Hackers Could Unleash Chaos Through Backdoor in China-Made Robot Dogs – Source: www.securityweek.com https://ciso2ciso.com/hackers-could-unleash-chaos-through-backdoor-in-china-made-robot-dogs-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #Malware&Threats #vulnerabilities #securityweekcom #tunnelnetwork #securityweek #UnitreeGo1 #CloudSail #backdoor #robotics #China

Hackers Could Unleash Chaos Through Backdoor in China-Made Robot Dogs https://www.securityweek.com/undocumented-remote-access-backdoor-found-in-unitree-go1-robot-dog/ #Malware&Threats #Vulnerabilities #tunnelnetwork #UnitreeGo1 #CloudSail #backdoor #robotics #China

Hackers Could Unleash Chaos Through Backdoor in China-Made Robot Dogs https://www.securityweek.com/undocumented-remote-access-backdoor-found-in-unitree-go1-robot-dog/ #Malware&Threats #Vulnerabilities #tunnelnetwork #UnitreeGo1 #CloudSail #backdoor #robotics #China

Malicious actors have taken notice of news about the US Social Security System. We've seen multiple spam campaigns that attempt to phish users or lure them to download malware.

Emails with subjects like "Social Security Administrator.", "Social Security Statement", and "ensure the accuracy of your earnings record" contain malicious links and attachments.

One example contained a disguised URL that redirected to user2ilogon[.]es in order to download the trojan file named SsaViewer1.7.exe.

Actors using social security lures are connected to malicious campaigns targeting major brands through their DNS records.

Block these:

user2ilogon[.]es
viewer-ssa-gov[.]es
wellsffrago[.]com
nf-prime[.]com
deilvery-us[.]com
wllesfrarqo-home[.]com
nahud[.]com.

#dns #lookalikes #lookalikeDomain #threatintel #cybercrime #threatintelligence #cybersecurity #infoblox #infobloxthreatintel #infosec #pdns #malware #scam #ssa

#TroyHunt fell for a #phishing attack on his mailinglist members: https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/

Some of the ingredients: #Outlook and its habit of hiding important information from the user and missing #2FA which is phishing-resistant.

Use #FIDO2 with hardware tokens if possible (#Passkeys without FIDO2 HW tokens are NOT phishing-resistant due to the possibility of being able to trick users with credential transfers: https://arxiv.org/abs/2501.07380) and avoid Outlook (or #Microsoft) whenever possible.

Further learning: it could happen to the best of us! Don't be ashamed, try to minimize risks and be open about your mistakes.

Note: any 2FA is better than no 2FA at all.

https://slrpnk.net/post/19958860

How to install #Windows11 with better #privacy and user control.

There are extremely many people still using Windows 10 or even older, which will become a real security issue soon.

This guide is for people that need to keep using Windows. I used it to upgrade an unsupported Laptop to Windows 11, which is worlds better than Windows 10, after you clean it up. It makes Windows ***almost*** a nice OS ;)

ClickFix and malware seem to prefer PowerShell aliases: iwr iex for obfuscation, so I thought why not simply disable and turn them into canaries.

Of course impact is highly org and user dependent, but since it's deployed per user+host profile, we can easily apply it to the primary, non-privileged or service identity.

And yes, still disable Win+R, Win+X, log and get control on EPs. If you're already hunting iwr, you hopefully know where they run as current user.

Another Monday. Another edition of the Privacy Roundup featuring news items curated with end user #privacy and #security in mind.

This edition features:

- #Android Apps using #Bluetooth and Wi-Fi connection data to estimate and collect user location data
- #Apple Passwords app used insecure HTTP
- Video gamers beware: another game pulled from Steam for being #malware in disguise
- Free online converters adding malware to converted files
- Threat actors using #Reddit posts to push information stealing malware, primarily targeting #cryptocurrency traders/enthusiasts
- Data breaches at the largest US sperm bank and a large teacher union

… and more.

