An indictment issued by the U.S. Department of Justice last year, for example, indicated that the simultaneous criminal-espionage activity of two Chinese hackers went back as far as 2009. In another case, FireEye, a cybersecurity company, alleges that APT41, a separate cohort of MSS hackers, began as a criminal outfit in 2012 and transitioned to concurrently conducting state espionage from 2014 onward. But there’s reason to believe that since then, China has been laying the groundwork for change.

Read more from the TechCrunch Global Affairs Project

Continue reading “China’s next generation of hackers won’t be criminals. That’s a problem” »

Nov 13, 2021

TrickBot Operators Partner with Shathak Attackers for Conti Ransomware

Posted by in category: cybercrime/malcode

A team of TrickBot operators joins forces with Shatak attackers to launch Conti Ransomware.

Nov 13, 2021

Researchers uncover a new cyber mercenary hacker-for-hire group that has been conducting cyber espionage and data theft since 2015

Posted by in category: cybercrime/malcode

Researchers are warning of a new evolving botnet that has been spotted in the wild and has worm-like spreading capabilities to infect Linux systems.

Nov 13, 2021

Hackers Exploit macOS Zero-Day to Hack Hong Kong Users with new Implant

Posted by in category: cybercrime/malcode

Researchers uncover a new cyber mercenary hacker-for-hire group that has been conducting cyber espionage and data theft since 2015.


Researchers have uncovered details of a watering hole attack carried out via websites in Hong Kong, and exploited a zero-day vulnerability in macOS.