Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label trending news. Show all posts

Bootkitty: The Game-Changing Malware Targeting Linux Systems

 

This malware, named Bootkitty, introduces a new method of attacking Linux, which has traditionally been considered safer from such stealthy threats compared to Windows. Bootkits are highly dangerous because they infect a computer’s boot process, loading before the operating system starts. 

This allows them to take deep control of a system while avoiding detection by traditional security tools.   

Bootkitty specifically targets certain versions of Ubuntu Linux by bypassing critical security checks during system boot.   

How Bootkitty Works  


ESET discovered Bootkitty in November 2024 when a suspicious file, bootkit.efi, was uploaded to VirusTotal. The malware uses advanced techniques to bypass kernel signature verification and inject malicious components during the system boot process.   

It relies on a self-signed certificate, meaning it won’t function on systems with Secure Boot enabled.   The malware hooks into UEFI security protocols and GRUB bootloader functions, disabling key security checks and loading malicious modules into the Linux kernel.  Bootkitty also forces a malicious library to load into system processes upon startup.   

However, the malware is not without flaws.  It only works on specific GRUB and kernel versions, which limits its effectiveness.  It can cause system crashes due to compatibility issues.   

During their investigation, researchers also found another suspicious file, BCDropper, likely associated with Bootkitty. BCDropper installs a rootkit named BCObserver, which provides stealthy control by hiding files, processes, and open ports on the infected system.   

Growing Threat to Linux   


Although Bootkitty is not yet fully developed or actively deployed in real-world attacks, its discovery is concerning. It signals that cybercriminals are increasingly targeting Linux as more businesses rely on it for critical operations.  

To help organizations defend against Bootkitty, ESET has published indicators of compromise (IoCs) on GitHub.   

Recommendations for Protection   


  • Enable Secure Boot: Since Bootkitty cannot operate with Secure Boot enabled, this is a crucial defense. 
  • Update Security Tools: Keeping antivirus and other security software up to date can help detect and block new threats.  

This discovery underscores the growing sophistication of Linux-targeted malware and the need for robust security practices to safeguard critical systems.

BianLian Ransomware Gang Shifts Tactics: A New Era of Cyber Threats

 

A recent advisory from the FBI, CISA, and Australia’s Cyber Security Centre reveals a tactical shift by the ransomware group BianLian, marking a significant evolution in cyber extortion. The update, issued on November 20, 2024, highlights how the group has abandoned traditional encryption-based attacks in favor of exfiltration-only extortion, a trend gaining momentum across the cybercrime landscape. Previously known for their double-extortion model—encrypting victims' data while threatening to release stolen files—BianLian has moved exclusively to encryption-less attacks since early 2023. 

Instead of locking victims out of their systems, the group focuses solely on stealing sensitive data and leveraging it to demand ransoms. This new approach leaves the victims’ systems intact, but their sensitive information becomes the ultimate bargaining chip. “This method allows criminals to exploit multiple avenues for extortion,” the advisory states. “Even when victims pay, stolen data is rarely deleted and often surfaces on the Dark Web.” 

The shift reflects both a response to improved corporate defenses and a focus on operational efficiency. Muhammad Yahya Patel, lead security engineer at Check Point Software, noted that exfiltration-only attacks require fewer resources, making them harder to detect. “This tactic reduces the need for encryption malware, minimizing operational complexity and allowing attackers to stay under the radar,” Patel explained. 

Organizations with robust backup systems can recover from encryption-based attacks, diminishing their effectiveness. Pedro Umbelino, principal research scientist at Bitsight, observed, “Encryption rarely leads to data loss now, but companies still fear the public release of stolen data. Ransomware operators are prioritizing simpler methods to maximize profit.” The trend extends beyond BianLian. Darren Williams, CEO of BlackFog, revealed that 94% of ransomware attacks in 2024 now center on data theft rather than encryption. 

“The value of intellectual property, customer, and personal data has made exfiltration the preferred method for cybercriminals,” Williams noted. 