#privacymatters #databreach #cybersecurity #cybersecurity #infosec #gaming

https://avoidthehack.com/privacy-week12-2025

@psuPete Recommends Weekly highlights on cyber security issues, 3/22/25 - Five highlights from this week: Memo details #Trump plan to sabotage the #SocialSecurity Administration; Everything You Say To Your Fire TV & #Echo Will Be Sent to #Amazon Soon; The DNA of organised #crime is changing – and so is the threat to #Europe; Judge Rips #DOGE Dig Into Social Security Records; and Big AI platforms can generate #Chrome #malware with this technique. https://www.llrx.com/2025/03/pete-recommends-weekly-highlights-on-cyber-security-issues-march-22-2025/ #AI privacy #cybercrime

Fake CAPTCHA websites hijack your clipboard to install information stealers | via Malwarebytes

https://www.malwarebytes.com/blog/news/2025/03/fake-captcha-websites-hijack-your-clipboard-to-install-information-stealers

1/ the fact that #Tether never took any action before today to block the world's foremost russian #ransomware laundering crypto exchange (#Garantex) from using their #USDT token tells you everything you need to know about Tether (and therefore about Trump's Commerce Secretary #HowardLutnick, who manages Tether's money).

IMHO the fact that this is happening now suggests that the Trump administration has already made some kind of deal with #Putin.

https://protos.com/garantex-says-usdt-in-russian-wallets-under-threat-as-tether-freezes-27m/

A new malware campaign targets job seekers, risking both jobs and crypto, researchers warn.

#malware #job #cybersecurity #Apple #crypto

https://cnews.link/koi-info-stealer-macos-crypto-1/

I just got a phone call purportedly from Bluehost, referring to my URL specifically, saying it looks like there is a malware attack on my site. I have had a couple of unknown site views today. But there is no clear problem with my site, and I am aware that SiteLock and others are shady as hell.

Is this a scam? Is this a good reason to just shut down my old site and find a new host? Is this the kick in the butt I've been waiting for?

Valve removes Steam game that contained malware

https://techcrunch.com/2025/02/13/valve-removes-steam-game-that-contained-malware/

The game was called PirateFi, and billed itself as “a thrilling survival game set in a vibrant, low-poly world where you can choose to play solo or with others in multiplayer mode.” It’s not known exactly how many people downloaded the game, but its store rating had a 9/10 score out of 51 reviews, according to an archived version of its Steam page seen by TechCrunch.

Delivering Malware Through Abandoned Amazon S3 Buckets

Here’s a supply-chain attack just waiting to happen. A group of researchers searched for, and then registered, abandoned Amazon S3 buckets for about $400. These buckets contained software libraries that are still used. Presumably the project... https://www.schneier.com/blog/archives/2025/02/delivering-malware-through-abandoned-amazon-s3-buckets.html

Compromised? In this interview, https://www.muellershewrote.com/p/a-fork-in-the-road-is-federal-employee I speak to a systems security specialist who found privacy problems surrounding the HR@opm.gov email servers #IT #security #natsec #nationalsecurity #cybercrime #cybersecurity #hacking #surveillance #malware #email #DOGE #Musk #treasury #OPM #FAA #FEMA #education #privacy #PII

#iPhone apps found on App Store with #malware that reads your screenshots for key data

"SparkCat"

Malware found on the App Store (and the #Google Play Store) used OCR to read screenshots. It scanned a user's photo library to search for recovery phrases for crypto wallets.

Some affected apps were listed by threat actors, circumventing Apple's guardrails for listing on the App Store. Other apps appeared to be compromised without the developer's knowledge.

Remember, no app store is 100% safe.

Also, avoid storing sensitive information in your photo library.

#apple #cybersecurity #security

https://9to5mac.com/2025/02/05/iphone-apps-on-app-store-malware-reads-screenshots/

CAUTION-- APPS

Please use caution when using and recommending APPs Not All are safe!! Here's an article explaining why and how to try to avoid them

#Privacy #Security #APP #Internet #Virus #Malware #Tracking

https://www.makeuseof.com/what-are-malicious-apps/