We’re back with James Mickens, a professor of computer science at Harvard.
He teaches a class on operating systems, another on computer security, and is co-director of the Berkman-Klein Center for Internet and Society and the Institute for Rebooting Social Media. He says he used to work for Microsoft Research, and has published papers on mobile device security including “the propagation of malware on mobile devices.”
Epic has submitted him as an expert witness on mobile device security — and Judge Donato agrees he’s qualified. On we go!
https://spinsafe.com/wp-content/uploads/2023/11/the_verge_social_share.png6301200SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2023-11-21 22:30:052023-11-21 22:30:05We’re back with James Mickens, a professor of computer science at Harvard.
At long last, the time has come for former British Army tank crews to prop up the bar, wax lyrical about the glory days and maybe even get some belated recognition for just how cool their job was.
“You said our day was done! That the tank was an outdated dinosaur!” the bleary-eyed former tankie would be well-justified in exclaiming. “But let me tell you that Challenger 2 can really shift once those turbos kick in, not to mention the magic carpet-like sensation from its hydro-gas suspension working at speed across cross-country … ”
After I left the army in 2010, it seemed tanks were all but irrelevant. The emerging modern battlefield was apparently all about drones, technology, cyber warfare and smart, savvy soldiers tapping away at their laptops. The British Army continued to reduce its number of tanks with every review of defence.
Tanks provide close to that ideal Aristotelian balance that all militaries seek
Now, though, there is a squadron of Chally tanks — as it was affectionately known by those of us crewing it — heading to Ukraine to join a load of M1 Abrams and Leopard 2 tanks supplied by the US and Germany respectively.
Ukraine has been asking for tanks after finding that once it had broken through Russian lines its military wasn’t able to exploit and advance into depth. This is what you need to do in war to win. It also lets you get “inside the enemy’s decision-making cycle”, whereby just as they have made a decision, it is rendered irrelevant because the sway of battle has suddenly shifted to their disadvantage. Now they are burdened with having to make a totally new choice. It keeps the enemy harassed, confused and wears them down physically and mentally (similar things can happen in less than harmonious marriages, apparently).
Tanks, especially modern ones, are perfect for exploiting through and beyond enemy lines — first brilliantly displayed by tank commander supremo Heinz Guderian with the Blitzkrieg at the start of WWII that sideswiped France. They also aren’t too shabby at providing a defensive role given their degree of protection and firepower. Russia is reportedly planning to launch a big offensive…
https://spinsafe.com/wp-content/uploads/2023/02/GettyImages-1246310189.jpg6621024SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2023-02-19 07:00:062023-02-19 07:00:06Tanks for the memories | James Jeffrey
A newly discovered hacking campaign is exploiting an image from the James Webb Telescope to infect targets with malware.
Detailed today by researchers at Securonix Inc. and dubbed “GO#WEBBFUSCATOR,” the campaign leverages a deep field image taken from the telescope and obfuscated Golang programming language payloads to infect a potential victim.
The infection vector starts with a phishing email containing a Microsoft Office attachment containing an external reference hidden inside the document’s metadata which downloads a malicious template file. When the document is opened, the malicious template file is downloaded and saved on the system, initiating the first stage of code execution for the attack.
Eventually, the script downloads a JPEG image that shows the James Webb Telescope deep field image. The image contains malicious Base64 code disguised as an included certificate, which is then decrypted and saved into a built-in Windows executable called “msdllupdate.exe.”
The generated file is a Windows 64-bit executable about 1.7 megabytes in size and employs several obfuscation techniques to hide from antivirus software and to make analysis difficult. “At the time of publication, this particular file is undetected by all antivirus vendors,” the researchers note.
“It’s clear that the original author of the binary designed the payload with both some trivial counter-forensics and anti-endpoint detection and response detection methodologies in mind,” the researchers added.
The researchers conclude that the methodology used in the attack chain is interesting. Although the use of Golang is not uncommon, its combination, in this case, with the Certuitil command-line program is much less common.
“This campaign once again proposes the risk inherent in the concept of digital trust and its implications in the field of security,” Paolo Passeri, principal sales engineer at cybersecurity software company Netskope Inc., told SiliconANGLE.
Referencing the growth of remote work, Passeri noted that “users now place more reliance on digital interactions than on human ones, which lowers the level of guard against any content coming from the internet and are no…
Space images from the James Webb telescope are being used by hackers to hide and distribute malware.
As reported by Bleeping Computer, a new malware campaign titled ‘GO#WEBBFUSCATOR’ has been uncovered, which also involves both phishing emails and malicious documents.
A phishing email named “Geos-Rates.docx” is initially sent to victims, who would then unknowingly download a template file if they fall for the trap.
Should the target system’s Office suite have the macros element enabled, the aforementioned file subsequently auto-executes a VBS macro. This will then allow a JPG image to be downloaded remotely, after which it is decoded into an executable format, and then finally loaded onto the machine.
If the file itself is opened with an image viewer application, the image displays the galaxy cluster SMACS 0723, captured by the recently launched James Webb telescope. That said, opening the same file with a text editor reveals how the image disguises a payload that turns into a malware-based 64-bit executable.
After it’s successfully launched, the malware allows a DNS connection to the command and control (C2) server to be set up. Hackers can then execute commands via the Windows cmd.exe tool.
To help avoid detection, the threat actors incorporated the use of XOR for the binary in order to conceal Golang (a programming language) assemblies from analysts. These assemblies also utilize case alteration so it’s not picked up by security tools.
As for Golang, Bleeping Computer highlights how it’s becoming increasingly popular for cybercriminals due to its cross-platform (Windows, Linux, and Mac) capabilities. And as evidenced above, it’s harder to detect.
Researchers from Securonix have found that domains used for the malware campaign were registered as recently as May 29, 2022. The payloads in question have yet to be flagged as malicious by antivirus scanning systems via VirusTotal.
It’s been a busy year for hackers looking to deliver malware. In addition to the regular tried and tested methods to spread malicious files and the like, they’re even delaying the launch of their dangerous codes once it’s found its way into PCs by up to a month.
https://spinsafe.com/wp-content/uploads/2022/07/Hacked-computer-in-darkroom-at-office.jpg14142121SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2022-08-31 16:00:112022-08-31 16:00:11Hackers hide a nasty secret in James Webb telescope images
