"Chinese Organization Hacked Indian Government offices data"

Predator AI ChatGPT Integration Poses Risk to Cloud Services

Cybersecurity researchers at SentinelLabs have uncovered a new Python-based infostealer and hack tool named “Predator AI.” The malicious tool is specifically designed to target cloud services and integrates artificial intelligence (AI) technology, specifically a ChatGPT-driven class implemented into the Python script.  The inclusion of the GPTj class adds a chat-like text-processing interface to…

View On WordPress

SentinelLabs の研究者らは 、北朝鮮の国家関係者がソ連の大陸間弾道ミサイル計画の研究で有名な冷戦時代の企業、NPO マシノストロイェニヤの内部ネットワークにアクセスすることに成功したと述べている。 SentinelLabs の研究者である Tom Hegel 氏と Aleksandar Milenkoski 氏は、「北朝鮮と疑われる脅威アクターの通常の捜索と追跡を行っている間に、以前に報告された北朝鮮関連の脅威アクターのキャンペーンに関連する特徴を持つインプラントを含む、漏洩した電子メールのコレクションを特定しました」と述べています。 「電子メール アーカイブの徹底的な調査により、侵害された組織が当時完全に認識していなかった、より大規模な侵入が明らかになりました。」 問題のインプラントは、北朝鮮のマネーロンダリングと情報収集活動の前線として広く認識されているハッキング組織であるラザラス・グループに関連していた。 SentinelLabs の研究者は、このマルウェアが Openキャロット Windows OS バックドアであることを具体的に特定しました。 この侵入は、侵害された Red Hat 電子メール サーバーを介して発生し、発見されるまでしばらくの間アクティブであったと考えられています。 このマルウェアは、一般的に Lazarus グループに関連付けられている .DLL ファイルを使用してフィンガープリントが採取されました。 北朝鮮がロシアのミサイル会社をハッキングすることが世界の他の国々にとって悪いことであることは疑いの余��がないが、両国は同盟関係にあると言われているため、この事件はさらに特異である。 「この侵入は、北朝鮮の機密性の高いサイバースパイ活動に関する貴重な洞察���もたらし、北朝鮮のさまざまなサイバー脅威アクター間の関係と目標について理解を広げる機会を与えてくれます」と SentinelLabs は述べています。 「また、ロシアと北朝鮮の関係の増大を考慮すると、両国の関係に亀裂が生じる可能性があることも浮き彫りになっている。」 この状況から良いニュースがあるとすれば、それは北朝鮮のハッカーたちが明らかにその痕跡を隠蔽するのがうまくいかず、研究者が彼らの極悪な活動の範囲を解明するのが容易になったということだ。 「北朝鮮と連携した脅威アクターは、自らの活動においてOPSECを維持しないことで知られている」とSentinelLabsは述べた。

北朝鮮、ロシアのミサイル製造会社をハッキング容疑で非難

OpenAI’s GPT helps spammers send blast of 80,000 messages that bypassed filters

“AkiraBot’s use of LLM-generated spam message content demonstrates the emerging challenges that AI poses to defending websites against spam attacks,” SentinelLabs researchers Alex Delamotte and Jim Walter wrote. “The easiest indicators to block are the rotating set of domains used to sell the Akira and ServiceWrap SEO offerings, as there is no longer a consistent approach in the spam message…

This malicious fake YouTube app could hijack your phone and record all your secrets

Avid mobile YouTube users, especially those engaged in diplomacy work in Pakistan and India, should be very careful when downloading the famed video app, as experts have uncovered at least three fake YouTube apps that are, in fact, remote access trojans (RAT), going after their data. Cybersecurity researchers from SentinelLabs recently observed a threat actor known as Transparent Tribe (APT36),…

View On WordPress

Ukraine's Cyber Defense Triumph

Image:Warner Moser @pixabay In the lead-up to the Russian invasion of Ukraine on February 24, 2022, a group of cybersecurity experts from SentinelLabs found themselves huddled in a Miami hotel room, examining a new malware sample. Unbeknownst to them, this malware foreshadowed a Russian cyber onslaught that was about to unfold. Renowned for their analysis of Russian cyber operations,…

View On WordPress

This VPN is being misused to spread malware

https://eliteviser.com/2023/08/21/this-vpn-is-being-misused-to-spread-malware/

This VPN is being misused to spread malware

SentinelLabs cybersecurity researchers recently spotted a hacking campaign in which legitimate certificates used by a VPN service were abused to…

Brazilian hackers target Portuguese financial institutions

The sophisticated hacking effort is the latest in a long line of financially motivated malware campaigns emanating from Brazil.

