%2Fcdn.vox-cdn.com%2Fuploads%2Fchorus_asset%2Ffile%2F25588987%2F511820410.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
Telegram says CEO has ‘nothing to hide’ after being arrested in France
The messaging app says “it is absurd to claim that a platform or its owner are responsible for abuse of that platform” after CEO Pavel Durov was arrested by French authorities.
The gift that keeps on giving: A new opportunistic Log4j campaign
In this post, we analyze a new opportunistic exploitation campaign based on the Log4j vulnerability.
BlackSuit Ransomware
- In December 2023, we observed an intrusion that started with the execution of a Cobalt Strike beacon and ended in the deployment of BlackSuit ransomware. The threat actor leveraged various tools, including Sharphound, Rubeus, SystemBC, Get-DataInfo.ps1, Cobalt Strike, and ADFind, along with built-in system tools. Command and control traffic was proxied through CloudFlare to conceal their Cobalt Strike server. Fifteen days after initial access, BlackSuit ransomware was deployed by copying files over SMB to admin shares and executing them through RDP sessions. Three rules were added to our private ruleset related to this case.
MacOS X Malware Development
In today’s post, We’ll explore the process of designing and developing malware for macOS, which is a Unix-based operating system. We’ll use a classic approach to understanding Apple’s internals. To follow along, you should have a basic understanding of exploitation, as well as knowledge of C and Python programming, and some familiarity with low-level assembly language. While the topics may be advanced, I’ll do my best to present them smoothly.
OpenSSH Backdoors
Imagine this: an OpenSSH backdoor is discovered, maintainers rush to push out a fixed release package, security researchers trade technical details on mailing lists to analyze the backdoor code. Speculation abounds on the attribution and motives of the attacker, and the tech media pounces on the story. A near miss of epic proportions, a blow to the fabric of trust underlying open source development, a stark reminder of the risks of supply-chain attacks. Equal measures brilliant and devious.
Unveiling sedexp: A Stealthy Linux Malware Exploiting udev Rules
Stroz Friedberg identified a stealthy malware, dubbed “sedexp,” utilizing Linux udev rules to achieve persistence and evade detection. This advanced threat, active since 2022, hides in plain sight while providing attackers with reverse shell capabilities and advanced concealment tactics.
Microsoft Copilot Studio Vulnerability Led to Information Disclosure
A vulnerability in Microsoft Copilot Studio could be exploited to access sensitive information on the internal infrastructure used by the service, Tenable reports. The flaw, tracked as CVE-2024-38206 (CVSS score of 8.5) and described as a ‘critical’ information disclosure bug, has been fully mitigated, Microsoft said in an August 6 advisory.
Major Backdoor in Millions of RFID Cards Allows Instant Cloning
French security services firm Quarkslab has made an eye-popping discovery: a significant backdoor in millions of contactless cards made by Shanghai Fudan Microelectronics Group, a leading chip manufacturer in China.
Xeon Sender | SMS Spam Shipping Multi-Tool Targeting SaaS Credentials
Cloud attack tool has been repurposed by multiple threat actors to push SMS spam and smishing campaigns through major SaaS providers.
Finding Malware: Unveiling NUMOZYLOD with Google Security Operations
Welcome to the Finding Malware Series The “Finding Malware,“ blog series is authored to empower the Google Security Operations community to
TodoSwift Disguises Malware Download Behind Bitcoin PDF
A new piece of malware that we're calling TodoSwift downloads its malicious payload alongside a seemingly legitimate piece of content about cryptocurrency.
Cthulhu Stealer malware aimed to take macOS user data
Researchers have discovered another data-seizing macOS malware, with "Cthulhu Stealer" sold to online criminals for just $500 a month.
From the Depths: Analyzing the Cthulhu Stealer Malware for macOS
Cado Security has identified a malware-as-a-service (MaaS) targeting macOS users named “Cthulhu Stealer”.
FIN7: The Truth Doesn't Need to be so STARK
First and foremost, our thanks go to the threat research team at Silent Push and the security team at Stark Industries Solutions (referred to as “Stark” from this point forwards) for their enthusiastic cooperation in the ‘behind the scenes’ efforts of this blog post.IntroductionIn our opening statement, we also introduce the subject of this post: the cross-team and cross-organization collaborative efforts of Silent Push, Stark, and Team Cymru in taking action against a common and well-known adve
Qilin ransomware caught stealing credentials stored in Google Chrome
Familiar ransomware develops an appetite for passwords to third-party sites
NGate Android malware relays NFC traffic to steal cash
ESET Research uncovers Android malware that relays NFC data from victims’ payment cards, via victims’ mobile phones, to the device of a perpetrator waiting at an ATM.
%2Fcdn.vox-cdn.com%2Fuploads%2Fchorus_asset%2Ffile%2F25584373%2F247226_AI_Pixel_Reality_CVirginia_3.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2){kind=tracking}
No one’s ready for this
With AI photo editing getting easy and convincing, the world isn’t prepared for an era where photographs aren’t to be trusted.
Security Advisory CVE-2024-40766
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
SolarWinds Trust Center Security Advisories | CVE-2024-28987
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
Windows 0-day was exploited by North Korea to install advanced rootkit
FudModule rootkit burrows deep into Windows, where it can bypass key security defenses.
Litespeed Cache bug exposes millions of WordPress sites to takeover attacks
A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts. #Admin #Cache #Computer #InfoSec #LiteSpeed #Plugin #Security #Takeover #Website #WordPress
Iran Reportedly Grapples With Major Cyberattack on Banking Systems
The last known cyberattack waged against Iranian infrastructure took place last December with blame placed on Israel and the US.
Widespread Cloud Exposure: Extortion Campaign Used Exposed AWS ENV Files To Target 110,000 Domains
A cloud extortion campaign exploited misconfigured AWS .env files to target 110,000 domains, stealing credentials and ransoming cloud storage data.
Microchip August 20, 2024
Chipmaker Microchip reveals cyber attack
Defense contractor gets hacked – what's the worst that could happen
MITRE Marks Major Milestone, Minting 400 CNAs as NVD Backlog Grows - Socket
MITRE has just minted its 400th CNA, as the NVD struggles to tame its backlog of CVEs awaiting analysis, which has increased by 30% since June.
Data Exfiltration from Slack AI via indirect prompt injection
This vulnerability can allow attackers to steal anything a user puts in a private Slack channel by manipulating the language model used for content generation. This was responsibly disclosed to Slack (more details in Responsible Disclosure section at the end).
The Abuse of ITarian RMM by Dolphin Loader
Looking into the abuse of ITarian RMM and introducing Dolphin Loader
Toyota confirms breach after stolen data leaks on hacking forum
Toyota confirmed that its network was breached after a threat actor leaked an archive of 240GB of data stolen from the company's systems on a hacking forum.
Routers from China-based TP-Link a national security threat, US lawmakers claim
The two members of Congress called on the Commerce Department to investigate risks related to TP-Link routers amid concerns over state-backed Chinese hacking operations.