Kimsuky APT deploys Linux backdoor Gomir in South Korean cyber attacks

ReportMay 17, 2024Editorial DepartmentLinux/Malware

The Kimsuky (aka Springtail) advanced persistent threat (APT) group with ties to North Korea’s Reconnaissance General Bureau (RGB) has been observed deploying a Linux version of the GoBear backdoor as part of a campaign targeting South Korean groups.

back door, code name Gomir“Structurally almost identical to GoBear, code is widely shared between malware variants,” Broadcom’s Symantec Threat Hunters team said in a new report. “Any functionality in GoBear that relies on the operating system is either missing in Gomir or has been re-implemented.”

GoBear was first documented by South Korean security firm S2W in early February 2024 in connection with a campaign to spread malware called Troll Stealer (aka TrollAgent), which overlapped with known Kimsuky malware families such as AppleSeed and AlphaSeed. .

Subsequent analysis by the AhnLab Security Intelligence Center (ASEC) revealed that the malware was distributed via a Trojan security program downloaded from the website of the Korean Construction Related Association.

These include nProtect Online Security, NX_PRNMAN, TrustPKI, UbiReport, and WIZVERA VeraPort, the last of which was previously subject to a software supply chain attack by Lazarus Group in 2020.

Symantec said it has also observed the Troll Stealer malware being spread through a malicious installer from Wizvera VeraPort, but it is not yet clear the exact distribution mechanism used to spread the installer.

“GoBear also contains similar function names to the older Springtail backdoor BetaSeed, which was written in C++, suggesting a common origin for both threats,” the company noted.

The malware supports the execution of commands received from a remote server and is also said to be spread via a fake installer implant disguised as a Korea Transportation Organization application.

Its Linux counterpart, Gomir, supports up to 17 commands, allowing its operators to perform file operations, launch reverse proxies, suspend command and control (C2) communications for a specified period of time, run shell commands, and terminate their own command programs.

“The latest Springtail campaign provides further evidence that software installation packages and updates are now among the most favored infection vectors for North Korean espionage actors,” Symantec said.

“The targeting software appears to have been carefully selected to maximize the chance of infecting South Korean targets.”

Did you find this article interesting?follow us Twitter  and LinkedIn to read more exclusive content from us.

Source link

The post Kimsuky APT deploys Linux backdoor Gomir in South Korean cyber attacks appeared first on Tech Empire Solutions.

from Tech Empire Solutions https://techempiresolutions.com/kimsuky-apt-deploys-linux-backdoor-gomir-in-south-korean-cyber-attacks/
via https://techempiresolutions.com/

Slack has been scanning your messages to train its artificial intelligence model

Slack trains machine learning models on user messages, documents, and other content without explicit permission. Training is opt-out, which means your private information will be stolen by default. Worse, you have to ask your organization’s Slack administrator (HR, IT, etc.) to send an email to the company asking it to stop. (You can’t do it yourself.) Welcome to the dark side of the new gold rush for artificial intelligence training materials.

Corey Quinn, a senior director at DuckBill Group, discovered the policy in an introduction to Slack’s Privacy Principles and posted it on X (via PCMag). The section reads as follows (emphasis ours): ” Develop artificial intelligence/machine learning models,our system Analyze customer data (For example Messages, content and files) submitted to Slack and Other information (including usage information) as defined in our Privacy Policy and your Customer Agreement.

The opt-out process requires that you complete all work to protect your data. According to the Privacy Statement, “To opt out, please have your organization or workspace owner or primary owner contact our Customer Experience team at feedback@slack.com and provide your workspace/organization URL and topic Run ‘Slack Global Model Opt-Out Request’.’ Once the opt-out is complete, we will process your request and respond.

Sorry, Slack, what the hell are you doing with user DMs, messages, files, etc.? I’m sure I didn’t read the article correctly. pic.twitter.com/6ORZNS2RxC

— Corey Quinn (@QuinnyPig) May 16, 2024

The company responded to Quinn’s message on Generating) machine learning models.

It’s unclear how long ago the Salesforce-owned company included this tidbit in its terms. Saying customers can opt out, when “customers” does not include employees working within the organization, is misleading at best. They have to ask the people who handle Slack access in their businesses to do this – I hope they will oblige.

Inconsistencies in Slack’s privacy policy add to the confusion. One section states, “Slack does not have access to the underlying content when developing AI/ML models or otherwise analyzing customer data. We have various technical measures in place to prevent this from happening. However, the machine learning model training policy appears to be inconsistent with This statement is contradictory and leaves a great deal of room for confusion.