For organizations, this shift underscores the urgency of adapting cybersecurity defenses. Unlike encryption attacks, data exfiltration is harder to detect and often unnoticed until it’s too late. Investing in advanced monitoring tools, enhancing incident response plans, and fostering a culture of cybersecurity awareness are critical steps in mitigating this emerging threat. The rise of exfiltration-only ransomware is a stark reminder of cybercriminals’ adaptability. Businesses must evolve their defenses to match the growing sophistication of their adversaries.

Game Emulation: Keeping Classic Games Alive Despite Legal Hurdles

 For retro gaming fans, playing classic video games from decades past is a dream, but it’s tough to do legally. This is where game emulation comes in — a way to recreate old consoles in software, letting people play vintage games on modern devices. Despite opposition from big game companies, emulation developers put in years of work to make these games playable. 

Game emulators work by reading game files, called ROMs, and creating a digital version of the console they were designed for. Riley Testut, creator of the Delta emulator, says it’s like opening an image file: the ROM is the data, and the emulator brings it to life with visuals and sound. 

Testut and his team spent years refining Delta, even adding new features like online multiplayer for Nintendo DS games. Some consoles are easy to emulate, while others are a challenge. Older systems like the Game Boy are simpler, but emulating a PlayStation requires recreating multiple processors and intricate hardware functions. Developers use tools like OpenGL or Vulkan to help with complex 3D graphics, especially on mobile devices. 

Emulators like Emudeck, popular on the Steam Deck, make it easy to access multiple games in one place. For those wanting an even more authentic experience, FPGA hardware emulation mimics old consoles precisely, though it’s costly. While game companies often frown on ROMs, some, like Xbox, use emulation to re-release classic games legally. 

However, legal questions remain, and complex licensing issues keep many games out of reach. Despite these challenges, emulation is thriving, driven by fans and developers who want to preserve gaming history. Though legal issues persist, emulation is vital for keeping classic games alive and accessible to new generations.

Big Tech’s Data-Driven AI: Transparency, Consent, and Your Privacy

In the evolving world of AI, data transparency and user privacy are gaining significant attention as companies rely on massive amounts of information to fuel their AI models. While Big Tech giants need enormous datasets to train their AI systems, legal frameworks increasingly require these firms to clarify what they do with users’ personal data. Today, many major tech players use customer data to train AI models, but the specifics often remain obscure to the average user. 

In some instances, companies operate on an “opt-in” model where data usage requires explicit user consent. In others, it’s “opt-out”—data is used automatically unless the user takes steps to decline, and even this may vary based on regional regulations. For example, Meta’s data-use policies for Facebook and Instagram are “opt-out” only in Europe and Brazil, not the U.S., where laws like California’s Consumer Privacy Act enforce more transparency but allow limited control. 

The industry’s quest for data has led to a “land grab,” as companies race to stockpile information before emerging laws impose stricter guidelines. This data frenzy affects users differently across sectors: consumer platforms like social media often limit users’ choice to restrict data use, while enterprise software clients expect privacy guarantees.  

Controversy around data use has even caused some firms to change course. Adobe, following backlash over potentially using business customer data for training, pledged not to employ it for AI model development. Similarly, Apple has crafted a privacy-first architecture for its AI, promising on-device processing whenever possible and, when necessary, private cloud storage. Microsoft’s AI, including its Copilot+ features, has faced scrutiny as well. 

Privacy concerns delayed some features, prompting the company to refine how data like screenshots and app usage are managed. OpenAI, a leader in generative AI, offers varied data-use policies for free and paid users, giving businesses greater control over data than typical consumers.

UK Watchdog Urges Data Privacy Overhaul as Smart Devices Collect “Excessive” User Data

 

A new study by consumer group Which? has revealed that popular smart devices are gathering excessive amounts of personal data from users, often beyond what’s required for functionality. The study examined smart TVs, air fryers, speakers, and wearables, rating each based on data access requests. 

Findings suggested many of these devices may be gathering and sharing data with third parties, often for marketing purposes. “Smart tech manufacturers and their partners seem to collect data recklessly, with minimal transparency,” said Harry Rose from Which?, calling for stricter guidelines on data collection. The UK’s Information Commissioner’s Office (ICO) is expected to release updated guidance on data privacy for smart devices in 2025, which Rose urged be backed by effective enforcement. 

