Tag Archive for: host

GitHub, NPM registry abused to host SSH key-stealing malware

/in


Malicious NPM packages designed to upload stolen SSH keys to GitHub were discovered by software threat researchers this month.

GitHub removed two packages from the NPM registry in early January  — warbeast2000 and kodiak2k  — both of which were designed to grab private SSH keys from machines they are installed on and store the keys on an attacker-controlled GitHub repository.

The SSH key-stealing malware tools were first discovered by researchers at ReversingLabs using the company’s Software Supply Chain Security platform. The malicious packages were found during the first week of January 2024 and removed by the GitHub-owned NPM registry shortly after they were reported.

The details of warbeast2000 and kodiak2k were first disclosed by ReversingLabs in a blog post on Jan. 23.

“Since there are instructions in the code’s comments, the [package] author’s intention is possibly to share malicious code with other malicious actors,” Lucija Valentić, a software threat researcher at ReversingLabs and author of the blog post, told SC Media. “They may also be hoping for developers and users to download and install warbeast2000 and kodiak2k.”

Software developers at risk from dangerous NPM packages

The warbeast2000 and kodiak2k packages both use a postinstall script to retrieve additional JavaScript code from an external source and execute it on a victim’s machine. At least one of the packages (warbeast2000) retrieves this second malicious script from a Pastebin address.

The payload installed and executed by warbeast2000 targets the id_rsa file located at /.ssh within the victim’s home directory to grab the private SSH key stored within this file. “Id_rsa” is the default file name for SSH keys generated by ssh-keygen, which is standard on Unix, Linux and macOS systems as well as Git for Windows.

After reading the private SSH key, warbeast2000’s final payload copies the key, encodes it in Base64 and uploads it to a GitHub repository controlled by the attacker. Warbeast2000 has no other functions and does not appear to imitate other legitimate packages.

Kodiak2k’s payload works similarly to warbeast2000’s, but instead of going after id_rsa, it searches (home…

Source…

DVIDS – News – Navy Cyber Warfare Development Group Host Commemoration For Rosemary S. Wenchel

/in



Navy Cyber Warfare Development Group (NCWDG) hosted a commemoration ceremony for Rosemary S. Wenchel on December 20 at Fort Meade, Md.

During the ceremony Capt. Michael Herlands, commanding officer of NCWDG, presented a portrait of Wenchel to her family that will hang in the lobby of the NCWDG Cyber Foundry, a research and development command for some of the U.S. Navy’s cyber-warfare capabilities.

Friends and family of Wenchel talked about the impact she had on their lives and how she brought out the best in everyone around her.

“Rosemary was an unsung pioneer of naval cryptology and a trailblazer for the cyber discipline within the U.S. National Security establishment,” said Herlands. “She was a prominent member of our NCWDG family for decades and a true inspiration for many of us who continue carrying on her legacy.”

Wenchel’s service to the Navy cyber community began in 1989 as a computer systems programmer at the Naval Security Group. She would spend the rest of her career ensuring the Navy was the dominant force in the cyberspace and information environment.

Between 1995 and 2005 she worked at Naval Information Warfare Activity, finishing her time there as the chief scientist. She would go on to direct cyber capabilities at the Office of the Under Secretary of Defense for Intelligence.

She joined DHS in 2012 and became the assistant secretary for the Office of Cyber, Infrastructure and Resilience Policy to ensure the U.S. cyber workforce had the tools needed to succeed.

In 2016, she returned to NCWDG as the chief technology officer, providing technical leadership and strategic guidance for the research, development and operational delivery of cyber warfare capabilities. She passed away May 11, 2019.

George Wenchel, husband of Rosemary, expressed how his wife’s deep dedication to the Navy and her strong commitment to her cryptologic and cyber colleagues throughout her career, left the world a better place.