Furthermore, Slack’s web page marketing its premium generative AI tool reads: “Work without worries. Your data is your data. We don’t use it to train Slack AI. Everything is built on Slack’s secure foundation Run on a facility that meets the same compliance standards as Slack itself.

In this case, the company is talking about its premium generative artificial intelligence tools, separate from the machine learning models it trains without explicit permission.However, as PCMag points out that implying that all of your data is unaffected by AI training is, at best, a highly misleading statement, since companies can obviously choose which AI models are covered by that statement.

Engadget tried contacting Slack through multiple channels, but had not received a response as of press time. We will update this story if we hear back.

Source link

The post Slack has been scanning your messages to train its artificial intelligence model appeared first on Tech Empire Solutions.

from Tech Empire Solutions https://techempiresolutions.com/slack-has-been-scanning-your-messages-to-train-its-artificial-intelligence-model/
via https://techempiresolutions.com/

Motorola’s 2024 Razr series may feature larger screen covers for budget models

We might be getting a closer look at Motorola’s next foldable phone.Connect the leak point to 91 mobile phone (via 9 to 5 google) and longtime device leaker Evan Blass have shown off the entry-level Moto Razr 50 and high-end Razr 50 Ultra (likely to be called the 2024 Razr and Razr+ in the US) in various colors from various angles.

Leaked information points to the high-end Razr+ (2024) (also known as the Razr 50 Ultra), which runs on a Snapdragon 8s Gen 3 chip and has 12GB of RAM and 256GB of storage. It is expected to be equipped with a 6.9-inch OLED display with a resolution of 2,640 x 1,080 on the inside and a 3.6-inch cover display on the outside. A 50MP wide-angle camera paired with a 50MP telephoto lens, a 32MP front-facing sensor, and a 4,000mAh battery round out the (alleged) specs.

Leaked images of the flagship model reveal it will be available in dark blue, dark green, peach and pink colours.

Meanwhile, the entry-level Razr (2024) – likely to be called the Razr 50 outside the US – will reportedly run a MediaTek Dimensity 7300 processor, which is different from the Snapdragon 7 Gen 1 found in its 2023 counterpart. Another noticeable change compared to its predecessor is its purported 3.63-inch display, which is a big improvement over last year’s budget model’s 1.5-inch outward-facing screen.

The leaks show no sign of a sleek wood option in Motorola’s Edge 50 phone range, which was launched last month. Old-school smartphone enthusiasts will remember that this is a throwback to 2013’s Moto X, when the company was owned by Google. (It has been under Lenovo since 2014.)

You can check out the leaked image gallery below, courtesy of Blass and 91 mobile phone.

1 /81

Motorola (2024) | Motorola 50

Product images of Motorola’s 2024 foldable phone have allegedly been leaked.

Source link

The post Motorola’s 2024 Razr series may feature larger screen covers for budget models appeared first on Tech Empire Solutions.

from Tech Empire Solutions https://techempiresolutions.com/motorolas-2024-razr-series-may-feature-larger-screen-covers-for-budget-models/
via https://techempiresolutions.com/

Kinsing hacker group exploits more flaws to expand botnet used for cryptojacking

ReportMay 17, 2024Editorial DepartmentCryptojacking/Malware

The cryptojacking group is called Jinxin It has demonstrated its ability to evolve and adapt, proving to be a persistent threat by rapidly incorporating newly revealed vulnerabilities to exploit its arsenal and expand its botnet.

The findings come from cloud security company Aqua, which describes the threat actors as actively orchestrating illegal cryptocurrency mining operations since 2019.

Kinsing (aka H2Miner) is the name of the malware and the adversary behind it, which continues to expand its toolkit with new vulnerabilities to register infected systems into cryptocurrency mining botnets. TrustedSec first documented it in January 2020.

In recent years, campaigns involving Golang-based malware have exploited various flaws in Apache ActiveMQ, Apache Log4j, Apache NiFi, Atlassian Confluence, Citrix, Liferay Portal, Linux, Openfire, Oracle WebLogic Server, and SaltStack to compromise vulnerable system.

Other methods involve leveraging misconfigured Docker, PostgreSQL, and Redis instances to gain initial access and then marshalling the endpoints into a botnet for cryptomining, but not before deactivating security services and removing installed files on the host. Rival miners.

Subsequent analysis by CyberArk in 2021 found commonalities between Kinsing and another malware called NSPPS, concluding that the two viruses “represent the same family.”

