cyberveille.decio.ch

cyberveille.decio.ch

7248 bookmarks
Custom sorting
Gaming Engines: An Undetected Playground for Malware Loaders
Gaming Engines: An Undetected Playground for Malware Loaders
  • Check Point Research discovered a new technique taking advantage of Godot Engine, a popular open-source game engine, to execute crafted GDScript, code which triggers malicious commands and delivers malware. The technique remains undetected by almost all antivirus engines in VirusTotal. Check Point identified GodLoader, a loader that employs this new technique. The threat actor behind this malware has been utilizing it since June 29, 2024, infecting over 17,000 machines The malicious GodLoader is distributed by the Stargazers Ghost Network, a GitHub network that distributes malware as a service. Throughout September and October, approximately 200 repositories and over 225 Stargazers were used to legitimize the repositories distributing the malware. This new technique allows threat actors to target and infect devices across multiple platforms, such as Windows, macOS, Linux, Android, and iOS. Check Point Research demonstrates how this multi-platform technique can successfully drop payloads in Linux and MacOS. * A potential attack can target over 1.2 million users of Godot-developed games. These scenarios involve taking advantage of legitimate Godot executables to load malicious scripts in the form of mods or other downloadable content.
·research.checkpoint.com·
Gaming Engines: An Undetected Playground for Malware Loaders
Python Crypto Library Updated to Steal Private Keys
Python Crypto Library Updated to Steal Private Keys
Yesterday, Phylum's automated risk detection platform discovered that the PyPI package aiocpa was updated to include malicious code that steals private keys by exfiltrating them through Telegram when users initialize the crypto library. While the attacker published this malicious update to PyPI, they deliberately kept the package's GitHub repository clean
·blog.phylum.io·
Python Crypto Library Updated to Steal Private Keys
Gergely's hack blog – badmalloc (CVE-2023-32428) - a macOS LPE
Gergely's hack blog – badmalloc (CVE-2023-32428) - a macOS LPE
I recently realised that I still owe you guys some writeups, so since OBTSv7 is around the corner here's the one for badmalloc. I found this back in March 2023, and it got fixed in October. About the bug There's a bug in MallocStackLogging, Apple's "magical" framework that allows developers …
·gergelykalman.com·
Gergely's hack blog – badmalloc (CVE-2023-32428) - a macOS LPE
The hidden network report
The hidden network report
Since February 2024, the World Watch Cyber Threat Intelligence team has been working on an extensive study of the private and public relationships within the Chinese cyber offensive ecosystem. This includes: An online map showcasing the links between 300+ entities; Historical context on the Chinese state entities dedicated to cyber offensive operations; An analysis of the role of universities and private companies in terms of capacity building; A focus on the ecosystem facilitating the acquisition of vulnerabilities for government use in cyber espionage campaigns.
·research.cert.orangecyberdefense.com·
The hidden network report
When Guardians Become Predators: How Malware Corrupts the Protectors
When Guardians Become Predators: How Malware Corrupts the Protectors
We often trust our security software to stand as an unbreakable wall against malware and attacks, but what happens when that very wall is weaponized against us? Our Trellix Advanced Research Center team recently uncovered a malicious campaign that does just that. Instead of bypassing defenses, this malware takes a more sinister route: it drops a legitimate Avast Anti-Rootkit driver (aswArPot.sys) and manipulates it to carry out its destructive agenda. The malware exploits the deep access provided by the driver to terminate security processes, disable protective software, and seize control of the infected system.
·trellix.com·
When Guardians Become Predators: How Malware Corrupts the Protectors
UK drinking water supplies disrupted by record number of undisclosed cyber incidents
UK drinking water supplies disrupted by record number of undisclosed cyber incidents
A record number of cyber incidents impacted Britain’s critical drinking water supplies this year without being publicly disclosed, according to information obtained by Recorded Future News. The exact nature of these incidents is unclear, and they may include operational failures as well as attacks. Under British cybersecurity laws — known as the NIS Regulations — critical infrastructure companies are required to report “significant incidents” to the government within three days or face a fine of up to £17 million ($21 million).
·therecord.media·
UK drinking water supplies disrupted by record number of undisclosed cyber incidents
China-Nexus TAG-112 Compromises Tibetan Websites to Distribute Cobalt Strike
China-Nexus TAG-112 Compromises Tibetan Websites to Distribute Cobalt Strike
In a recent cyber campaign, the Chinese state-sponsored threat group TAG-112 compromised two Tibetan websites, Tibet Post and Gyudmed Tantric University, to deliver the Cobalt Strike malware. Recorded Future’s Insikt Group discovered that the attackers embedded malicious JavaScript in these sites, which spoofed a TLS certificate error to trick visitors into downloading a disguised security certificate. This malware, often used by threat actors for remote access and post-exploitation, highlights a continued cyber-espionage focus on Tibetan entities. TAG-112’s infrastructure, concealed using Cloudflare, links this campaign to other China-sponsored operations, particularly TAG-102 (Evasive Panda).
·recordedfuture.com·
China-Nexus TAG-112 Compromises Tibetan Websites to Distribute Cobalt Strike
Fintech Giant Finastra Investigating Data Breach
Fintech Giant Finastra Investigating Data Breach
The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company.
·krebsonsecurity.com·
Fintech Giant Finastra Investigating Data Breach
Apple fixes two zero-days used in attacks on Intel-based Macs
Apple fixes two zero-days used in attacks on Intel-based Macs
Apple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems. "Apple is aware of a report that this issue may have been exploited," the company said in an advisory issued on Tuesday. The two bugs were found in the macOS Sequoia JavaScriptCore (CVE-2024-44308) and WebKit (CVE-2024-44309) components of macOS.
·bleepingcomputer.com·
Apple fixes two zero-days used in attacks on Intel-based Macs
Qualys TRU Uncovers Five Local Privilege Escalation Vulnerabilities in needrestart | Qualys Security Blog
Qualys TRU Uncovers Five Local Privilege Escalation Vulnerabilities in needrestart | Qualys Security Blog
The Qualys Threat Research Unit (TRU) has identified five Local Privilege Escalation (LPE) vulnerabilities within the needrestart component, which is installed by default on Ubuntu Server. These vulnerabilities can be exploited by any unprivileged user to gain full root access without requiring user interaction. The identified flaws have been assigned the CVE identifiers CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003, highlighting the need for immediate remediation to protect system integrity. Our TRU team has successfully developed functional exploits for these vulnerabilities. While we will not disclose our exploits, please be aware that these vulnerabilities are easily exploitable, and other researchers may release working exploits shortly following this coordinated disclosure. These vulnerabilities have been present since the introduction of interpreter support in needrestart version 0.8, released in April 2014.
·blog.qualys.com·
Qualys TRU Uncovers Five Local Privilege Escalation Vulnerabilities in needrestart | Qualys Security Blog
Feds Charge Five Men in ‘Scattered Spider’ Roundup – Krebs on Security
Feds Charge Five Men in ‘Scattered Spider’ Roundup – Krebs on Security
Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp, Okta,…
·krebsonsecurity.com·
Feds Charge Five Men in ‘Scattered Spider’ Roundup – Krebs on Security