Tag Archive for: results

Crooks manipulate GitHub’s search results to distribute malware

/in


Crooks manipulate GitHub’s search results to distribute malware

Pierluigi Paganini
April 13, 2024

Researchers warn threat actors are manipulating GitHub search results to target developers with persistent malware.

Checkmarx researchers reported that threat actors are manipulating GitHub search results to deliver persistent malware to developers systems.

Attackers behind this campaign create malicious repositories with popular names and topics, they were observed using techniques like automated updates and fake stars to boost search rankings.

“By leveraging GitHub Actions, the attackers automatically update the repositories at a very high frequency by modifying a file, usually called “log”, with the current date and time or just some random small change. This continuous activity artificially boosts the repositories’ visibility, especially for instances where users filter their results by “most recently updated,” increasing the likelihood of unsuspecting users finding and accessing them.” reads the report published by Checkmarx. “While automatic updates help, the attackers combine another technique to amplify the effectiveness of their repo making it to the top results. The attackers employed multiple fake accounts to add bogus stars, creating an illusion of popularity and trustworthiness.”

To evade detection, threat actors concealed the malicious code in Visual Studio project files (.csproj or .vcxproj), it is automatically executed when the project is built.

GitHub malware

The researchers noticed that the payload is delivered based on the victim’s origin, and is not distributed to users in Russia.

In the recent campaign, the threat actors used a sizable, padded executable file that shares similarities with the “Keyzetsu clipper” malware.

The recent malware campaign involves a large, padded executable file that shares similarities with the “Keyzetsu clipper” malware, targeting cryptocurrency wallets.

On April 3rd, the attacker updated the code in one of their repositories, linking to a new URL that downloads a different encrypted .7z file. The archive contained an executable named feedbackAPI.exe.

Threat actors padded the executable with numerous zeros…

Source…

Subscription Fees Get Mixed Results from Car Buyers

/in


A year after BMW began selling subscriptions to use its vehicles’ heated seats in South Korea, and with General Motors predicting annual software and services revenue of $25 billion by the end of the decade, S&P Global Mobility has surveyed nearly 8,000 consumers on the topic of vehicle feature subscription services.

S&P Mobility reported the results of its survey yesterday, saying that car-shoppers are largely satisfied with subscription-based infotainment services, but data security and privacy are concerns.

According to S&P Mobility, fewer than 30% of survey respondents are willing to pay for heated seats or a heated steering wheel by monthly subscription, and navigation and safety/security features were the ones most desired in respondents’ next vehicles.

As for infotainment subscriptions, the survey found that consumers favor their smartphone over their vehicle where features are redundant. Gen Z and Millennial respondents are most likely to drop connected-services subscriptions because of similar services on their smartphones, says S&P Mobility.

This could explain GM’s decision last year to remove Apple CarPlay and Android Auto user interfaces from its forthcoming electric vehicle lineup, opting for the company’s own infotainment system instead. According to S&P Mobility, GM sees an opportunity in consumer usage data.

“GM cannot get consumers’ usage data from the infotainment system if users only connect via third party apps like Apple CarPlay and Android Auto,” says Fanni Li, connected car services research lead at S&P Global Mobility. “Having this data on their own will become one of the competitive advantages for OEMs.”

When it comes to data collection, 37% of respondents worry about security issues, while 32% fail to understand the value that a connected service would provide from the shared data, says S&P Mobility. At the same time, the survey reported 31% of consumers “feeling comfortable” with OEM’s collecting their data.

These concerns did not seem to alter respondent subscribers’ attitudes towards subscription services, however. S&P Mobility reports in a subset of about 4,500 respondents who had experienced a free trial or an existing…

Source…

ZeroFox Announces Date of First Quarter Fiscal Year 2024 Financial Results and Participation in Upcoming Investor Conferences

/in


ZeroFox Announces Date of First Quarter Fiscal Year 2024 Financial Results and Participation in Upcoming Investor Conferences

WASHINGTON, May 16, 2023 (GLOBE NEWSWIRE) — ZeroFox (Nasdaq: ZFOX), a leading external cybersecurity provider, today announced that the Company will release financial results for the first quarter fiscal year 2024 ended April 30, 2023 before the U.S. markets open on Tuesday, June 6, 2023.