The study found all three tested air fryers, including one from Xiaomi, requested precise user locations and audio recording permissions without clarification. Xiaomi’s fryer app was also linked to trackers from Facebook and TikTok, raising concerns about data being sent to servers in China, though Xiaomi disputes the findings, calling them “inaccurate and misleading.” 

Similar privacy concerns were highlighted for wearables, with the Huawei Ultimate smartwatch reportedly asking for risky permissions, such as access to location, audio recording, and stored files. Huawei defended these requests, stating that permissions are necessary for health and fitness tracking and that no data is used for marketing. 

Smart TVs from brands like Samsung and LG also collected extensive data, with both brands connecting to Facebook and Google trackers, while Samsung’s app made additional phone permission requests. Smart speakers weren’t exempt from scrutiny; the Bose Home Portable speaker reportedly had several trackers, including from digital marketing firms.  

Slavka Bielikova, ICO’s principal policy adviser, noted, “Smart products know a lot about us and that’s why it’s vital for consumers to trust that their information is used responsibly.” She emphasized the ICO’s upcoming guidance, aiming to clarify expectations for manufacturers to protect consumers. 

As the debate over data privacy intensifies, Which? recommends that consumers opt out of unnecessary data collection requests and regularly review app permissions for added security.

Cybersecurity and AI Challenges: How Companies Must Evolve to Stay Secure and Competitive

 

Cybersecurity remains a big concern, with a recent study from DataDome showing that 91% of websites are at risk from bot attacks. The study looked at over 14,000 sites in industries like healthcare, luxury goods, and e-commerce, revealing that many businesses with sensitive data are not well protected. Even large companies, though slightly better equipped, let through half of the basic bot threats. 

As cyberattacks become more advanced, companies need to improve their defenses to avoid being targeted. DataDome’s study used simple bots, but it’s a reminder that more sophisticated attacks could cause even more damage. On top of cybersecurity issues, many companies face challenges in managing their data, especially when it comes to using generative AI.
 
Lakshmikant (LK) Gundavarapu, Chief Innovation Officer at Tredence, points out that AI relies on clean, well-organized data to work effectively. Unfortunately, many businesses struggle to keep their data in order, making it hard to get the most out of AI tools. Gundavarapu emphasizes that having a clear picture of their data is key for companies to use AI successfully. 

Meanwhile, President Joe Biden has introduced a new policy that highlights the importance of AI in national security. This policy focuses on protecting AI development and addressing risks like biological, chemical, and nuclear threats, while encouraging collaboration with other countries to manage AI responsibly. 

This follows an earlier executive order aimed at setting rules for AI use in the U.S. As cybersecurity threats grow and AI regulations evolve, tech companies like Microsoft, Google, and Meta are also facing challenges. While all three reported strong earnings driven by cloud and AI services, investors are cautious about their future spending plans. 

In today’s fast-changing environment, businesses need to prioritize strong cybersecurity and proper data management to remain competitive and secure.

FakeCall Malware for Android Escalates Threat, Hijacks Outgoing Bank Calls

 

A newly evolved version of the FakeCall malware, a dangerous Android banking trojan, has been discovered hijacking users’ outgoing calls to their financial institutions, redirecting them to phone numbers controlled by attackers. The malware, first identified by Kaspersky in April 2022, focuses on voice phishing (vishing) scams, tricking victims into revealing sensitive banking information. 

The trojan presents a fake call interface that closely mimics Android’s default dialer, convincing victims they are communicating with legitimate bank representatives. 

This makes it challenging for users to discern the deception. When attempting to call their bank, the malware secretly redirects the call to attackers, who impersonate bank officials to steal personal information and money from accounts. A new report from Zimperium reveals that the latest FakeCall variant further enhances its capabilities. 