NCWDG serves as the Navy’s Center for Cyber Warfare innovation. For over 30 years, NCWDG has conducted technical research and development to…

Source…

Home ministry to host 2-day G20 meet on crime, security in age of NFTs, AI, Metaverse, ET Telecom

/in


<p>The conference will bring together G20 countries, guests from the invitee nations and international bodies.</p>
The conference will bring together G20 countries, guests from the invitee nations and international bodies.

The Union Ministry of Home Affairs will organise the “G20 Conference on Crime and Security in the Age of Non Fungible Tokens (NFTs), Artificial Intelligence (AI) and Metaverse” on July 13-14 in Gurugram.The two-day event is being organised in partnership with the Union Ministry of Electronics and Information Technology (MeitY), Ministry of External Affairs, National Security Council Secretariat and the Central Bureau of Investigation.

The Rashtriya Raksha University, National Forensic Science University, National Law School of India University, Interpol and UNODC are the event’s organising partners.

“The MHA will host the ‘G20 Conference on Crime and Security in the Age of NFTs, AI and Metaverse’ on July 13-14. It will bring together G20 countries, nine special invitee countries and domain experts (from) around the world to delve into the challenges of advancing technologies,” a Union Ministry of Home Affairs (MHA) spokesperson said.

The conference will bring together G20 countries, guests from the invitee nations and international bodies.

NFTs are assets that have been tokenised via a blockchain. These are assigned unique identification codes and metadata to distinguish these from other tokens. NFTs can be traded and exchanged for money or cryptocurrency.

AI is a rapidly growing field of technology that has already made significant contributions to industries such as health care, finance and transportation. AI has recently emerged as a critical component in the development of the Metaverse — a virtual world where people can interact with each other and digital entities in a fully immersive environment.

According to the officials, the conference will see the participation of ministries and central government organisations, chief secretaries and administrators of states and Union Territories, directors general of police of states and Union Territories and cyber experts.

Guest speakers from the legal fraternity, academia, training institutions, financial intermediaries, fintech, social media intermediaries, information and…

Source…

German Police Raid DDoS-Friendly Host ‘FlyHosting’

/in


Authorities in Germany this week seized Internet servers that powered FlyHosting, a dark web offering that catered to cybercriminals operating DDoS-for-hire services, KrebsOnSecurity has learned. FlyHosting first advertised on cybercrime forums in November 2022, saying it was a Germany-based hosting firm that was open for business to anyone looking for a reliable place to host malware, botnet controllers, or DDoS-for-hire infrastructure.

A seizure notice left on the FlyHosting domains.

A statement released today by the German Federal Criminal Police Office says they served eight search warrants on March 30, and identified five individuals aged 16-24 suspected of operating “an internet service” since mid-2021. The German authorities did not name the suspects or the Internet service in question.

“Previously unknown perpetrators used the Internet service provided by the suspects in particular for so-called ‘DDoS attacks’, i.e. the simultaneous sending of a large number of data packets via the Internet for the purpose of disrupting other data processing systems,” the statement reads.

News of a raid on FlyHosting first surfaced Thursday in a Telegram chat channel that is frequented by people interested or involved in the DDoS-for-hire industry, where a user by the name Dstatcc broke the news to Fly Hosting customers:

“So Flyhosting made a ‘migration’ with it[s] systems to new rooms of the police ;),” the warning read. “Police says: They support ddos attacks, C&C/C2 and stresser a bit too much. We expect the police will take a deeper look into the files, payment logs and IP’s. If you had a server from them and they could find ‘bad things’ connected with you (payed with private paypal) you may ask a lawyer.”

An ad for FlyHosting posted by the the user “bnt” on the now-defunct cybercrime forum BreachForums. Image: Ke-la.com.

The German authorities said that as a result of the DDoS attacks facilitated by the defendants, the websites of various companies as well as those of the Hesse police have been overloaded in several cases since mid-2021, “so that they could only be operated to a limited extent or no longer at times.”

The statement says police…

Source…