Kinsing’s attack infrastructure is divided into three main categories: initial servers used to scan and exploit vulnerabilities, download servers responsible for staging payloads and scripts, and command and control (C2) servers that maintain contact with infected servers. device.

The IP address used for the C2 server resolved to Russia, while the IP addresses used to download scripts and binaries spanned countries such as Luxembourg, Russia, the Netherlands, and Ukraine.

“Kinsing uses different tools for different operating systems,” Aqua said. “For example, Kinsing often uses shell and Bash scripts to exploit Linux servers.”

“We also found Kinsing using PowerShell scripts to target Openfire on Windows servers. When running on Unix, it typically downloads binaries that run on x86 or ARM.”

Another noteworthy aspect of the threat actor’s activity is that 91% of targeted applications were open source, with the group primarily targeting runtime applications (67%), databases (9%), and cloud infrastructure (8).

Image source: Forescout

Extensive analysis of the artifacts further revealed three distinct categories of procedures –

• Type I and Type II scriptsDeployed after initial access, it is used to download the next stage of attack components to eliminate competition and circumvent defenses by turning off firewalls, terminating security tools such as SELinux, AppArmor, and Alibaba Cloud Aegis, and deploying rootkits to hide malicious processes.

• helper scriptIt aims to achieve initial access by exploiting vulnerabilities, disable specific security components related to Alibaba Cloud and Tencent Cloud services from the Linux system, open a reverse shell of the server under the attacker’s control, and facilitate the retrieval of miner load

• binary fileas a second-stage payload, including the core Kinsing malware and a cryptominer that mines Monero

For its part, the malware is designed to keep an eye on the mining process and share its process identifier (PID) with the C2 server, perform connection checks and send execution results, etc.

“Kinsing targets Linux and Windows systems, often by exploiting vulnerabilities in web applications or misconfigurations such as the Docker API and Kubernetes to run cryptocurrency mining programs,” Aqua said. “To prevent potential threats like Kinsing , proactive measures such as strengthening pre-deployment workloads are critical.”

The disclosure comes as botnet malware families are increasingly looking for ways to expand their reach and recruit machines into networks to carry out malicious activities.

The best example is P2PInfect, a Rust malware that was found to exploit less secure Redis servers to deliver variants compiled for the MIPS and ARM architectures.

Nozomi Networks, which discovered the sample targeting ARM earlier this year, said: “The main payload is capable of performing various operations, including propagating and delivering other modules with self-explanatory file names such as miner and winminer.”

“As the name suggests, the malware is capable of performing peer-to-peer (P2P) communications without relying on a single command and control server (C&C) to deliver the attacker’s commands.”

Did you find this article interesting?follow us Twitter  and LinkedIn to read more exclusive content from us.

Source link

The post Kinsing hacker group exploits more flaws to expand botnet used for cryptojacking appeared first on Tech Empire Solutions.

from Tech Empire Solutions https://techempiresolutions.com/kinsing-hacker-group-exploits-more-flaws-to-expand-botnet-used-for-cryptojacking/
via https://techempiresolutions.com/

Google’s accessibility app Lookout uses your phone’s camera to find and identify objects

Google has updated some accessibility apps and added features to make them easier to use for people who need them. It has launched a new version of its Lookout app that can read text and even lengthy documents aloud for people with low vision or blindness. The app can also read food labels, identify currency, and tell users what they see through the camera and images. Its latest version comes with a new “Find” mode that allows users to choose from seven item categories, including seats, tables, vehicles, tableware and bathrooms.

When the user selects a category, the app will be able to identify the objects associated with it as the user moves the camera around the room. It then tells them the direction or distance to the object, making it easier for users to interact with their surroundings. Google is also launching an in-app photo button so they can take a photo and quickly get an AI-generated description.

Google

The company has also updated its Look to Speak app. Look to Speak enables users to communicate with others by selecting from a list of phrases they want the app to speak aloud using eye gestures. Now, Google has added a text-less mode that lets them trigger speech by selecting from an album containing a variety of emojis, symbols, and photos. Even better, they can personalize what each symbol or image means to them.

Google has also expanded the screen reader functionality of Lens in Maps so that it can tell users the names and categories of places they see, such as ATMs and restaurants. It can also tell them how far away a particular location is. Additionally, it is rolling out improvements to detailed voice guidance, which provides audio prompts telling users where they should go.

