Tag: malicious
-
Researchers Detailed FrostyGoop Malware Attacking ICS Devices
by
in SecurityNewsFrostyGoop, a newly discovered OT-centric malware that exploited Modbus TCP to disrupt critical infrastructure in Ukraine, capable of both internal and external attacks, targets industrial control systems (ICS) devices. By sending malicious Modbus commands, FrostyGoop can cause physical damage to the environment, as analysis has uncovered additional samples, configuration files, and network communication patterns associated…
-
Protecting Critical Infrastructure with Zero-Trust and Microsegmentation
by
in SecurityNewsRansomware attacks are increasingly targeting critical infrastructure, essential systems like energy, water, transportation and finance. In 2023 alone, over 40% of attacks hit these sectors, according to the FBI. Meanwhile, agencies like CISA and the UK’s NCSC warn infrastructure companies of mounting threats from state-sponsored adversaries or other malicious actors. The recent American Water.. First…
-
Two PyPi Malicious Package Mimic ChatGPT Claude Steals Developers Data
by
in SecurityNewsTwo malicious Python packages masquerading as tools for interacting with popular AI models ChatGPT and Claude were recently discovered on the Python Package Index (PyPI), the official repository for Python libraries. These packages reportedly remained undetected for over a year, silently compromising developer environments and exfiltrating sensitive data. As reported by a cybersecurity researcher, Leonid…
-
macOS WorkflowKit Race Vulnerability Allows Malicious Apps to Intercept Shortcuts
by
in SecurityNewsA race condition vulnerability in Apple’s WorkflowKit has been identified, allowing malicious applications to intercept and manipulate shortcuts on macOS systems. This vulnerability, cataloged as CVE-2024-27821, affects the shortcut extraction and generation processes within the WorkflowKit framework, which is integral to the Shortcuts app on macOS Sonoma. macOS WorkflowKit Race Vulnerability The vulnerability arises from…
-
Smashing Security podcast #394: Digital arrest scams and stream-jacking
In our latest episode we discuss how a woman hid under the bed after scammers told her she was under “digital arrest”, how hackers are hijacking YouTube channels through malicious sponsorship deals, and how one phone company is turning the tables on fraudsters through deepfake AI. First seen on grahamcluley.com Jump to article: grahamcluley.com/smashing-security-podcast-394/
-
Malicious NSOCKS proxy service-powering botnet dismantled
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/malicious-nsocks-proxy-service-powering-botnet-dismantled
-
ANY.RUN Sandbox Automates Interactive Analysis of Complex Cyber Attack Chains
ANY.RUN, a well-known interactive malware analysis platform, has announced Smart Content Analysis, an enhancement to its Automated Interactivity feature. This new mechanism is designed to automatically analyze and detonate complex malware and phishing attacks, providing investigators with quicker and more detailed insights into malicious behavior. Speed Optimization for Investigations: Accelerates the analysis workflow, saving time…
-
60% of Emails with QR Codes Classified as Spam or Malicious
60% of QR code emails are spam according findings from Cisco Talos, who also identified attackers using QR code art to bypass security filters First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/60-emails-qr-codes-spam-malicious/
-
Malicious QR Codes: How big of a problem is it, really?
by
in SecurityNewsQR codes are disproportionately effective at bypassing most anti-spam filters. Talos discovered two effective methods for defanging malicious QR codes, a necessary step to make them safe for consumption. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/malicious_qr_codes/
-
Rekoobe Backdoor In Open Directories Possibly Attacking TradingView Users
by
in SecurityNewsAPT31, using the Rekoobe backdoor, has been observed targeting TradingView, a popular financial platform, as researchers discovered malicious domains mimicking TradingView, suggesting a potential interest in compromising the platform’s user community. By analyzing shared SSH keys, investigators identified additional infrastructure linked to this campaign and another open directory, highlighting the evolving tactics employed by APT31…
-
Hackers Hijacked Misconfigured Servers For Live Streaming Sports
by
in SecurityNewsRecent threat hunting activities focused on analyzing outbound network traffic and binaries within containerized environments. By cross-referencing honeypot data with threat intelligence platforms, researchers identified suspicious network events linked to the execution of the benign tool ffmpeg. Although this particular instance was not inherently malicious, it did raise concerns due to the unusual context in…
-
Malicious QR codes
QR codes are disproportionately effective at bypassing most anti-spam filters, as most filters are not designed to recognize that a QR code is present in an image and decode the QR code. According to Talos’ data, roughly 60% of all email containing a QR code is spam. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/malicious_qr_codes/
-
Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities
by
in SecurityNewsApple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild.The flaws are listed below -CVE-2024-44308 – A vulnerability in JavaScriptCore that could lead to arbitrary code execution when processing malicious web contentCVE-2024-44309 – A cookie management…
-
Unraveling Raspberry Robin’s Layers: Analyzing Obfuscation Techniques and Core Mechanisms
by
in SecurityNewsIntroductionDiscovered in 2021, Raspberry Robin (also known as Roshtyak) is a malicious downloader that has circulated in the wild for several years, primarily spreading through infected USB devices. Although USB devices are a common and unremarkable tactic for spreading malware, Raspberry Robin stands out due to its unique binary-obfuscation techniques, extensive use of anti-analysis methods,…
