Author: Admin
September 11, 2024Ravi LakshmananMalware / software development Cybersecurity researchers have discovered a new set of malicious Python packages targeting software developers under the guise of coding assessments. “The new samples were tracked in GitHub projects that were linked to previous targeted attacks in which developers are lured with fake interviews,” ReversingLabs researcher Carlo Zanchi said. said. This activity was evaluated as part of an ongoing campaign called VMConnect that was born for the first time in August 2023. There is testimony that it is the handiwork of the Lazarus Group, which is supported by North Korea. The use of interviewing…
September 11, 2024Ravi LakshmananEnterprise Security / Vulnerability Ivanti has released software updates for address multiple security flaws affecting Endpoint Manager (EPM), including 10 critical vulnerabilities that could lead to remote code execution. A brief description of the problems is as follows: CVE-2024-29847 (CVSS Score: 10.0) – Untrusted data deserialization vulnerability allows a remote, unauthenticated attacker to achieve code execution. CVE-2024-32840, CVE-2024-32842, CVE-2024-32843, CVE-2024-32845, CVE-2024-32846, CVE-2024-32848, CVE-2024-34779, CVE-2024-34783, and CVE-2024-32848. 2024-34785 (CVSS Score: 9.1) – Multiple unspecified SQL injection vulnerabilities that allow an attacker with authenticated administrator privileges to achieve remote code execution The vulnerabilities affect EPM versions 2024 and 2022…
September 11, 2024Ravi LakshmananWindows Security/Vulnerabilities Microsoft on Tuesday opened that three new security vulnerabilities affecting the Windows platform were actively exploited as part of the September 2024 Patch Tuesday update. The monthly security release addresses a total of 79 vulnerabilities, of which seven are rated critical, 71 are important, and one is rated moderate. It is aside from 26 disadvantages which the tech giant decided on its Chromium-based Edge browser after releasing a patch on Tuesday last month. The three vulnerabilities that have been exploited in a malicious context are listed below, along with the bug that Microsoft considers an…
A threat actor known as CosmicBeetle has debuted a new special ransomware called ScRansom in attacks targeting small and medium-sized businesses (SMBs) in Europe, Asia, Africa and South America, and is believed to be operating as an affiliate for RansomHub. “CosmicBeetle has replaced its previously deployed Scarab ransomware with ScRansom, which is constantly being improved,” ESET researcher Jakub Soucek said in a new analysis published today. “Without being first-rate, a threat actor can compromise targets of interest.” The targets of ScRansom attacks are the manufacturing, pharmaceutical, legal, education, healthcare, technology, hospitality, leisure, financial services and regional government sectors. CosmicBeetle is…
Duplicated new side channel attack PIXHEL can be abused to target air-gapped computers, breaking the “sound gap” and stealing sensitive information by taking advantage of the noise created by the pixels on the screen. “Malware in airgap and audiogap computers creates engineered pixel patterns that produce noise in the 0-22kHz frequency range,” Dr. Mordechai Gurihead of the Offensive Cyber Research Laboratory at the Department of Software Development and Information Systems at Ben-Gurion University of the Negev in Israel, said in a newly published newspaper. “The malicious code uses the sound created by the coils and capacitors to control the frequencies…
September 10, 2024Ravi LakshmananMalware / cyber espionage Three China-linked threat clusters have been seen compromising more government organizations in Southeast Asia in a renewed state-sponsored code-named operation Raspberry Palacewhich indicates the expansion of espionage activities. Cybersecurity firm Sophos, which is tracking the cyberattack, said it consisted of three sets of intrusions, tracked as Cluster Alpha (STAC1248), Cluster Bravo (STAC1870) and Cluster Charlie (STAC1305). STAC is an acronym for “security threat cluster”. “Attackers consistently used other compromised organizational and public networks in this region to deliver malware and tools under the guise of a trusted access point,” security researchers Mark Parsons,…
Shadow apps, a segment of Shadow IT, are SaaS apps purchased without the knowledge of the security team. Although these programs may be legitimate, they operate in the blind spots of the corporate security team and expose the company to attackers. Shadow programs can include instances of software that the company already uses. For example, a development team can create their own GitHub instance to keep their work separate from other developers. They can justify the purchase by pointing out that GitHub is an approved add-on because it is already being used by other teams. However, because the new instance…
September 10, 2024Ravi LakshmananCyber attack / malware The threat actor is tracked as Mustang Panda refined its malware arsenal to include new tools to facilitate data theft and deployment of next-stage payloads, according to new findings from Trend Micro. A cyber security firm that tracks a cluster of activity called Earth Preta said it observed “the distribution of PUBLOAD via a variant of the HIUPAN worm.” PUBLOAD is a known bootloader malware associated with Mustang Panda since early 2022, deployed as part of cyberattacks targeting government organizations in the Asia Pacific (APAC) region to deliver PlugX malware. “PUBLOAD was also…
September 9, 2024Ravi LakshmananVulnerability / hardware security A new side-channel attack has been found to use radio signals emanating from a device’s random access memory (RAM) as a data-stealing mechanism, posing a threat to air-gapped networks. The equipment received a code name RAMBO Dr. Mordechai Guri, Head of the Offensive Cyber Research Laboratory, Department of Software Engineering and Information Systems, Ben-Gurion University of the Negev in Israel. “Using radio signals generated by the software, malware can encode sensitive information such as files, images, keylogs, biometric information and encryption keys,” said Dr. Guri. said in a recently published research paper. “Using…
September 9, 2024Ravi LakshmananCyber espionage / malware The China-linked Advanced Persistent Threat Group (APT), known as Mustang Panda was seen using Visual Studio Code software as a weapon in espionage operations targeting government entities in Southeast Asia. “This threat actor used the built-in reverse shell functionality of Visual Studio Code to gain a foothold in the target networks,” said Tom Factorman, a researcher at Division 42 of Palo Alto Networks. said in the report, describing it as a “relatively new technique” that was demonstrated for the first time in September 2023 by Truvis Thornton. The company is valued as a…