0 Comments
Apr 06, 2024NewsroomSkimmer / Threat Intelligence Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been described by Adobe as a case of “improper neutralization of special elements” that could pave the way for arbitrary code
0 Comments
Chinese threat actors have developed new techniques to move laterally post-exploitation of Ivanti vulnerabilities, new research from Mandiant has revealed. Five suspected China-nexus espionage groups’ activity has been detailed by Mandiant in a blog post, dated April 4. The activity follows the exploitation of the CVE-2023-46805, CVE-2024-21887 and CVE-2024-21893 vulnerabilities, which were previously identified in
0 Comments
Apr 05, 2024NewsroomArtificial Intelligence / Supply Chain Attack New research has found that artificial intelligence (AI)-as-a-service providers such as Hugging Face are susceptible to two critical risks that could allow threat actors to escalate privileges, gain cross-tenant access to other customers’ models, and even take over the continuous integration and continuous deployment (CI/CD) pipelines. “Malicious
0 Comments
A suspected Vietnamese-origin threat actor has been observed targeting victims in several Asian and Southeast Asian countries with malware designed to harvest valuable data since at least May 2023. Cisco Talos is tracking the cluster under the name CoralRaider, describing it as financially motivated. Targets of the campaign include India, China, South Korea, Bangladesh, Pakistan,
0 Comments
Microsoft has been blamed for “cascade of security failures” that enabled Chinese threat actors to access US government officials’ emails in the Summer of 2023, an independent report has concluded. The US Department of Homeland Security (DHS) published the Cyber Safety Review Board’s (CSRB) report into the incident on April 2, 2024, which found that
0 Comments
Apr 03, 2024NewsroomMobile Security / Zero Day Google has disclosed that two Android security flaws impacting its Pixel smartphones have been exploited in the wild by forensic companies. The high-severity zero-day vulnerabilities are as follows – CVE-2024-29745 – An information disclosure flaw in the bootloader component CVE-2024-29748 – A privilege escalation flaw in the firmware
0 Comments
Apr 02, 2024NewsroomFirmware Security / Vulnerability The malicious code inserted into the open-source library XZ Utils, a widely used package present in major Linux distributions, is also capable of facilitating remote code execution, a new analysis has revealed. The audacious supply chain compromise, tracked as CVE-2024-3094 (CVSS score: 10.0), came to light last week when
0 Comments
Nearly half (48%) of the UK’s small and medium-sized enterprises (SMEs) have lost access to data since 2019, potentially costing them billions, according to a new study from Beaming. The business ISP polled 504 UK-based business leaders about their data backup and cybersecurity strategies, as well as any incidents of data loss they experienced between
0 Comments
Apr 01, 2024NewsroomCryptocurrency / Financial Fraud The Indian government said it has rescued and repatriated about 250 citizens in Cambodia who were held captive and coerced into running cyber scams. The Indian nationals “were lured with employment opportunities to that country but were forced to undertake illegal cyber work,” the Ministry of External Affairs (MEA)
0 Comments
Reported data breach incidents rose by 34.5% in 2023, with over 17 billion personal records compromised throughout the year, according to Flashpoint’s 2024 Global Threat Intelligence Report. The firm recorded 6077 publicly reported data breaches last year, which included sensitive information such as names, social security numbers and financial data. Over 70% of these incidents
0 Comments
Mar 30, 2024NewsroomLinux / Supply Chain Attack RedHat on Friday released an “urgent security alert” warning that two versions of a popular data compression library called XZ Utils (previously LZMA Utils) have been backdoored with malicious code designed to allow unauthorized remote access. The software supply chain compromise, tracked as CVE-2024-3094, has a CVSS score
0 Comments
Mar 30, 2024NewsroomMalware / Cryptocurrency Malicious ads and bogus websites are acting as a conduit to deliver two different stealer malware, including Atomic Stealer, targeting Apple macOS users. The ongoing infostealer attacks targeting macOS users may have adopted different methods to compromise victims’ Macs, but operate with the end goal of stealing sensitive data, Jamf
0 Comments
Mar 29, 2024NewsroomReverse Engineering / RFID Security Security vulnerabilities discovered in Dormakaba’s Saflok electronic RFID locks used in hotels could be weaponized by threat actors to forge keycards and stealthily slip into locked rooms. The shortcomings have been collectively named Unsaflok by researchers Lennert Wouters, Ian Carroll, rqu, BusesCanFly, Sam Curry, sshell, and Will Caruana.
0 Comments
Mar 28, 2024NewsroomLinux / Network Security A Linux version of a multi-platform backdoor called DinodasRAT has been detected in the wild targeting China, Taiwan, Turkey, and Uzbekistan, new findings from Kaspersky reveal. DinodasRAT, also known as XDealer, is a C++-based malware that offers the ability to harvest a wide range of sensitive data from compromised
0 Comments
Mar 27, 2024NewsroomCyber Espionage / Data Breach Indian government entities and energy companies have been targeted by unknown threat actors with an aim to deliver a modified version of an open-source information stealer malware called HackBrowserData and exfiltrate sensitive information in some cases by using Slack as command-and-control (C2). “The information stealer was delivered via
0 Comments
In today’s digital age, the internet plays a major role in young people’s lives, influencing how they further grow and develop into fully-fledged adults venturing out into the real world: From educational resources to social connections, discovering the latest viral dance trends, or watching how-to videos on how to cook pasta, the online world offers
0 Comments
Mar 26, 2024NewsroomIndustrial Espionage / Threat Intelligence Threat hunters have identified a suspicious package in the NuGet package manager that’s likely designed to target developers working with tools made by a Chinese firm that specializes in industrial- and digital equipment manufacturing. The package in question is SqzrFramework480, which ReversingLabs said was first published on January
0 Comments
A new phishing kit dubbed Tycoon 2FA has raised significant concerns in the cybersecurity community.  Discovered by the Sekoia Threat Detection & Research (TDR) team in October 2023 and discussed in an advisory published today, the kit is associated with the Adversary-in-The-Middle (AiTM) technique and allegedly utilized by multiple threat actors to orchestrate widespread and
0 Comments
Last year ESET published a blogpost about AceCryptor – one of the most popular and prevalent cryptors-as-a-service (CaaS) operating since 2016. For H1 2023 we published statistics from our telemetry, according to which trends from previous periods continued without drastic changes. However, in H2 2023 we registered a significant change in how AceCryptor is used.