A new campaign has targeted the npm package repository with malicious JavaScript libraries that are designed to infect Roblox users with open-source stealer malware such as Skuld and Blank-Grabber.
"This incident highlights the alarming ease with which threat actors can launch supply chain attacks by exploiting trust and human error within the open source ecosystem, and using readily available

A new campaign has targeted the npm package repository with malicious JavaScript libraries that are designed to infect Roblox users with open-source stealer malware such as Skuld and Blank-Grabber.

"This incident highlights the alarming ease with which threat actors can launch supply chain attacks by exploiting trust and human error within the open source ecosystem, and using readily available commodity malware, public platforms like GitHub for hosting malicious executables, and communication channels like Discord and Telegram for C2 operations to bypass traditional security measures," Socket security researcher Kirill Boychenko said in a report shared with The Hacker News.

The list of malicious packages is as follows -

*   node-dlls (77 downloads)
*   ro.dll (74 downloads)
*   autoadv (66 downloads)
*   rolimons-api (107 downloads)

It's worth pointing out that "node-dlls" is an attempt on part of the threat actor to masquerade as the legitimate node-dll package, which offers a doubly linked list implementation for JavaScript. Similarly, rolimons-api is a deceptive variant of Rolimon's API.

"While there are unofficial wrappers and modules — such as the rolimons Python package (downloaded over 17,000 times) and the Rolimons Lua module on GitHub — the malicious rolimons-api packages sought to exploit developers' trust in familiar names," Boychenko noted.

The rogue packages incorporate obfuscated code that downloads and executes Skuld and Blank Grabber, stealer malware families written in Golang and Python, respectively, that are capable of harvesting a wide range of information from infected systems. The captured data is then exfiltrated to the attacker via Discord webhook or Telegram.

In a further attempt to bypass security protections, the malware binaries are retrieved from a GitHub repository ("github\[.\]com/zvydev/code/") controlled by the threat actor.

Roblox's popularity in recent years has led to threat actors actively pushing bogus packages to target both developers and users. Earlier this year, several malicious packages like noblox.js-proxy-server, noblox-ts, and noblox.js-async were discovered impersonating the popular noblox.js library.

With bad actors exploiting the trust with widely-used packages to push typosquatted packages, developers are advised to verify package names and scrutinize source code prior to downloading them.

"As open-source ecosystems grow and more developers rely on shared code, the attack surface expands, with threat actors looking for more opportunities to infiltrate malicious code," Boychenko said. "This incident emphasizes the need for heightened awareness and robust security practices among developers."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Malicious NPM Packages Target Roblox Users with Data-Stealing Malware

We’ve all heard a million times: growing demand for robust cybersecurity in the face of rising cyber threats is undeniable. Globally small and medium-sized businesses (SMBs) are increasingly targeted by cyberattacks but often lack the resources for full-time Chief Information Security Officers (CISOs). This gap is driving the rise of the virtual CISO (vCISO) model, offering a cost-effective

Cyber Resilience / Compliance

We've all heard a million times: growing demand for robust cybersecurity in the face of rising cyber threats is undeniable. Globally small and medium-sized businesses (SMBs) are increasingly targeted by cyberattacks but often lack the resources for full-time Chief Information Security Officers (CISOs). This gap is driving the rise of the virtual CISO (vCISO) model, offering a cost-effective solution, and giving SMBs access to strategic security leadership.

For MSPs and MSSPs this shift represents both a challenge and an opportunity. Over 94% of service providers recognize the increasing need for vCISO services, yet, over 25% of providers report lacking the cybersecurity and compliance expertise needed to offer vCISO services.

**This gap is exactly why the vCISO Academy was created —to empower service providers with the knowledge and skills they need to thrive in this evolving landscape.**

The vCISO Academy is a **free, professional learning platform** designed to equip service providers with the knowledge and training needed to build and expand their vCISO offerings, helping them better serve their clients and bolster cybersecurity resilience.

