Menu

Blog

Archive for the ‘cybercrime/malcode’ category: Page 98

Feb 23, 2022

Devious phishing method bypasses MFA using remote access software

Posted by in category: cybercrime/malcode

The researcher also told BleepingComputer that websites, such as LinkedIn, detect man-in-the-middle (MiTM) attacks and deactivate accounts after successful logins.

To overcome this obstacle, mr.d0x came up with a devious new phishing technique that uses the noVNC remote access software and browsers running in kiosk mode to display email login prompts running on the attacker’s server but shown in the victim’s browser.

VNC is a remote access software that allows remote users to connect to and control a logged-in user’s desktop. Most people connect to a VNC server through dedicated VNC clients that open the remote desktop in a similar manner to Windows Remote Desktop.

Feb 17, 2022

How a Saudi woman’s iPhone revealed hacking around the world

Posted by in categories: cybercrime/malcode, government, law, mobile phones

WASHINGTON, Feb 17 (Reuters) — A single activist helped turn the tide against NSO Group, one of the world’s most sophisticated spyware companies now facing a cascade of legal action and scrutiny in Washington over damaging new allegations that its software was used to hack government officials and dissidents around the world.

It all started with a software glitch on her iPhone.

An unusual error in NSO’s spyware allowed Saudi women’s rights activist Loujain al-Hathloul and privacy researchers to discover a trove of evidence suggesting the Israeli spyware maker had helped hack her iPhone, according to six people involved in the incident. A mysterious fake image file within her phone, mistakenly left behind by the spyware, tipped off security researchers.

Feb 13, 2022

How the metaverse could shape cybersecurity in 2022

Posted by in category: cybercrime/malcode

Final Words

Digitization in all its forms is exciting. The development of technology is met with zeal and zest, primarily as it eases people’s lives all over and eradicates several problems. However, in all its glamour, the cybersecurity aspects of these digitizations are often undermined, as evident with the metaverse.

Although the metaverse is a genuinely remarkable concept and could help the world in several ways, it is crucial to realize that it might all fail if the cybersecurity aspect is ignored. Therefore, within all this hype on its development, cybersecurity is a topic that needs a lot more attention than it is getting.

Feb 9, 2022

Whistleblower Alleges NSO Offered To ‘Drop Off Bags Of Cash’ In Exchange To Access To US Cellular Networks

Posted by in categories: business, cybercrime/malcode, government, mobile phones

The endless parade of bad news for Israeli malware merchant NSO Group continues. While it appears someone might be willing to bail out the beleaguered company, it still has to do business as the poster boy for the furtherance of human rights violations around the world. That the Israeli government may have played a significant part in NSO’s sales to known human rights violators may ultimately be mitigating, but for now, NSO is stuck playing defense with each passing news cycle.

Late last month, the New York Times revealed some very interesting things about NSO Group. First, it revealed the company was able to undo its built-in ban on searching US phone numbers… provided it was asked to by a US government agency. The FBI took NSO’s powerful Pegasus malware for a spin in 2019, but under an assumed name: Phantom. With the permission of NSO and the Israeli government, the malware was able to target US numbers, albeit ones linked to dummy phones purchased by the FBI.

The report noted the FBI liked what it saw, but found the zero-click exploit provided by NSO’s bespoke “Phantom” (Pegasus, but able to target US numbers) might pose constitutional problems the agency couldn’t surmount. So, it walked away from NSO. But not before running some attack attempts through US servers — something that was inadvertently exposed by Facebook and WhatsApp in their lawsuit against NSO over the targeting of WhatsApp users. An exhibit declared NSO was using US servers to deliver malware, something that suggested NSO didn’t care about its self-imposed restrictions on US targeting. In reality, it was the FBI and NSO running some tests on local applications of zero-click malware that happened to be caught by Facebook techies.

Feb 9, 2022

North Korea Hacked Him. So He Took Down Its Internet

Posted by in categories: cybercrime/malcode, internet

Disappointed with the lack of US response to the Hermit Kingdom’s attacks against US security researchers, one hacker took matters into his own hands.

Feb 9, 2022

How to check if your cellphone is infected with Pegasus spyware

Posted by in categories: cybercrime/malcode, mobile phones

The infamous Pegasus spyware created by Israeli firm NSO can turn any infected smartphone into a remote microphone or camera. Here’s how to stay safe and know if you’ve been hacked.

Feb 9, 2022

Researchers use tiny magnetic swirls to generate true random numbers

Posted by in categories: cybercrime/malcode, particle physics

PROVIDENCE, R.I. [Brown University] — Whether for use in cybersecurity, gaming or scientific simulation, the world needs true random numbers, but generating them is harder than one might think. But a group of Brown University physicists has developed a technique that can potentially generate millions of random digits per second by harnessing the behavior of — tiny magnetic anomalies that arise in certain two-dimensional materials.

Their research, published in Nature Communications, reveals previously unexplored dynamics of single, the researchers say. Discovered around a half-decade ago, have sparked interest in physics as a path toward next-generation computing devices that take advantage of the magnetic properties of particles — a field known as spintronics.

“There has been a lot of research into the global dynamics of, using their movements as a basis for performing computations,” said Gang Xiao, chair of the Department of Physics at Brown and senior author of the research. “But in this work, we show that purely random fluctuations in the size of can be useful as well. In this case, we show that we can use those fluctuations to generate random numbers, potentially as many as 10 million digits per second.”

Feb 9, 2022

Several Malware Families Using Pay-Per-Install Service to Expand Their Targets

Posted by in category: cybercrime/malcode

Malware families are making use of PrivateLoader’s pay-per-install service in order to expand their victim list.


A detailed examination of a Pay-per-install (PPI) malware service called PrivateLoader has revealed its crucial role in the delivery of a variety of malware such as SmokeLoader, RedLine Stealer, Vidar, Raccoon, and GCleaner since at least May 2021.

Feb 8, 2022

Feds arrest married couple, seize $3.6 billion in hacked bitcoin funds

Posted by in categories: bitcoin, cryptocurrencies, cybercrime/malcode, habitats

Tom HlavacSustainable would be a home built of hempcrete, with a greenhouse capable of growing enough food for the family, a small henhouse, and a few bee hives. And a septic system capable of producing fertilizer.

No need for megacorporate involvement. Somethi… See more.

Tom HlavacIf Musk could catalyze adoption of hempcrete and mass produce 3D printers for that, he would do more if value than everything he has done before.

Continue reading “Feds arrest married couple, seize $3.6 billion in hacked bitcoin funds” »

Feb 8, 2022

Medusa malware ramps up Android SMS phishing attacks

Posted by in categories: cybercrime/malcode, finance, robotics/AI

The Medusa Android banking Trojan is seeing increased infection rates as it targets more geographic regions to steal online credentials and perform financial fraud.

Today, researchers at ThreatFabric have published a new report detailing the latest tricks employed by the Medusa malware and how it continues to evolve with new features.