Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode

New HybridPetya ransomware can bypass UEFI Secure Boot

A recently discovered ransomware strain called HybridPetya can bypass the UEFI Secure Boot feature to install a malicious application on the EFI System Partition.

HybridPetya appears inspired by the destructive Petya/NotPetya malware that encrypted computers and prevented Windows from booting in attacks in 2016 and 2017 but did not provide a recovery option.

Researchers at cybersecurity company ESET found a sample of HybridPetya on VirusTotal. They note that this may be a research project, a proof-of-concept, or an early version of a cybercrime tool still under limited testing.

RNA technology ‘hacks’ into phage replication, offering new insights into molecular interactions

Bacteriophages, or phages for short, are viruses that infect bacteria. Using phages therapeutically could be very useful in fighting antibiotic-resistant pathogens, but the molecular interactions between phages and host bacteria are not yet sufficiently understood. Jörg Vogel’s research group at the Helmholtz Institute for RNA-based Infection Research (HIRI) and the Institute of Molecular Infection Biology (IMIB) in Würzburg has now succeeded in specifically interfering with phage reproduction using a molecular tool called antisense oligomers (ASOs).

According to the researchers, this innovative RNA technology offers new insights into the molecular world of phages and is expected to advance the development of future therapeutic applications. The study has been published in the journal Nature.

Like humans, bacteria have to cope with viruses—known as bacteriophages, or phages for short. Phages invade bacteria, hijack their cellular machinery, multiply, and cause the bacterial cell to burst. This releases new phages, which then go on to infect other bacteria. Phages are harmless to humans because they target only bacteria. They are also quite selective: Most phages are specialized in infecting specific host bacteria, including bacterial pathogens.

Microsoft Fixes 80 Flaws — Including SMB PrivEsc and Azure CVSS 10.0 Bugs

Microsoft on Tuesday addressed a set of 80 security flaws in its software, including one vulnerability that has been disclosed as publicly known at the time of release.

Of the 80 vulnerabilities, eight are rated Critical and 72 are rated Important in severity. None of the shortcomings has been exploited in the wild as a zero-day. Like last month, 38 of the disclosed flaws are related to privilege escalation, followed by remote code execution (22), information disclosure (14), and denial-of-service.

“For the third time this year, Microsoft patched more elevation of privilege vulnerabilities than remote code execution flaws,” Satnam Narang, senior staff research engineer at Tenable, said. “Nearly 50% (47.5%) of all bugs this month are privilege escalation vulnerabilities.”

DDoS defender targeted in 1.5 Bpps denial-of-service attack

A DDoS mitigation service provider in Europe was targeted in a massive distributed denial-of-service attack that reached 1.5 billion packets per second.

The attack originated from thousands of IoTs and MikroTik routers, and it was mitigated by FastNetMon, a company that offers protection against service disruptions.

“The attack reached 1.5 billion packets per second (1.5 Gpps) — one of the largest packet-rate floods publicly disclosed,” FastNetMon says in a press release.

Hackers left empty-handed after massive NPM supply-chain attack

The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, but the attacker made little profit off it.

The attack occurred earlier this week after maintainer Josh Junon (qix) fell for a password reset phishing lure and compromised multiple highly popular NPM packages, among them chalk and degub-js, that cumulatively have more than 2.6 billion weekly downloads.

After gaining access to Junon’s account, the attackers pushed malicious updates with a malicious module that stole cryptocurrency by redirecting transactions to the threat actor.

/* */