December 6, 2024 at 01:57PM The Ultralytics YOLO11 AI model was compromised in a supply chain attack, deploying cryptominers via versions 8.3.41 and 8.3.42 on PyPI. Users installing these versions faced account bans. The company has released a clean version 8.3.43 and is conducting a security audit to prevent future incidents. **Meeting Takeaways: Ultralytics YOLO11 … Read more
December 2, 2024 at 11:09PM Taiwanese manufacturing, healthcare, and IT sectors are targeted by a campaign using SmokeLoader malware, which has advanced evasion techniques and modular capabilities. It primarily serves as a downloader but can execute attacks independently. The campaign starts with a phishing email exploiting old vulnerabilities to deploy SmokeLoader via Ande Loader. **Meeting … Read more
November 28, 2024 at 06:08AM Researchers found a year-long software supply chain attack on the npm package registry involving the malicious package @0xengine/xmlrpc, which harvested sensitive data and mined cryptocurrency. Discovered by Checkmarx, it exploited trust in dependencies. Additionally, ongoing malicious campaigns using counterfeit packages target multiple platforms, including Roblox developers. ### Meeting Takeaways – … Read more
November 28, 2024 at 05:06AM A malware campaign exploiting the Godot Engine has infected over 17,000 systems since June 2024, using crafted GDScript code. The attack employs 200+ bogus GitHub accounts to distribute GodLoader, targeting Windows and adaptable to other OS. This underscores the need for users to download from trusted sources. **Meeting Takeaways (Nov … Read more
November 15, 2024 at 02:40PM A malware botnet is exploiting a critical zero-day vulnerability (CVE-2024-11120) in unsupported GeoVision devices for potential DDoS and cryptomining attacks. Approximately 17,000 devices are at risk, primarily in the U.S. Signs of compromise include overheating and slow performance. Replacement with supported models is advised. **Meeting Takeaways:** 1. **Vulnerability Overview**: – … Read more
November 7, 2024 at 02:48PM Thousands of users, particularly of applications like AutoCAD and Foxit PDF editor, have fallen victim to the “SteelFox” malware campaign, active since February 2023. This sophisticated malware, distributed through illegal torrents, uses advanced encryption for stealthy data theft and cryptomining, affecting over 11,000 individuals across multiple countries. ### Meeting Notes … Read more
October 30, 2024 at 03:44AM Trend Micro researchers identified an attacker exploiting the CVE-2023-22527 vulnerability in Atlassian Confluence to execute remote code for cryptomining via the Titan Network. The attacker performed reconnaissance, installed Titan binaries on compromised machines, and connected them to the Cassini Testnet, aiming for financial gain through delegated proof of stake rewards. … Read more
October 22, 2024 at 10:30AM Trend Micro reports attacks on Docker remote API servers, deploying SRBMiner to mine XRP cryptocurrency. Attackers use the gRPC protocol over h2c to bypass security measures. They probe for public Docker APIs, upgrade connections, and execute malicious commands. Users are advised to enhance security measures to prevent unauthorized access. **Meeting … Read more
October 22, 2024 at 05:46AM Trend Micro researchers report a cyberattack targeting Docker remote API servers to deploy the SRBMiner cryptominer for mining XRP cryptocurrency. The attacker exploited the gRPC protocol over h2c to bypass security measures, checked Docker API availability, and deployed the miner, emphasizing the need for improved security configurations in Docker environments. … Read more
October 3, 2024 at 11:01AM A potent and elusive Linux malware, “perfctl,” has been wreaking havoc worldwide for years, targeting millions of servers and compromising thousands. It utilizes a plethora of exploits to gain initial access, and its ambitions expand beyond cryptomining and proxyjacking. Recommendations for mitigating this threat include patching vulnerabilities, restricting file execution, … Read more