3CX Breach Widens as Cyberattackers Drop Second-Stage Backdoor
The threat actor - believed to be the Lazarus Group - that recently compromised 3CX's VoIP desktop application to distribute information-stealing software to the company's customers has also dropped a second-stage backdoor on systems belonging to a small number of them. The backdoor, called "Gopuram," contains multiple modules that the threat actors can use to exfiltrate data, install additional malware, start, stop, and delete services, and interact directly with victim systems. READ MORE...
Cryptocurrency companies backdoored in 3CX supply chain attack
Some of the victims affected by the 3CX supply chain attack have also had their systems backdoored with Gopuram malware, with the threat actors specifically targeting cryptocurrency companies with this additional malicious payload. VoIP communications company 3CX was compromised by North Korean threat actors tracked as Lazarus Group to infect the company's customers with trojanized versions of its Windows and macOS desktop apps in a large-scale supply chain attack. READ MORE...
US Defense Department Launches 'Hack the Pentagon' Website
The US Department of Defense (DoD) has launched a new website to help organizations within the department to launch bug bounty programs and recruit security researchers. The new Hack the Pentagon (HtP) website, launched by the Chief Digital and Artificial Intelligence Office (CDAO) Directorate for Digital Services (DDS), is meant as a companion for the DoD's long-running bug bounty program with the same name. READ MORE...
DoJ Recovers $112M in Crypto Stolen With Romance Scams
Half a dozen cryptocurrency accounts, allegedly used to launder romance scam proceeds, have been seized by the Department of Justice. The DoJ said in a statement that, in total, it seized more than $112 million in cryptocurrency that was being laundered through the accounts. "Transnational criminal organizations are combining confidence scams with technological savvy to swindle Americans out of their hard-earned funds," Assistant Attorney General Kenneth A. Polite Jr. said about the seizure. READ MORE...
Cyberattacks hit almost all companies last year, Sophos says
Cyberattacks aren't a roll of the dice for organizations, but rather a near certainty. Almost all organizations, 94%, experienced a cyberattack of some form during the last year, according to research Sophos released Tuesday. All companies should assume they will be a target in 2023, researchers warned. This constant barrage of malicious activity has organizations reeling. Most businesses are confronting threats that are too advanced to deal with internally. READ MORE...
New macOS malware steals sensitive info, including a user's entire Keychain database
A new macOS malware-called MacStealer-that is capable of stealing various files, cryptocurrency wallets, and details stored in specific browsers like Firefox, Chrome, and Brave, was discovered by security researchers from Uptycs, a cybersecurity company specializing in cloud security. It can also extract the base64-encoded form of the database of Keychain, Apple's password manager. Users of macOS Catalina (10.5) and versions dependent on Intel M1 and M2 are affected by this malware. READ MORE...
Big changes to Twitter verification: How to spot a verified account
Twitter has made some fairly major changes to how its verified checkmark status works, and it's already causing some confusion. If you rely on the checkmark symbol for confirmation that the individual or business tweeting is actually the real deal, your regular process is now different. Previously, the blue checkmark indicated a number of factors. The individual may have been "notable" in terms of work, celebrity status, or some other aspect. READ MORE...
CISA warns of Zimbra bug exploited in attacks against NATO countries
The Cybersecurity and Infrastructure Security Agency (CISA) warned federal agencies to patch a Zimbra Collaboration (ZCS) cross-site scripting flaw exploited by Russian hackers to steal emails in attacks targeting NATO countries. The vulnerability (CVE-2022-27926) was abused by a Russian hacking group tracked as Winter Vivern and TA473 in attacks on multiple NATO-aligned governments' webmail portals to access the email mailboxes of officials, governments, military personnel, and diplomats. READ MORE...
WinRAR SFX archives can run PowerShell without being detected
Hackers are adding malicious functionality to WinRAR self-extracting archives that contain harmless decoy files, allowing them to plant backdoors without triggering the security agent on the target system. Self-extracting archives (SFX) created with compression software like WinRAR or 7-Zip are essentially executables that contain archived data along with a built-in decompression stub (the code for unpacking the data). SFX files can be password-protected to prevent unauthorized access. READ MORE...
ChatGPT, the AI Revolution, and the Security, Privacy and Ethical Implications
This is the Age of artificial intelligence (AI). We think it is new, but it isn't. The AI Revolution has been in progress for many years. What is new is the public appearance of the large scale generative pre-trained transformer (GPT) known as ChatGPT (an application of Large Language Models - LLMs). ChatGPT has breached our absolute sensory threshold for AI. Before this point, the evolution of AI was progressing, but largely unnoticed. Now we are suddenly very aware, as if AI happened overnight. READ MORE...
- ...in 1841, President William Henry Harrison dies of pneumonia after being in office for only one month.
- ...in 1917, The U.S. Senate votes 90-6 to enter World War I on the Allied side.
- ...in 1968, civil rights leader Rev. Dr. Martin Luther King Jr. is fatally shot by an assassin outside of the Lorraine Motel in Memphis, TN.
- ...in 1974, Atlanta Braves right fielder Hank Aaron ties Babe Ruth's home-run record (714), in a game against the Cincinnati Reds.
