#AI Code #Hallucinations Increase the Risk of ‘Package Confusion’ #Attacks
A new #study found that code generated by AI is more likely to contain made-up information that can be used to trick software into interacting with #malicious #code.
https://www.wired.com/story/ai-code-hallucinations-increase-the-risk-of-package-confusion-attacks/
Restaurant Manager Ignored Seasoned Employee’s Advice, But His Insistence On Charging Extra Cents From Patrons Caused A “Hostile Work Environment” » TwistedSifter https://www.byteseu.com/959195/ #bad #boss #Compliance #entitled #environment #Funny #malicious #manager #money #people #picture #police #Reddit #Top
New #ClickFix scam targets US users with fake MS Defender and CloudFlare pages.
The scam page is hosted on a domain registered back in 2006, pretending to be the Indo-American Chamber of Commerce.
The #phishing page loads only for US-based victims, as observed during analysis with a residential IP in #ANYRUN Sandbox.
URL: iaccindia[.]com
The page hijacks the full-screen mode and displays a fake “Windows Defender Security Center” popup.
It mimics the Windows UI, locks the screen, and displays urgent messages to panic the user.
Victims are prompted to call a fake tech support number (+1-…), setting the stage for further exploitation.
The phishing page may also display a fake CloudFlare message tricking users to execute a #malicious Run command.
Take a look: https://app.any.run/tasks/e83a5861-6006-4b1d-aba8-8536dcaa8057/?utm_source=mastodon&utm_medium=article&utm_campaign=clickfix_scam&utm_term=160425&utm_content=linktoservice
#IOCs:
supermedicalhospital[.]com
adflowtube[.]com
knowhouze[.]com
ecomicrolab[.]com
javascripterhub[.]com
virtual[.]urban-orthodontics[.]com
Streamline threat analysis for your SOC with #ANYRUN 
#ExploreWithANYRUN
"We put a big tariff on Europe. They are coming to the table. They want to talk, but there's no talk unless they pay us a lot of money on a yearly basis. Number one for present but also for past because they’ve taken a lot of our wealth." - #Trump yesterday.
I'm beginning to think that we've accidentally ended up as extras in a bad movie satire. 
In German: Bäh, macht das weg! Das ist eklig! 
How cyber security experts are fighting AI-generated threats
As AI-powered cyber threats grow more sophisticated, cyber security teams must implement proactive security measures to counter emerging risks
via Malware RSS Feed
March 21, 2025 at 09:20AM #Malware #News #Cybersecurity #CTI #ioc #threathunting #Malicious #Code #Virus #soc
As themselves state "#uBlock Origin is a #browser extension that blocks unwanted content, such as #ads, #trackers, and #malicious URLs. It is easy on CPU and memory".
On #Google Messages tab, it blocks 11% of such content. On #Facebook Messanger, 6%. On #Instagram 5%.
On #Mastodon, #Element, #PixelFed none. 0.
That, should tell you something.
Fake Booking.com phishing pages used to deliver malware and steal data Attackers use #cybersquatting, mimicking Booking website to create legitimate-looking phishing pages that trick users into executing malicious actions.
Leveraging #ANYRUN's interactivity, security professionals can follow the entire infection chain and gather #IOCs.
Case 1: The user is instructed to open the Run tool by pressing Win + R, then Ctrl + V to paste the script, and hit Enter. This sequence of actions executes a #malicious script that downloads and runs malware, in this case, #XWorm.
Take a look at the analysis: https://app.any.run/tasks/61fd06c8-2332-450d-b44b-091fe5094335/?utm_source=mastodon&utm_medium=post&utm_campaign=fake_booking&utm_term=060325&utm_content=linktoservice
TI Lookup request to find domains, IPs, and analysis sessions related to this campaign:
https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=fake_booking&utm_content=linktoti&utm_term=060325#%7B%2522query%2522:%2522domainName:%255C%2522mktoresp.com%255C%2522%2520AND%2520domainName:%255C%2522booking.*.%255C%2522%2522,%2522dateRange%2522:30%7D%20%20
Use this search query to find more examples of this fake #CAPTCHA technique and enhance your organization's security response:
https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=fake_booking&utm_content=linktoti&utm_term=060325#%7B%2522query%2522:%2522commandLine:%5C%2522
Case 2: In this scenario, threat actors aim to steal victims’ banking information. It’s a typical phishing site that mimics Booking website and, after a few steps, prompts users to enter their card details to ‘verify’ their stay.