Finally, four years after the launch of Maps for Android and iOS, Google is finally making wheelchair information available on the desktop. The Accessibility feature allows users to see if the place they are visiting can meet their needs – for example, businesses and public spaces with accessible entrances will display a wheelchair icon. They can also use the feature to see if a location has accessible restrooms, seating, and parking. Maps currently has accessible information for more than 50 million places, the company said. Those who like to find wheelchair information on Android and iOS can now also easily filter reviews that focus on wheelchair access.

Google made all of these announcements at this year’s I/O developer conference, where it also revealed that it’s open sourcing more code for its Gameface hands-free “mouse” project, allowing Android developers to use it in their apps . The tool allows users to control cursors through head movements and facial expressions so they can use computers and mobile phones more easily.

Stay up to date with all the news from Google I/O 2024 here!

This article contains affiliate links; if you click on such links and make a purchase, we may earn a commission.

Source link

The post Google’s accessibility app Lookout uses your phone’s camera to find and identify objects appeared first on Tech Empire Solutions.

from Tech Empire Solutions https://techempiresolutions.com/googles-accessibility-app-lookout-uses-your-phones-camera-to-find-and-identify-objects/
via https://techempiresolutions.com/

The psychology of artificial intelligence trustworthiness

Enrique Leon, Artificial Intelligence and Cloud Enterprise Architect at American Sugar Refining

Artificial intelligence (AI) is increasingly used to generate content, such as text, images, music, and videos, that can influence human beliefs, attitudes, and behaviors. However, not all AI-generated content is accurate, reliable or ethical. Some AI systems may intentionally or unintentionally produce misleading, biased, or harmful content, which may have negative consequences for individuals and society. Therefore, it is important to understand how people assess the trustworthiness of AI-generated content and how it compares to human-generated content.

This article explores the psychological factors that influence people’s trust in AI-generated content and why they are more likely to accept the authenticity of AI-generated content than human-generated content. We review the existing literature on this topic and propose a conceptual framework to explain the main cognitive and affective processes involved. We also discuss the implications of our findings for the design and regulation of AI systems and the education and empowerment of users.

literature review

A growing body of research explores how people perceive and respond to AI-generated content, particularly in the field of text and image generation. Some of the main themes that emerge from this literature are:

• People generally tend to trust content generated by AI, especially if they are unaware of its source or have a positive attitude toward AI.

• People are influenced by the quality, coherence and consistency of AI-generated content and the cues and context that come with it.

• People are more likely to accept AI-generated content when it confirms their prior beliefs, preferences, or expectations, or when it appeals to their emotions or motivations.

• People are less likely to question or verify AI-generated content than human-generated content because they have a lower perception of responsibility, responsibility, or intentionality from the AI ​​source.

• People are more susceptible to AI-generated content when they have low levels of media literacy, critical thinking or digital skills, or when they are in situations of high uncertainty, complexity or information overload.

conceptual framework

Based on a literature review, we propose a conceptual framework that illustrates the main psychological factors that influence trust in AI-generated content and how they compare to human-generated content. This framework consists of four components: source, message, recipient, and context. Each component has several subcomponents that represent specific variables that influence people’s trust. The framework ends with interactions and feedback loops between components and subcomponents.

“Users should be empowered and involved in the co-creation and governance of artificial intelligence systems and have the opportunity to express their opinions and concerns about the system and its outputs”

Conceptual Framework in the Psychology of Artificial Intelligence Credibility Perceived Objectivity – Artificial intelligence is simply perceived to be objective.

Consistency and reliability—trust based on consistent and high-quality content

Authoritative Attribution – Artificial Intelligence uses advanced technology, and most people don’t realize that Artificial Intelligence goes back decades

Lack of emotional bias – Artificial intelligence lacks emotions, thereby reducing the concerns associated with these emotions.Transparency—Trust is achieved through transparent explanations of user perceptions

Accuracy and precision – users trust that artificial intelligence is accurate and precise

Social Proof – Widespread adoption of AI and positive user experience

Mitigating Confirmation Bias – Content can mitigate confirmation bias by presenting information objectively

discuss

The conceptual framework I propose can help us understand the psychological mechanisms behind people’s trust in AI-generated content and why they are more accepting of its authenticity than human-generated content. The framework can also inform the design and regulation of AI systems and the education and empowerment of users. Some possible impacts are:

• AI systems should be transparent and accountable about their sources, methods, and goals, and provide clear and accurate information about the quality, reliability, and limitations of their outputs.

• AI systems should be ethical and responsible in producing content that respects human values, rights and dignity and avoid misleading, biased or harmful content.

