Security Research – Page 2 – WindowsTechs.com

Mozi botnet gets stealthier in infecting Huawei network gateways and other gear

Posted on August 20, 2021 by Sean Lyngaas

The authors of a prolific internet-of-things botnet called Mozi have developed new capabilities for their malicious software to linger on infected device and avoid detection, Microsoft researchers said Thursday. A botnet is a horde of compromised computers that attackers use to distribute spam or ransomware, or conduct distributed denial of service (DDoS) attacks. The Mozi botnet’s malware now has features catered to networking equipment made by popular vendors Netgear, Huawei and ZTE so that the malicious code lives on when the device is rebooted, according to the research. The features could also make it harder for other malicious hackers to wipe code off of infected devices — malicious-on-malicious activity that is a feature of the scamming ecosystem. For network defenders, it’s an unwelcome development from a botnet that has been used to steal data and conduct DDoS attacks since surfacing in 2019. IBM researchers said last year that Mozi accounted […]

The post Mozi botnet gets stealthier in infecting Huawei network gateways and other gear appeared first on CyberScoop.

Continue reading Mozi botnet gets stealthier in infecting Huawei network gateways and other gear→

Microsoft catches hackers using Morse Code to help cover their tracks

Posted on August 12, 2021 by Sean Lyngaas

Clever hackers use a range of techniques to cover their tracks on a target computer, from benign-looking communication protocols to self-erasing software programs. It’s not very often, though, that digital attackers turn to Morse Code, a 177-year-old signaling system, for operational security. Yet that’s exactly what played a part in a year-long phishing campaign that Microsoft researchers outlined on Thursday. Morse Code — a method of representing characters with dots and dashes popularized by telegraph technology — was one of several methods that the hackers, whom Microsoft did not identify, used to obscure malicious software. It’s a reminder that, for all of their complexities, modern offensive and defensive cyber measures often rest on the simple concept of concealing and cracking code. Hackers were sending select targets fake invoices to try to convince them to cough up their passwords and, in some cases, to collect IP addresses and location data of […]

The post Microsoft catches hackers using Morse Code to help cover their tracks appeared first on CyberScoop.

Continue reading Microsoft catches hackers using Morse Code to help cover their tracks→

Research Roundup: Problem Solving In Digital Forensics

Posted on August 2, 2021 by Forensic Focus

Digital forensics research last month fell fairly neatly into two categories, each of which sought to solve bigger problems in the field. In the first category is ensuring quality via frameworks such as service levels, better supporting first responder… Continue reading Research Roundup: Problem Solving In Digital Forensics→

Research Roundup: Problem Solving In Digital Forensics

Posted on August 2, 2021 by Forensic Focus

Forensic Focus Legal Update July 2021: Reliability And Credibility Of Digital Evidence

Posted on July 19, 2021 by Forensic Focus

This quarter’s edition of our legal update starts with a look at improving digital forensics experts’ credibility, as well as the reliability of the evidence they find — all while dealing with rapidly advancing technology Two recent academic pape… Continue reading Forensic Focus Legal Update July 2021: Reliability And Credibility Of Digital Evidence→

Vigilante hacking campaign blocks victims from visiting The Pirate Bay, other piracy sites

Posted on June 17, 2021 by Sean Lyngaas

A hacker doesn’t appear to be happy with the amount of digital piracy out there. A wave of malicious software downloads from October 2020 to January 2021 blocked users from visiting websites that host pirated versions of video games, Microsoft Office and other programs, analysts at antivirus firm Sophos said Thursday. One malware strain borrowed name recognition from The Pirate Bay, a notorious portal that directs users to copyrighted material while also serving up malicious software and nefarious advertisements. The vigilante disguised their malicious code as pirated software on Discord, a popular chat service, and on file-sharing service BitTorrent, Sophos said in a blog post. But instead of getting a bootlegged version of a video game like Minecraft, targets of the campaign downloaded malicious code that prevented their machines from visiting websites for pirated software. In some cases, the attacker made the malicious code appear as if it came from […]

The post Vigilante hacking campaign blocks victims from visiting The Pirate Bay, other piracy sites appeared first on CyberScoop.

