Tag Archive for: Significantly

Bumblebee Malware Loader’s Payloads Significantly Vary by Victim System

/in


A new analysis of Bumblebee, a particularly pernicious malware loader that first surfaced this March, shows that its payload for systems that are part of an enterprise network is very different from its payload for standalone systems.

On systems that appear to be part of a domain — for example, systems that might share the same Active Directory server — the malware is programmed to drop sophisticated post-exploitation tools such as Cobalt Strike. On the other hand, when Bumblebee determines it has landed on a machine that is part of a workgroup — or peer-to-peer LAN — the payload generally tends to be banking and information stealers.

Different Malware

“While the victim’s geographical location didn’t seem to have any effect on the malware behavior, we observed a very stark difference between the way Bumblebee behaves after infecting machines,” Check Point said in a report this week based on a recent analysis of the malware.

“If the victim is connected to WORKGROUP, in most cases it receives the DEX command (Download and Execute), which causes it to drop and run a file from the disk,” Check Point said. However, if the system is connected to an AD domain, the malware uses Download and Inject (DIJ) or Download shellcode and Inject (SHI) commands to download advanced payloads such as Cobalt, Strike, Meterpreter, and Silver.

Check Point’s analysis adds to the growing volume of research around Bumblebee in the six months or so since researchers first observed the malware in the wild. The malware has garnered attention for several reasons. One of them is its relatively widespread use among multiple threat groups. In an April 2022 analysis, researchers from Proofpoint said they had observed at least three distinct threat groups distributing Bumblebee to deliver different second-stage payloads on infected systems, including ransomware such as Conti and Diavol. Google’s threat analysis group identified one of the actors distributing Bumblebee as an initial access broker they are tracking as “Exotic Lily.”

Proofpoint and other security researchers have described Bumblebee as being used by threat actors previously associated with BazaLoader, a prolific malware loader that among other…

Source…

Royal Cyber Security Significantly Increased

/in


A growing concern for  the British Royal Family are the threat from hackers and other cyber criminals who pose a security threat and it emerges that Queen Elizabeth has taken the decision to increase the royal’s cyber security. 

Her Majesty’s cyber security experts have outlined in a report that the risk of unauthorised access to the Royal’s data has increased.

Throughout the coronavirus pandemic and subsequent lockdowns, Her Majesty has engaged in several video calls as well as video chats with people around the globe. But a new report has suggested ‘the Firm’ is now a high rather than medium risk of being hacked.

The warning, written by Keeper of the Privy Purse, Sir Michael Stevens, is thought to refer to hackers in China and Russia. It warns any hacking on the Royal Family would cause “reputational damage, penalties and/or legal action against the Household or members of staff”. In 2015 Oxford University Professor Sadie Creese was hired to instruct the monarch on social media safety and Queen Elizabeth has now ordered that defences against hackers be strengthened after learning the Royal Family is a high-risk target, resulting in a number changes to the Royal household.

In particular, ex-MI5 chief Andrew Parker was made head of her Royal Household and Elliott Atkins appointed as her first CISO  in a bid to prevent online attacks. 

In 2020 the Queen carried out almost half of her 2020 official engagements by telephone or video link and the over the years, several members of the Royal Family have been victims of phone hacking, including Prince William,  the Duchess of Cambridge, as well as Prince Harry. The Duchess of Cambridge had her messages hacked 155 times in the space of a few months between 2005 and 2006, including on Christmas Day and Valentine’s Day. William was also hacked 35 times, and Harry nine times. It is also believed personal phone details for Prince Charles and Camilla, the Duchess of Cornwall, were found among 11,000 handwritten notes that were seized during a Scotland Yard inquiry in 2006.

In August 2020 Russian hackers allegedly stole “hundreds” of Prince Harry and his wife Meghan Markle’s personal photos including…

Source…

2018 Year in Review Report Shows Android Security Patch Downloads Increased Significantly – App Informers

/in
  1. 2018 Year in Review Report Shows Android Security Patch Downloads Increased Significantly  App Informers
  2. Android security: 0.04% of downloads on Google Play in 2018 were ‘potentially harmful apps’  TechCrunch
  3. These are the Biggest Threats to Android Phones in India, According to Google  Gadgets 360
  4. Google: Malware in Google Play doubled in 2018 because of click-fraud apps  ZDNet
  5. Daily News Roundup: Another Day, Another Data Breach (And More from the Weekend)  How-To Geek
  6. View full coverage on read more

“android security news” – read more

American companies paid significantly more on average for every data breach in 2018 than companies in any other …

/in

  1. American companies paid significantly more on average for every data breach in 2018 than companies in any other …  Business Insider Nordic

  2. How Much Does a Data Breach Cost? Reading the 2018 Cost of a Data Breach Study  Security Boulevard

    3. Full coverage

data breach – read more