CYBERSECURITY / DEFENSE / INTELLIGENCE

  • The White House is pushing the Senate to pass a TikTok ban bill that swept through the House last week.

    Go to source

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

  • New orbits could open β€œpotential attack vectors” on US satellites, general says.

    Go to source

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

  • New orbits could open β€œpotential attack vectors” on US satellites, general says.

    Go to source

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

  • Thanks to AI, β€œThey can have one person cranking out a lot of material.”

    Go to source

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

  • Thanks to AI, β€œThey can have one person cranking out a lot of material.”

    Go to source

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

  • The amount the service requested may still be too low, based on observations of Ukraine, one expert said.

    Go to source

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

  • A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which dubbed the campaign DEEP#GOSU, said it’s likely associated with the North Korean state-sponsored group tracked as Kimsuky. “The malware payloads used in the DEEP#GOSU represent a

    Go to source

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

  • ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

  • Cybercriminals have repurposed Scalable Vector Graphics (SVG) files to deliver malware, a technique that has evolved significantly with the advent of the AutoSmuggle tool.

    Introduced in May 2022, AutoSmuggle facilitates embedding malicious files within HTML or SVG content, making it easier for attackers to bypass security measures.

    Early and Notable Malware Deliveries via SVG

    The misuse of SVG files for malware distribution dates back to 2015, with ransomware being one of the first to be delivered through this vector.

    In January 2017, SVG files were used to download the Ursnif malware via URLs. A significant leap occurred in 2022 when SVGs delivered malware like QakBot through embedded .zip archives, showcasing a shift from external downloads to HTML smuggling techniques.

    Credits: CoFense

    AutoSmuggle’s Role in Malware Campaigns

    AutoSmuggle’s release on GitHub in 2022 marked a turning point. The tool embeds executable files or archives into SVG/HTML files, which are then decrypted and executed upon opening by the victim.

    This method cleverly evades Secure Email Gateways (SEGs) that would typically detect and quarantine direct email attachments.

    Two notable AutoSmuggle campaigns began in December 2023 and January 2024, delivering XWorm RAT and Agent Tesla Keylogger, respectively.

    Methods of Malware Delivery via SVG

    According to CoFense report, SVG files can deliver malware in two primary ways:

    1. JavaScript Direct Download: The original SVG files contained embedded URLs that, when opened, triggered the download of a malicious payload. Later versions displayed an image to distract the victim while the download occurred.
    2. HTML Style Embedded Object: More recent SVG files contain the malicious payload within, eliminating the need for external resources. These files often rely on the victim’s curiosity to interact with the delivered file.

    Campaign Analysis: Agent Tesla and XWorm RAT

    The Agent Tesla Keylogger campaign was characterized by emails with attached SVG files that led to an embedded .zip archive containing a JavaScript file, which then initiated a series of downloads culminating in the execution of the keylogger.

    AgentTesla , Credits: CoFense

    The XWorm RAT campaign differed in its approach, with three distinct infection chains involving PDFs, embedded links, and direct SVG attachments, ultimately leading to the delivery of XWorm RAT via various scripting files.

    Divergence from AutoSmuggle in Campaigns

    Upon analysis, the SVG files used in these campaigns showed slight modifications from the standard AutoSmuggle-generated files.

    For instance, the Agent Tesla campaign SVGs included redirecting to a legitimate-looking Maersk webpage, enhancing the deception.

    The XWorm RAT campaign SVGs, on the other hand, displayed a blank page instead of an image, a less sophisticated approach compared to the Agent Tesla campaign.

    The use of SVG files in malware delivery, particularly with tools like AutoSmuggle, represents an evolving threat landscape where attackers continuously adapt to circumvent security defenses.

    Understanding these techniques is crucial for developing more effective countermeasures against such sophisticated cyber threats.

    Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN ->Β Start Now for Free.

    The post Hackers Using Weaponized SVG Files in Cyber Attacks appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

    Go to source

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

  • In recent years, personal data security has surged in importance due to digital device usage. Side-channel attacks exploit system side effects to gather information. 

    Electronic emissions are a known vulnerability to such attacks. Acoustic side-channel attacks are particularly threatening. In this attack, threat actors utilize the device’s sound emissions to extract sensitive data.

    Cybersecurity researchers, Alireza Taheritajar and Reza Rahaeimehr from Augusta University recently discovered a new acoustic keyboard side-channel attack that lets hackers steal sensitive data.

    Acoustic Keyboard Side Channel Attack

    Keyboard acoustic side-channel attacks enable threat actors to remotely capture keystroke sounds through microphones and analyze waveforms to determine sensitive information like timing and intensity.

    They exploit this data despite background noise challenges, utilizing techniques like statistical analysis, machine learning, signal processing, acoustic triangulation, and Time Difference of Arrival (TDoA).

    This made some past studies to limit environmental conditions or ignore irregularities that could interfere with the results. 

    However, noise from the surroundings and typing habits of a user are among those factors that are often not considered though they can change how people use keys leading to variations in recognition accuracy.

    number of letters on the success rate

    This is further complicated by interactions between models and other attributes of emissions that do not have uniform patterns, as well as their dependence on environmental circumstances.Β 

    It also provides an opportunity for keyboard models themselves to spoil up algorithms when altered due to special sound features.

    In recent times deep learning approaches bring further complexity to obtaining consistent outcomes. 

    In this paper, researchers proposed another approach aimed at eliminating these drawbacks.

    It consists of capturing keystroke audio, extracting timing data, training a statistical model for prediction, testing on unknown recordings, and enhancing results with an English dictionary. 

    The interface of the data gathering software (Source – Arxiv)

    The proposed method analyses typing patterns so as to be able to predict words even in real environments where there is noise and without limiting the keyboard models used.

    Researchers’ method assumes identifying the victim, but ours isn’t limited to specific keyboard brands.

    They expect victims to work in quiet rooms, allowing noise control through signal processing. 

    They gather typing samples, text, and ambient noise to train statistical models.

    Analysts assume an oracle can split audio into word files, which is realistic as users often generate distinct sounds by pressing the Enter or Space keys after typing.

    A Windows app written in C# by experts to record keystroke sounds under three conditions:-Β 

    • Users just typing
    • Researchers typing sentences
    • Developers using normal words

    Different sentences and words were chosen to represent various styles and trends of English typing.

    Researchers conducted an IRB-approved study to collect typing patterns from 20 adult users, ensuring confidentiality and anonymity. 

    Datasets included common English words to measure word length’s impact on prediction accuracy.

    Visual representation in Figure 5 shows success rates increasing with word length up to six letters, then plateauing.

    The researchers are trying to reduce reliance on environmental conditions in their approach, but accurately capturing the keyboard sounds is very important for precise keystroke identification.Β 

    Acoustic detection methods rely on the production of sufficient sound by keyboards in order to overcome challenges with softer keys that may lower the accuracy. 

    The technique supposes that users maintain consistent and recognizable typing patterns when constructing datasets. 

    In this way, it is possible to deduce whether a certain key was pressed or not based on the variance between different key presses on the same computer.

    Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

    The post New Acoustic Keyboard Side Channel Attack Let Attackers Steal Sensitive Data appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

    Go to source

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