-
Botnet serving as ‘backbone’ of malicious proxy network taken offline
by
in SecurityNewsLumen Technology’s Black Lotus Labs took the ngioweb botnet and NSOCKS proxy offline Tuesday. First seen on cyberscoop.com Jump to article: cyberscoop.com/proxy-services-cybercrime-ngioweb-botnet-nsocks/
-
Hackers Hijack Unsecured Jupyter Notebooks to Stream Illegal Sports Broadcasts
Malicious actors are exploiting misconfigured JupyterLab and Jupyter Notebooks to conduct stream ripping and enable sports piracy using live streaming capture tools.The attacks involve the hijack of unauthenticated Jupyter Notebooks to establish initial access, and perform a series of actions designed to facilitate illegal live streaming of sports events, Aqua said in a report shared…
-
Malware delivered via malicious QR codes sent in the post
by
in SecurityNewsCybercriminals have adopted a novel trick for infecting devices with malware: sending out physical letters that contain malicious QR codes. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/malware-malicious-qr-codes-the-post
-
PAN-OS Firewall Vulnerability Under Active Exploitation IoCs and Patch Released
by
in SecurityNewsPalo Alto Networks has released new indicators of compromise (IoCs) a day after the network security vendor confirmed that a zero-day vulnerability impacting its PAN-OS firewall management interface has been actively exploited in the wild.To that end, the company said it observed malicious activity originating from below IP addresses and targeting PAN-OS management web interface…
-
AI About-Face: ‘Mantis’ Turns LLM Attackers Into Prey
by
in SecurityNewsExperimental counter-offensive system responds to malicious AI probes with their own surreptitious prompt-injection commands. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/deceptive-framework-defense-mislead-attacking-ai
-
Fake Bitwarden ads on Facebook push info-stealing Chrome extension
Fake Bitwarden password manager advertisements on Facebook are pushing a malicious Google Chrome extension that collects and steals sensitive user data from the browser. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-bitwarden-ads-on-facebook-push-info-stealing-chrome-extension/
-
10 Years of DLL Hijacking, and What We Can Do to Prevent 10 More
by
in SecurityNews
Tags: maliciousntroduction DLL Hijacking, a technique for forcing legitimate applications to run malicious code, has been in use for about a decade at least. In this… First seen on research.checkpoint.com Jump to article: research.checkpoint.com/2024/10-years-of-dll-hijacking-and-what-we-can-do-to-prevent-10-more/
-
GitHub projects targeted with malicious commits to frame researcher
GitHub projects have been targeted with malicious commits and pull requests, in an attempt to inject backdoors into these projects. Most recently, the GitHub repository of Exo Labs, an AI and machine learning startup, was targeted in the attack, which has left many wondering about the attacker’s true intentions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-projects-targeted-with-malicious-commits-to-frame-researcher/
-
PAN-OS Firewall Vulnerability Under Active Exploitation IoCs Released
by
in SecurityNewsPalo Alto Networks has released new indicators of compromise (IoCs) a day after the network security vendor confirmed that a new zero-day vulnerability impacting its PAN-OS firewall management interface has been actively exploited in the wild.To that end, the company said it observed malicious activity originating from below IP addresses and targeting PAN-OS management web…
-
Combating the Rise of Federally Aimed Malicious Intent
by
in SecurityNewsIn the future, the cybersecurity landscape likely will depend not only on the ability of federal workforces to protect their agencies but also on their capacity to continuously develop and sharpen those skills. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/combating-rise-federally-aimed-malicious-intent
-
Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations
by
in SecurityNewsCybersecurity researchers have shed light on a new remote access trojan and information stealer used by Iranian state-sponsored actors to conduct reconnaissance of compromised endpoints and execute malicious commands.Cybersecurity company Check Point has codenamed the malware WezRat, stating it has been detected in the wild since at least September 1, 2023, based on artifacts uploaded…
-
Critical TP-Link DHCP Vulnerability Let Attackers Execute Arbitrary Code Remotely
by
in SecurityNewsA critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious actors to remotely compromise affected devices. The vulnerability, identified as CVE-2024-11237, affects TP-Link VN020 F3v(T) routers running firmware version TT_V6.2.1021, which are primarily deployed through Tunisie Telecom and Topnet ISPs. Similar variants of the router used in Algeria and Morocco are…
-
INTERPOL Disrupts Over 22,000 Malicious Servers in Global Crackdown on Cybercrime
by
in SecurityNewsINTERPOL on Tuesday said it took down more than 22,000 malicious servers linked to various cyber threats as part of a global operation.Dubbed Operatio… First seen on thehackernews.com Jump to article: thehackernews.com/2024/11/interpols-operation-synergia-ii.html
-
Cybercriminals Launch SEO Poisoning Attack to Lure Shoppers to Fake Online Stores
by
in SecurityNewsThe research revealed how threat actors exploit SEO poisoning to redirect unsuspecting users to malicious e-commerce websites, leveraging multiple SEO malware families to achieve their goal. Three distinct threat actor groups were identified, each employing a unique malware family, with one group utilizing multiple families. One malware family’s C&C servers shared limited e-commerce site sets,…