See example: https://app.any.run/tasks/87c49110-90ff-4833-8f65-af87e49fcc8d/?utm_source=mastodon&utm_medium=post&utm_campaign=fake_booking&utm_term=060325&utm_content=linktoservice
A key domain in this campaign, Iili[.]io, was also used by #Tycoon2FA #phishkit. Use this TI Lookup query to find more examples:
https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=fake_booking&utm_content=linktoti&utm_term=060325#%7B%2522query%2522:%2522domainName:%255C%2522bzib.nelreports.net%255C%2522%2520AND%2520domainName:%255C%2522xpaywalletcdn.azureedge.net%255C%2522%2520AND%2520domainName:%255C%2522cdnjs.cloudflare.com%255C%2522%2520AND%2520domainName:%255C%2522xpaycdn.azureedge.net%255C%2522%2520AND%2520domainName:%255C%2522iili.io%255C%2522%2522,%2522dateRange%2522:180%7D%20
Investigate the latest #malware and #phishing attacks with #ANYRUN
smh .. #twitter now flagging #signal contact links as #malicious
WP3.XYZ Malware attacks Add Rogue Admins to 5,000+ WordPress Sites.
Webscript security company c/side discovered during an incident response engagement for one of their clients that the malicious activity uses the wp3[.]xyz domain to exfiltrate data but have yet to determine the initial infection vector.
https://cside.dev/blog/over-5k-wordpress-sites-caught-in-wp3xyz-malware-attack
![[ImageSource: c/side]
After compromising a target, a malicious script loaded from the wp3[.]xyz domain creates the rogue admin account wpx_admin with credentials available in the code. The script then proceeds to install a malicious plugin (plugin.php) downloaded from the same domain, and activates it on the compromised website.
[⚠️Blocking the Attacks⚠️]
c/side recommends that website owners block the ‘wp3[.]xyz’ domain using firewalls and security tools. Moreover, admins should review other privileged accounts and the list of installed plugins, to identify unauthorized activity and remove them as soon as possible.
Finally, it is recommended that CSRF protections on WordPress sites be strengthened via unique token generation, server-side validation and periodic regeneration. Tokens should have a short expiration time to limit their validity period.
Implementing multi-factor authentication also adds protection to accounts with credentials that have already been compromised.](https://nerdculture.de/system/media_attachments/files/113/883/249/146/798/681/original/62e28c105c3812a5.png "[ImageSource: c/side]
After compromising a target, a malicious script loaded from the wp3[.]xyz domain creates the rogue admin account wpx_admin with credentials available in the code. The script then proceeds to install a malicious plugin (plugin.php) downloaded from the same domain, and activates it on the compromised website.
[⚠️Blocking the Attacks⚠️]
c/side recommends that website owners block the ‘wp3[.]xyz’ domain using firewalls and security tools. Moreover, admins should review other privileged accounts and the list of installed plugins, to identify unauthorized activity and remove them as soon as possible.
Finally, it is recommended that CSRF protections on WordPress sites be strengthened via unique token generation, server-side validation and periodic regeneration. Tokens should have a short expiration time to limit their validity period.
Implementing multi-factor authentication also adds protection to accounts with credentials that have already been compromised.")
→ ChatGPT search tool vulnerable to manipulation and deception, tests show
https://www.theguardian.com/technology/2024/dec/24/chatgpt-search-tool-vulnerable-to-manipulation-and-deception-tests-show
“[I]f the current ChatGPT search system was released fully in its current state, there could be a "high risk" of people creating websites specifically geared towards deceiving users.”
“A security researcher has also found that ChatGPT can return malicious code from websites it searches.”
"into communicating with a #malicious WhatsApp relay server controlled by NSO.
A third exploit developed by NSO, revealed in the documents, was called “Erised,” a so-called “zero-click” exploit that could compromise a victim’s phone without any interaction from the victim. WhatsApp blocked the use of NSO’s Erised exploit in May 2020, several months after WhatsApp had filed its #lawsuit."
Trying something new with #GitHub and posting my spam #UCE #UBE and suspect / #malicious #emails and their associated attachments. Putting everything in a #mastodon post was problematic with space limitations, and was hard to find/organize/search.
Providing the redacted headers and URLs to the malware sandboxes used:
https://github.com/obrientg/Analysis/blob/main/Fri%2C%2025%20Oct%202024%20JS%20Phish.AAL
Received two (2) of the same samples, with different file names & hashes but the same detection of JS/Phish.AAL
Both were sent to the email address I use for threat intel & incident response collaboration efforts.
Email SRC on both was Google Cloud (#GCP) with an #openproxy, abuse reporting submitted.
