Author: Admin
Hacking LLM coders Really interesting research: “An Easy-to-Launch Backdoor Attack Using LLM on Code Completion Models: Introducing Masked Vulnerabilities vs. Strong Detection”: Abstract: Large Language Models (LLM) transformed the code of com-performing tasks, providing contextual suggestions to improve developer productivity in software engineering. Because users often tune these models for specific applications, poisoning and backdoor attacks can secretly change the results of the models. To address this critical security challenge, we present CODEBREAKER, a ground-breaking backdoor attack framework using LLM on the code completion model. Unlike recent attacks that embed malicious payloads into exposed or irrelevant sections of code (e.g.…
The ongoing phishing campaign uses copyright-related themes to trick victims into downloading a newer version of the Rhadamanthys info stealer from July 2024. Cybersecurity firm Check Point is tracking a massive campaign called CopyRh(ight)adamantys. Target regions include the US, Europe, East Asia, and South America. “The company simulates dozens of campaigns, while each email is sent to a specific target organization from a different Gmail account, tailoring the simulated campaign and language to each target organization,” the company said in a statement. said in technical analysis. “Almost 70% of shell companies belong to the entertainment / media and technology /…
Tactics, methods and procedures (TTP) form the basis of modern defense strategies. Unlike indicators of intrusion (IOC), TTPs are more stable, making them a reliable way to identify specific cyber threats. Here are some of the most commonly used methods, according to ANY.RUN’s Q3 2024 report on malware trends with real-world examples. Disable Windows Event Log (T1562.002) Violating Windows Event Logging helps attackers prevent the system from recording critical information about their malicious activities. Without event logs, important details like login attempts, file modifications, and system changes go unrecorded, leaving incomplete or missing data for security solutions and analytics. Windows…
November 7, 2024Ravi LakshmananVulnerability / wireless technology Cisco has released security updates to address a maximum severity security flaw affecting Ultra-Reliable Wireless Backhaul (URWB) access points that could allow unauthenticated remote attackers to execute elevated-privilege commands. Tracked as CVE-2024-20418 (CVS score: 10.0), the vulnerability was described as resulting from a lack of input validation in the Cisco Unified Industrial Wireless Software web management interface. “An attacker could exploit this vulnerability by sending crafted HTTP requests to the web management interface of an affected system,” Cisco said in an advisory issued Wednesday. “A successful exploit could allow an attacker to execute…
November 7, 2024Ravi LakshmananNational Security / Social Networks The Canadian government on Wednesday ordered TikTok, owned by ByteDance, to stop operating in the country, citing national security risks, but stopped short of banning the popular video-sharing platform. “The decision was based on information and evidence gathered during the review, as well as recommendations from the Canadian Security and Intelligence Service and other government partners,” said Francois-Philippe Champagne, Minister of Innovation, Science and Industry. said in the statement. The government said it has no intention of blocking Canadians’ access to the app itself or restricting their ability to create new content,…
November 6, 2024Ravi LakshmananSaaS Security / Threat Detection Duplicate threat campaign VEILDrive was seen using legitimate Microsoft services, including Teams, SharePoint, Quick Assist and OneDrive, as part of its modus operandi. “Using Microsoft SaaS services — including Teams, SharePoint, Quick Assist and OneDrive — the attacker used the trusted infrastructure of previously compromised organizations to spread phishing attacks and store malware,” Israeli cybersecurity firm Hunters said. said in a new report. “This cloud-centric strategy allowed the threat actor to avoid detection by conventional monitoring systems.” Hunters said they discovered the company in September 204 after it responded to a cyber…
November 6, 2024Ravi LakshmananMalware / Internet Security Cybersecurity researchers warn that a command and control (C&C) system called Vinos distributed in game-related applications such as installers, speed boosters, and optimization utilities. “Winos 4.0 is an advanced malware framework that offers comprehensive functionality, a stable architecture, and effective control over multiple online endpoints for further action.” – Fortinet FortiGuard Labs said in a report shared with The Hacker News. “Rebuilt from v Gh0st RATit includes several modular components, each of which performs a different function.’ Winos 4.0 distribution campaigns were documented in June by Trend Micro and the KnownSec 404 team.…
Budget season is upon us, and everyone in your organization is fighting for their piece of the pie. Each year, each department has a favorite project that they present as absolutely critical to profitability, business continuity, and quite possibly the future of humanity itself. And there is no doubt that some of them are maybe mission critical. But as cybersecurity professionals, we understand that deploying a viable CTEM (Managing continuous threat exposure) program actually there is. In any given year, investments in cybersecurity are a tough budget sell—they’re hard to quantify and don’t always translate to increased revenue or reduced…
IoT devices in a password spraying botnet Microsoft is a warning Users of the Azure cloud believe that a Chinese-controlled botnet is “very sneaky” about spraying passwords. Not sure about the “very elusive” part; methods seem to be basically what you get in a distributed password-picking attack: “Any threat actor using the CovertNetwork-1658 infrastructure can conduct password spraying campaigns on a larger scale and significantly increase the likelihood of successfully compromising credentials and gaining initial access to multiple organizations in a short period of time,” Microsoft officials wrote. “This scale, combined with the rapid operational turnover of compromised credentials between…
November 6, 2024Ravi LakshmananCyber Threat / Cyber Crime On Tuesday, INTERPOL said it had taken down more than 22,000 malicious servers linked to various cyber threats in a global operation. The coordinated effort, dubbed Operation Synergia II, ran from April 1 to August 31, 2024, and targeted phishing, ransomware and information-stealing infrastructure. “Of the approximately 30,000 suspicious IP addresses identified, 76 percent were eliminated and 59 servers were seized,” Interpol said. said. “In addition, 43 electronic devices were seized, including laptops, mobile phones and hard drives.” The actions also led to the arrest of 41 people, with another 65 people…