**The Growing Demand for vCISO Services**

The demand for vCISO services has exploded in recent years, driven by the increasing frequency and sophistication of cyberattacks on SMBs. The latest State of the vCISO Survey (2024) which interviewed 200 senior security leaders, revealed that **94%** of service providers **see demand for vCISO** services **and 98%** of service providers who don't currently offer vCISO services **plan to introduce them in the foreseeable future**. This underscores the critical importance of vCISO services for MSPs and MSSPs, not just as a way to meet rising demand but also to stay competitive in a market where cybersecurity has become a business imperative.

**The Expertise Gap in Delivering vCISO Services**

While the market for vCISO services is rapidly expanding, many MPSs and MSSPs struggle to offer these services due to lack of in-house expertise and resources. In fact, over 25% of service providers report lacking the necessary expertise to offer comprehensive vCISO services.

Service providers often hesitate to offer vCISO services due to the complexity of the role, which requires a combination of technical expertise, regulatory knowledge, and business strategy alignment. Additionally, they face challenges like resource constraints, uncertainty about having the necessary staff or budget, and concerns about scaling the services without overextending themselves.

The vCISO Academy was created to help MSPs and MSSPs address these concerns. It provides a clear, step-by-step roadmap that simplifies the process, enabling service providers to confidently start and grow their vCISO offerings.

**How the vCISO Academy Fills This Critical Gap**

The vCISO Academy provides self-paced, hands-on learning designed to equip service providers with the training and knowledge needed to develop and scale their vCISO offerings.

Key features of the academy include:

*   **Expert guidance from industry experts who share their practical knowledge and experience** on a wide range of essential vCISO functions, including risk and compliance assessments, cybersecurity strategy development, and effective communication of risks to executive teams.
*   **Self-paced learning** allows access to videos, tools, and resources anytime and anywhere.
*   **An interactive platform** that provides exercises and real-world examples to reinforce understanding**.**

The Academy empowers MSPs and MSSPs to not only offer vCISO services confidently but also, build new revenue streams, enhance client relationships, and ensure their clients' cybersecurity resilience.

**Empowering MSPs and MSSPs to Accelerate Their vCISO Journey**

By addressing the knowledge shortage and providing structured, accessible learning, the vCISO academy allows service providers to:

*   **Broaden your perspective:** The vCISO Academy provides a deeper understanding of what it means to be a vCISO with specialized training to address the cybersecurity shortage. By helping to equip professionals with vCISO expertise, the Academy is helping fill a critical gap in the industry, ensuring businesses have access to the security leadership they need.
*   **Empower professional growth:** The vCISO Academy is designed to advance professionals' careers by developing their vCISO skills, positioning them as trusted advisors, and making them invaluable to their clients. Courses are created by industry experts who share practical knowledge and real-world experience.
*   **Scale services profitably and strengthen client relationships**: For MSPs and MSSPs, adding vCISO services is a strategic move that opens up new revenue streams and strengthens client relationships.

With the vCISO Academy, MSPs and MSSPs are better positioned to capitalize on emerging opportunities in the vCISO market while meeting the critical security needs of SMBs.

**Start Your vCISO Journey with the vCISO Academy**

As the cybersecurity landscape continues to evolve, the role of the vCISO is becoming a cornerstone of success for MSPs and MSSPs. The vCISO academy offers and invaluable resource to help service providers gain the expertise needed to thrive in this competitive landscape. Whether you are just establishing your vCISO services or looking to expand, the vCISO Academy provides the tools, knowledge, and support you need to grow your business and serve your clients more effectively.

Start your journey by visiting the vCISO Academy today and take the first step toward scaling your cybersecurity services and driving business growth. Together, we can ensure that businesses of all sizes have access to the cybersecurity leadership they need to stay secure​​.

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

The vCISO Academy: Transforming MSPs and MSSPs into Cybersecurity Powerhouses

Let’s face it—traditional security training can feel as thrilling as reading the fine print on a software update. It’s routine, predictable, and, let’s be honest, often forgotten the moment it's over. Now, imagine cybersecurity training that’s as unforgettable as your favorite show.
Remember how "Hamilton" made history come alive, or how "The Office" taught us CPR (Staying Alive beat, anyone?)?