Continue reading Vigilante hacking campaign blocks victims from visiting The Pirate Bay, other piracy sites→

Suspected Iranian hackers exploit VPN, Telegram to monitor dissidents

Posted on June 16, 2021 by Sean Lyngaas

For the last six years, hackers have stalked Iranian dissidents with spying tools that mimic the software those dissidents use to protect their communications, security firm Kaspersky said Wednesday. Researchers from Kaspersky and other firms only recently pieced together the activity, showing the limits of the cyber industry’s knowledge of Tehran-linked hacking against those who often bear the brunt of it: Iranian citizens. While Kaspersky researchers did not attribute the hacking to the Iranian government, FireEye, another security firm, said it suspected the hackers were affiliated with Tehran. The findings are consistent with a surveillance dragnet that Iranian authorities have used to jail and beat protesters who challenge the regime. Iranian security services killed 304 people in a 2019 crackdown, according to Amnesty International. The hackers, Kaspersky said, have sent their targets malware-laced images and videos claiming to be from prisoners in Iran. When opened, the malicious documents hijack users’ […]

The post Suspected Iranian hackers exploit VPN, Telegram to monitor dissidents appeared first on CyberScoop.

Continue reading Suspected Iranian hackers exploit VPN, Telegram to monitor dissidents→

Chinese hackers implicated in breach of Russian government agencies

Posted on June 8, 2021 by Sean Lyngaas

Chinese hackers were likely behind a series of intrusions at Russian government agencies last year, security firm SentinelOne said Tuesday. Malicious code used in the breaches is similar to hacking tools associated with a broad set of suspected Chinese spies that have also targeted Asian governments in recent years, SentinelOne researchers said. SentinelOne’s research builds on a report released last month by the Federal Security Service (FSB), one of Russia’s main spy agencies, and the cyber unit of telecom firm Rostelecom. It said Russian government agencies had been targeted by “cyber mercenaries pursuing the interests of the foreign state.” The attackers collected stolen data using top Russian technology providers Yandex and Mail.Ru, according to the report, which did not name a culprit in the breaches. SentinelOne’s findings point to an often overlooked reality in U.S.-centric cybersecurity discussions: that the Russian and Chinese governments conduct plenty of cyber-espionage against each other. Last […]

The post Chinese hackers implicated in breach of Russian government agencies appeared first on CyberScoop.

Continue reading Chinese hackers implicated in breach of Russian government agencies→

Suspected Pakistani spies use catfishing, stealthy hacking tools to target Indian defense sector

Posted on May 13, 2021 by Sean Lyngaas

For years, suspected Pakistani hackers have sought to pry their way into Indian government computer networks as part of broader dueling cyber-espionage campaigns between the rival nations. Over the last 18 months, a spying group known as Transparent Tribe has expanded its use of a hacking tool capable of stealing data and taking screenshots from computers, according to research published Thursday by Talos, Cisco’s threat intelligence unit. Hackers also are going after additional targets beyond Indian military personnel, including defense contractors and attendees of Indian government-sponsored conferences. Talos did not mention Pakistan in its research, but multiple security researchers told CyberScoop the Transparent Tribe group is suspected of operating on behalf of the Pakistani government. Similarly, research from email security firm Proofpoint has previously linked a Pakistan-based company to the development of the group’s malicious code. Talos’ findings reflect a relentless appetite for defense-related secrets among hacking groups with suspected […]

The post Suspected Pakistani spies use catfishing, stealthy hacking tools to target Indian defense sector appeared first on CyberScoop.

Continue reading Suspected Pakistani spies use catfishing, stealthy hacking tools to target Indian defense sector→

Researchers find two dozen bugs in software used in medical and industrial devices

Posted on April 29, 2021 by Sean Lyngaas

Microsoft researchers have discovered some two dozen vulnerabilities in software that is embedded in popular medical and industrial devices that an attacker could use to breach those devices, and in some cases cause them to crash. The so-called “BadAlloc” vulnerabilities the researchers revealed on Thursday are in code that makes its way into infusion pumps, industrial robots, smart TVs and wearable devices. No less than 25 products made by the likes of Google Cloud, Samsung and Texas Instruments are affected. The research serves as a critique of the coding practices of the designers of billions of so-called “internet of things” devices that are a feature of modern life. There’s no evidence that the vulnerabilities have been exploited, according to Microsoft. But the Department of Homeland Security’s cybersecurity agency issued an advisory urging organizations to update their software. It’s unclear just how many devices are affected by the software bugs, but […]

The post Researchers find two dozen bugs in software used in medical and industrial devices appeared first on CyberScoop.

Continue reading Researchers find two dozen bugs in software used in medical and industrial devices→