卖一台 SU7 亏 6 万?小米汽车的账不是这么算的
这是对质疑者最好的回击。
Aggregator
New macOS Malware "Cthulhu Stealer" Targets Apple Users' Data
7 months 3 weeks ago
Endpoint Security / Data PrivacyCybersecurity researchers have uncovered a new information stealer
New macOS Malware "Cthulhu Stealer" Targets Apple Users' Data
7 months 3 weeks ago
Cybersecurity researchers have uncovered a new information stealer that's designed to target Apple macOS hosts and harvest a wide range of information, underscoring how threat actors are increasingly setting their sights on the operating system.
Dubbed Cthulhu Stealer, the malware has been available under a malware-as-a-service (MaaS) model for $500 a month from late 2023. It's capable of
The Hacker News
数据勒索团伙利用虚假 Windows 更新屏幕隐藏数据窃取行为
7 months 3 weeks ago
胡金鱼
数据勒索团伙利用虚假 Windows 更新屏幕隐藏数据窃取行为
7 months 3 weeks ago
近日,一个名为 Mad Liberator 的新数据勒索团伙瞄准了 AnyDesk 用户,并运行虚假的 Microsoft Windows 更新屏幕来分散注意力,同时从目标设备窃取数据。
该行动于 7 月开始出现,虽然观察该活动的研究人员没有发现任何涉及数据加密的事件,但该团伙在其数据泄露网站上指出,他们使用 AES/RSA 算法来锁定文件。
Mad Liberator“关于”页面
针对 AnyDesk 用户
在网络安全公司 Sophos 的一份报告中,研究人员表示,Mad Liberator 攻击始于使用 AnyDesk 远程访问应用程序与计算机进行未经请求的连接,该应用程序在管理公司环境的 IT 团队中很受欢迎。
目前尚不清楚威胁者如何选择其目标,但有一种理论是,Mad Liberator 会尝试潜在的地址(AnyDesk 连接 ID),直到有人接受连接请求,但该说法尚未证实。
AnyDesk 上的连接请求
一旦连接请求被批准,攻击者就会在受感染的系统上放置一个名为 Microsoft Windows Update 的二进制文件,该二进制文件会显示一个虚假的 Windows Update 启动画面。
伪造的 Windows 更新启动画面
该诡计的唯一目的是分散受害者的注意力,同时威胁者使用 AnyDesk 的文件传输工具从 OneDrive 帐户、网络共享和本地存储中窃取数据。在虚假更新屏幕期间,受害者的键盘被禁用,以防止破坏数据泄露过程。
安全研究人员发现,Mad Liberator 的攻击持续了大约四个小时,在数据泄露后阶段,它没有进行任何数据加密。但它仍然在共享网络目录上留下勒索信,以确保在企业环境中获得最大程度的可见性。
被入侵的设备被泄露勒索信
安全研究人员指出,在 AnyDesk 连接请求之前,它没有看到 Mad Liberator 与目标互动,也没有记录任何支持攻击的网络钓鱼尝试。
关于 Mad Liberator 的勒索过程,威胁者在其暗网上声明,他们首先联系被入侵的公司,并表示如果满足他们的金钱要求,他们就会“帮助”他们修复安全问题并恢复加密文件。
如果受害公司在 24 小时内没有回应,他们的名字就会被公布在勒索门户网站上,并有七天的时间联系威胁者。
在发出最后通牒后的五天内,如果受害者没有支付赎金,所有被盗文件都会被公布在 Mad Liberator 网站上,目前该网站已列出了九名受害者。
胡金鱼
Latvian Hacker Extradited to U.S. for Role in Karakurt Cybercrime Group
7 months 3 weeks ago
A 33-year-old Latvian national living in Moscow, Russia, has been charged in the U.S. for allegedly
Latvian Hacker Extradited to U.S. for Role in Karakurt Cybercrime Group
7 months 3 weeks ago
A 33-year-old Latvian national living in Moscow, Russia, has been charged in the U.S. for allegedly stealing data, extorting victims, and laundering ransom payments since August 2021.
Deniss Zolotarjovs (aka Sforza_cesarini) has been charged with conspiring to commit money laundering, wire fraud and Hobbs Act extortion. He was arrested in Georgia in December 2023 and has since been extradited to
The Hacker News
开源情报信息,一网打尽!