Cybersecurity Awareness / Webinar

Let's face it—traditional security training can feel as thrilling as reading the fine print on a software update. It's routine, predictable, and, let's be honest, often forgotten the moment it's over. Now, imagine cybersecurity training that's as unforgettable as your favorite show.

Remember how "Hamilton" made history come alive, or how "The Office" taught us CPR (Staying Alive beat, anyone?)? That's the transformative power of storytelling—and it's exactly what Huntress Managed Security Awareness Training (SAT) is bringing to cybersecurity.

****Why Storytelling is the Secret Weapon in Security Training:****

Human brains are wired for stories; it's how we process complex information and retain it. Stories give lessons meaning and make concepts stick, so why not apply this to something as vital as cybersecurity awareness?

In our upcoming webinar, "Storytime with Huntress Managed Security Awareness Training," we're diving into why storytelling isn't just for movies—it's a game-changer for cybersecurity training.

****What to Expect in the Webinar:****

Industry experts, Dima Kumets (Principal Product Manager) and James O'Leary (Product Marketing Manager), will guide you through a fresh approach to security training that resonates with users and admins alike. Here's what we'll cover:

1.  **Why Storytelling Works:** Understand how storytelling can make complex cybersecurity concepts engaging and relatable, fostering stronger retention and action.
2.  **The Benefits of a Managed Solution:** Discover how Huntress Managed SAT supports your training admins with streamlined, effective security awareness training.
3.  **Innovative Tools to Boost Engagement:** From Phishing Defense Coaching to gamification, we'll show you how new capabilities make learning enjoyable and practical for all users.

Ready to supercharge your security culture with training that sticks? Join us and see how Huntress SAT transforms security awareness into an engaging story your team won't forget.

Sign up now to reserve your spot – and take the first step toward a security culture that's both strong and memorable.

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Webinar: Learn How Storytelling Can Make Cybersecurity Training Fun and Effective

Cybersecurity researchers have flagged a new malware campaign that infects Windows systems with a Linux virtual instance containing a backdoor capable of establishing remote access to the compromised hosts.
The "intriguing" campaign, codenamed CRON#TRAP, starts with a malicious Windows shortcut (LNK) file likely distributed in the form of a ZIP archive via a phishing email.
"What makes the CRON#

Cybersecurity researchers have flagged a new malware campaign that infects Windows systems with a Linux virtual instance containing a backdoor capable of establishing remote access to the compromised hosts.

The "intriguing" campaign, codenamed **CRON#TRAP**, starts with a malicious Windows shortcut (LNK) file likely distributed in the form of a ZIP archive via a phishing email.

"What makes the CRON#TRAP campaign particularly concerning is that the emulated Linux instance comes pre-configured with a backdoor that automatically connects to an attacker-controlled command-and-control (C2) server," Securonix researchers Den Iuzvyk and Tim Peck said in an analysis.

"This setup allows the attacker to maintain a stealthy presence on the victim's machine, staging further malicious activity within a concealed environment, making detection challenging for traditional antivirus solutions."

The phishing messages purport to be an "OneAmerica survey" that comes with a large 285MB ZIP archive that, when opened, triggers the infection process.

As part of the as-yet-unattributed attack campaign, the LNK file serves as a conduit to extract and initiate a lightweight, custom Linux environment emulated through Quick Emulator (QEMU), a legitimate, open-source virtualization tool. The virtual machine runs on Tiny Core Linux.

The shortcut subsequently launches PowerShell commands responsible for re-extracting the ZIP file and executing a hidden "start.bat" script, which, in turn, displays a fake error message to the victim to give them the impression that the survey link is no longer working.

But in the background, it sets up the QEMU virtual Linux environment referred to as PivotBox, which comes preloaded with the Chisel tunneling utility, granting remote access to the host immediately following the startup of the QEMU instance.

