Author: Admin
The US Federal Bureau of Investigation (FBI) on Monday announced a failure in the Internet infrastructure linked to a group of ransomware called Dispossessor (aka Radar). In the course of this work, three servers in the US, three servers in the UK, 18 German servers, eight criminal domains in the US and one criminal domain in Germany were dismantled. Dispossessor is said to be operated by an individual(s) who go by the internet alias “The Brain”. “Since its inception in August 2023, Radar/Dispossessor has rapidly evolved into an international ransomware group that targets and attacks small and medium-sized businesses and…
August 13, 2024Ravi LakshmananThreat Intelligence / Malware The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign masquerading as the Security Service of Ukraine to distribute malware with the ability to remotely access the desktop. The agency is tracking activity called UAC-0198. It is estimated that since July 2024, more than 100 computers have been infected, including those related to government agencies in the country. The attack chains involve mass email distribution to deliver a ZIP archive containing an MSI installer file that, when opened, deploys a malware called ANONVNC. ANONVNC, which is based on…
August 12, 2024Ravi LakshmananCyber Security / Network Security The FreeBSD project has released security updates to address critical flaws in OpenSSH that attackers could potentially use to execute arbitrary code remotely with elevated privileges. Vulnerability, tracked as CVE-2024-7589has a CVSS score of 7.4 out of a maximum of 10.0, indicating high severity. “The signal handler in sshd(8) may call a logging function that is not asynchronous signal safe,” the advisory says released last week. “The signal handler is called if the client is not authenticated within LoginGraceTime seconds (120 by default). This signal handler executes in the context of privileged…
After a good year of steady wealth, the hangover finally hit. This is a delicate option (for now) as the market adjusts the stock price of major players (like Nvidia, Microsoft and Google) while other players re-evaluate the market and adjust their priorities. Gartner calls this the trough of frustrationwhen interest wanes and implementations do not bring the promised breakthroughs. Technology makers shake up or fail. Investments continue only if the surviving vendors improve their products to the satisfaction of early adopters. Let’s make it clear that this will always be the case: the post-human revolution promised by AI proponents…
At least 94 percent of businesses will be affected by phishing attacks in 2023, a 40 percent increase from the previous year. study with Egress. What’s behind the surge in phishing? One popular answer is artificial intelligence, specifically generative artificial intelligence, which has made it significantly easier for threat actors to create content they can use in phishing campaigns, such as malicious emails and, in more sophisticated cases, deepfake video. Also, AI can help write malicious software that threat actors often install on their victims’ computers and servers as part of phishing campaigns. Phishing as a serviceor PhaaS, is another…
August 12, 2024Ravi LakshmananCritical Infrastructure / Vulnerability Cybersecurity researchers have discovered a series of security flaws in photovoltaic system management platforms operated by Chinese companies Solarman and Deye that could allow attackers to cause failures and power outages. “If exploited, these vulnerabilities could allow an attacker to control inverter settings that could disable part of the network, potentially causing outages,” Bitdefender researchers said. said in an analysis published last week. The vulnerabilities were patched by Solarman and Deye as of July 2024 following a responsible disclosure on May 22, 2024. A Romanian cybersecurity vendor that analyzed two PV monitoring and…
August 12, 2024Ravi LakshmananOperational Technology / Network Security Security vulnerabilities have been discovered in the Ewon Cozy+ industrial remote access solution that can be exploited to gain root privileges on devices and orchestrate subsequent attacks. Elevated access can then be used to decrypt encrypted firmware files and encrypted data such as passwords in configuration files, and even obtain properly signed X.509 VPN certificates for foreign devices to hijack their VPN sessions. “This allows attackers to hijack VPN sessions, which creates significant security risks for Cozy+ users and the surrounding industrial infrastructure,” SySS GmbH security researcher Moritz Abrell. said in a…
August 12, 2024Ravi LakshmananCloud Security / Malware The Russian government and IT organizations are being targeted by a new company that is delivering a series of backdoors and trojans in a phishing campaign codenamed East Wind. Attack chains are characterized by the use of RAR archive attachments containing a Windows Shortcut (LNK) file which, when opened, activates an infection sequence that culminates in the deployment of malware such as GrewApacha, an updated version CloudSorcerer backdoor, and a previously undocumented implant called PlugY. PlugY “is downloaded through the CloudSorcerer backdoor, has an extensive set of commands, and supports three different protocols…
August 11, 2024Ravi LakshmananSupply Chain / Software Security Cybersecurity researchers have discovered a new malicious package in the Python Package Index (PyPI) repository that pretends to be the Solana blockchain platform library, but is actually designed to steal victims’ secrets. “The legitimate Solana Python API project is known as “solana-py” on GitHub, but simply “brine”in the Python software registry, PyPI,” Sonatype researcher Aks Sharma said in a report released last week. “This slight naming discrepancy was exploited by a threat actor who published the ‘solana-py’ project on PyPI.” The malicious package “solana-py” attracted a total of 1,122 downloads since published…
August 10, 2024Ravi LakshmananVulnerability / Mobile Security About 10 security flaws were discovered in Google Quick exchange a data transfer utility for Android and Windows that can be compiled to run a Remote Code Execution (RCE) chain on systems where the software is installed. “The Quick Share app implements its own application-level communication protocol to support file transfers between nearby compatible devices,” SafeBreach Labs researchers Or Yair and Shmuel Cohen said in a technical report shared with The Hacker News. “By investigating how the protocol works, we were able to explain and identify logic within the Quick Share Windows application…