Nowadays, many organizations from various industries apply AI (artificial intelligence) technologies in order to ensure cybersecurity, protect their networks and reduce the burden on often understaffed IT departments and Security Operations Centers.

According to Datamation magazine, AI-powered information security technologies are designed to provide security on the application, cloud, endpoint and network levels. In addition, they can be used for analyzing network traffic, as well as a component of platforms for security incident and event management (SIEM).

Markets and Markets, a reputable analytical company, predicts that by 2026, the information security market using AI technologies will reach $38.2 billion, which is $8.8 billion more than in 2019, which means the compound annual growth rate will be 23.3%.

The AI-powered software offerings available on the information security market include machine learning algorithms as well as various functions and options related to network monitoring, such as APIs for processing speech and images obtained from various sensors.

The information security solutions that include an AI component come in especially handy when it comes to fraud detection, mobile device management (MDM), in particular BYOD, and optimizing data analysis.

The major manufacturers of information security solutions using AI technologies include such companies as Intel, Micron Technology, Xilinx, Amazon Web Services (AWS), IBM, Darktrace, Samsung, NVIDIA, Vectra AI and Cylance.

Among the main causes of such a growth of the information security market using AI technologies is the widespread use of the Internet of Things (IoT), as well as the increase in the number of connected devices and growing awareness of their vulnerabilities.

According to Verified Market Research, although most of the market for information security using AI technologies belongs to companies in the United States, the most rapid growth in 2019-2026 is expected in the Asia-Pacific region.

If you deal with confidential information, you should be extremely vigilant at all times, not just in the workplace. Insidious hackers can hunt you down for years, gaining confidence in you, lulling your vigilance … so that you open an attached file in a message from the person you think you know.

For more than a year and a half, Iranian hackers from the TA456 group (also known as Tortoiseshell and Imperial Kitten) spent plenty of time communicating with their potential victims on Facebook before their targeted attack. Hackers were posing as aerobics instructor Marcella Flores, Proofpoint reports. The Facebook and Instagram profiles belonging to this fake person were created in 2019, and the attack itself took place only in early 2021.

The attackers’ goal was to inject malware into the machines of employees of the US aerospace defense contractors – especially those associated with operations in the Middle East.

The attackers used the Gmail account of “Flores” to inject an updated version of the Lideric malware which Proofpoint researchers dubbed Lempo, into victims’ computers. A yet another e-mail within a long-lasting correspondence was sent from the “Flores” mailbox. But that time it contained links to OneDrive that led to a malware-laden video file or a document with a survey related to dieting.

Once inside the system, Lempo secretly anchors itself there, allowing attackers to find and steal confidential information, including usernames and passwords. Proofpoint notes that “Marcella Flores” was just one of the many fake identities created by the hacker group TA456. Moreover, it is impossible to say for sure whether these attacks were successful.

Experts believe that the stolen credentials could have been used by attackers for further attacks and spy campaigns. Stealing data from contractors could allow hackers to move up the supply chain and gain access to the networks of companies from defense and aerospace industries.

So, Proofpoint experts warn that everyone whose work is related to the defense industry, should be vigilant when interacting with unknown persons, no matter whether such communication takes place at work or via personal accounts.

Researchers at Check Point Research (CPR), a division of Check Point Software Technologies Ltd., studied a Trojan called XLoader over the past six months. XLoader allows attackers to steal passwords and other personal information, take screenshots and remotely run malicious files. Previously, XLoader only infected Windows computers, but now researchers have found that this Trojan has been adapted for Mac as well.

XLoader evolved from Formbook, a well-known malware family. The Formbook went out of sale in 2018, and reappeared in 2020 under the name XLoader.

Security professionals are particularly worried that this malware, sold on the dark web, costs only $49, which makes it possible for literally anyone to buy it and steal information from users of both Windows and Mac.

Typically, cybercriminals infect systems with this Trojan by sending the victim an email with an infected Microsoft Office document attached. Thus, the advice not to open attachments in emails that seem suspicious, not to follow links in emails, and so on, are still very important.

