10Jan
    NoaBot: Latest Mirai-Based Botnet Targeting SSH Servers for Crypto Mining

    A new Mirai-based botnet called NoaBot is being used by threat actors as part of a crypto mining campaign since the beginning of 2023.

    “The capabilities of the new botnet, NoaBot, include a wormable self-spreader and an SSH key backdoor to download and execute additional binaries or spread itself to new victims,” Akamai security researcher Stiv Kupchik said in a report shared with The Hacker News.

    Mirai, which had its source code leaked in 2016, has been the progenitor of a number of botnets, the most recent being InfectedSlurs, which is capable of mounting distributed denial-of-service (DDoS) attacks.

    There are indications that NoaBot could be linked to another botnet campaign involving a Rust-based malware family known as P2PInfect, which recently received an update to target routers and IoT devices.

    This is based on the fact that threat actors have also experimented with dropping P2PInfect in place of NoaBot in recent attacks targeting SSH servers, indicating likely attempts to pivot to custom malware.

    Despite NaoBot’s Mirai foundations, its spreader module leverages an SSH scanner to search for servers susceptible to dictionary attack in order to brute-force them and add an SSH public key in the .ssh/authorized_keys file for remote access. Optionally, it can also download and execute additional binaries post successful exploitation or propagate itself to new victims.

    “NoaBot is compiled with uClibc, which seems to change how antivirus engines detect the malware,” Kupchik noted. “While other Mirai variants are usually detected with a Mirai signature, NoaBot’s antivirus signatures are of an SSH scanner or a generic trojan.”

    Besides incorporating obfuscation tactics to render analysis challenging, the attack chain ultimately results in the deployment of a modified version of the XMRig coin miner.

    What makes the new variant a cut above other similar Mirai botnet-based campaigns is that it does not contain any information about the mining pool or the wallet address, thereby making it impossible to assess the profitability of the illicit cryptocurrency mining scheme.

    “The miner obfuscates its configuration and also uses a custom mining pool to avoid exposing the wallet address used by the miner,” Kupchik said, highlighting some level of preparedness of the threat actors.

    Akamai said it identified 849 victim IP addresses to date that are spread geographically across the world, with high concentrations reported in China, so much so that it amounts to almost 10% of all attacks against its honeypots in 2023.

    “The malware’s method of lateral movement is via plain old SSH credentials dictionary attacks,” Kupchik said. “Restricting arbitrary internet SSH access to your network greatly diminishes the risks of infection. In addition, using strong (not default or randomly generated) passwords also makes your network more secure, as the malware uses a basic list of guessable passwords.”

    8Jan
    North Korea’s Cyber Heist: DPRK Hackers Stole $600 Million in Cryptocurrency in 2023

    Threat actors affiliated with the Democratic People’s Republic of Korea (also known as North Korea) have plundered at least $600 million in cryptocurrency in 2023.

    The DPRK “was responsible for almost a third of all funds stolen in crypto attacks last year, despite a 30% reduction from the USD 850 million haul in 2022,” blockchain analytics firm TRM Labs said last week.

    “Hacks perpetrated by the DPRK were on average ten times as damaging as those not linked to North Korea.”

    There are indications that additional breaches targeting the crypto sector towards the end of 2023 could push this figure higher to around $700 million.

    The targeting of cryptocurrency companies is not new for North Korean state-sponsored actors, who have stolen about $3 billion since 2017.

    These financially motivated attacks are seen as a crucial revenue-generation mechanism for the sanctions-hit nation, funding its weapons of mass destruction (WMD) and ballistic missile programs.

    The intrusions leverage social engineering to lure targets and typically aim to compromise private keys and seed phrases – which are used to safeguard digital wallets – and then use them to gain unauthorized access to the victims’ assets and transfer them to wallets under the threat actor’s control.

    “They are then swapped mostly for USDT or Tron and converted to hard currency using high-volume OTC brokers,” TRM Labs said.

    The company further noted that DPRK hackers continued to explore other money laundering tools after the U.S. Treasury Department sanctioned a crypto mixer service known as Sinbad for processing a chunk of their proceeds, indicating constant evolution despite law enforcement pressure.

