Author: Admin
Duplicated new side channel attack PIXHEL can be abused to target air-gapped computers, breaking the “sound gap” and stealing sensitive information by taking advantage of the noise created by the pixels on the screen. “Malware in airgap and audiogap computers creates engineered pixel patterns that produce noise in the 0-22kHz frequency range,” Dr. Mordechai Gurihead of the Offensive Cyber Research Laboratory at the Department of Software Development and Information Systems at Ben-Gurion University of the Negev in Israel, said in a newly published newspaper. “The malicious code uses the sound created by the coils and capacitors to control the frequencies…
September 10, 2024Ravi LakshmananMalware / cyber espionage Three China-linked threat clusters have been seen compromising more government organizations in Southeast Asia in a renewed state-sponsored code-named operation Raspberry Palacewhich indicates the expansion of espionage activities. Cybersecurity firm Sophos, which is tracking the cyberattack, said it consisted of three sets of intrusions, tracked as Cluster Alpha (STAC1248), Cluster Bravo (STAC1870) and Cluster Charlie (STAC1305). STAC is an acronym for “security threat cluster”. “Attackers consistently used other compromised organizational and public networks in this region to deliver malware and tools under the guise of a trusted access point,” security researchers Mark Parsons,…
Shadow apps, a segment of Shadow IT, are SaaS apps purchased without the knowledge of the security team. Although these programs may be legitimate, they operate in the blind spots of the corporate security team and expose the company to attackers. Shadow programs can include instances of software that the company already uses. For example, a development team can create their own GitHub instance to keep their work separate from other developers. They can justify the purchase by pointing out that GitHub is an approved add-on because it is already being used by other teams. However, because the new instance…
September 10, 2024Ravi LakshmananCyber attack / malware The threat actor is tracked as Mustang Panda refined its malware arsenal to include new tools to facilitate data theft and deployment of next-stage payloads, according to new findings from Trend Micro. A cyber security firm that tracks a cluster of activity called Earth Preta said it observed “the distribution of PUBLOAD via a variant of the HIUPAN worm.” PUBLOAD is a known bootloader malware associated with Mustang Panda since early 2022, deployed as part of cyberattacks targeting government organizations in the Asia Pacific (APAC) region to deliver PlugX malware. “PUBLOAD was also…
September 9, 2024Ravi LakshmananVulnerability / hardware security A new side-channel attack has been found to use radio signals emanating from a device’s random access memory (RAM) as a data-stealing mechanism, posing a threat to air-gapped networks. The equipment received a code name RAMBO Dr. Mordechai Guri, Head of the Offensive Cyber Research Laboratory, Department of Software Engineering and Information Systems, Ben-Gurion University of the Negev in Israel. “Using radio signals generated by the software, malware can encode sensitive information such as files, images, keylogs, biometric information and encryption keys,” said Dr. Guri. said in a recently published research paper. “Using…
September 9, 2024Ravi LakshmananCyber espionage / malware The China-linked Advanced Persistent Threat Group (APT), known as Mustang Panda was seen using Visual Studio Code software as a weapon in espionage operations targeting government entities in Southeast Asia. “This threat actor used the built-in reverse shell functionality of Visual Studio Code to gain a foothold in the target networks,” said Tom Factorman, a researcher at Division 42 of Palo Alto Networks. said in the report, describing it as a “relatively new technique” that was demonstrated for the first time in September 2023 by Truvis Thornton. The company is valued as a…
September 9, 2024Ravi LakshmananFinancial Security / Malware Colombia’s insurance sector has become the target of a threat that is being tracked Blind eagle with the ultimate goal of delivering a customized version of a known commercial remote access trojan (RAT) known as the Quasar RAT from June 2024. “The attacks came from phishing emails impersonating the Colombian tax authority,” Gaetano Pellegrino, researcher at Zscaler ThreatLabz said in a new analysis published last week. Also Advanced Persistent Threat (APT). of course as AguilaCiega, APT-C-36 and APT-Q-98, has a track record of targeting organizations and individuals in South America, particularly related to…
September 9, 2024Hacker newsData protection / threat detection The proliferation of cyber security tools has created the illusion of security. Organizations often believe that by deploying firewalls, anti-virus software, intrusion detection systems, identity threat detection and responseand other tools, they are properly protected. However, this approach not only does not solve the main problem of the attack surface, but also creates a dangerous risk for third parties. The world of cybersecurity is constantly changing, and cybercriminals are becoming more sophisticated in their tactics. In response, organizations are investing heavily in cybersecurity tools, hoping to build an impregnable fortress around their…
September 9, 2024Hacker newsData Security / GenAI Security With increased productivity and innovative capabilities, GenAI has become the desktop betting tool for employees. Developers use it to write code, finance teams use it to analyze reports, and sales teams use it to create customer emails and assets. However, it is these capabilities that pose serious security risks. Register for our upcoming webinar to learn how to prevent GenAI data leaks When employees enter data into GenAI tools like ChatGPT, they often don’t distinguish between sensitive and non-sensitive data. Research on LayerX shows that one in three employees who use GenAI…
September 9, 2024Ravi LakshmananVulnerability / Enterprise Security Progress Software has released security updates for a maximum severity flaw in the LoadMaster and Multi-Tenant (MT) hypervisors that could lead to the execution of arbitrary operating system commands. Tracked as CVE-2024-7591 (CVSS score: 10.0), the vulnerability was described as a typo validation error that leads to the execution of an OS command. “Unauthenticated remote attackers with access to the LoadMaster management interface could issue a carefully crafted http request that would allow the execution of arbitrary system commands,” the company said in a statement. said in a consultation last week. “This vulnerability…