9 November 2023
2023
Intel CPUs vulnerable to new transient execution side-channel attack
Bill Toulas
Excerpt:
“A new side-channel attack impacting multiple generations of Intel CPUs has been discovered, allowing data to be leaked through the EFLAGS register.
The new attack was discovered by researchers at Tsinghua University, the University of Maryland, and a computer lab (BUPT) run by the Chinese Ministry of Education and is different than most other side-channel attacks.”
Decoy Dog malware toolkit found after analyzing 70 billion DNS queries
Bill Toulas
Excerpt:
“A new enterprise-targeting malware toolkit called ‘Decoy Dog’ has been discovered after inspecting anomalous DNS traffic that is distinctive from regular internet activity.”
How fiends abuse an out-of-date Microsoft Windows driver to infect victims
Jeff Burt
https://www.theregister.com/2023/04/24/microsoft_windows_driver_aukill_ransomware/
Excerpt:
“Ransomware spreaders have built a handy tool that abuses an out-of-date Microsoft Windows driver to disable security defenses before dropping malware into the targeted systems.”
KuCoin's Twitter account hacked to promote crypto scam
Bill Toulas
Excerpt:
“KuCoin's Twitter account was hacked, allowing attackers to promote a fake giveaway scam that led to the theft of over $22.6K in cryptocurrency.”
Android Minecraft clones with 35M downloads infect users with adware
Bill Toulas
Excerpt:
“A set of 38 Minecraft copycat games on Google Play infected devices with the Android adware 'HiddenAds' to stealthily load ads in the background to generate revenue for its operators.”
Ransomware gangs behind attacks
Excerpt:
“Today, Microsoft disclosed that the Clop and LockBit ransomware gangs are behind these PaperCut attacks and using them to steal corporate data from vulnerable servers.
PaperCut is a printing management software compatible with all major printer brands and platforms. It is used by large companies, state organizations, and education institutes, with the company's website claiming it is used by hundreds of millions of people from over 100 countries.”
Cisco discloses XSS zero-day flaw in server management tool
Sergiu Gatlan
Excerpt:
“Cisco disclosed today a zero-day vulnerability in the company's Prime Collaboration Deployment (PCD) software that can be exploited for cross-site scripting attacks.
This server management utility enables admins to perform migration or upgrade tasks on servers in their organization's inventory.”
Over 70 billion unprotected files available on unsecured web servers
https://www.helpnetsecurity.com/2023/04/24/critical-cybersecurity-exposures/?web_view=true
Excerpt:
“Critical exposures outside of an organization’s firewall are the greatest source of cybersecurity threats, according to CybelAngel.
Across all industries, these vulnerabilities, composed of unprotected or compromised assets, data and credentials, have proven to be an increasing challenge for organizations to detect and secure”.
ViperSoftX Updates Encryption, Steals Data
Don Ovid Ladores
Excerpt:
“We observed cryptocurrency and information stealer ViperSoftX evading initial loader detection and making its lure more believable by making the initial package loader via cracks, keygens, activators, and packers non-malicious. We also noted more sophisticated encryption and basic anti-analysis techniques, such as byte remapping and web browser communication blocking.”
SolarWinds Platform Update Patches High-Severity Vulnerabilities
Ionut Arghire
Excerpt:
“Two high-severity vulnerabilities patched recently in SolarWinds Platform could lead to command execution and privilege escalation.”
Threat actors can use ChatGPT to sharpen cyberthreats, but no need to panic yet
Matt Kapko
https://www.cybersecuritydive.com/news/chatgpt-sharpen-cyberthreats/648292/?&web_view=true
Excerpt:
“ChatGPT has taken the world by storm and as it makes waves for consumers and business alike, security experts are wary of threat actors turning to generative AI for nefarious purposes. It’s a cause for worry, but not full-on panic.”
Package names repurposed to push malware on PyPI
Lucija Valentić
https://www.reversinglabs.com/blog/package-names-repurposed-to-push-malware-on-pypi?&web_view=true
Excerpt:
“In the beginning of March, ReversingLabs researchers encountered a malicious package on the Python Package Index (PyPI) named termcolour, a three-stage downloader published in multiple versions. Finding this malicious payload wasn’t difficult, but what piqued our interest was its name. The termcolour package wasn’t new. In fact, it had been published to PyPI two years earlier, and then removed. It reappeared on PyPI in the beginning of March — this time as a malicious downloader.”
These two countries are teaming up to develop AI for cybersecurity
Eileen Yu
Excerpt:
“Singapore's Ministry of Defence and France's Ministry of the Armed Forces will jointly develop artificial intelligence capabilities, with potential research areas that include natural language processing.”
8220 Gang of Cryptojackers Exploit Log4Shell to Mint Coins
https://cyware.com/news/8220-gang-of-cryptojackers-exploit-log4shell-to-mint-coins-dc4e6f17
Excerpt:
“ASEC researchers confirmed that the 8220 Gang attack group has been exploiting the Log4Shell vulnerability to install CoinMiner in VMware Horizon servers. This attack specifically targets unpatched and vulnerable systems of Korean energy-related companies, leaving them susceptible to multiple attackers.”