Aug 31, 2024Ravie LakshmananRootkit / Threat Intelligence A recently patched security flaw in Google Chrome and other Chromium web browsers was exploited as a zero-day by North Korean actors in a campaign designed to deliver the FudModule rootkit. The development is indicative of the persistent efforts made by the nation-state adversary, which had made a
Month: August 2024
Published vulnerabilities rose by 43% in H1 2024 compared to H1 2023, with attackers heavily targeting flaws in virtual private networks (VPNs) and other perimeter devices for initial access, a new report from Forescout has found. A total of 23,668 vulnerabilities were reported in the first six months of 2024, with an average of 111
ESET researchers discovered a code execution vulnerability in WPS Office for Windows (CVE-2024-7262), as it was being exploited by APT-C-60, a South Korea-aligned cyberespionage group. Upon analyzing the root cause, we subsequently discovered another way to exploit the faulty code (CVE-2924-7263). Following a coordinated disclosure process, both vulnerabilities are now patched – in this blogpost,
Cybersecurity researchers have uncovered a novel malware campaign that leverages Google Sheets as a command-and-control (C2) mechanism. The activity, detected by Proofpoint starting August 5, 2024, impersonates tax authorities from governments in Europe, Asia, and the U.S., with the goal of targeting over 70 organizations worldwide by means of a bespoke tool called Voldemort that’s
A recent surge in malicious activity involving North Korean-linked threat groups has been identified by cybersecurity researchers, revealing a coordinated campaign targeting thenpm ecosystem. The campaign began on August 12 2024, and involved publishing malicious npm packages designed to infiltrate developer environments and steal sensitive data. The newly discovered packages, including temp-etherscan-api, ethersscan-api and telegram-con, exhibit
Video The discovery of the NGate malware by ESET Research is another example of how sophisticated Android threats have become 28 Aug 2024 Recently, ESET Researchers have discovered a crimeware campaign that targeted the clients of prominent Czech banks. The malware, named NGate by ESET, can relay data from victims’ stored payment cards via a
Aug 29, 2024Ravie LakshmananCyber Espionage / Malware A non-profit supporting Vietnamese human rights has been the target of a multi-year campaign designed to deliver a variety of malware on compromised hosts. Cybersecurity company Huntress attributed the activity to a threat cluster known as APT32, a Vietnamese-aligned hacking crew that’s also known as APT-C-00, Canvas Cyclone
LummaC2, an infostealer malware actively exploiting PowerShell commands, has resurfaced to infiltrate and exfiltrate sensitive data. Discovered by cybersecurity researchers at Ontinue, the malware’s latest variant demonstrates sophisticated tactics that pose significant risks to targeted systems. LummaC2, initially identified in Russian-speaking forums in 2022, is a toolwritten in C and distributed as Malware-as-a-Service (MaaS). It
Aug 28, 2024Ravie LakshmananVulnerability / Data Security Fortra has addressed a critical security flaw impacting FileCatalyst Workflow that could be abused by a remote attacker to gain administrative access. The vulnerability, tracked as CVE-2024-6633, carries a CVSS score of 9.8, and stems from the use of a static password to connect to a HSQL database.
A vulnerability in Microsoft 365 Copilot that allowed attackers to steal users’ sensitive information has been disclosed by a cybersecurity researcher. Johann Rehberger, who discovered the flaw, described the exploit chain in a blog post published on August 26. The attack combines several advanced techniques, including prompt injection, automatic tool invocation and a novel method called
Internet of Things In the digital graveyard, a new threat stirs: Out-of-support devices becoming thralls of malicious actors Márk Szabó 27 Aug 2024 • , 4 min. read Outdated devices are often easy targets for attackers, especially if they have vulnerabilities that can be exploited and no patches are available due to their end-of-life status.
