November 2022 » Page 25 of 33 » supertechspain.com

Hackers Using Rogue Versions of KeePass and SolarWinds Software to Distribute RomCom RAT

Posted on 07/11/2022

The operators of RomCom RAT malware are continuing to evolve their campaigns by distributing rogue versions of software such as SolarWinds Network Performance Monitor, KeePass password manager, and PDF Reader Pro via fake copycat websites.

Targets of the operation consist of victims in Ukraine and select English-speaking countries like the UK

“Given the geography of the targets and the current geopolitical situation, it’s unlikely that the RomCom RAT threat actor is cybercrime-motivated,” the BlackBerry Threat Research and Intelligence Team said in a new analysis.

The latest findings come a week after the Canadian cybersecurity company disclosed a spear-phishing campaign at Ukrainian entities to deploy a remote access trojan called RomCom RAT.

The unknown threat actor has also been observed leveraging trojanized variants of Advanced IP Scanner and pdfFiller as droppers to distribute the implant.

The latest iteration of the campaign entails setting up decoy lookalike websites with a similar domain name, followed by uploading a malware-laced installer bundle of the malicious software, and then sending phishing emails to targeted victims.

Fake Keypass website

Fake SolarWinds website

“While downloading a free trial from the spoofed SolarWinds site, a legitimate registration form appears,” the researchers explained.

“If filled out, real SolarWinds sales

This twist on an iconic logo has sparked a furious design debate

Posted on 07/11/2022

The best logos tend to be simple, memorable and versatile. Some are so versatile they can be put to uses the original designer never imagined. That’s the case of San Francisco’s ‘worm’, as the logo of the city and county’s municipal transport network is affectionately known.

The San Franciso Municipal Railway’s classic wiggly logo is the star of a new ad campaign in which its distinctive form is used to represent more than the network’s train lines and its abbreviated name – muni. Some think the campaign is ingenious design, but not everyone agrees. In fact, some are arguing that even the original logo is a stinker. But even it does break some of the rules of how to design a logo. But does that really matter?

The Muni logo on a bus in the 1970s

The Muni logo in sunset colors on a bus in the 1970s (Image credit: SFMTA)

The Muni logo is often hailed as a design classic. Created by Walter Landor in 1975, it represents transport lines but also spells out the network’s abbreviated name. And while it’s clearly a product of its era, with smooth, almost psychedelic lines reminiscent of the early 70s, it’s stood the test of time. It proved iconic enough to

Class-action lawsuit filed against Microsoft’s GitHub Copilot for software piracy

Posted on 07/11/2022

A laptop display with a coding IDE open and spectacles in the front — **Image credits:** Kevin Ku (Pexels)

GitHub Copilot sounds like a fascinating tool on paper. Launched in preview by Microsoft over a year ago, it’s basically an AI-powered extension that uses the code present in all public repositories on GitHub and then write code on your behalf based on simple prompts. For example, you could just write “Take an average of the numbers in this list” and GitHub Copilot will autonomously write the code to do this based on its training on GitHub codebases.

Microsoft announced GitHub Copilot’s general availability a few months ago at $10/month, but pretty much since its inception, the product has been criticized for its legal status in the sense that it uses the code written by other people without their permission and that Microsoft profits off of these practices. Today, a class-action lawsuit has been filed against the AI-powered pair programming tool.

The lawsuit has been initiated by Matthew Butterick, who is a programmer, author, and lawyer. He is being represented by the Joseph Saveri Law Firm from California. Together, they are claiming that Microsoft is engaging in open-source software piracy by using billions of lines of code written by millions of programmers under various licenses

This ASRock gadget turns your PC case into a proper monitor

Posted on 07/11/2022

If you want a secondary screen but can’t quite fit one onto your desk, you might want to check out ASRock’s latest invention — a PC side panel display.

Large and bright enough to serve as a proper monitor, this is certainly a fun gadget. Unfortunately, many of us won’t be able to use it.

Gamer in front of a PC that has the ASRock side panel screen on it. — ASRock

PC owners have all that space on their chassis, and nothing to do with it. As long as you’re willing to give up being able to easily peer inside the case (and admire the RGB light show, if that’s your thing), you might like ASRock’s 13.3-inch Side Panel Kit. This is essentially a monitor, similar to that in a laptop, that is attached to the inside of your case.

As the panel is installed within the chassis, your case needs to have a side panel made of transparent tempered glass. It has to be sturdy enough to hold the screen, but it also needs to be see-through so that you can see it in the first place.

For a little side monitor, the IPS display sounds decent. It measures 13.3 inches, has a 16:9 aspect ratio, 1080p resolution, and a basic 60Hz refresh rate.

CISA Warnings of Critical Vulnerabilities in 3 Industrial Control System Software

Posted on 06/11/2022

The US Cybersecurity and Infrastructure Security Agency (CISA) has published three Industrial Control Systems (ICS) advisories about multiple vulnerabilities in software from ETIC Telecom, Nokia, and Delta Industrial Automation.

Prominent among them is a set of three flaws affecting ETIC Telecom’s Remote Access Server (RAS), which “could allow an attacker to obtain sensitive information and compromise the vulnerable devices and other connected machines,” CISA said.

This includes CVE-2022-3703 (CVSS score: 9.0), a critical flaw that stems from the RAS web portal’s inability to verify the authenticity of firmware, thereby making it possible to slip in a rogue package that grants backdoor access to the adversary.

Two other flaws relate to a directory traversal bug in the RAS API (CVE-2022-41607, CVSS score: 8.6) and a file upload issue (CVE-2022-40981, CVSS score: 8.3) that can be exploited to read arbitrary files and upload malicious files that can compromise the device.

Israeli industrial cybersecurity firm OTORIO has been credited with discovering and reporting the flaws. All versions of ETIC Telecom RAS 4.5.0 and prior are vulnerable, with the issues addressed by the French company in version 4.7.3.

The second advisory from CISA concerns three flaws in Nokia’s ASIK AirScale 5G Common System Module