"The binary appears to be a pre-configured Chisel client designed to connect to a remote Command and Control (C2) server at 18.208.230\[.\]174 via websockets," the researchers said. "The attackers' approach effectively transforms this Chisel client into a full backdoor, enabling remote command and control traffic to flow in and out of the Linux environment."

The development is one of the many constantly evolving tactics that threat actors are using to target organizations and conceal malicious activity -- case in point is a spear-phishing campaign that has been observed targeting electronic manufacturing, engineering, and industrial companies in European countries to deliver the evasive GuLoader malware.

"The emails typically include order inquiries and contain an archive file attachment," Cado Security researcher Tara Gould said. "The emails are sent from various email addresses including from fake companies and compromised accounts. The emails typically hijack an existing email thread or request information about an order."

The activity, which has mainly targeted countries like Romania, Poland, Germany, and Kazakhstan, starts with a batch file present within the archive file. The batch file embeds an obfuscated PowerShell script that subsequently downloads another PowerShell script from a remote server.

The secondary PowerShell script includes functionality to allocate memory and ultimately execute the GuLoader shellcode to ultimately fetch the next-stage payload.

"Guloader malware continues to adapt its techniques to evade detection to deliver RATs," Gould said. "Threat actors are continually targeting specific industries in certain countries. Its resilience highlights the need for proactive security measures."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical security flaw impacting Palo Alto Networks Expedition to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability, tracked as CVE-2024-5910 (CVSS score: 9.3), concerns a case of missing authentication in the Expedition migration tool that

Vulnerability / Network Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical security flaw impacting Palo Alto Networks Expedition to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

The vulnerability, tracked as CVE-2024-5910 (CVSS score: 9.3), concerns a case of missing authentication in the Expedition migration tool that could lead to an admin account takeover.

"Palo Alto Expedition contains a missing authentication vulnerability that allows an attacker with network access to takeover an Expedition admin account and potentially access configuration secrets, credentials, and other data," CISA said in an alert.

The shortcoming impacts all versions of Expedition prior to version 1.2.92, which was released in July 2024 to plug the problem.

There are currently no reports on how the vulnerability is being weaponized in real-world attacks, but Palo Alto Networks has since revised its original advisory to acknowledge that it's "aware of reports from CISA that there is evidence of active exploitation."

Also added to the KEV catalog are two other flaws, including a privilege escalation vulnerability in the Android Framework component (CVE-2024-43093) that Google disclosed this week as having come under "limited, targeted exploitation."

The other security defect is CVE-2024-51567 (CVSS score: 10.0), a critical flaw affecting CyberPanel that allows a remote, unauthenticated attacker to execute commands as root. The issue has been resolved in version 2.3.8.

In late October 2023, it emerged that the vulnerability was being exploited en masse by malicious actors to deploy PSAUX ransomware on more than 22,000 internet-exposed CyberPanel instances, according to LeakIX and a security researcher who goes by the online alias Gi7w0rm.

LeakIX also noted that three distinct ransomware groups have quickly capitalized on the vulnerability, with files encrypted multiple times in some cases.

Federal Civilian Executive Branch (FCEB) agencies have been recommended to remediate the identified vulnerabilities by November 28, 2024, to secure their networks against active threats.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability

SteelFox malware targets software pirates through fake activation tools, stealing credit card data and deploying crypto miners. Learn…

SteelFox malware targets software pirates through fake activation tools, stealing credit card data and deploying crypto miners. Learn about this new threat affecting users worldwide and how to protect yourself from this sophisticated cybercrime campaign.

Cybersecurity researchers at Securelist have identified a new type of malware that has been spreading through online forums, torrent trackers, and blogs, posing as legitimate software like Foxit PDF Editor, AutoCAD, and JetBrains.

Dubbed “SteelFox” by researchers; the malware’s main targets are those Microsft Windows users who are involved in downloading pirated software and fake software activation tools (cracks).