7 months 3 weeks ago
在这个信息爆炸的时代,开源情报已成为一种潮流和趋势。越来越多的人开始关注开源,参与到开源情报的行列中来。
间谍行动背后:美国最令人不安的十个秘密计划
7 months 3 weeks ago
美国中央情报局(CIA)和其他美国的情报机构,如美国国家安全局(NSA)和美国联邦调查局(FBI),确实有时会
Vulnerability prioritization is only the beginning
7 months 3 weeks ago
To date, most technology solutions focused on vulnerability management have focused on the prioritization of risks. That usually took the shape of some risk-ranking structure displayed in a table with links out to the CVEs and other advisory or threat intelligence information. This is a necessary step, but it’s insufficient. While knowing which vulnerabilities are the most pressing is nice, the desired outcome is ensuring those vulnerabilities are addressed and mitigated as quickly as possible. … More →
The post Vulnerability prioritization is only the beginning appeared first on Help Net Security.
Help Net Security
Fraud tactics and the growing prevalence of AI scams
7 months 3 weeks ago
In the first six months of 2024, Hiya flagged nearly 20 billion calls as suspected spam – more than 107 million spam calls everyday. The data showed spam flag rates of more than 20% of unknown calls (calls coming from outside of someone’s address book) in 25 out of the 42 countries – with some spam flag rates above 50%. The first half of 2024 also saw an increase in AI deepfake scams, which use … More →
The post Fraud tactics and the growing prevalence of AI scams appeared first on Help Net Security.
Help Net Security
US Authorities Warn Health Sector of Everest Gang Threats
7 months 3 weeks ago
Group Claims a NY Surgical Center and a Nevada Medical Center Among Recent Victims
U.S. authorities are warning healthcare sector entities of incidents involving Everest, a Russian-speaking ransomware group and initial access broker, which claims to have stolen sensitive patient information in recent attacks, including on two medical care providers in New York and Nevada.
U.S. authorities are warning healthcare sector entities of incidents involving Everest, a Russian-speaking ransomware group and initial access broker, which claims to have stolen sensitive patient information in recent attacks, including on two medical care providers in New York and Nevada.
Global Cyber Agencies Unveil New Logging Standards
7 months 3 weeks ago
Logging Best Practices Guidance Aims to Enhance Global Detection and Response
The Australian Signals Directorate's Australian Cyber Security Center released joint guidance with a cohort of international cyber agencies that aims to provide baseline standards for event logging and threat detection, amid a wave of high-profile attacks employing "living off the land" techniques.
The Australian Signals Directorate's Australian Cyber Security Center released joint guidance with a cohort of international cyber agencies that aims to provide baseline standards for event logging and threat detection, amid a wave of high-profile attacks employing "living off the land" techniques.
North Korean Hackers Pivot Away From Public Cloud
7 months 3 weeks ago
Kimsuky, or a Related Group, Deploys XenoRAT Variant
A North Korean hacking team hastily pivoted from using publicly available cloud computing storage to its own infrastructure after security researchers unmasked a malware campaign. The group shifted from using cloud service including Google Drive, OneDrive, and Dropbox to systems under its control.
A North Korean hacking team hastily pivoted from using publicly available cloud computing storage to its own infrastructure after security researchers unmasked a malware campaign. The group shifted from using cloud service including Google Drive, OneDrive, and Dropbox to systems under its control.
ISMG Editors: Social Engineering, Election Defense in AI Era
7 months 3 weeks ago
Also: Dangers of Malicious Code Embedded in ML Models; Is Ransomware in Decline?
AI's influence on social engineering and election security has become a focal point at Black Hat. ISMG editors discuss how advanced technologies are making it easier to manipulate people and compromise security systems and offer key insights on machine learning vulnerabilities.
AI's influence on social engineering and election security has become a focal point at Black Hat. ISMG editors discuss how advanced technologies are making it easier to manipulate people and compromise security systems and offer key insights on machine learning vulnerabilities.
【AI速读】窥探谎言:一个内鬼分析模型
7 months 3 weeks ago
间谍行动的威胁常常来自于内部人员,一个单位和组织内部哪些人容易成为内鬼?
The changing dynamics of ransomware as law enforcement strikes
7 months 3 weeks ago
After peaking in late 2023, the ransomware industry is beginning to stabilize in productivity, with notable developments in ransomware targets, and industry dynamics, according to WithSecure. Sectors impacted by ransomware (Source: WithSecure) While ransomware productivity has shown signs of leveling off in 2024, the frequency of attacks and ransom payments collected remained higher in the first half of 2024 than in 2022 and 2023. “There has been a marked shift towards targeting small and medium-sized … More →
The post The changing dynamics of ransomware as law enforcement strikes appeared first on Help Net Security.
Help Net Security
CISA 将大华 IP 摄像头、Linux 内核和 Microsoft Exchange Server 漏洞添加到已知利用漏洞目录中
7 months 3 weeks ago
安全客
SolarWinds解决了Web Help Desk中的硬编码凭证问题
7 months 3 weeks ago
安全客
新的“ALBeast”漏洞暴露了AWS应用负载均衡器中的弱点
7 months 3 weeks ago
安全客