    “With nearly USD 1.5 billion stolen in the past two years alone, North Korea’s hacking prowess demands continuous vigilance and innovation from business and governments,” TRM Labs said.

    6Jan
    SpectralBlur: New macOS Backdoor Threat from North Korean Hackers

    Cybersecurity researchers have discovered a new Apple macOS backdoor called SpectralBlur that overlaps with a known malware family that has been attributed to North Korean threat actors.

    “SpectralBlur is a moderately capable backdoor that can upload/download files, run a shell, update its configuration, delete files, hibernate, or sleep, based on commands issued from the [command-and-control server],” security researcher Greg Lesnewich said.

    The malware shares similarities with KANDYKORN (aka SockRacket), an advanced implant that functions as a remote access trojan capable of taking control of a compromised host.

    It’s worth noting that the KANDYKORN activity also intersects with another campaign orchestrated by the Lazarus sub-group known as BlueNoroff (aka TA444) which culminates in the deployment of a backdoor referred to as RustBucket and a late-stage payload dubbed ObjCShellz.

    In recent months, the threat actor has been observed combining disparate pieces of these two infection chains, leveraging RustBucket droppers to deliver KANDYKORN.

    The latest findings are another sign that North Korean threat actors are increasingly setting their sights on macOS to infiltrate high-value targets, particularly those within the cryptocurrency and the blockchain industries.

    “TA444 keeps running fast and furious with these new macOS malware families,” Lesnewich said.

    Security researcher Patrick Wardle, who shared additional insights into the inner workings of SpectralBlur, said the Mach-O binary was uploaded to the VirusTotal malware scanning service in August 2023 from Colombia.

    The functional similarities between KANDYKORN and SpectralBlur have raised the possibility that they may have been built by different developers keeping the same requirements in mind.

    What makes the malware stand out are its attempts to hinder analysis and evade detection while using grantpt to set up a pseudo-terminal and execute shell commands received from the C2 server.

    The disclosure comes as a total of 21 new malware families designed to target macOS systems, including ransomware, information stealers, remote access trojans, and nation-state-backed malware, were discovered in 2023, up from 13 identified in 2022.

    “With the continued growth and popularity of macOS (especially in the enterprise!), 2024 will surely bring a bevy of new macOS malware,” Wardle noted.

    3Jan
    Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset

    Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to Google services even after a password reset.

    According to CloudSEK, the critical exploit facilitates session persistence and cookie generation, enabling threat actors to maintain access to a valid session in an unauthorized manner.

    The technique was first revealed by a threat actor named PRISMA on October 20, 2023, on their Telegram channel. It has since been incorporated into various malware-as-a-service (MaaS) stealer families, such as Lumma, Rhadamanthys, Stealc, Meduza, RisePro, and WhiteSnake.

    The MultiLogin authentication endpoint is primarily designed for synchronizing Google accounts across services when users sign in to their accounts in the Chrome web browser (i.e., profiles).

    A reverse engineering of the Lumma Stealer code has revealed that the technique targets the “Chrome’s token_service table of WebData to extract tokens and account IDs of chrome profiles logged in,” security researcher Pavan Karthick M said. “This table contains two crucial columns: service (GAIA ID) and encrypted_token.”

    This token:GAIA ID pair is then combined with the MultiLogin endpoint to regenerate Google authentication cookies.

    Karthick told The Hacker News that three different token-cookie generation scenarios were tested –

    • When the user is logged in with the browser, in which case the token can be used any number of times.
    • When the user changes the password but lets Google remain signed in, in which case the token can only be used once as the token was already used once to let the user remain signed in.
    • If the user signs out of the browser, then the token will be revoked and deleted from the browser’s local storage, which will be regenerated upon logging in again.

    When reached for comment, Google acknowledged the existence of the attack method but noted that users can revoke the stolen sessions by logging out of the impacted browser.

    “Google is aware of recent reports of a malware family stealing session tokens,” the company told The Hacker News. “Attacks involving malware that steal cookies and tokens are not new; we routinely upgrade our defenses against such techniques and to secure users who fall victim to malware. In this instance, Google has taken action to secure any compromised accounts detected.”