The campaign, which began in February 2023, combines cryptocurrency mining and data stealing capabilities through fake software activation tools. So far, the malware has infected over 11,000 users worldwide.

According to Securelist’s **blog post** shared with Hackread.com ahead of publishing, SteelFox is a full-featured _“_crimeware bundle_“_ that extracts sensitive data from infected devices, including credit card information, browsing history, and login credentials. It also collects system information, such as installed software, running services, and network configurations.

The malware’s initial attack vector involves fake software activators, which are advertised on online forums and torrent trackers as a way to activate legitimate software for free. Once installed, the malware creates a service that stays on the system, even after reboots and uses a vulnerable driver to advance its privileges.

Malicious dropper advertisement (Via Securelist)

The malware operates through a multi-stage attack chain, beginning with a dropper that requires administrator privileges. Once executed, it installs itself as a Windows service and uses AES-128 encryption to hide its components. The malware achieves system-level access by exploiting vulnerable drivers and implements TLS 1.3 with SSL pinning for secure communication with its command servers.

> _“SteelFox’s Highly sophisticated usage of modern C++ combined with external libraries grants this malware formidable power. Usage of TLSv1.3 and SSL pinning ensures secure communication and harvesting of sensitive data.”_
> 
> Securelist

****Global Impact****

SteelFox does not appear to target specific individuals or organizations, instead operating on a larger scale to infect as many users as possible. The malware has already infected users in over 10 countries, including the following:

*   **UAE**
*   **India**
*   **Brazil**
*   **China**
*   **Russia**
*   **Egypt**
*   **Algeria**
*   **Mexico**
*   **Vietnam**
*   **Sri Lanka**

James McQuiggan, a security awareness advocate at **KnowBe4**, emphasized the importance of organizations being cautious about the sources of their software downloads. He also highlighted the necessity of training employees through cybersecurity awareness programs.

“The dual functionality of SteelFox’s droppers—providing both software “cracks” and malware indicates the complex tools used by cybercriminals and using an outdated driver for privilege escalation highlights the critical need for organizations to ensure they are implementing patches.”

“Organizations must ensure they verify software sources, maintain the least user privilege access control, and leverage endpoint protection to detect suspicious installation behaviours,” James explained.

“Furthermore and more importantly, ensure that cybersecurity awareness programs are provided to users about the dangers of unverified software, like open source software or these common applications. Allow for an IT-managed software solution to install and monitor all applications,” he advised.

****Protecting Yourself from SteelFox****

To avoid becoming victims of SteelFox, users should only download software from official sources and use a **reliable security solution** that can detect and prevent the installation of infected software. Additionally, users should be cautious when clicking links or downloading attachments from unknown sources, as these can often be used to spread malware.

1.  **Winos4.0 Malware Targeting Windows via Fake Gaming Apps**
2.  **Fabrice Malware on PyPI Stealing AWS Credentials for 3 Years**
3.  **SideWinder hit Android users with malware apps on Play Store**
4.  **TodoSwift Malware Targets macOS, Disguised as Bitcoin PDF App**
5.  **Octo2 Malware Uses Fake NordVPN Apps to Infect Android Phones**

New SteelFox Malware Posing as Popular Software to Steal Browser Data

PRESS RELEASE

Clearwater, Fla. – October 29, 2024 – According to a new AI Opportunity Report from remote connectivity and workplace digitalization solution company TeamViewer, 80% of U.S. business leaders say their organization’s AI adoption is mature, and 65% are sick of the hype and demand practical implementations of AI for their businesses. Leading from the C-suite, 81% of U.S. key decision makers currently use AI at least weekly, up from 60% last year, a notable 35% increase year-over-year. 

Most U.S. business leaders (72%) also agree that AI is vital to improving their organization’s financial outcomes. Along these lines, two-thirds (66%) agree that AI will positively affect revenue over the next year, with respondents saying that the technology makes an average of 249% revenue growth possible. Nearly a quarter of U.S. respondents (23%) believe that not implementing AI technology risks falling behind competitors and 24% foresee increased costs due to a lack of automation.