#MD5 5cf33dd39d6db60423ac89fd63e5f500
#SHA1 863c95b7e7ff0bb8299cbae93dfaed12cc619332
#SHA256 c4e40b137e43c89261ee89a34db843477a8c994a21a92c98c7b15193face8c35
#MD5 8a9af78b0a4cdade6df9f71e7e5b1362
#SHA1 b03fdf0891adacc1995fdd1e2f043343c20a45e5
#SHA256 317aaea9d9ef39c9b85b9ce6e0f68ec83a06b2f3298aded981b19063b2f44737
#malware #incidentResponse #malwareAnalysis
#InfoSec #informationSecurity #cybersecurity #cyberz #cyber #cybercrime
#phish #phishing
#threatIntel #IoC #threatIntelligence #cyberthreatintelligence #CTI
Over 200 malicious Apps on Google Play downloaded Millions of Times.
Google Play, distributed over a period of one year more than 200 malicious applications, which cumulatively counted nearly eight million downloads. The data was collected between June 2023 & April 2024 by Zscaler.
![[ImageSource: Zscaler]
Most targeted countries.
Zscaler's mobile threats report also shows a significant increase of spyware infections, driven primarily by SpyLoan, SpinOK and SpyNote families. In the past year, the company registered 232,000 blocks of spyware activity.
The most targeted countries by mobile malware in the past year were India and the United States, followed by Canada, South Africa and the Netherlands.](https://nerdculture.de/system/media_attachments/files/113/350/509/413/669/543/original/7ac4927819ea5bd4.png "[ImageSource: Zscaler]
Most targeted countries.
Zscaler's mobile threats report also shows a significant increase of spyware infections, driven primarily by SpyLoan, SpinOK and SpyNote families. In the past year, the company registered 232,000 blocks of spyware activity.
The most targeted countries by mobile malware in the past year were India and the United States, followed by Canada, South Africa and the Netherlands.")
![[ImageSource: Zscaler]
Sectors targeted by mobile malware in the past year.
According to the report, mobile malware targeted mostly the education sector, where the amount of blocked transactions increased by 136.8%. The services sector recorded a 40.9% increase, and chemicals and mining a 24% increase. All other sectors showed a general decline.
To minimize the chances of getting infected by malware from Google Play, users are advised to read reviews from others to see what problems have been reported and check the application publisher.
Users should also check the permissions requested at installation time and abort the process if the app requires permissions that do not fit its activity.](https://nerdculture.de/system/media_attachments/files/113/350/509/519/454/207/original/d1e6653138b94e8a.png "[ImageSource: Zscaler]
Sectors targeted by mobile malware in the past year.
According to the report, mobile malware targeted mostly the education sector, where the amount of blocked transactions increased by 136.8%. The services sector recorded a 40.9% increase, and chemicals and mining a 24% increase. All other sectors showed a general decline.
To minimize the chances of getting infected by malware from Google Play, users are advised to read reviews from others to see what problems have been reported and check the application publisher.
Users should also check the permissions requested at installation time and abort the process if the app requires permissions that do not fit its activity.")
Seriously, this should be law.
"[...] 2.12 The web can be consumed in any way that people choose
People must be able to change web pages according to their needs. For example, people should be able to install style sheets, assistive browser extensions, and blockers of unwanted content or scripts. We will build features and write specifications that respect peoples' agency, and will create user agents to represent those preferences on the web user's behalf. [...]"
And slso the entire rest of the code
Use @torproject / #TorBrowser instead of accepting #Enshittification!
#AdBlocking is an essential #Accessibility technology and necessary protection against #malicious actors that commit #Malvertising!
Hacker plants false memories in #ChatGPT to steal user data in perpetuity
"Emails, documents, and other untrusted content can plant #malicious #memories." https://arstechnica.com/security/2024/09/false-memories-planted-in-chatgpt-give-hacker-persistent-exfiltration-channel/
@sean Also there is no way to make #Encryption secure when it has a #Backdoor - regardless if it's #Govware or not - because the very concept must be regarded as #malicious!
Anything else would be bowing before #terrorists - regardless if they hold official offices or whether they got elected into those or not!
@shaknais No, #VoLTE - like any #tech - can't and won't solve issues caused by #humans being #malicious and/or #corrupt, espechally since it's a #blackbox that the user can't even verify a checksum or fingerprint of.
Whereas with #PGP one can use #DueDiligence, #MFA & #WebOfTrust independently from each other to verify things!
You're goalposting, so the entire conversation is just a waste of time and traffic for me.
Ukraine Daily Summary - Wednesday, September 18 2024
Syrians disappear in Luhansk Oblast as Moscow uses foreign fighters as cannon fodder -- Too dangerous to ignore; Russia's malicious activity in the Baltics set to test NATO resolve -- Russia reportedly executes POW with sword -- IMF's trip to Moscow is effectively enabling Russia's war against Ukraine -- and more