ZeroFox will host a conference call and live webcast to review the Company’s fiscal first quarter results for investors and analysts at 8:00 a.m. ET on Tuesday, June 6, 2023. To access this call via webcast, please use this link:


ZeroFox F1Q24 Earnings Call


.

Additionally, ZeroFox is scheduled to present at the following investor conferences:

Stifel 2023 Cross Sector Insight Conference

Date: Tuesday, June 6, 2023

Presentation Time: 1:50 p.m. ET

2023 Cantor Fitzgerald Technology Conference

Date: Wednesday, June 14, 2023

The live webcast and a webcast replay of each event can be accessed from the investor relations page of ZeroFox’s website at


https://ir.zerofox.com


.


About ZeroFox

ZeroFox (Nasdaq: ZFOX), an enterprise software-as-a-service leader in external cybersecurity, has redefined security outside the corporate perimeter on the internet, where businesses operate, and threat actors thrive. The ZeroFox platform combines advanced AI analytics, digital risk and privacy protection, full-spectrum threat intelligence, and a robust portfolio of breach, incident and takedown response capabilities to expose and disrupt phishing and fraud campaigns, botnet exposures, credential theft, impersonations, data breaches, and physical threats that target your brands, domains, people, and assets. Join thousands of customers, including some of the largest public sector organizations as well as finance, media, technology and retail companies to stay ahead of adversaries and address the entire lifecycle of external cyber risks. ZeroFox and the ZeroFox logo are trademarks or registered trademarks of ZeroFox, Inc. and/or its affiliates in the U.S. and other countries. Visit…

Source…

Ransomware Attack Hits Marinette Marine Shipyard, Results in Short-Term Delay of Frigate, Freedom LCS Construction

/in


Shipyard workers at Fincantieri Marinette Marine on April 12, 2023. USNI News Photo

The Wisconsin shipyard that builds the U.S. Navy’s Freedom-class Littoral Combat Ship and the Constellation-class guided-missile frigate suffered a ransomware attack last week that delayed production across the shipyard, USNI News has learned.

Fincantieri Marinette Marine experienced the attack in the early morning hours of April 12, when large chunks of data on the shipyard’s network servers were rendered unusable by an unknown professional group, two sources familiar with a Navy summary of the attack told USNI News on Thursday.

In a typical ransomware attack, attackers take the information on a server, encrypt it and set terms for a key that will unlock the data.

The attack on Marinette Marine targeted servers that held data used to feed instructions to the shipyard’s computer numerical control manufacturing machines, knocking them offline for several days. CNC-enabled machines are the backbone of modern manufacturing, taking specifications developed with design software and sending instructions to devices like welders, cutters, bending machines and other computer-controlled tools.

Based on information from the Navy, it’s unclear if the attackers stole any data.

In a statement to USNI News, Marinette Marine acknowledged there had been a cybersecurity incident at the shipyard.

“Fincantieri Marine Group experienced a cybersecurity incident last week that is causing a temporary disruption to certain computer systems on its network. The company’s network security officials immediately isolated systems and reported the incident to relevant agencies and partners. Fincantieri Marine Group brought in additional resources to investigate and to restore full functionality to the affected systems as quickly as possible, “ reads a statement from Fincantieri spokesman Eric Dent.

“Repair and construction operations continue at all three U.S. shipyards, however the company’s email and some networked operations remain off-line for now.”

Fincantieri would not elaborate beyond the statement. A Lockheed Martin spokesperson acknowledged a request for comment from USNI News but did not…

Source…