A Brazilian hacking crew targeted users of more than 30 Portuguese financial institutions earlier this year in a campaign that provides the latest example of potent, financially motivated hackers in Brazil hitting targets outside the country’s borders, according to a report released Thursday by SentinelLabs.

The ongoing campaign — dubbed Operation Magalenha — initially relied on cloud service providers like DigitalOcean and Dropbox, but as these firms have tightened rules on how their services are used, the operation has pivoted to the Russia-based web hosting provider TimeWeb, researchers Aleksandar Milenkoski and Tom Hegel said in a report released Thursday. The operation began at the start of this year, but the bulk of the attacks took place last month.

The Brazilian malware ecosystem has a rich history, first catching the attention of the information security industry nearly a decade ago as increasingly sophisticated hacking groups based in Brazil carried out operations together with malware developers based abroad, including in Eastern Europe and Russia. Brazil continues to be the epicenter of potent financially-focused malware, such as a grouping of four banking trojans dubbed the “Tetrade” by Kaspersky researchers in 2020.

Operation Magalenha illustrates the persistent nature of the Brazilian cybercriminal underground and the evolving threat posed by its threat actors. These groups demonstrate “a consistent capacity to update their malware arsenal and tactics, allowing them to remain effective in their campaigns,” Milenkoski and Hegel write in their report.

Continue reading.

A Never-Before-Seen Wiper Malware Is Hitting Israeli Targets

Source: https://www.wired.com/story/never-before-seen-wiper-malware-hitting-israeli-targets/

More info:

https://labs.sentinelone.com/from-wiper-to-ransomware-the-evolution-of-agrius/

https://assets.sentinelone.com/sentinellabs/evol-agrius

Nueva variante del ransomware IceFire apunta a sistemas empresariales Linux

Una nueva versión de Linux de IceFire Secuestro de datos SentinelLabs, una división de investigación de la compañía de seguridad cibernética Sentinel One, identificó que explota una vulnerabilidad en el software de intercambio de archivos Aspera Faspex de IBM. El exploit es para CVE-2022-47986una vulnerabilidad de Aspera Faspex parcheada recientemente. Conocido hasta ahora por apuntar solo a…

View On WordPress

Ransomware IceFire agora criptografa os sistemas Linux também

Os usuários do Windows lidam com o ransomware IceFire há algum tempo já. No entanto, os usuários do Linux estão sendo atacados por essa ameaça também. Cibercriminosos vinculados à operação de ransomware IceFire agora visam ativamente os sistemas Linux em todo o mundo com um novo criptografador dedicado. Ransomware IceFire mirando no Linux Os pesquisadores de segurança do SentinelLabs…

View On WordPress

A new Linux variant of Clop ransomware has major flaws, researchers say • TechCrunch

Security researchers have observed the prolific Clop ransomware operation targeting Linux systems for the first time. The good news is that the flawed encryption used by the new variant means it’s possible for victims to recover their stolen files for free. The new Linux variant of the Clop ransomware was uncovered and detailed by SentinelLabs researcher Antonis Terefos. In a blog post, Terefos…

View On WordPress

Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit

By Aleksandar Milenkoski, in collaboration with QGroup Executive Summary SentinelLabs has observed a new threat activity cluster by an unknown threat actor we have dubbed Sandman. Sandman has been primarily targeting telecommunication providers in the Middle East, Western Europe, and the South Asian subcontinent. The activities are characterized by strategic lateral movements and minimal…

View On WordPress

Macos malware used runonly to detection

#Macos malware used runonly to detection drivers

HP released a security update on May 19 th to its customers to address this vulnerability. Of printers worldwide with the vulnerable driver. Since 2005 HP, Samsung, and Xerox have released

SentinelLabs has discovered a high severity flaw in HP, Samsung, and Xerox printer drivers.

#Macos malware used runonly to detection drivers

Https: ///?p=29317Ītom: link href = "" rel = "self" type = "application/rss+xml" / >ĬVE - 2021 - 3438: 16 Years In Hiding & Reads information about supported languages Installs hooks/patches the running processĪdversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis.Ĭontains escaped byte string (often part of obfuscated shellcode)Īdversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software. Windows processes often leverage application programming interface (API) functions to perform tasks that require reusable system resources.

