My Weekly Roundup #136
Full Hancitor malware analysis
Hancitor is a famous malware loader that has been in use for years since first being observed in 2015. A malware loader drops the actual malicious content on the system then executes the first stage of the attack.
Thousands of npm accounts use email addresses with expired domains
ModifiedElephant APT and a Decade of Fabricating Evidence
Executive Summary Our research attributes a decade of activity to a threat actor we call ModifiedElephant.
CinaRAT Delivered Through HTML ID Attributes
A few days ago, I wrote a diary about a malicious ISO file being dropped via a simple HTML file.
Google awarded $8.7 million to security researchers in 2021
In the yearly review of its vulnerability rewards program (VRP), Google said on Thursday that it awarded more than $8.7 million to security researchers in the form of bug bounties for thousands of vulnerabilities reported in Google products. The figure is up from the $6.
“533 million Facebook users’ phone numbers leaked” was one of the highlighted titles that flooded many social networks’ pages.
Biometric Hacking: Face Authentication Systems
In our Biometric Testing Facility, we have conducted a large number of security assessment of both 2D and 3D-IR Based face authentication algorithms.
Cyber-attack disrupts Slovenia’s top TV station
A cyber-attack has disrupted the operations of Pop TV, Slovenia’s most popular TV channel, in an incident this week believed to be an extortion attempt.
Apple Releases iOS, iPadOS, macOS Updates to Patch Actively Exploited Zero-Day Flaw
Apple on Thursday released security updates for iOS, iPadOS, macOS, and Safari to address a new WebKit flaw that it said may have been actively exploited in the wild, making it the company’s third zero-day patch since the start of the year.
Decryptor Keys Published for Maze, Egregor, Sekhmet Ransomwares
The Maze gang are purportedly never going back to ransomware and have destroyed all of their ransomware source code, said somebody claiming to be the developer.
Apple patches new zero-day exploited to hack iPhones, iPads, Macs
Apple has released security updates to fix a new zero-day vulnerability exploited in the wild by attackers to hack iPhones, iPads, and Macs.
LolZarus: Lazarus Group Incorporating Lolbins into Campaigns
Qualys Threat Research has identified a new Lazarus campaign using employment phishing lures targeting the defence sector. The identified variants target job applicants for Lockheed Martin.
Qbot needs only 30 minutes to steal your credentials, emails
The widespread malware known as Qbot (aka Qakbot or QuakBot) has recently returned to light-speed attacks, and according to analysts, it only takes around 30 minutes to steal sensitive data after the initial infection.
Roaming Mantis reaches Europe
Roaming Mantis is a malicious campaign that targets Android devices and spreads mobile malware via smishing. We have been tracking Roaming Mantis since 2018, and published five blog posts about this campaign:
Color Dot Puzzle Will Wrinkle Your Brain
[Sebastian] describes the 4×4 Color Dot Puzzle as a sort of combination of the ideas behind the Rubik’s Cube and the 15 puzzle. The aim is to arrange the 16 colored tiles on the board to form four single-colored 2×2 squares in the overall 4×4 board.
The World’s Biggest Optical Telescope Will Search for Alien Life
The world’s largest optical telescope, equipped with a primary mirror that stretches nearly 40 meters (130 feet) across, is currently taking shape in a high, dry region of the Chilean desert.
/Film | Reporting the Reel World
The Raised By Wolves Colony Report: Nothing Is As It Appears Jurassic World Dominion Trailer Breakdown: In Times Of Dino Crisis Marry Me Review: Jennifer Lopez And Owen Wilson Tie The Knot In A Glossy Rom-Com Relic Television /Shania Russell Better Things Season 5 Trailer: The Fox Family Keeps Looki
Microsoft Teams performance improvements reduce power consumption in meetings by up to 50%
In a previous post, we shared how Microsoft ensures efficient use of device resources such as CPU and memory during Microsoft Teams calls and meetings. In this article, we want to dive deeper into how our goals and measurement methodology has been used to cut power consumption in Teams meetings.
Electronic monitoring using GPS tags: a tech primer
Electronic tags have been a key part of criminal justice offender management for over 20 years, being used in the United States since the mid 1980’s and in the UK and some other commonwealth countries since 2003. In 2021 the UK introduced GPS tagging for immigration bail.
French Regulator Rules Google Analytics Illegal
France’s data protection watchdog has concluded that Google Analytics can’t be trusted not to share Europeans’ personal data with the US government.
Steve Vai Elaborates On ‘Pizza Incident’ That Caused His Tour Postponement
Steve Vai will reemerge later this year on his ‘Inviolate’ tour with a surgically repaired left hand and a twice surgically-repaired right shoulder.
Jack White’s Latest, ‘Fear of the Dawn,’ Is a Big Riff Ripper With a Fittingly Chaotic Video
Jack White has released a bruising new song, “Fear of the Dawn,” the title track from his first of two 2022 albums, which will arrive on April 8.
History of rock ’n’ roll
From baseball and television to air conditioning and Coca-Cola, the United States has offered the world no shortage of contributions. Few of those contributions, however, can hold a candle to the one American export that completes the vaunted triple crown of sex, drugs, and rock ’n’ roll.
Ian McDonald, King Crimson and Foreigner Co-Founder, Dead at 75
Ian McDonald, a multi-instrumentalist and songwriter best known for his co-founding roles in both King Crimson and Foreigner, died Wednesday at the age of 75.