0 Comments
A new software supply chain attack is being exploited in the wild, according to security researchers. The technique targets Python applications distributed via the Python Package Index, or PyPI. Researchers at software supply chain security firm JFrog believe that the attack, dubbed “Revival Hijack,” could affect 22,000 existing Python packages. That, in turn, could lead
0 Comments
ESET Research ESET researchers discuss HotPage, a recently discovered adware armed with a highest-privilege, yet vulnerable, Microsoft-signed driver ESET Research 05 Sep 2024  •  , 1 min. read Usually when someone mentions adware, people think of low-quality half-baked malicious code used to spam victims with sketchy ads. But as we explain in this episode of
0 Comments
Sep 06, 2024Ravie LakshmananWordPress / Webinar Security Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts. The vulnerability, tracked as CVE-2024-44000 (CVSS score: 7.5), impacts versions before and including 6.4.1. It has been addressed in version 6.5.0.1.
0 Comments
Civil society and journalists’ groups in Europe are calling on the EU to take tougher action against spyware applications. The Center for Democracy and Technology (CDT Europe), and the fellow organizations in a “co-ordination group”, argue that spyware “poses a significant threat to EU democratic values, public debate and healthy civic spaces.” In a joint
0 Comments
Sep 04, 2024Ravie LakshmananMalware / Network Security A new malware campaign is spoofing Palo Alto Networks’ GlobalProtect VPN software to deliver a variant of the WikiLoader (aka WailingCrab) loader by means of a search engine optimization (SEO) campaign. The malvertising activity, observed in June 2024, is a departure from previously observed tactics wherein the malware
0 Comments
The ransomware group BlackByte, believed to be a spin-off of the infamous Conti group, has been observed by cybersecurity experts exploiting a recently disclosed VMware ESXi vulnerability to gain control over virtual machines and escalate privileges within compromised environments.  The pivot, discovered by Cisco Talos Incident Response, shows BlackByte’s ability to quickly integrate new vulnerabilities
0 Comments
In a world-first, a Russian state-sponsored hacking group has used software vulnerability exploits “identical or strikingly similar” to ones previously used by NSO Group and Intellexa, two infamous commercial spyware vendors. In a new report, Google Threat Analysis Group (TAG) shared insights on two watering hole attacks targeting Mongolian government websites between November 2023 and
0 Comments
Published vulnerabilities rose by 43% in H1 2024 compared to H1 2023, with attackers heavily targeting flaws in virtual private networks (VPNs) and other perimeter devices for initial access, a new report from Forescout has found. A total of 23,668 vulnerabilities were reported in the first six months of 2024, with an average of 111
0 Comments
ESET researchers discovered a code execution vulnerability in WPS Office for Windows (CVE⁠-⁠2024⁠-⁠7262), as it was being exploited by APT-C-60, a South Korea-aligned cyberespionage group. Upon analyzing the root cause, we subsequently discovered another way to exploit the faulty code (CVE-2924-7263). Following a coordinated disclosure process, both vulnerabilities are now patched – in this blogpost,
0 Comments
Cybersecurity researchers have uncovered a novel malware campaign that leverages Google Sheets as a command-and-control (C2) mechanism. The activity, detected by Proofpoint starting August 5, 2024, impersonates tax authorities from governments in Europe, Asia, and the U.S., with the goal of targeting over 70 organizations worldwide by means of a bespoke tool called Voldemort that’s
0 Comments
A recent surge in malicious activity involving North Korean-linked threat groups has been identified by cybersecurity researchers, revealing a coordinated campaign targeting thenpm ecosystem. The campaign began on August 12 2024, and involved publishing malicious npm packages designed to infiltrate developer environments and steal sensitive data. The newly discovered packages, including temp-etherscan-api, ethersscan-api and telegram-con, exhibit
0 Comments
Aug 30, 2024Ravie LakshmananCryptocurrency / Malware Threat actors with ties to North Korea have been observed publishing a set of malicious packages to the npm registry, indicating “coordinated and relentless” efforts to target developers with malware and steal cryptocurrency assets. The latest wave, which was observed between August 12 and 27, 2024, involved packages named
0 Comments
Ransomware attacks on US schools and colleges have surged in recent years, with 491 incidents recorded since 2018, impacting over 8000 educational institutions and exposing 6.7 million individual records. According to a new report by Comparitech, estimated costs exceed $2.5b in downtime alone as schools struggle to restore systems, recover data and strengthen cybersecurity measures.
0 Comments
Aug 29, 2024Ravie LakshmananOnline Crime / Privacy French prosecutors on Wednesday formally charged CEO Pavel Durov with facilitating a litany of criminal activity on the popular messaging platform and placed him under formal investigation following his arrest Saturday. Russian-born Durov, who is also a French citizen, has been charged with being complicit in the spread
0 Comments
A vulnerability in Microsoft 365 Copilot that allowed attackers to steal users’ sensitive information has been disclosed by a cybersecurity researcher. Johann Rehberger, who discovered the flaw, described the exploit chain in a blog post published on August 26. The attack combines several advanced techniques, including prompt injection, automatic tool invocation and a novel method called
0 Comments
Aug 28, 2024Ravie LakshmananSoftware Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw affecting the Apache OFBiz open-source enterprise resource planning (ERP) system to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, known as CVE-2024-38856, carries a CVSS
0 Comments
A long-standing but stealthy group allegedly helping cyber-attackers penetrate IT systems by offering CAPTCHA-solving services has recently been discovered. In a new report, Arkose Cyber Threat Intelligence Research (ACTIR) shared that it had identified a cyber-attack enabling business it named Greasy Opal after observing the group’s tools being used to attack Arkose Labs’ customers. Greasy
0 Comments
Aug 27, 2024Ravie LakshmananAI Security / Vulnerability Details have emerged about a now-patched vulnerability in Microsoft 365 Copilot that could enable the theft of sensitive user information using a technique called ASCII smuggling. “ASCII Smuggling is a novel technique that uses special Unicode characters that mirror ASCII but are actually not visible in the user
0 Comments
Aug 26, 2024Ravie LakshmananFinancial Fraud / Mobile Security Cybersecurity researchers have uncovered new Android malware that can relay victims’ contactless payment data from physical credit and debit cards to an attacker-controlled device with the goal of conducting fraudulent operations. The Slovak cybersecurity company is tracking the novel malware as NGate, stating it observed the crimeware