Lifeboat Foundation

Microsoft, via its Security Intelligence account on Twitter, has issued a warning to Windows users of a new type of phishing scam that involves emails requesting users to dial a call center. They warn users to not dial the call center because following the instructions given by a human operator can lead to malware infections. The malware scam only works with Windows computers that have Microsoft Excel.

The new threat involves BazarLoader, a type of malware that allows backdoor access to infected computers. BazarLoader works by allowing criminals to sneak in through a hidden backdoor on a user’s computer, which allows them to install viruses or other types of malware. Over the past several years, criminals have used different methods to trick users into carrying out instructions that allow BazarLoader to infect their computer. In this new campaign, Microsoft reports that such criminals are using an email/call center approach.

Continue reading “Microsoft issues warning about a malware campaign involving a call center” »

Cyber criminals are increasingly using virtual machines to compromise networks with ransomware.

By using virtual machines as part of the process, ransomware attackers are able to conduct their activity with additional subtlety, because running the payload within a virtual environment reduces the chances of the activity being discovered – until it’s too late and the ransomware has encrypted files on the host machine.

During a recent investigation into an attempted ransomware attack, cybersecurity researchers at Symantec found the ransomware operations had been using VirtualBox – a legitimate form of open-source virtual machine software – to run instances of Windows 7 to aid the installation of ransomware.

Continue reading “Ransomware: Now gangs are using virtual machines to disguise their attacks” »

Putting IT security practices in place will enable organizations to prevent ransomware attacks and help IT teams combat security challenges.

According to Check Point research, the number of organizations affected by ransomware has been growing at 9% monthly since the start of the year. From WannaCry, Petya, and SamSam to Ryuk, these ransomware attacks have caused huge financial and reputation losses for both public and private sector organizations – the recent attacks on Colonial Pipeline are just the latest example.

Organizations are in a tight spot to prevent these cyberattacks and safeguard what they have built over the years. While IT teams are already battling the challenges of securing remote endpoints in the changing work sphere, the rise in cyberattacks has added additional responsibilities on their shoulders.

Continue reading “Best practices for IT teams to prevent ransomware attacks” »

A total of 26 high-severity vulnerabilities affect NVIDIA Jetson chipsets.

Chipmaker patches nine high-severity bugs in its Jetson SoC framework tied to the way it handles low-level cryptographic algorithms.

Flaws impacting millions of internet of things (IoT) devices running NVIDIA’s Jetson chips open the door for a variety of hacks, including denial-of-service (DoS) attacks or the siphoning of data.

NVIDIA released patches addressing nine high-severity vulnerabilities including eight additional bugs of less severity. The patches fix a wide swath of NVIDIA’s chipsets typically used for embedded computing systems, machine-learning applications and autonomous devices such as robots and drones.
Impacted products include Jetson chipset series; AGX Xavier, Xavier NX/TX1, Jetson TX2 (including Jetson TX2 NX), and Jetson Nano devices (including Jetson Nano 2GB) found in the NVIDIA JetPack software developers kit. The patches were delivered as part of NVIDIA’s June security bulletin, released Friday.

At some point in the next few months, Microsoft will start encouraging people to upgrade to Windows 11. If we’re lucky, the company will have learned from its “Get Windows 10” debacle and will not launch a glorified malware application. Regardless of how the company approaches the topic, however, you can bet we’re all going to get blitzed with advertising one way or another.

But that lovely event/hostage-taking is still in the future. For now, Microsoft would appreciate it if everyone stopped downloading the leaked version of Windows 11 that popped up last week. In the process, the OS developer has confirmed what everybody already knew — Windows 11 is, in fact, an official thing that’s happening.

Another DeFi project on the Binance Smart Chain has been exploited. This time, attackers nabbed $500000 from Impossible Finance.

In the future, Weston would like to see ReFirm become part of the certification. “To not only make sure that you’re shipping the device secure, but that it’s being scanned regularly by this ReFirm firmware technology and you’re keeping the firmware up to date.”

Despite the name, ReFirm might not stay restricted to firmware. Microsoft has static and dynamic analysis tools it can add to the product, which Weston compared to VirusTotal’s frequent updates with new analysis options. “I can keep putting layers of tools in that analysis pipeline. I think this has the opportunity to be a VirusTotal-like product that, rather than looking for malware, is looking for vulnerabilities in an arbitrary object. We’re focused on firmware because that seems like the right application, but it could be VM snapshots or many, many other things.”

There’s good news for fans of the open-source Binwalk tool, too. Microsoft will be investing heavily in that, because it’s already widely used by multiple teams across the company who have feature requests, says Weston: “I think we probably have a few years’ worth of backlog ideas already!”

Continue reading “Microsofts new security tool will discover firmware vulnerabilities, and more, in PCs and IoT devices” »

Exploit in the widely used document service leveraged to send malicious links that appear legitimate but actually steal victims credentials.

Threat actors are exploiting Google Docs by hosting their attacks within the web-based document service in a new phishing campaign that delivers malicious links aimed at stealing victims’ credentials.

Researchers at email and collaboration security firm Avanan discovered the campaign, which is the first time they said they’ve seen attackers use this type of exploit in Google’s hosted document service, according to a report published Thursday by Jeremy Fuchs, marketing content manager for Avanan.