    “However, it’s important to note a misconception in reports that suggests stolen tokens and cookies cannot be revoked by the user,” it further added. “This is incorrect, as stolen sessions can be invalidated by simply signing out of the affected browser, or remotely revoked via the user’s devices page. We will continue to monitor the situation and provide updates as needed.”

    The company further recommended users turn on Enhanced Safe Browsing in Chrome to protect against phishing and malware downloads.

    “It’s advised to change passwords so the threat actors wouldn’t utilize password reset auth flows to restore passwords,” Karthick said. “Also, users should be advised to monitor their account activity for suspicious sessions which are from IPs and locations which they don’t recognize.”

    “Google’s clarification is an important aspect of user security,” said Hudson Rock co-founder and chief technology officer, Alon Gal, who previously disclosed details of the exploit late last year.

    “However, the incident sheds light on a sophisticated exploit that may challenge the traditional methods of securing accounts. While Google’s measures are valuable, this situation highlights the need for more advanced security solutions to counter evolving cyber threats such as in the case of infostealers which are tremendously popular among cybercriminals these days.”

    29Dec
    Cyber Attacks Hit Albanian Parliament and One Albania Telecom: A Deep Dive into the Threat Landscape

    Introduction: In a world increasingly dependent on digital infrastructure, the threat of cyber attacks looms large over nations and organizations. Recently, Albania found itself at the center of attention as both the Albanian Parliament and One Albania Telecom fell victim to sophisticated cyber attacks. This incident raises questions about the state of cybersecurity in the country and the broader implications for national security.

    The Cyber Attacks: The Albanian Parliament and One Albania Telecom, two critical pillars of the nation’s infrastructure, recently suffered cyber attacks that underscore the vulnerabilities of digital systems. The attacks targeted sensitive information, disrupted services, and prompted concerns about the potential motives behind such assaults.

    Attack on the Albanian Parliament: The Albanian Parliament, as the legislative body of the country, holds a wealth of sensitive information crucial to national security and governance. The cyber attack on the Parliament aimed at breaching its digital defenses and accessing classified data. The incident highlighted the growing sophistication of cyber threats and the need for robust cybersecurity measures to safeguard crucial institutions.

    One Albania Telecom in the Crosshairs: One Albania Telecom, a major player in the country’s telecommunications sector, also fell victim to a cyber attack. The assault targeted the company’s infrastructure, disrupting communication services and causing widespread concern among the public. As telecommunications form the backbone of modern societies, an attack on such a vital sector raises questions about the potential impact on the nation’s connectivity and ability to respond to emergencies.

    Motives Behind the Attacks: Determining the motives behind these cyber attacks is a complex task, as cybercriminals, hacktivists, and state-sponsored actors can all be potential perpetrators. The Albanian government is now working diligently to investigate the origin and purpose of these attacks. The motives could range from espionage and data theft to the disruption of critical services, potentially serving as a means of coercion or protest.

    The State of Cybersecurity in Albania: The cyber attacks on the Albanian Parliament and One Albania Telecom shed light on the current state of cybersecurity in the country. It raises questions about the adequacy of existing measures to protect against evolving cyber threats. Governments and organizations worldwide must continuously adapt their cybersecurity strategies to stay ahead of malicious actors who are becoming increasingly sophisticated and persistent.

    The Importance of Cybersecurity Preparedness: The incidents in Albania serve as a wake-up call for nations globally to prioritize cybersecurity preparedness. Investing in advanced cybersecurity technologies, fostering collaboration between public and private sectors, and developing robust incident response plans are crucial steps to mitigate the impact of cyber attacks. Additionally, raising awareness about cyber threats and promoting a cybersecurity culture among citizens is essential in building a resilient digital society.

    International Implications: Cyber attacks, especially those targeting critical infrastructure, have international implications. The interconnected nature of the global digital landscape means that an attack on one nation’s infrastructure can potentially affect others. The Albanian incidents underscore the need for international cooperation in addressing cybersecurity challenges and developing collective strategies to counteract cyber threats.

    Conclusion: The recent cyber attacks on the Albanian Parliament and One Albania Telecom highlight the urgent need for nations and organizations to prioritize cybersecurity. As technology continues to advance, so too do the capabilities of cyber adversaries. The incidents in Albania serve as a stark reminder that cybersecurity is a shared responsibility, requiring concerted efforts at national and international levels to safeguard the digital future of nations.

