After Watching “The Undeclared War” and reading about the documents leaked from the Pentagon this week I’m not surprised to hear about the creation of a Cyber Force military branch.

The U.S. is considering a 7th branch of its armed services to combat cyberthreats on Earth and in space.

According to reports, the Taiwanese computer hardware company MSI (Micro-Star International) was recently joined to the list of victims of a new ransomware gang that goes by the name “Money Message.” The perpetrators of the cybercrime say that they have taken source code along with other critical material from the company’s network. MSI is a world-renowned leader in the production of computer components, such as motherboards, graphics cards, desktop computers, laptop computers, servers, and other electronic equipment. It brings in more than $6.5 billion in income every year.

Money Message has included MSI on the website that it maintains for the publication of leaked material and has published images of the company’s CTMS and ERP databases in addition to files that include software source code, private keys, and BIOS firmware. If MSI does not comply with the threat actors’ demand for a ransom payment, they will now threaten to release all of the information that was taken.

The perpetrators of the hack claim to have taken 1.5 terabytes worth of data, including databases and source code, from MSI’s servers. They are holding out for a ransom payment of four million dollars.

Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by various threat actors in hacks targeting unpatched systems.

This entails the abuse of CVE-2022–46169 (CVSS score: 9.8) and CVE-2021–35394 (CVSS score: 9.8) to deliver MooBot and ShellBot (aka PerlBot), Fortinet FortiGuard Labs said in a report published this week.

CVE-2022–46169 relates to a critical authentication bypass and command injection flaw in Cacti servers that allows an unauthenticated user to execute arbitrary code. CVE-2021–35394 also concerns an arbitrary command injection vulnerability impacting the Realtek Jungle SDK that was patched in 2021.

New CryptoClippy malware steals cryptocurrency by replacing wallet addresses during transactions.

Besides incorporating more anti-analysis and anti-virtualization checks, Typhon Reborn V2 removes its persistence features, instead opting to terminate itself after exfiltrating the data.

The malware ultimately transmits the collected data in a compressed archive via HTTPS using the Telegram API, marking continued abuse of the messaging platform.

“Once the data has been successfully transmitted to the attacker, the archive is then deleted from the infected system,” Brumaghin said. “The malware then calls to terminate execution.”

Cybersecurity researchers have taken the wraps off a previously undocumented ransomware strain called Rorschach that’s both sophisticated and fast.

“What makes Rorschach stand out from other ransomware strains is its high level of customization and its technically unique features that have not been seen before in ransomware,” Check Point Research said in a new report. “In fact, Rorschach is one of the fastest ransomware strains ever observed, in terms of the speed of its encryption.”

The cybersecurity firm said it observed the ransomware deployed against an unnamed U.S.-based company, adding it found no branding or overlaps that connect it to any previously known ransomware actors.

I hacked my brain with a compact electroencephalogram (EEG) and connected it to GPT-4 with the OpenAI API. In this crazy tutorial, you’ll learn how to use JavaScript to read your brainwaves.

#tech #javascript #science.

Chat with Me on Discord.

https://discord.gg/fireship.

Resources.

Neurosity Crown https://neurosity.co.
Brainwaves https://www.scientificamerican.com/article/what-is-the-funct…;12-22
Learn JavaScript Basics https://youtu.be/lkIFF4maKMU
GPT-4 overview https://youtu.be/EunbKbPV2C0

A surge of trojanized Tor Browser installers targets Russians and Eastern Europeans with clipboard-hijacking malware that steals infected users’ cryptocurrency transactions.

Kaspersky analysts warn that while this attack is not new or particularly creative, it’s still effective and prevalent, infecting many users worldwide.

While these malicious Tor installers target countries worldwide, Kaspersky says that most are targeting Russia and Eastern Europe.

Threat actors used a well-liked piece of corporate communication software from 3CX, according to security experts. In particular, reports state that a desktop client for the 3CX VoIP (Voice over Internet Protocol) service was used to specifically target 3CX’s clients.

It is believed that the attack is a multi-part process, with the first stage using a hacked version of the 3CX desktop application. Although the.exe file and the MSI package have the same name, preliminary research indicates that the MSI package is the one that may include DLLs that have been maliciously modified.

The beginning of the infection process occurs when 3CXDesktopApp.exe loads the ffmpeg.dll file. After that, ffmpeg.dll will read the encrypted code from d3dcompiler_47.dll and then decode it. It seems that the decrypted code is the backdoor payload that attempts to visit the IconStorage GiHub page in order to access an ICO file that contains the encrypted C&C server that the backdoor connects to in order to acquire the probable ultimate payload.

Researchers from multiple security companies have reported that a massive supply chain attack on users of 3CX, a widely utilized voice and video calling desktop client, was carried out by computer hackers working on behalf of the government of North Korea. The attack targeted users of the Windows and macOS operating systems. 3CX users may make calls, examine the status of colleagues, chat, plan a video conference, and check voicemails all from the desktop program by using the 3CXDesktopApp, which is accessible for Windows, macOS, Linux, and mobile devices.

The attack resulted in the compromising of the software build system that was used to generate and distribute versions of the app for Windows and macOS. The app delivers VoIP and PBX services to “over 600,000 clients,” some of which include American Express, Mercedes-Benz, and Price Waterhouse Cooper. Since the attackers controlled the software development system, they were able to insert malware into 3CX applications, even though those applications had been digitally signed using the official signing key for the firm.

This is a traditional kind of attack on supply chains, and its purpose is to take advantage of the trust connections that exist between an organization and third parties.