Aug 27, 2024Ravie LakshmananCyber Espionage / Malware Users of Chinese instant messaging apps like DingTalk and WeChat are the target of an Apple macOS version of a backdoor named HZ RAT. The artifacts “almost exactly replicate the functionality of the Windows version of the backdoor and differ only in the payload, which is received in
A long-standing but stealthy group allegedly helping cyber-attackers penetrate IT systems by offering CAPTCHA-solving services has recently been discovered. In a new report, Arkose Cyber Threat Intelligence Research (ACTIR) shared that it had identified a cyber-attack enabling business it named Greasy Opal after observing the group’s tools being used to attack Arkose Labs’ customers. Greasy
Video, Mobile Security The world of Android threats is quite vast and intriguing. In this episode, Becks and Lukáš demonstrate how easy it is to take over your phone, with some added tips on how to stay secure 26 Aug 2024 Android threats are a serious business. Among them is the Blue Ducky script, which
Aug 26, 2024Ravie LakshmananVulnerability / Enterprise Security SonicWall has released security updates to address a critical flaw impacting its firewalls that, if successfully exploited, could grant malicious actors unauthorized access to the devices. The vulnerability, tracked as CVE-2024-40766 (CVSS score: 9.3), has been described as an improper access control bug. “An improper access control vulnerability
YouTube has released a new AI troubleshooting tool to help users recover their accounts after they’ve been hacked. The AI chatbot “support assistant” will act as a guide for users to resecure their login and recover their account after its been hacked. Eligible users will be able to access the tool in the YouTube Help
Aug 25, 2024Ravie LakshmananLaw Enforcement / Digital Privacy Pavel Durov, founder and chief executive of the popular messaging app Telegram, was arrested in France on Saturday, according to French television network TF1. Durov is believed to have been apprehended pursuant to a warrant issued in connection with a preliminary police investigation. TF1 said the probe
Qilin, the ransomware group believed to be behind the recent Synnovis attack, has been observed stealing credentials stored in Google Chrome after gaining access to a target’s network. Researchers at Sophos X-Ops, who detected the activity, said this is an unusual tactic for ransomware groups, and one that could be a bonus multiplier for the
Video Phishing using PWAs? ESET Research’s latest discovery might just ruin some users’ assumptions about their preferred platform’s security 23 Aug 2024 ESET researchers have recently revealed an uncommon type of phishing campaign using Progressive Web Apps (PWAs) that targeted the clients of a prominent Czech bank. The technique used installed a phishing application from
Aug 24, 2024Ravie LakshmananVulnerability / Government Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a security flaw impacting Versa Director to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. The medium-severity vulnerability, tracked as CVE-2024-39717 (CVSS score: 6.6), is case of file upload bug impacting the “Change Favicon”
The US government has filed a lawsuit against the Georgia Institute of Technology (Georgia Tech) and its affiliate Georgia Tech Research Corporation (GTRC) for alleged cybersecurity violations. The Department of Justice (DoJ) has joined a whistleblower to file a “complaint-in-intervention” against the institutions for “knowingly” failing to implement cybersecurity controls as required by their Department
ESET researchers uncovered a crimeware campaign that targeted clients of three Czech banks. The malware used, which we have named NGate, has the unique ability to relay data from victims’ payment cards, via a malicious app installed on their Android devices, to the attacker’s rooted Android phone. Key points of this blogpost: Attackers combined standard
Aug 23, 2024Ravie LakshmananMalware / Threat Intelligence Cybersecurity researchers have uncovered a never-before-seen dropper that serves as a conduit to launch next-stage malware with the ultimate goal of infecting Windows systems with information stealers and loaders. “This memory-only dropper decrypts and executes a PowerShell-based downloader,” Google-owned Mandiant said. “This PowerShell-based downloader is being tracked as
A newly discovered malware, Cthulhu Stealer, has been observed targeting macOS users, marking another significant cybersecurity threat to Apple’s operating system. The tool, identified by Cado Security, operates as a malware-as-a-service (MaaS) and leverages Apple disk images (DMG) to disguise itself as legitimate software. How Cthulhu Stealer Works The Cthulhu Stealer primarily focuses on stealing
Business Security Should the payment of a ransomware demand be illegal? Should it be regulated in some way? These questions are some examples of the legal minefield that cybersecurity teams must deal with Tony Anscombe 21 Aug 2024 • , 3 min. read Governments create legislation and regulations primarily to protect public interests and keep
Aug 22, 2024Ravie LakshmananHardware Security / Supply Chain Attack Cybersecurity researchers have uncovered a hardware backdoor within a particular model of MIFARE Classic contactless cards that could allow authentication with an unknown key and open hotel rooms and office doors. The attacks have been demonstrated against FM11RF08S, a new variant of MIFARE Classic that was
A newly discovered remote access Trojan (RAT) family, MoonPeak, has been linked to a North Korean-affiliated threat group known as UAT-5394. This sophisticated malware, based on the open-source XenoRAT, is undergoing active development, showcasing significant enhancements aimed at evading detection and improving functionality, according to recent research from Cisco Talos. Connection to Kimsuky UAT-5394, an
In this blogpost we discuss an uncommon type of phishing campaign targeting mobile users and analyze a case that we observed in the wild that targeted clients of a prominent Czech bank. This technique is noteworthy because it installs a phishing application from a third-party website without the user having to allow third-party app installation.
Aug 21, 2024Ravie LakshmananSoftware Security / Vulnerability Cybersecurity researchers have disclosed a critical security flaw impacting Microsoft’s Copilot Studio that could be exploited to access sensitive information. Tracked as CVE-2024-38206 (CVSS score: 8.5), the vulnerability has been described as an information disclosure bug stemming from a server-side request forgery (SSRF) attack. “An authenticated attacker can
A recently discovered sophisticated mobile phishing technique has been observed in financial fraud campaigns across the Czech Republic, Hungary and Georgia. This phishing method leverages progressive web applications (PWA), these types of web applications offer a native-app-like experience and are gaining momentum on both Android and iOS devices. This technique is noteworthy because it installs