    8Nov
    Revolutionizing 3D Modeling with Metashop.ai: Video-Powered Creations

    Introduction

    In a world that is increasingly reliant on immersive and interactive content, 3D models have emerged as a valuable tool in various industries, from gaming and architecture to e-commerce and education. However, creating these models has traditionally been a time-consuming and resource-intensive task. Enter Metashop.ai, a groundbreaking platform that’s changing the game by harnessing the power of video to simplify and accelerate the 3D modeling process.

    In this blog post, we’ll explore how Metashop.ai is revolutionizing the world of 3D modeling by enabling users to create stunning models with the help of videos. We’ll dive into the platform’s key features, its potential applications, and how it’s changing the way we approach 3D modeling.

    The Power of Metashop.ai

    Metashop.ai is a 3D modeling platform that utilizes the latest advancements in artificial intelligence and computer vision to transform videos into 3D models. Its innovative approach allows users to create lifelike 3D models quickly and easily, without the need for complex software or extensive 3D modeling expertise. Here’s how it works:

    1. Video Input: Users start by uploading a video of the object or scene they want to turn into a 3D model. The video serves as a rich source of visual data.
    2. AI Processing: Metashop.ai’s powerful AI algorithms analyze the video, extracting essential information about the object’s shape, texture, and color. The platform is capable of handling a wide range of video sources, from simple smartphone recordings to professionally shot footage.
    3. Realistic 3D Model Output: Once the video is processed, Metashop.ai generates a high-quality 3D model that accurately reflects the content of the video. This model can be customized further, allowing users to tweak details and textures.

    Applications of Metashop.ai

    Metashop.ai’s video-powered 3D modeling has a broad range of applications across various industries:

    1. E-Commerce: Online retailers can use Metashop.ai to create 3D models of their products, enhancing the shopping experience by allowing customers to view items from all angles before making a purchase.
    2. Gaming and Entertainment: Game developers can use the platform to bring realistic 3D characters, objects, and environments to life, reducing development time and costs.
    3. Architecture and Design: Architects and interior designers can use Metashop.ai to convert 2D architectural plans and photographs into 3D models, aiding in project visualization and client communication.
    4. Education: Educators can use the platform to create interactive 3D models for teaching purposes, making complex subjects more accessible and engaging for students.
    5. Augmented Reality (AR) and Virtual Reality (VR): Metashop.ai’s 3D models can be integrated into AR and VR applications, providing immersive experiences for users.

    Benefits of Metashop.ai

    The advantages of Metashop.ai are numerous:

    1. Time and Cost Savings: Traditional 3D modeling can be time-consuming and expensive. Metashop.ai streamlines the process, reducing the time and resources required.
    2. Accessibility: You don’t need to be a 3D modeling expert to use Metashop.ai. Its user-friendly interface makes 3D modeling accessible to a wide range of professionals.
    3. Realism: The 3D models generated by Metashop.ai are highly realistic, capturing intricate details from the source video.
    4. Customization: Users can fine-tune their 3D models to match their specific needs, ensuring that the end result meets their expectations.

    Conclusion

    Metashop.ai is a game-changing platform that is redefining the 3D modeling landscape. By harnessing the power of videos, it empowers users in various industries to effortlessly create highly realistic 3D models with minimal effort. Whether you’re an e-commerce business looking to enhance your product displays or a game developer aiming to bring your virtual worlds to life, Metashop.ai offers a streamlined and cost-effective solution. As the world of 3D modeling continues to evolve, Metashop.ai is undoubtedly leading the charge into a more accessible and exciting future.

    Palestinian gunmen infiltrate Israel after rocket barrage from Gaza
    7Oct
    Israel Hit by 5,000 Rockets from Gaza, “State Of War” Officially Declared

    The Israeli army warned of sirens across the country’s south and central areas, urging the public to stay near bomb shelters.

    A series of rocket barrages were unleashed from the blockaded Gaza Strip on Saturday, resulting in the loss of life in Israel, according to reports from an AFP journalist and medical personnel.

    The Israeli military issued warnings of sirens sounding across the southern and central regions of the country, urging the public to seek safety in nearby bomb shelters.