Successfully integrating AI into remote connectivity support is a prime example of how efficiencies can lead to better financial outcomes. Enter TeamViewer’s new AI-powered Session Insights.

AI-Powered Session Insights 

Aimed at helping IT teams boost efficiency and streamline operations, Session Insights is now being added to TeamViewer’s Tensor remote connectivity solution to automate session documentation and provide analytics, enabling faster handovers and smarter decision-making. By optimizing resources and capturing valuable knowledge, the new capabilities empower IT support teams to resolve issues faster, improve customer satisfaction, and scale expertise, even with limited staff.  

The new features will help internal IT teams better manage employee help desk requests and will also aid customer support teams providing remote assistance to keep their products onsite and customers up and running and aligned with uptime agreements. 

“AI adoption is growing rapidly as businesses increasingly recognize its tangible benefits in driving productivity and streamlining operations. Our research reveals that 81% of decision-makers now engage with AI at least weekly, a substantial rise from last year’s 60%. With the launch of TeamViewer’s new AI-powered Session Insights, we're enabling organizations to make smarter decisions and optimize processes while adhering to the highest security and data privacy standards. We uphold stringent encryption practices to safeguard customer data, ensuring secure processing, while also providing admins the control to enforce company-wide policies and keeping users informed every step of the way,” said Mei Dent, Chief Product and Technology Officer, TeamViewer. 

Trust, Security, Career Advancement & Equality

The report also delves into a variety of other topics gauging business leaders’ current perceptions of AI, including: 

*   Trust in AI: 50% of U.S. business leaders trust AI to act on business forecasts and make business decisions with an impressive 42% trusting AI to make decisions without human oversight.
    
*   Security: 75% of U.S. business leaders are concerned about data management in the use of AI and 67% would consider banning the use of AI outside of the IT team.
    
*   Career Advancement: 75% of U.S. business leaders believe AI is a key skill to enhance their career and 73% say AI has given them the chance to learn new skills they otherwise would not have.
    
*   The Great Equalizer: 72% of U.S. business leaders believe AI can help create equal job opportunities for parents and caregivers while 79% think AI can help increase accessibility in the workplace.
    

With 73% of U.S. respondents believing AI will drive the biggest productivity boom in a century and business leaders reporting that AI saves U.S. IT professionals approximately 16 hours per month, there is clearly huge momentum for increasing AI use in business, including TeamViewer’s AI-powered Session Insights, which integrates with Microsoft Teams and ServiceNow. More information can be found here.  

Survey Methodology 

In The AI Opportunity Report, TeamViewer uncovers the attitudes of 1,400 (500 in the U.S.) information technology, business, and operational technology decision makers towards Artificial Intelligence, across the UK, France, Germany, Australia, Singapore, and the U.S. The research was conducted online by Sapio Research in August and September 2024. 

About TeamViewer

TeamViewer is a leading global technology company that provides a connectivity platform to remotely access, control, manage, monitor, and repair devices of any kind – from laptops and mobile phones to industrial machines and robots. Although TeamViewer is free of charge for private use, it has more than 640,000 subscribers and enables companies of all sizes and from all industries to digitalize their business-critical processes through seamless connectivity. Against the backdrop of global megatrends like device proliferation, automation and new work, TeamViewer proactively shapes digital transformation and continuously innovates in the fields of Augmented Reality, Internet of Things and Artificial Intelligence. Since the company’s foundation in 2005, TeamViewer’s software has been installed on more than 2.5 billion devices around the world. The company is headquartered in Göppingen, Germany, and employs more than 1,500 people globally. In 2023, TeamViewer achieved a revenue of around EUR 627 million. TeamViewer SE (TMV) is listed at Frankfurt Stock Exchange and belongs to the MDAX. Further information can be found at www.teamviewer.com.