In addition, XLoader is not difficult for the user to find. You can do it like this:

Go to /Users/[username]/Library/LaunchAgents
Look at the names in this directory and make sure that there are no suspicious files – such as, for example, com.wznpVSt83Jsd.HPiT0f4Hwxh.plist (the name is random, given as an example only).

Such a check will be quite handy: XLoader runs stealthily, which means that the user of the infected Mac doesn’t notice anything suspicious.

The Microsoft Threat Intelligence Center (MSTIC) has recently identified a new threat – DevilsTongue, highly sophisticated malware from the offensive actor, whom MSTIC dubbed SOURGUM.

MSTIC’s report says that private-sector offensive actors like SOURGUM are private companies that manufacture and sell cyberweapons in hacking-as-a-service packages, often to government agencies around the world, who in their turn use it to hack into computers, network infrastructure, phones, etc.

Microsoft studied this malware together with Citizen Lab from the University of Toronto’s Munk School. The reports on the findings was published on Thursday, July 15. Citizen Lab said it was able to extract identify the malware thanks to the victim who let the researchers analyze their PC.

It was reported that SOURGUM’s DevilsTongue was used for targeted attacks on more than a hundred people in Palestine (about a half of all victims), Iran, Israel, Lebanon, UK, Spain, and other countries. Among the victims there were human rights activists, politicians, journalists, embassy workers, academics, and political dissidents.

Microsoft promptly issued protections against the malware, as well as a Windows software update, aimed at the exploits used for delivering this malware.

According to MSTIC’s report, if you have the July 2021 security update, you are protected from this threat.

In addition to such standard malware capabilities as file collection, running WMI commands, registry querying, and querying SQLite databases, DevilsTongue is capable of stealing victim credentials from browsers (Firefox and Chrome) and LSASS. In addition, DevilsTongue has a special functionality for decrypting and exfiltrating conversations from Signal (a messaging application).

Also, the malware retrieves cookies from multiple web browsers; the attacker may use these cookies to sign in to websites posing as the victim.

Dries Depoorter is a Belgian artist and programmer working at the intersection of art and information technology. He often touches on such topics as rtificial intelligence, surveillance, and privacy. Depoorter creates apps, games, and interactive installations.

One of his latest projects, launched on July 5, 2021, is called Flemish Scrollers. The software Dries wrote in Python, tracks YouTube broadcasts and recordings of Flemish government meetings. Machine learning algorithms identify phones in the hands of politicians, and face recognition algorithms identify particular people.

The videos of the politician using the phone during the meeting are automatically published on Twitter and Instagram of the project, if the parliamentarian spends too much time on the phone compared to the duration of the meeting itself. Politicians are gently asked not to be distracted (Pls stay focused).

Now politicians (however, only Flemish so far) can learn for themselves what constant monitoring is like. Perhaps, this will affect their work in some way.

FSB officers of in Smolensk region, Russia, stopped illegal activities of a self-taught hacker. The court found him guilty and sentenced him to imprisonment for 10 months.

A 47-year-old individual entrepreneur, who lived in a small village, a part of Kasplya rural settlement in Smolensk region, was found guilty of using malware for hacker attacks on federal state scientific institutions.

In September 2020, in order to carry out a hacker attack, he uploaded malicious software to the websites of the State Special Astrophysical Observatory and the Voevodsky Institute of Chemical Kinetics and Combustion. Why a resident of a village in the Smolensk region attacked scientific institutions located in the Karachay-Cherkess Republic (the observatory) and the city of Novosibirsk (the research institute) is not reported.

On June 2 this year, the Smolensk District Court found the man guilty under Part 1 of Art. 273 of the Criminal Code of the Russian Federation “Creation, use and distribution of malicious computer programs.” The verdict – restriction of freedom for 10 months – came into force on June 12.

Mar 05, 2021

Microsoft Corporation developed this “keyboard spy” in order to study users’ typing habits.

It’s pretty easy. First, please go to “Settings” and choose “General” there.

Then uncheck “Send information to Microsoft about how I write to help us improve typing …”.

After this, please turn off “Don’t know me again” in “Speech, Ink, and Typing” section.

If you do it correctly, it will change to “Get to know me” again.