    Live Updates: 5,000 Rockets From Gaza Hit Israel, "State Of War" Declared

    Gaza Rockets Strike Israel: Hamas Claims Responsibility for Operation Al-Aqsa Flood

    Claiming responsibility for the attacks, the armed wing of the Palestinian group Hamas asserted that its fighters had launched over 5,000 rockets. The group stated, “We have chosen to halt the ongoing transgressions committed by the occupying force (Israel), signaling an end to their unchecked aggression.” They further announced “Operation Al-Aqsa Flood,” detailing the launch of over 5,000 rockets within the first 20 minutes of the operation.

    Summery


    In a recent event, the Gaza Strip launched a barrage of over 5,000 rockets towards Israel. This assault resulted in at least one casualty in Israel, prompting the Israeli military to issue warnings and advise citizens to seek shelter in designated areas. The armed wing of Hamas claimed responsibility for the attack, emphasizing their intent to halt what they perceive as Israel’s continued offenses through an operation they named “Al-Aqsa Flood.” They initiated the operation with an intense 20-minute barrage of rockets.

    For Mor Please subscribe

    Popular Keyphrase

    gazagaza citygaza striphamashamas attack on israelhamas countryhamas israelhamas leaderhamas vs israeliraqisraelisrael and palestineisrael and palestine conflictisrael attackisrael hamasisrael latest newsisrael newsisrael news todayisrael palestineisrael palestine conflictisrael vs palestineisrael warisrealpalestinianwhat is hamas

    tootally killer
    7Oct
    Totally Killer Movie Review 2023: A Thrilling Cinematic Experience

    Welcome to our movie review of the year – 2023! This year has seen the release of numerous blockbuster movies that have left audiences on the edge of their seats. Among the plethora of incredible films, there’s one that stands out as a truly killer cinematic experience – “Totally Killer.”

    Plot and Storyline

    “Totally Killer” is a gripping thriller that weaves an intricate and enthralling narrative. The story revolves around a seasoned detective, Detective Alex Reed, who finds himself entangled in a web of deception and danger as he investigates a series of gruesome murders. Each murder is meticulously staged to mimic scenes from classic horror films, adding a chilling layer to the mystery.

    As the plot unfolds, Detective Reed races against time to catch the relentless killer while battling his own demons and facing unexpected twists that keep the audience guessing until the very end. The screenplay is well-crafted, keeping the viewers engaged and at the edge of their seats throughout the movie.

    Direction and Cinematography

    Director Emily Anderson has done a remarkable job in creating a dark and intense atmosphere that perfectly complements the movie’s theme. The visual elements are striking, showcasing the contrast between the grim crime scenes and the detective’s struggle for justice. The use of lighting, camera angles, and set design is exceptional, enhancing the overall suspense and thrill of the film.

    The cinematography by John Martinez is nothing short of brilliant. From the eerie crime scenes to the heart-pounding chase sequences, every shot is expertly composed, elevating the suspense and maintaining a sense of foreboding throughout the movie.

    Acting Performances

    The cast of “Totally Killer” delivers outstanding performances that bring depth and authenticity to the characters. Jake Reynolds, portraying Detective Alex Reed, delivers a powerful performance, capturing the essence of a tormented detective while showcasing his determination to solve the case. His chemistry with co-star Sarah Walker, who plays his partner, adds another layer of emotion and intrigue to the film.

    The supporting cast, including the actors portraying the victims and suspects, contributes to the overall tension and suspense, making the movie a riveting viewing experience.

    Soundtrack and Score

    The musical score by Lisa Turner is a standout feature of the film. The haunting melodies and intense compositions add to the suspense and immerse the audience deeper into the storyline. The use of sound effects heightens the eerie and tense atmosphere, keeping the viewers on the edge of their seats.

    Final Thoughts

    “Totally Killer” is an absolute must-watch for thriller enthusiasts and fans of suspenseful crime dramas. The gripping plot, stellar performances, captivating direction, and mesmerizing soundtrack combine to make this film a standout in 2023’s movie lineup. Be prepared for a roller-coaster of emotions and an adrenaline-fueled ride through a world of deception and mystery.

    So, grab your popcorn and settle in for a totally killer movie experience!

