Researchers from BlackBerry and Intezer discovered a Linux malware “nearly impossible” to detect

Read More

Post Content

Read More

Researchers have come across a stealthy Linux backdoor that uses sophisticated techniques to hide itself on compromised servers and steal credentials. Dubbed Symbiote because it injects itself into existing processes, the threat has been in development since at least November 2021 and seems to have been used against the financial sector in Latin America.

“Symbiote is a malware that is highly evasive,” researchers from BlackBerry said in a new report. “Since the malware operates as a userland level rootkit, detecting an infection may be difficult. Network telemetry can be used to detect anomalous DNS requests and security tools such as AVs and EDRs should be statically linked to ensure they are not “infected” by userland rootkits.”

To read this article in full, please click here

Read More

Twitter was fined $150 million for using phone numbers and email addresses collected for two-factor authentication for ad targeting.

Read More

An Iranian hacking gang called Bohrium has had its activities disrupted after Microsoft seized control of 41 domains used in spear-phishing attacks.

Read more in my article on the Hot for Security blog.

Read More

Interesting article about civilians using smartphones to assist their militaries in wartime, and how that blurs the important legal distinction between combatants and non-combatants:

The principle of distinction between the two roles is a critical cornerstone of international humanitarian law­—the law of armed conflict, codified by decades of customs and laws such as the Geneva Conventions. Those considered civilians and civilian targets are not to be attacked by military forces; as they are not combatants, they should be spared. At the same time, they also should not act as combatants—­if they do, they may lose this status.

The conundrum, then, is how to classify a civilian who, with the use of their smartphone, potentially becomes an active participant in a military sensor system. (To be clear, solely having the app installed is not sufficient to lose the protected status. What matters is actual usage.) The Additional Protocol I to Geneva Conventions states that civilians enjoy protection from the “dangers arising from military operations unless and for such time as they take a direct part in hostilities.” Legally, if civilians engage in military activity, such as taking part in hostilities by using weapons, they forfeit their protected status, “for such time as they take a direct part in hostilities” that “affect[s] the military operations,” according to the International Committee of the Red Cross, the traditional impartial custodian of International Humanitarian Law. This is the case even if the people in question are not formally members of the armed forces. By losing the status of a civilian, one may become a legitimate military objective, carrying the risk of being directly attacked by military forces.

Read More

Given the significant cybersecurity problems that the SolarWinds, Log4j and other software supply chain infections created over the past two years, it’s no surprise that software security emerged as a hot topic at this year’s RSA conference. Ahead of the event, ReversingLabs released a survey it commissioned of over 300 senior software employees on the struggles their firms face in detecting supply chain attacks

To read this article in full, please click here

Read More

More threat actors are exploiting the browser as an attack vector, largely because it’s becoming a popular way to access corporate applications and resources. As a means to counter browser-borne malicious software—such as Trojans, worms or ransomware—Conceal, an endpoint security company, introduced this week ConcealBrowse.

ConcealBrowse, which supports all popular operating systems, can be planted on an endpoint by a network administrator where it will monitor all code as it runs to determine if it presents a threat to an organization. Suspicious content is run in isolation where, if the software is malicious, any damage it might cause can be contained.

To read this article in full, please click here

Read More