By tricking users into setting it as the default call handler during installation, the malware gains the ability to intercept both incoming and outgoing calls. In addition, the malware manipulates the Android user interface to show the bank’s actual phone number while connecting the victim to a scammer, deepening the illusion of legitimacy. The updated malware also adds new, though still developing, functionalities. 

It now uses Android’s Accessibility Service to simulate user actions, control the dialer interface, and automatically grant itself permissions. FakeCall’s operators have also introduced a Bluetooth listener and a screen state monitor, indicating ongoing development toward more advanced attack methods. Additional commands integrated into the latest version include capturing live screen content, taking screenshots, and accessing or deleting device images. 

These upgrades demonstrate the malware’s evolving sophistication, as it becomes harder to detect and remove. Security experts recommend avoiding the manual installation of Android apps through APKs, encouraging users to rely on the Google Play Store for app downloads. Though malware can still infiltrate Google Play, the platform’s security measures, such as Google Play Protect, can help identify and remove malicious apps when detected.

Business Email Compromise Soars in Q3 2024 as Cybercriminals Refine Tactics: VIPRE Report

Global cybersecurity provider VIPRE Security Group has published its Q3 2024 Email Threat Trends Report, revealing an alarming rise in business email compromise (BEC) and highlighting the evolving techniques cyber criminals are using to deceive employees and breach corporate security. According to VIPRE’s analysis of 1.8 billion global emails, 208 million were flagged as malicious, with BEC scams making up 58% of phishing attempts. 

VIPRE noted that 89% of these attacks used impersonation, often of senior executives or IT personnel, in an attempt to exploit employees’ trust in authority figures. The manufacturing sector experienced a notable 8% spike in BEC attacks this quarter, increasing from 2% in Q1 to 10% in Q3. 

The report attributes this surge partly to the industry’s extensive use of mobile devices for remote sign-ins, which can leave employees more vulnerable to attacks. Email threats during the quarter were predominantly scams (34%), commercial spam (30%), and phishing (20%), overshadowing ransomware and malware, which together made up less than 20% of email-based attacks. 

Despite their lower prevalence, ransomware and malware remain a significant concern in the cybersecurity industry. To evade detection by modern security measures, cybercriminals have started disguising malicious attachments as voicemails or essential security updates. Microsoft PDF and .DOCX files were the most common formats, with 2.18 million emails containing harmful attachments, representing a 30% rise from Q2’s 21%. In Q3, URL redirection became a popular technique among attackers, representing 52% of email-based scams. 

Cybercriminals used clean URLs within emails to bypass security checks, redirecting recipients to meticulously crafted fraudulent websites. VIPRE also observed a shift in malspam tactics, with attackers favouring attachments (64%) over malicious links (36%). Formats such as LNK, ZIP, and DOCX were common in these campaigns. 

Redline, a notorious malware family, remained the most prevalent, designed to steal sensitive data from web browsers. Usman Choudhary, VIPRE’s CPTO, emphasized the need for robust cybersecurity measures, especially as the holiday season approaches. “BEC email and phishing attacks are becoming more targeted and convincing,” he said, highlighting the urgency of employee education to counter these threats.

India Cracks Down on Cybercrime with Warning Against Illegal Payment Gateways

 

In a sweeping move to combat organized cybercrime, India’s Ministry of Home Affairs (MHA), through the Indian Cybercrime Coordination Center (I4C), has issued a stark warning about illegal payment gateways reportedly run by transnational cyber criminals. These illicit gateways—PeacePay, RTX Pay, PoccoPay, and RPPay—are allegedly being used as conduits for money laundering, utilizing mule bank accounts rented from shell companies and individuals. 

The network is operated by foreign nationals and offers money laundering as a service, allowing criminal organizations to process and disguise illicit funds. Recent nationwide raids by Gujarat (Indian State) and Andhra Pradesh (Indian State) police have uncovered a complex network of digital payment platforms linked to various cybercrimes, the Ministry of Home Affairs announced in a press statement. 

These platforms exploit rented bank accounts—sourced through social media platforms like Telegram and Facebook—that belong to shell entities or individuals. “Current and saving accounts are scouted through social media, primarily from Telegram and Facebook,” the statement said, underlining the role of social media in recruiting mule accounts for illegal activities. 

