Author: Admin
December 24, 2024Ravi LakshmananMalware/data theft Cybersecurity researchers have identified two malicious packages that were uploaded to the Python Package Index (PyPI) repository and were equipped with capabilities to steal sensitive information from compromised nodes, reports new findings from Fortinet FortiGuard Labs. Packages, no beautiful and recorder of cometsattracted 118 and 164 downloads each before being taken down. According to ClickPy statistics, a the majority of them loading came from the USA, China, Russia and India. Zebo is “a typical example of malware with features designed for surveillance, data theft, and unauthorized monitoring,” security researcher Jenna Wang said, adding that cometlogger…
December 24, 2024Ravi LakshmananSoftware Vulnerability / Security The US Cybersecurity and Infrastructure Security Agency (CISA) on Monday added A high-severity security flaw affecting Acclaim Systems USAHERDS to known vulnerabilities is now fixed (KEV) catalog based on evidence of active exploitation in the wild. The vulnerability in question CVE-2021-44207 (CVSS Score: 8.1), a case of hard-coded static credentials in Acclaim USAHERDS that could allow an attacker to execute arbitrary code on sensitive servers. In particular, this applies to the use of static ValidationKey and DecryptionKey values in versions 7.4.0.1 and earlier, which can be used for remote code execution on the…
December 24, 2024Ravi LakshmananCybercrime / Malware Japanese and U.S. authorities have previously attributed the theft of $308 million worth of cryptocurrency to cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors. “The theft is linked to the TraderTraitor threat, which is also tracked as Jade Sleet, UNC4899 and Slow Pisces,” the agencies said. said. “TraderTraitor’s activities are often characterized by targeted social engineering targeting multiple employees of the same company at the same time.” The warning comes courtesy of the US Federal Bureau of Investigation, the Defense Cybercrime Center and the Japanese National Police Service. It should…
December 24, 2024Ravi LakshmananVulnerability / Zero Day The Apache Software Foundation (ASF) has released a security update to address a critical vulnerability in its Tomcat server software that could lead to remote code execution (RCE) under certain conditions. Vulnerability, tracked as CVE-2024-56337was described as incomplete mitigation for CVE-2024-50379 (CVSS Score: 9.8), another critical security flaw in the same product that was previously addressed on December 17, 2024. “Users running Tomcat on a case-insensitive file system with servlet writing enabled by default (read-only initialization parameter set to a non-default value of false) may require additional configuration to fully mitigate CVE-2024-50379, depending…
December 23, 2024Ravi LakshmananMachine learning / threat analysis Cybersecurity researchers have discovered that large-scale language models (LLMs) can be used to create new variants of malicious JavaScript code at scale in a way that better evades detection. “Although it is difficult for undergrads to create malware from scratch, criminals can easily use it to rewrite or obfuscate existing malware, making it more difficult to detect,” Palo Alto Networks Unit 42 researchers said in a new analysis. “Criminals can trick LLM into performing transformations that look much more natural, making detection of this malware more difficult.” With enough transformations over time,…
December 23, 2024Ravi LakshmananPhishing / Cybercrime A break in the Phishing as a Service (PhaaS) toolkit was caused. Rockstar 2FA led to a rapid uptick in activity due to another nascent offering called FlowerStorm. “It appears that the group (Rockstar2FA) running the service has experienced at least a partial collapse of their infrastructure, and pages related to the service are no longer accessible,” Sophos said. said in a new report published last week. “It appears that this was not due to a takedown, but due to some technical failure in the server side of the service.” Rockstar2FA was documented for…
December 23, 2024Ravi LakshmananSpy software / Mobile security Meta Platforms-owned WhatsApp has scored a major legal victory in its battle with Israeli commercial spyware vendor NSO Group after a federal judge in the US state of California ruled in favor of the messaging giant for exploiting a security vulnerability to deliver Pegasus. “The limited evidence presented at trial indicates that Defendants’ Pegasus code was sent through Plaintiffs’ California servers 43 times during the relevant time period in May 2019,” U.S. District Judge Phyllis J. Hamilton said. The order again criticized NSO Group, saying it had “repeatedly failed to make appropriate…
December 23, 2024Ravi LakshmananGDPR / data privacy The Italian Data Protection Authority has fined ChatGPT maker OpenAI has been fined €15 million ($15.66 million) over how the generative artificial intelligence program handles personal data. The penalty comes almost a year after the Guarantee found that ChatGPT processed user information to train its service in violation of the European Union’s General Data Protection Regulation (GDPR). Authorities said OpenAI did not notify it of a breach of security which took place in March 2023. and that it processed users’ personal information for ChatGPT training without having a sufficient legal basis to do…
A dual citizen of Russia and Israel has been indicted in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation from its inception in 2019 or around February 2024. Rostislav Panev51, was arrested in Israel earlier this August and is currently awaiting extradition, the US Department of Justice (DoJ) said in a statement. Based on transfers to a cryptocurrency wallet owned by Panev, he allegedly earned about $230,000 between June 2022 and February 2024. “For years, Rostislav Panev created and maintained a digital weapon that allowed his associates at LockBit to wreak havoc and…
The Lazarus Group, a notorious threat linked to the Democratic People’s Republic of Korea (DPRK), was seen using a “sophisticated infection chain” to target at least two employees of an unnamed nuclear-related organization over a one-month period in January 2024 The attacks culminated in the deployment of a new modular backdoor called CookiePlusare part of a long-running cyberespionage campaign known as Operation Dream Job, which is also being tracked as NukeSped by the cyber security company Kaspersky. He has been known to be active since at least 2020, when he was exposed by ClearSky. This activity often involves targeting developers…