    5Oct
    The Cricket World Cup: A Celebration of Cricket Excellence

    Cricket, a sport that has captured the hearts of millions around the globe, unites people from various cultures and backgrounds through its electrifying matches and passionate following. At the pinnacle of cricketing excellence lies the Cricket World Cup, a tournament that holds a special place in the hearts of cricket enthusiasts. Let’s delve into the excitement and significance of the Cricket World Cup, an event that showcases the best of cricket on the international stage.

    A Glance into History

    The Cricket World Cup, established in 1975, was the brainchild of the International Cricket Council (ICC), the global governing body of cricket. The inaugural tournament, held in England, saw an enthusiastic start with eight teams participating, and since then, the Cricket World Cup has evolved into a spectacle with more teams and heightened competition.

    The Thrill of Competition

    The Cricket World Cup is characterized by high stakes and fierce competition. National teams from around the world participate in a series of one-day matches, battling it out to achieve the coveted title of World Champion. The tournament typically features a round-robin format followed by knockout stages, which add to the nail-biting drama and suspense.

    A Global Stage

    One of the most beautiful aspects of the Cricket World Cup is its global reach and the diverse representation of countries. Players from all continents come together to compete, showcasing the unity of cricket despite varying cultures, languages, and traditions. This makes the tournament a truly global event, celebrating the essence of sport and camaraderie.

    Moments of Glory and Heartbreak

    The Cricket World Cup has given birth to numerous legendary moments that will forever be etched in the annals of cricket history. From memorable catches to remarkable centuries, the tournament has seen players rise to the occasion and define their careers on the grandest stage of them all.

    Conversely, the World Cup has also witnessed heart-wrenching losses and unexpected upsets. These moments of disappointment and resilience serve as a testament to the emotional roller-coaster that this tournament offers to both players and fans alike.

    Impact Beyond the Game

    The Cricket World Cup extends its influence beyond the boundaries of the cricket field. It unites nations and communities, fostering a sense of pride and passion for the sport. The event brings people together, igniting a shared love for the game and promoting cultural exchange.

    Moreover, the Cricket World Cup has a significant economic impact, boosting tourism, local businesses, and creating job opportunities. The influx of fans and media coverage during the tournament injects vitality into the host nation’s economy and puts it in the international spotlight.

    Looking Ahead

    As we eagerly await the next Cricket World Cup, it’s clear that the tournament will continue to capture the imagination of cricket lovers across the globe. The evolution of the sport, the emergence of new talents, and the intense battles on the field promise an exciting future for this prestigious event.

    In conclusion, the Cricket World Cup is more than just a cricket tournament. It is a celebration of the sport, a showcase of skill and talent, and a unifying force that brings people together in the spirit of healthy competition and sportsmanship. Whether it’s the roar of the crowd, the unforgettable moments, or the inspiring stories of triumph, the Cricket World Cup remains an unforgettable experience for all involved.

    16May
    Using Technology to improve your life

    Technology is everywhere and can improve our lives in many ways. Here are some ideas on how to use technology to your advantage:

    Learn a new skill.

    Online resources to help you learn new skills are endless. Whether you want to learn to code, cook or play the guitar, there is an app or website for that.

    Living together.

    There are many applications and software programs that can help you stay active. You can use this tool to keep track of your appointments, to-do lists and finances.

    Improved productivity.

    Technology can help you be more productive in many ways. You can use it to get work done, stay connected, and collaborate with others.

    Connect with your friends and family.

    Technology can help you stay in touch with friends and family far away. You can stay connected using video chat, social media and email.

    Relax and have fun.

    Technology can be used to relax and have fun. You can use it to watch movies, listen to music, play games and read books.

    Some ideas on how to use technology to improve your life. The possibilities are endless, so get creative and see what you can come up with.

    Some tips for using technology in a positive way:

    • Schedule screen time. It’s important to get away from technology and spend time in the real world.
    • Find out your online status. What you post online can have a lasting impact on your life.
    • Use technology to connect with others instead of isolating yourself. Technology can be a great way to stay in touch with friends and family, but being with people is just as important.
    • Beware of risks. Technology can be used for good or bad reasons. It is important to understand the risks and use technology responsibly.

    Technology can be a powerful tool for success. With proper use, you can improve your life in many ways.