Business Leaders Shift to Tangible AI Results, Finds New TeamViewer Study

PRESS RELEASE

ESPOO, Finland, and LONDON, UK, 30th October, 2024:  Xiphera, a provider of highly-optimised, hardware-based cryptographic security, today announced its partnership with Crypto Quantique, a provider of quantum-driven IoT device security. The combination of Xiphera’s nQrux® Hardware Trust Engines and quantum-secure cryptographic IP, with Crypto Quantique’s QDID PUF (Physically Unclonable Function), offers quantum-resilience and immutable device identity for cryptographic hardware modules.  
The QDID PUF generates quantum-derived, secure, unclonable identities based on manufacturing variations unique to each semiconductor chip. The PUF, alongside other cryptographic primitives, forms the essential hardware root-of-trust IP required in security implementations.  
nQrux Hardware Trust Engines offer customisable cryptographic security modules with hardware-level trust and security services for the most critical environments and applications. nQrux IP cores enable full isolation of cryptographic operations and application-specific data into secure hardware elements. Xiphera’s extensive portfolio of cryptographic IP cores includes both traditional cryptographic algorithms, as well as Post-Quantum Cryptography (PQC) fighting against the looming quantum threat.  
“Many industrial and governmental entities recommend implementing quantum-resilient hardware solutions to prevent quantum attacks on current and future data. Cryptographic root-of-trust forms the security foundation of modern hardware infrastructures”, said Kimmo Järvinen, co-founder and CTO of Xiphera. “Upgrading these critical components to quantum-resilient algorithms and integrating Crypto Quantique’s PUF technology enables our customers to protect the identities and core security of their hardware devices into the foreseeable future.”  
Crypto Quantique’s CEO, Shahram Mossayebi, said, “The combination of nQrux Hardware Trust Engines and QDID provides the adaptability and upgradeability required for the security of connected devices. QDID creates random numbers on demand, so there is no need to store cryptographic keys in flash memory. This eliminates the danger of side-channel memory attacks revealing the keys. In addition, because PQC algorithms have large cryptographic keys, the PUF technology reduces the size of flash memory needed, reducing both power consumption and saving silicon area.”  
Learn more about Xiphera’s nQrux Hardware Trust Engines, and Crypto Quantique’s QDID IP cores.

You May Also Like

Xiphera &amp; Crypto Quantique Announce Partnership

Chinese APT groups increasingly lean on open source platform SoftEther VPN for network access. Now they're lending their know-how to Iranian counterparts.

Source: Owen McGuigan via Alamy Stock Photo

Infamous Chinese advanced persistent threat (APT) group "MirrorFace" has made notable moves into diplomatic espionage in the European Union using SoftEther VPN, the emerging tool of choice among these threat groups.

MirrorFace gained wide notoriety with its 2022 efforts to interfere in Japanese elections, and it has maintained operations in the country ever since. But researchers at ESET noticed the group recently popped up in the EU with espionage attacks against an unidentified diplomatic entity.

"For the first time, we observed MirrorFace targeting a diplomatic organization within the EU, a region that remains a focal point for several China-, North Korea-, and Russia-aligned threat actors," Jean-Ian Boutin, director of threat research at ESET, said in a statement about the findings. "Many of these groups are particularly focused on governmental entities and the defense sector."

**SoftEther VPN Abuse Surges Among Beijing-Backed APT Groups**

Beyond expanding operations to an entirely new continent, ESET said MirrorFace has started increasingly relying on SoftEther VPN to maintain access, but it is not the only group. Other China-backed APTs — Flax Typhoon, Gallium, and Webworm — have also shifted to the open source, cross-platform VPN software favored by many cybercriminals.

In February, a previously unknown adversary group called Hydrochasma was discovered abusing SoftEther VPN in a cyber-espionage campaign against Asia-based shipping companies. In April, Chinese language-speaking threat group ToddyCat was discovered using SoftEther VPN to steal data from government and defense targets in the Asia-Pacfic region on an "industrial scale."

Now, researchers warn, those tactics have landed in Europe.

