Lifeboat Foundation

The Russian government and IT organizations are the target of a new campaign that delivers a number of backdoors and trojans as part of a spear-phishing campaign codenamed EastWind.

The attack chains are characterized by the use of RAR archive attachments containing a Windows shortcut (LNK) file that, upon opening, activates the infection sequence, culminating in the deployment of malware such as GrewApacha, an updated version of the CloudSorcerer backdoor, and a previously undocumented implant dubbed PlugY.

PlugY is “downloaded through the CloudSorcerer backdoor, has an extensive set of commands and supports three different protocols for communicating with the command-and-control server,” Russian cybersecurity company Kaspersky said.

Link to newsletter:

Dear Subscribers, please see the latest Security & tech Insights newsletter covering emerging issues, trends and potential solutions in the world of cybersecurity. Thanks for reading and stay safe! Best, Chuck Brooks PS checkout my new book on Amazon: Inside Cyber: How AI, 5G, and Quantum Computing Will Transform Privacy and Our Security Amazon.com : Inside Cyber: How AI, 5G, and Quantum Computing Will Transform Privacy and Our Security: 9781394254941: Brooks, Chuck: Books.

AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring-2 privileges and install malware that becomes nearly undetectable.

Ring-2 is one of the highest privilege levels on a computer, running above Ring-1 (used for hypervisors and CPU virtualization) and Ring 0, which is the privilege level used by an operating system’s Kernel.

The Ring-2 privilege level is associated with modern CPUs’ System Management Mode (SMM) feature. SMM handles power management, hardware control, security, and other low-level operations required for system stability.

An ongoing, widespread malware campaign has been observed installing rogue Google Chrome and Microsoft Edge extensions via a trojan distributed via fake websites masquerading as popular software.

“The trojan malware contains different deliverables ranging from simple adware extensions that hijack searches to more sophisticated malicious scripts that deliver local extensions to steal private data and execute various commands,” the ReasonLabs research team said in an analysis.

“This trojan malware, existing since 2021, originates from imitations of download websites with add-ons to online games and videos.”

Cybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors to clandestinely eavesdrop on users.

The vulnerabilities “led to an entire break in the security of Sonos’s secure boot process across a wide range of devices and remotely being able to compromise several devices over the air,” NCC Group security researchers Alex Plaskett and Robert Herrera said.

Successful exploitation of one of these flaws could allow a remote attacker to obtain covert audio capture from Sonos devices by means of an over-the-air attack. They impact all versions prior to Sonos S2 release 15.9 and Sonos S1 release 11.12, which were shipped in October and November 2023.

Brain-computer interfaces (BCIs) can translate a person’s brainwaves into action, but these devices are vulnerable to hacking.

By Chuck Brooks

AI agents represent a great leap forward in technology, offering exponential benefits to society. From enhancing scientific research, healthcare, transportation, education, and cybersecurity. There are a lot of different applications that AI agents could help enable in our new digital world, including, foremost, for humans.

Follow me on Twitter or LinkedIn. Check out my website.

Continue reading “Augmenting Human Capabilities With Artificial Intelligence Agents” »

It’s easy to think of bacteria as one of the greatest scourges on Earth for the diseases and deaths they cause, and how they repeatedly thwart our best antibiotics, evolving into drug-resistant superbugs.

But really, bacteria are just doing what they’ve always done – finding new ways to survive.

While the search for new antibiotics continues, combination therapies are increasingly being tested to try to clamp down on multiple bacterial escape pathways at once, and limit the chances of microbes developing resistance with successive biological hacks.

Australian businesses are paying untold amounts of ransom to hackers, but the government is hoping to claw back some visibility with a landmark cybersecurity law.

While major ransomware attacks on companies such as MediSecure, Optus and Latitude have grabbed headlines for breaching the privacy of millions, the practice of quietly paying off cybercriminals has flourished in the dark.

The situation has deteriorated to the point that the government’s original ambition for an outright ban on ransom payments has been nixed, for now, and the focus has shifted to mapping the scale of the problem.