Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 134

OpenCTI Cyber Threat Intelligence Platform

OpenCTI-An Open Source Cyber Threat Intelligence Platform. OpenCTI allowing organizations to manage their Cybe Threat Intelligence observables.

OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. It has been created in order to structure, store, organize and visualize technical and non-technical information about cyber threats.

The structuralist of the data is performed using a knowledge schema based on the STIX2 standards. It has been designed as a modern web application including a GraphQL API and an UX oriented frontend. Also, OpenCTI can be integrated with other resources and applications such as MISP, TheHive, MITRE ATTACK, etc.

The goal is to create a comprehensive software allowing users to capitalize technical (such as TTPs and observables) and non-technical information (such as suggested attribution, victimlogy etc.) while linking each piece of information to its primary source (a report, a MISP event, etc.), with features such as links between each information, first and last seen dates, levels of confidence etc.

SolarWinds Hackers Targeting Government and Business Entities Worldwide

If anything, the development is yet another indication of the threat actor’s capacity to continually “innovate and identify new techniques and tradecraft to maintain persistent access to victim environments, hinder detection, and confuse attribution efforts,” while also highlighting the “effectiveness of leveraging third parties and trusted vendor relationships to carry out nefarious operations.”

Microsoft had previously dubbed Nobelium as “skillful and methodic operators who follow operations security (OpSec) best practices.”

Ever since the SolarWinds incident came to light, the APT group has been connected to a string of attacks aimed at think tanks, businesses, and government entities around the globe, even as an ever-expanding malware toolbox has been put to use with the goal of establishing a foothold in the attacked system and downloading other malicious components.

Stealthy BLISTER malware slips in unnoticed on Windows systems

Security researchers have uncovered a malicious campaign that relies on a valid code-signing certificate to disguise malicious code as legitimate executables.

One of the payloads that the researchers called Blister, acts as a loader for other malware and appears to be a novel threat that enjoys a low detection rate.

The threat actor behind Blister has been relying on multiple techniques to keep their attacks under the radar, the use of code-signing certificates being only one of their tricks.

Tetris Handheld Powered By Tritium Cell, Eventually

The idea of a tritium power cell is pretty straightforward: stick enough of the tiny glowing tubes to a photovoltaic panel and your DIY “nuclear battery” will generate energy for the next decade or so. Only problem is that the power produced, measured in a few microwatts, isn’t enough to do much with. But as [Ian Charnas] demonstrates in his latest video, you can eke some real-world use out of such a cell by storing up its power over a long enough period.

As with previous projects we’ve seen, [Ian] builds his cell by sandwiching an array of keychain-sized tritium tubes between two solar panels. Isolated from any outside light, power produced by the panels is the result of the weak green glow given off by the tube’s phosphorus coating as it gets bombarded with electrons. The panels are then used to charge a bank of thin-film solid state batteries, which are notable for their exceptionally low self-discharge rate.

Some quick math told [Ian] that a week of charging should build up enough of a charge to power a knock-off handheld Tetris game for about 10 minutes. Unfortunately, after waiting the prescribed amount of time, he got only a few seconds of runtime out of his hacked together power source.

Global IT services provider Inetum hit by ransomware attack

Less than a week before the Christmas holiday, French IT services company Inetum Group was hit by a ransomware attack that had a limited impact on the business and its customers.

Inetum is active in more than 26 countries, providing digital services to companies in various sectors: aerospace and defense, banking, automotive, energy and utilities, healthcare, insurance, retail, public sector, transportation, telecom and media.

Half-Billion Compromised Credentials Lurking on Open Cloud Server

A quarter-billion of those passwords were not seen in previous breaches that have been added to Have I Been Pwned.

According to the National Crime Agency’s National Cyber Crime Unit in the U.K., nearly 586 million sets of credentials had been collected in a compromised cloud storage facility, free for the taking by any cybercrime yahoo who happened to stop by.

The credentials were a mixed bag in terms of sources, and it’s not clear how these passwords became compromised. But because they couldn’t be linked to a specific company, the NCA tapped Troy Hunt, creator of the Have I Been Pwned (HIBP) website and a Microsoft regional director, to check the passwords against the HIBP database of compromised passwords.

CISA, FBI and NSA Publish Joint Advisory and Scanner for Log4j Vulnerabilities

Cybersecurity agencies from Australia, Canada, New Zealand, the U.S., and the U.K. on Wednesday released a joint advisory in response to widespread exploitation of multiple vulnerabilities in Apache’s Log4j software library by nefarious adversaries.

“These vulnerabilities, especially Log4Shell, are severe,” the intelligence agencies said in the new guidance. “Sophisticated cyber threat actors are actively scanning networks to potentially exploit Log4Shell, CVE-2021–45046, and CVE-2021–45105 in vulnerable systems. These vulnerabilities are likely to be exploited over an extended period.”

CISA releases Apache Log4j scanner to find vulnerable apps

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of a scanner for identifying web services impacted by two Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021–44228 and CVE-2021–45046.

“log4j-scanner is a project derived from other members of the open-source community by CISA’s Rapid Action Force team to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities,” the cybersecurity agency explains.

This scanning solution builds upon similar tools, including an automated scanning framework for the CVE-2021–44228 bug (dubbed& Log4Shell)& developed by cybersecurity company FullHunt.

Web 3.0 Is Coming, But Not Everyone Will Love It

Go beyond the hype.

Dubbed as the internet of tomorrow, Web 3.0 seems to be the next big thing that’s going to change our lives by fundamentally reshaping the internet.

Web 3.0 is an upgrade to the Web, a meta technology for business software, a social movement for open data, and a new generation for artificial intelligence.

Large corporations are usually getting hacked, resulting in the exposure of millions of user data, and a McKinsey report from last year shows that almost all industries have got a trust rate of less than 50 percent.

But the new generation of the web, Web 3.0, could solve some privacy concerns as it features the internet on blockchain technology. Storing any data on blockchain makes that data decentralized, making the company’s data usage transparent, thus protecting it from breaches. However, returning the ownership of their data back to consumers could potentially disrupt the tech industry since tech giants would eventually lose access to the data that initially gave them a boost in an already competitive market.

Full Story:

Continue reading “Web 3.0 Is Coming, But Not Everyone Will Love It” | >

Criticizing Starship (Part Three)

He has done his math. The questions seem to be: How to put together viable payloads to make use of Stsrship launches? How to build new markets in space?

This again?! Game Over? Busted? We’re doing Starship again so soon because I’m an unoriginal hack. There’s also been new developments in Starship and I think it’s a perfect time to revisit the launch system. Get as mad as you wish.

Will Starship live up to expectations? Will it really revolutionize space travel? Is Mars and beyond finally within grasp? Why are Musk’s fans so strangely devoted to him? Will I stop asking dumb questions?

Corrections, Clarifications, and Notes.

1. Jesus Christ I forgot about Dear Moon again. It’s clear that Starship probably won’t be human-rated by NASA by 2023. The FAA, if I remember correctly, doesn’t regulate commercial crew vehicles (like airplanes) yet. You could always do a Crew Dragon to Starship for that or something along those lines. I’d anticipate Dear Moon being pushed or somehow incorporated into an HLS demonstration.

Continue reading “Criticizing Starship (Part Three)” | >