Lifeboat Foundation

The US government has detailed how North Korean state-sponsored attackers have been hacking cryptocurrency firms using phishing, malware and exploits to steal funds and initiate fraudulent blockchain transactions.

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Treasury Department (Treasury) have issued a joint cybersecurity advisory to warn all businesses in cryptocurrency to watch out for attacks from North Korean state-sponsored hackers.

Phishing attacks are cyber-attacks through which criminals trick users into sending them money and sensitive information, or into installing malware on their computer, by sending them deceptive emails or messages. As these attacks have become increasingly widespread, developers have been trying to develop more advanced tools to detect them and protect potential victims.

Researchers at Monash University and CSIRO’s Data61 in Australia have recently developed a machine learning-based approach that could help users to identify phishing emails, so that they don’t inadvertently install malware or send sensitive data to cyber-criminals. This model was introduced in a paper pre-published on arXiv and set to be presented at AsiaCCS 2022, a cyber-security conference.

“We have identified a gap in current phishing research, namely realizing that existing literature focuses on rigorous ‘black and white’ methods to classify whether something is a phishing email or not,” Tingmin (Tina) Wu, one of the researchers who carried out the study, told TechXplore.

A recent satellite hacking shows that end-of-life satellites may be vulnerable.

A shadow war is a war that, officially, does not exist. As mercenaries, hackers and drones take over the role armies once played, shadow wars are on the rise.

States are evading their responsibilities and driving the privatization of violence. War in the grey-zone is a booming business: Mercenaries and digital weaponry regularly carry out attacks, while those giving orders remain in the shadows.

Continue reading “Drones, hackers and mercenaries — The future of war | DW Documentary” »

The Cybersecurity and Infrastructure Security Agency (CISA) has added nine more security flaws to its list of actively exploited bugs, including a VMware privilege escalation flaw and a Google Chrome zero-day that could be used for remote code execution.

The VMware vulnerability (CVE-2022–22960) was patched on April 6th, and it allows attackers to escalate privileges to root on vulnerable servers due to improper permissions in support scripts.

A Chrome zero-day was also included in CISA’s Known Exploited Vulnerabilities (KEV) catalog, a bug tracked as CVE-2022–1364 and allowing remote code execution due to a V8 type confusion weakness.

“This is the most expansive industrial control system attack tool that anyone has ever documented,” says Sergio Caltagirone, the vice president of threat intelligence at industrial-focused cybersecurity firm Dragos, which contributed research to the advisory and published its own report about the malware. Researchers at Mandiant, Palo Alto Networks, Microsoft, and Schneider Electric also contributed to the advisory. “It’s like a Swiss Army knife with a huge number of pieces to it.”

Dragos says the malware has the ability to hijack target devices, disrupt or prevent operators from accessing them, permanently brick them, or even use them as a foothold to give hackers access to other parts of an industrial control system network. He notes that while the toolkit, which Dragos calls “Pipedream,” appears to specifically target Schneider Electric and OMRON PLCs, it does so by exploiting underlying software in those PLCs known as Codesys, which is used far more broadly across hundreds of other types of PLCs. This means that the malware could easily be adapted to work in almost any industrial environment. “This toolset is so big that it’s basically a free-for-all,” Caltagirone says. “There’s enough in here for everyone to worry about.”

The CISA advisory refers to an unnamed “APT actor” that developed the malware toolkit, using the common acronym APT to mean advanced persistent threat, a term for state-sponsored hacker groups. It’s far from clear where the government agencies found the malware, or which country’s hackers created it—though the timing of the advisory follows warnings from the Biden administration about the Russian government making preparatory moves to carry out disruptive cyberattacks in the midst of its invasion of Ukraine.

Medical tech company Viz.ai, a developer of an AI-powered stroke detection and care platform, has pulled in a new investment of $100 million at a valuation of $1.2 billion, making it Israel’s newest unicorn (a private company valued at over $1 billion).

The company said Thursday that the Series D funding will be used to expand the Viz platform to detect and triage additional diseases and grow its customer base globally.

Viz.ai’s newest round was led by Tiger Global Management, a New York-based investment firm focused on software and financial tech, and Insight Partners, a VC and private equity firm also based in New York. Tiger Global has invested in Israeli companies such as cybersecurity companies Snyk and SentinelOne as well as payroll tech companies Papaya Global and HoneyBook. Insight Partners is a very active foreign investor in Israeli companies, with at least 76 local portfolio startups to its name including privacy startup PlainID, bee tech startup Beewise, and music tech startup JoyTunes.

Closes July 31st at Midnight

The Texas Cyber Summit is a three day multi-track novice to ninja technical cybersecurity event held annually with an expectation of over 1,200 participants in-person. Note that the in-person will take place in September 22nd – 24th, and the Virtual Conference will take place in November 5th. Featuring five dedicated learning tracks for the aspiring Cybersecurity novice to the expert operator. Deeply technical, research and management briefings that address the entire cyber threat landscape. The Texas Cyber Summit is held in Austin, Tx and is a IRS 501C3 Non-Profit Organization.

Austin is home to major fortune 500 companies, Cyber Futures Command, Defense Logistics Agency, and Air force logistics. We host Specialized tracks include teaching, training, responsibilities, and ethics in specialized fields such as digital forensics, Scada, Supply Chain, Red Team Tools, Tactics and Procedures, Blue Team and the Art of Defense, and much more.