Author: Admin
November 8, 2024Ravi LakshmananCyber espionage / threat intelligence High-profile organizations in India have been targeted by malicious campaigns organized by Pakistan Transparent tribe threat actor and previously unknown cyber espionage group with China Nexus called IcePeony. The intrusions linked to Transparent Tribe include the use of malware called ElizaRAT and a new stealth payload called ApoloStealer on specific victims of interest, Check Point said in a white paper published this week. “The ElizaRAT samples point to the systematic abuse of cloud services, including Telegram, Google Drive and Slack, to facilitate command-and-control communication,” the Israeli company said. said. ElizaRAT is a…
The AI industry is trying to undermine the definition of “open source AI” The Open Source Initiative has published (article in the news here) their definition of “open source AI” and that terrible. It enables secret training data and mechanisms. This allows development to be done in secret. Since the training data for neural networks there is the source code is how the model is programmed – the definition doesn’t make sense. And it’s confusing; most open source AI models, such as LLAMA, are open source in name only. But OSI appears to have been co-opted by industry players who…
November 8, 2024Hacker newsCyber Security Awareness / Webinar Let’s face it: traditional security training can be just as exciting as reading the fine print on software updates. It’s routine, predictable, and, let’s be honest, often forgotten about once it’s over. Now imagine cyber security training as memorable as your favorite show. Remember how “Hamilton” brought history to life, or how “The Office” taught us CPR (stay alive, anyone?)? That’s the transformative power of storytelling—and that’s exactly what Huntress Managed Security Awareness Training (SAT) brings to cybersecurity. Why storytelling is the secret weapon in safety education: The human brain is made…
November 8, 2024Ravi LakshmananMalware / Virtualization Cybersecurity researchers have identified a new malware campaign that infects Windows systems with a virtual instance of Linux that contains a backdoor capable of establishing remote access to compromised hosts. An “intriguing” campaign under a code name CROWN#TRAPstarts with a malicious Windows Shortcut (LNK) file, which is likely distributed as a ZIP archive via a phishing email. “What makes the CRON#TRAP campaign of particular concern is that the emulated Linux instance comes with a preconfigured backdoor that automatically connects to the attacker’s command and control (C2) server,” Securonix researchers Dan Yuzwick and Tim Peck…
November 8, 2024Ravi LakshmananVulnerability / Network Security The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added A critical security flaw affecting Palo Alto Networks’ expedition to its known vulnerabilities is now fixed (KEV) catalog with reference to evidence of active operation. Vulnerability, tracked as CVE-2024-5910 (CVSS Score: 9.3), addresses a case of missing authentication in the Expedition migration tool, which could lead to the hijacking of the administrator account. “Palo Alto Expedition contains a missing authentication vulnerability that could allow an attacker with network access to hijack an Expedition administrator account and potentially gain access to configuration secrets,…
November 7, 2024Ravi LakshmananVulnerability / Cloud Security Cybersecurity researchers discovered a malicious package in the Python Package Index (PyPI) that accumulated thousands of downloads over three years while stealing developers’ Amazon Web Services (AWS) credentials. Package in Review”factory,” which prints a popular Python library known as “fabric” which is for remote execution of shell commands via SSH. While the legitimate package had over 202 million downloads, its malicious counterpart had downloaded over 37,100 times to date. At the time of writing, fabrice is still available for download from PyPI. It was first published in March 2021. The typosquatting package is…
November 7, 2024Ravi LakshmananThreat Intelligence / Cyber Espionage The China-related threats, known as MirrorFace, have been seen targeting a diplomatic organization in the European Union, marking the first time a hacking team has targeted an organization in the region. “During this attack, the threat actor used the upcoming World Expo 2025 in Osaka, Japan as bait,” ESET said in a statement. said in its report on APT activities for the period April to September 2024. “This shows that even with the new geographic focus, MirrorFace remains focused on Japan and related events.” MirrorFace, also tracked as Land of Kashis estimated…
LLM Proactive Defense Against Cyber Attacks An interesting study: “Hacking the AI hacker: Rapid injection as a defense against LLM-driven cyberattacks”: Large language models (LLMs) are increasingly being used to automate cyberattacks, making complex exploits more accessible and scalable. In response, we propose a new defense strategy designed to combat LLM-driven cyberattacks. We present Mantis, a defense framework that exploits LLM’s competitive input vulnerability to undermine malicious operations. When detecting an automated cyberattack, Mantis carefully injects input into the system’s responses, forcing the attacker’s LLM to disrupt its own operations (passive defense) or even compromise the attacker’s machine (active defense).…
November 7, 2024Hacker newsPassword Security / Network Security Protecting your organization’s security is like fortifying a castle – you need to understand where attackers will attack and how they will try to breach your walls. And hackers are always looking for weak points, whether it’s a lax password policy or a forgotten backdoor. To create a stronger defense, you must think like a hacker and anticipate their actions. Read on to learn more about hackers’ password cracking strategies, the vulnerabilities they exploit, and how you can strengthen your defenses to prevent them. Analysis of the worst passwords Commonly used weak…
A threat actor linked to the Democratic People’s Republic of Korea (DPRK) has been observed targeting cryptocurrency-related businesses with multi-stage malware capable of infecting Apple macOS devices. Cyber security company SentinelOne, which christened the company Hidden riskattributed it with high confidence to BlueNoroff, which has previously been linked to malware families such as RustBucket, CANDY CORN, ObjCShellz, RustBy (aka A thief’s bucket), and TodoSwift. Researchers Rafael Sabato, Phil Stokes, and Tom Hegel use emails spreading fake news about cryptocurrency trends to infect targets through a malicious application disguised as a PDF file. said in a report shared with The Hacker…