"Some China-aligned APT groups have shifted to rely more on SoftEther VPN for various reasons. It’s a legitimate software, which helps avoid detection," says Mathiew Tartare senior malware researcher at ESET. "Setting an HTTPS VPN tunnel between the compromised network and the attacker’s infrastructure allows them to easily blend the malicious traffic in the legitimate HTTPS traffic."

Tartare adds SoftEther VPN also lets attackers appear to be an authorized remote user accessing the network using everyday remote desk protocol (RDP) tools.

"We would not be surprised to observe an increase in the use of SoftEther VPN and other legitimate VPN or remote access tools to bypass detections and blend into legitimate traffic," he says.

Notably, Chinese-backed APTs are also lending their cybercrime know-how to Iranian-backed adversaries for cyber-espionage against Iraq and Azerbaijan, as well as French diplomats, according to ESET. Additionally, Iran is putting its hackers to work gaining unauthorized access into financial services organizations across Africa.

Both Chinese and North Korean threat actors have upped the intensity of attacks on educational institutions in the US, South Korea, and Southeast Asia, the ESET report added.

China-Backed MirrorFace Trains Sights on EU Diplomatic Corps

PRESS RELEASE

TORONTO, Oct. 30, 2024 /PRNewswire/ -- In 2024, Canadian banks have seen just 34% of the reported fraud cases they experienced a year ago. And yet, Canadian retail banking customers appear on pace to lose as much as or more than the $569 million they lost to fraud in 2023 (triple what they lost in 2021). BioCatch – the global leader in digital fraud detection and financial crime prevention powered by behavioral biometric intelligence – says these findings suggest fraudsters have altered their strategies, honing attacks to target fewer Canadians for more money per scam.

"While fraud volumes have decreased significantly over the last year, we're observing an increase in the average value of these cases," BioCatch Director of Global Fraud Intelligence Tom Peacock said. "We can attribute much of this to the rise in social engineering scams in Canada, particularly impersonation scams, which are notoriously higher value than other fraud types. More than 70% of impersonation scam losses in Canada originate from five-figure cases, greatly boosting the country's scam-loss average."

BioCatch's 2024 Digital Banking Fraud Trends in Canada report, also highlights that most Canadian fraud victims are now ages 20-49 instead of 50-89, debunking the common misconception that older people provide easier and more lucrative targets.

"Artificial Intelligence is super-charging fraud," BioCatch Global Advisory Director Seth Ruden said, "compounding its impact, and allowing bad actors to scale and sophisticate their scams with deepfakes and other devices. As the industry deploys the newest authentication methods in both account opening and account takeover processes, fraudsters will undoubtedly attack these as well."

BioCatch also found one in seven scam sessions in Canada showed signs of remote access trojans (RAT), whether active RAT (where the fraudster tricks the victim into granting them control of the session so they can execute the fraud themselves) or passive RAT (where the fraudster guides the victim through payment process).

Click here to access BioCatch's complete 2024 Digital Banking Fraud Trends in Canada report.

BioCatch fraud prevention experts Tom Peacock and Seth Ruden will hold a live conversation about the growth of social engineering scams in Canada and the other latest fraud trends in the country on Nov. 14. To register for that exclusive session, click here.

About BioCatch:

BioCatch stands at the forefront of digital fraud detection, pioneering behavioral biometric intelligence grounded in advanced cognitive science and machine learning. BioCatch analyzes thousands of user interactions to support a digital banking environment where identity, trust, and ease coexist. Today, 32 of the world's largest 100 banks and 210 total financial institutions rely on BioCatch Connect™ to combat fraud, facilitate digital transformation, and grow customer relationships. BioCatch's Client Innovation Board – an industry-led initiative featuring American Express, Barclays, Citi Ventures, HSBC, and National Australia Bank – collaborates to pioneer creative and innovative ways to leverage customer relationships for fraud prevention. With more than a decade of data analysis, 92 registered patents, and unmatched expertise, BioCatch continues to lead innovation to address future challenges. For more information, please visit www.biocatch.com.

Latest News