Hidden Cobra, a threat group that the US government previously has linked to North Korea, appears to have turned its sights on financial institutions in Turkey.
Security vendor McAfee reported finding malware associated with the group surfacing on systems belonging to three large financial organizations and at least two major government-controlled entities involved in finance and trade in Turkey.
The malware, dubbed Bankshot, was last seen in 2017 and is designed to persist on compromised systems for further exploits.
Its presence on the systems in Turkey suggests the Hidden Cobra operation is intended to gather specific information that can be used to launch more damaging attacks later, McAfee said.
Microsoft encountered a rapidly spreading cryptocurrency-mining malware that infected almost 500,000 computers within just 12 hours and successfully blocked it to a large extent.
Dubbed Dofoil, aka Smoke Loader, the malware was found dropping a cryptocurrency miner program as payload on infected Windows computers that mines Electroneum coins, yet another cryptocurrency, for attackers using victims' CPUs.
On March 6, Windows Defender suddenly detected more than 80,000 instances of several variants of Dofoil that raised the alarm at Microsoft Windows Defender research department, and within the next 12 hours, over 400,000 instances were recorded.
A successful phishing attack on one of the Financial Services Information Sharing and Analysis Center (FS-ISAC) employees was used to launch additional phishing attacks against FS-ISAC members. The fallout from the back-to-back phishing attacks appears to have been limited and contained, as many FS-ISAC members who received the phishing attack quickly detected and reported it as suspicious. But the incident is a good reminder to be on your guard, remember that anyone can get phished, and that most phishing attacks succeed by abusing the sense of trust already established between the sender and recipient. “I would classify this as a typical, routine, non-targeted account harvesting and phishing. It did not affect our member portal, or where our data is. That’s 100 percent multifactor. In this case it happened to be an asset that did not have multifactor.” said Greg Temm, the FS-ISAC’s chief information risk officer.
Google's security researcher at ProjectZero has discovered a serious remote code execution vulnerability in both the 'μTorrent desktop app for Windows' and newly launched 'μTorrent Web' that allows users to download and stream torrents directly into their web browser. The researcher found that several issues with these RPC servers could allow remote attackers to take control of the torrent download software with little user interaction.
A number of Chase(dot)com customers have reported logging in to their bank accounts, only to be presented with another customer’s bank account details. Chase has acknowledged the incident, saying it was caused by an internal “glitch” that did not involve any kind of hacking attempt or cyberattack.
“We know for sure the glitch was on our end, not from a malicious actor. We’re going through Tweets from customers and making sure that if anyone is calling us with issues we’re working one on one with customers. If you see suspicious activity you should give us a call.” Trish Weller, director of communications said, noting that Chase is still trying to determine how many customers may have been affected.
The customers have been advised to “practice good security hygiene” by regularly reviewing their account statements, and promptly reporting any discrepancies.
The EFF is co-releasing a report with a number of academic and civil society organizations on the risks from malicious uses of AI and the steps that should be taken to mitigate them in advance. The report looks to address potential interactions between computer insecurity and AI, as well as its implications on physical and political security.
At present, computers are inherently insecure, and this makes them a poor platform for deploying important, high-stakes machine learning systems.
The report looks closely at these questions, as well as the implications of AI for physical and political security.