November 28, 2024 at 05:06AM A malware campaign exploiting the Godot Engine has infected over 17,000 systems since June 2024, using crafted GDScript code. The attack employs 200+ bogus GitHub accounts to distribute GodLoader, targeting Windows and adaptable to other OS. This underscores the need for users to download from trusted sources. **Meeting Takeaways (Nov … Read more
November 28, 2024 at 02:38AM A phishing campaign targets individuals by falsely claiming their employment has been terminated, using a legal-sounding email to induce panic. The scam preys on economic fears, spreading malware disguised as legal documents. Attackers aim to steal sensitive information, using tactics that may evolve across different platforms. ### Meeting Takeaways 1. … Read more
November 27, 2024 at 12:43PM A new UEFI bootkit designed to target Linux systems has been identified, indicating a significant change in the landscape of stealthy and difficult-to-remove bootkit threats, which have primarily been aimed at Windows platforms until now. **Meeting Takeaways:** – A new UEFI bootkit has been identified that specifically targets Linux systems. … Read more
November 27, 2024 at 08:03AM Multi-stage cyber attacks involve complex tactics, such as embedding malicious links in documents and using QR codes, to evade detection. Current methods include multi-stage redirects and email attachments, often leading to phishing pages. Tools like ANY.RUN’s sandbox can analyze these threats, providing insights to strengthen defense strategies against such attacks. … Read more
November 27, 2024 at 06:28AM APT-C-60, a South Korea-aligned cyber espionage group, targeted a Japanese organization in August 2024 using a job application phishing scheme to deploy the SpyGlace malware. The attack utilized services like Google Drive and Bitbucket, exploiting vulnerabilities in WPS Office, and involved sophisticated methods for executing and distributing the malware. ### … Read more
November 27, 2024 at 01:04AM A threat actor named Matrix has initiated a large-scale DDoS campaign by exploiting vulnerabilities in IoT devices, primarily targeting IP addresses in China and Japan. This operation utilizes publicly available scripts, promotes a DDoS-for-hire service via Telegram, and highlights the need for improved security practices to mitigate such attacks. **Meeting … Read more
November 26, 2024 at 05:35PM Security researchers identified vulnerabilities in Palo Alto and SonicWall VPN clients, allowing attackers to exploit unpatched systems via rogue VPN servers. The “NachoVPN” tool simulates these attacks. Patches have been released, and AmberWolf provided advisories with mitigation recommendations to protect networks from these risks. ### Meeting Takeaways: NachoVPN Vulnerabilities 1. … Read more
November 26, 2024 at 05:21PM Malwarebytes’ Black Friday 2024 deals offer 50% off annual subscriptions for its anti-malware, VPN, and Personal Data Remover services. Discounts apply until December 8th, with products including Malwarebytes Standard, Plus, and Ultimate. New offerings include Identity Protection and Personal Data Remover. Visit their site for more details. ### Meeting Notes … Read more
November 26, 2024 at 08:42AM Two critical vulnerabilities (CVE-2024-10542 and CVE-2024-10781) in WordPress’s CleanTalk plugin could enable attackers to install malicious plugins, potentially leading to remote code execution. With a CVSS score of 9.8, users are urged to update to versions 6.44 or 6.45 to mitigate risks against unauthorized access. **Meeting Takeaways: Vulnerability / Website … Read more
November 25, 2024 at 10:00AM The Python Package Index (PyPI) has quarantined the malicious “aiocpa” package, which was updated to exfiltrate private keys via Telegram. Originally released in September 2024 and downloaded 12,100 times, the malicious code was hidden in an obfuscated script. This incident underscores the need for thorough source code scanning. **Meeting Takeaways: … Read more