• AI systems should be able to adapt and respond to user feedback and preferences, allowing users to control and customize their interactions with the system.

• Users should understand and understand the existence and potential impact of AI-generated content and develop the skills and abilities to critically evaluate and validate the content they encounter.

• Users should be empowered and involved in the co-creation and governance of AI systems and have the opportunity to express their opinions and concerns about the system and its outputs.

In this article, we explore the psychology of AI trustworthiness and why people trust AI-generated content more than human-generated content. We review the existing literature on this topic and propose a conceptual framework to explain the main cognitive and affective processes involved. We also discuss the implications of our findings for the design and regulation of AI systems and for user education and empowerment. I hope that this article will contribute to the advancement of research and practice in this important emerging area.

Source link

The post The psychology of artificial intelligence trustworthiness appeared first on Tech Empire Solutions.

from Tech Empire Solutions https://techempiresolutions.com/the-psychology-of-artificial-intelligence-trustworthiness/
via https://techempiresolutions.com/

A guide to innovation and efficiency strategies

Johan Zamora, Director of Big Data Engineering and Analytics at Western Union

In a rapidly evolving global business landscape, artificial intelligence (AI) has become critical to success, reshaping the way companies operate, innovate and interact with customers. For C-suite leaders who want to use technology to enhance their brands, streamline operations and enhance customer engagement, artificial intelligence provides a set of tools to turn challenges into opportunities. This article delves into the multi-faceted use of AI in creating branded content, interpreting complex documents, automating processes, and managing customer inquiries, ultimately illustrating how AI can drive business growth and efficiency.

Artificial Intelligence Creates Branded Content

In the digital age, content is king, but not just any content—branded content that resonates with your target audience and amplifies your company’s voice is crucial. Artificial intelligence technologies, including natural language generation (NLG) and machine learning algorithms, are revolutionizing content creation. These tools analyze consumer behavior, preferences and engagement to produce personalized content that directly addresses the needs and interests of your audience. From blog posts and social media updates to video scripts and marketing copy, the AI-driven platform enables businesses to produce high-quality, consistent and relevant content at scale, ensuring a consistent and impactful brand image across all channels .

Artificial intelligence for complex document interpretation

Interpreting complex documents such as legal contracts, technical manuals and regulatory documents can be time-consuming and error-prone. Artificial intelligence has the ability to process and analyze large amounts of data. It can effectively browse these documents, extract relevant information, identify key patterns, and even provide summaries and insights. This feature not only speeds up the review process but also improves accuracy and compliance, mitigating risks associated with human error and oversight.

Artificial Intelligence in Process Automation

Process automation powered by artificial intelligence is a game changer for businesses looking to increase efficiency and reduce operating costs. Robotic process automation (RPA) combines with artificial intelligence technology to handle repetitive, rules-based tasks, from data entry and invoice processing to inventory management and customer onboarding. By automating these processes, companies can allocate human resources to more strategic tasks, thereby increasing productivity and promoting innovation.

Artificial intelligence handles customer inquiries

Customer service is a key touchpoint for businesses, and artificial intelligence is transforming this area through advanced chatbots and virtual assistants. Equipped with natural language processing (NLP) and machine learning, these artificial intelligence tools can instantly understand and respond to customer inquiries, providing personalized and accurate support. In addition to handling routine issues, AI systems can analyze customer data, provide tailored recommendations and upsell services, and even predict and resolve potential issues, thereby enhancing the overall customer experience. Strategic integration of artificial intelligence:

Unleash potential and focus on core competencies

Integrating artificial intelligence into business operations is more than just adopting new technology; it is about strategically augmenting human ingenuity and creativity. When used effectively, AI can manage daily tasks and handle increased workloads, allowing teams to focus on strategy, creation, engineering, and transformation. Rather than diminishing the importance of the human element, this shift in strategy amplifies it, allowing companies to take on more work with the same workforce and pursue new opportunities. By combining artificial intelligence with human creativity and strategic insight, businesses can achieve unparalleled efficiency, innovation and competitive advantage.

In summary, the process of integrating AI into business requires a thoughtful approach that focuses on areas where AI can add the most value while complementing human skills. As leaders move down this path, the potential for AI to serve as a “boost rocket” for business expansion and transformation is enormous. With the right combination of technology, strategy and talent, the possibilities are endless.

Source link

The post A guide to innovation and efficiency strategies appeared first on Tech Empire Solutions.

from Tech Empire Solutions https://techempiresolutions.com/a-guide-to-innovation-and-efficiency-strategies/
via https://techempiresolutions.com/