According to the Cybercrime Coordination Center, these mule accounts are often remotely controlled by overseas operatives who leverage them to process transactions for various fraudulent schemes. These range from fake investment and offshore betting scams to phony stock trading platforms. Once funds are deposited, they are quickly transferred to other accounts, employing bulk payout options provided by banks to obscure the money trail. 

The Coordination Center has urged citizens to avoid renting or selling their bank accounts or company registration documents to these illegal platforms, as involvement with such illicit activities can carry severe legal repercussions, including potential arrest. 

The Center also stressed that banks may enhance their monitoring mechanisms to detect the misuse of bank accounts associated with illegal payment gateways. This crackdown comes as part of India’s broader efforts to secure its digital finance ecosystem amid a rise in cybercrime.

Google Begins Testing Verified Checkmarks for Websites in Search Results

 

Google has started testing a new feature in its search results that adds a blue checkmark next to certain websites, aiming to enhance user security while browsing. As of now, this experiment is limited to a small number of users and websites, with the checkmarks appearing next to well-known companies such as Microsoft, Meta, and Apple. The blue checkmark serves as an indicator that the website is verified by Google. 

When users hover over the checkmark, a message explains, “This icon is being shown because Google’s signals suggest that this business is the business that it says it is.” However, Google clarifies that this verification does not guarantee the full reliability of the website, meaning users should still exercise caution. 

This feature resembles Google’s previous initiative, the BIMI (Brand Indicators for Message Identification) system, introduced in Gmail in 2023. BIMI uses blue markers to verify the authenticity of email senders, ensuring that businesses sending emails are legitimate and own the domains and logos they use. 

The goal of BIMI was to combat phishing and other malicious activities by allowing users to quickly identify verified businesses. While the checkmark feature is currently only being tested with a select group of users and websites, it has the potential to be expanded in the future. 

If widely implemented, it could help users easily identify trusted websites directly from search results, offering an extra level of safety when browsing the internet. Although it is unclear when or if Google plans to roll out the feature to all users, a company spokesperson confirmed that the test is underway. 

This new experiment could be a step towards making the internet a safer space, particularly as users grow more concerned about online threats such as phishing and scams. For now, Google is monitoring the test to assess its effectiveness before deciding on a broader launch.

Indian Textile Tycoon Duped of ₹7 Crore in Elaborate ‘Digital Arrest’ Scam

 

In a shocking incident, SP Oswal, chairman of the Vardhman Group, India, fell victim to a scam that cost him over INR 7 crore. The 82-year-old businessman was tricked into believing he was under investigation for money laundering, with scammers posing as officials from the Central Bureau of Investigation (CBI) and even impersonating Chief Justice of India DY Chandrachud. Through fake court setups, police uniforms, and ID cards, the conmen convinced Oswal that his “digital arrest” was legitimate. 

This case is part of a growing trend where scammers create fear and panic in victims’ minds, leading them to comply with demands for money. Experts have highlighted that the fear psychosis these scammers create makes even well-informed individuals vulnerable to such tactics. 

Oswal is not the only Indian high-profile victim; a lawyer from Bengaluru, and a doctor in Noida were also similarly duped. The lawyer, in particular, was forced to undergo a fake “narcotics test,” strip on camera, and lost INR 14 lakh in the process. Cyber law expert Pawan Duggal explains that “digital arrest” refers to a scam where victims are made to believe they are under investigation for serious crimes. 

Scammers use fake props and legal threats to intimidate their targets into handing over large sums of money. Victims are often coerced into keeping their cameras and microphones on at all times, further intensifying the pressure. The Ministry of Home Affairs has issued warnings about these scams and urged citizens to report suspicious calls on the cybercrime helpline (1930) or via their website. 

Authorities are working with agencies like the Indian Cyber Crime Coordination Centre (I4C) to combat the growing threat of cyber scams. Experts also stress that there is no legal provision for “digital arrest” and advise people to verify suspicious calls through official channels.