Ransomware Encryption: Emerging Cyber Security Strategies

Detecting Ransomware plays a crucial role for all security teams as it can be hazardous to the organizations or their complete IT stack. However, it is challenging to resemble a ransomware attack in the organization and get secure, though it might have protection set up in it. A Vulnerability Assessment Penetration Testing (VAPT) is the perfect way to identify whether the security and safeguarding method is working correctly or not. And if not then it can cause irreversible damage to your organization.

There has been an increase in ransomware that performs intermittent encryption, which more efficiently and covertly attacks victim systems.

A ransomware attack can encrypt files intermittently by encrypting only parts of them, either randomly or on a regular cycle, such as alternating bytes on each encryption. Consequently, ransomware can encrypt affected files more quickly

What is Penetration Testing?

Penetration testing is an agile security process. Ethical hackers, also known as cyber security professionals, strive for cyberattacks against a system to detect and regulate protection weaknesses. Testing an organization’s security processes and tools and discovering vulnerabilities in its underlying infrastructure are two purposes of network penetration testing.

As opposed to reactive security methods applied when a breach or security issue detects, network penetration testing can remediate ransomware and resolve them before threats exploit them, not unlike the reactive security methods that solicit when a breach or security issue is introduced.

Cyber security strategies are under threat from approaching ransomware encryption

In both cases, intermittent encryption allows ransomware to go undetected, performing I/O operations at a small scale not recognized as malicious, and partially-encrypted files may more closely resemble their safe counterparts and therefore not be recognized as affected.

It’s challenging to find out the ransomware with intermittent encryption. Discovering the uneven input/output operations or directly comparing the files that are safe and those considered encrypted can depend upon the Ransomware detection software. In both cases, intermittent encryption allows ransomware to go undetected, performing I/O operations at a small scale not recognized as malicious, and partially-encrypted files may more closely resemble their safe counterparts and, therefore, not be identified as affected.

It’s challenging to find out the ransomware with intermittent encryption. Discovering the uneven input/output operations or directly comparing the files that are safe and those considered encrypted can depend upon the Ransomware detection software. In both cases, intermittent encryption allows ransomware to go undetected, performing I/O operations at a small scale not recognized as malicious, and partially-encrypted files may more closely resemble their safe counterparts and, therefore, not be identified as affected.

According to Sophos, in 2021, LockFile ransomware was the first to use this method, encrypting every 16 bytes of affected files. SentinelLabs researchers have found out that the new process is the new process taken into use by various threat actors.

Qyick is also one of the ransomware which is written down on a dark web forum by user ‘Lucrostm’. However, researchers are looking for the sample for testing but didn’t get Qyick accurate analysis until now. Blackcat is Rust-based ransomware discovered by the Federal Bureau of Investigation (FBI), which is observed to employ intermittent encryption as an attack strategy.

Ransomware detection & prevention service: ESOF VAPT

By evolving the latest and quick ransomware attacks, ESOF VAPT (vulnerability Assessment penetration testing) prevents your entire IT stack from vulnerabilities. Additionally, it detects whether you could lose your system data due to the ransomware attack and how it affects your internal network. The protection power’s ability of TAC Security’s ESOF to identify and remediate ransomware attacks is performed.

Detects particular assets that ransomware can affect

Recognize protection flaws that the ransomware attack can evade

Decrease the influence of these attacks

Reducing your enterprise’s ransomware attack surface

Considerate operational defects in the management of ransomware-linked risks.

DevSecOps culture is a significant factor in preventing attacks before they occur. As a result of “shifting left,” security is visualized earlier in the development timeline rather than as an afterthought.

Benefits from the ESOF VAPT help in preventing ransomware:

Reducing manifestation, Remediation Price, Inconvenience, and Network spare time

Prioritize Risks and create a slayer Defense Posture

Attain Protective Ability

Acquiesce with industry supervision and standards

https://tacsecurity.com/blog/ransomware-encryption-emerging-cyber-security-strategies/

Researchers Crowdsourcing Effort to Identify Mysterious Metador APT

Researchers Crowdsourcing Effort to Identify Mysterious Metador APT

Home › Endpoint Security Researchers Crowdsourcing Effort to Identify Mysterious Metador APT By Ryan Naraine on September 27, 2022 Tweet Cybersecurity sleuths at SentinelLabs are calling on the wider threat hunting community to help decipher a new mysterious malware campaign hitting telcos, ISPs and universities in the Middle East and Africa. The never-before-seen threat actor, called Metador,…

View On WordPress