GoldenJackal Target Embassies and Air-Gapped Systems Using Malware Toolsets

October 8, 2024 at 06:07AM GoldenJackal, a little-known threat actor, has been linked to cyber attacks on embassies and governmental organizations. They aim to infiltrate air-gapped systems using bespoke toolsets. The attacks targeted a South Asian embassy in Belarus and a European Union government organization. The group has displayed advanced capabilities, using multiple malware families … Read more

Kia dealer portal flaw could let attackers hack millions of cars

September 26, 2024 at 03:55PM Security researchers found critical flaws in Kia’s dealer portal, allowing hackers to locate and steal millions of Kia cars made after 2013 by using the vehicle’s license plate. Based on the meeting notes, the key takeaway is that security researchers have identified critical vulnerabilities in Kia’s dealer portal that could … Read more

Cybersecurity Researchers Warn of New Rust-Based Splinter Post-Exploitation Tool

September 25, 2024 at 10:21AM Cybersecurity researchers discovered a new post-exploitation tool, Splinter, with features commonly found in penetration testing tools, developed in Rust. While not as advanced as others, it poses a threat if misused. No threat actor activity has been detected, but its large size suggests potential for cloud and data compromise. This … Read more

Thousands of orgs at risk of knowledge base data leaks via ServiceNow misconfigurations

September 19, 2024 at 10:06AM Security researchers have found that thousands of companies may be exposing internal knowledge base (KB) articles due to misconfigurations in ServiceNow widgets. The issue arises from “private” pages within “public” KBs, leading to potential data exposure. Researchers estimate that 30-45% of ServiceNow instances are impacted, with implications for data security … Read more

If HDMI screen rips aren’t good enough for you pirates, DeCENC is another way to beat web video DRM

September 12, 2024 at 03:29AM The Common Encryption Scheme (CENC), used by video-streaming platforms like Amazon and Netflix, is revealed to have vulnerabilities. Security researcher David Buchanan’s DeCENC attack can bypass CENC protection, allowing for the capturing, replaying, and spreading of streamed media, posing concerns for commercial streaming platforms. Nevertheless, other simpler techniques also exist … Read more

DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe

September 11, 2024 at 12:00PM A new campaign known as DragonRank, linked to a Chinese-speaking actor, is orchestrating black hat SEO attacks across Asia and Europe. Exploiting web applications, the group deploys malware to manipulate search engine algorithms, boosting the ranking of targeted websites. The attacks span various industry sectors and deploy methods to drive … Read more

PIXHELL Attack Allows Air-Gap Jumping via Noise From Screens

September 11, 2024 at 09:06AM Researcher Mordechai Guri introduced the PIXHELL data exfiltration method, exploiting monitor noise to bypass air-gapped computers. This approach, along with other air gap-jumping techniques, poses security threats. Malware manipulates LCD screen pixels to emit sound waves encoding sensitive information. The attack can transmit data at a rate of 5-20 bits … Read more

Red team tool ‘MacroPack’ abused in attacks to deploy Brute Ratel

September 4, 2024 at 06:06PM The MacroPack framework, originally for Red Team exercises, is exploited by threat actors to distribute malicious payloads such as Havoc, Brute Ratel, and PhantomCore. Security researchers at Cisco Talos found various documents in different countries, indicating widespread abuse. These attacks use advanced evasion techniques and represent a concerning trend. Ransomware … Read more

Cicada ransomware may be a BlackCat/ALPHV rebrand and upgrade

September 4, 2024 at 10:37AM The Cicada3301 ransomware, linked to at least 20 victims since June, shares similarities with BlackCat ransomware. It’s coded in Rust and targets Windows’ Volume Snapshot Service, manipulating the shadow copies. The malware also embeds user credentials and customizes ransom notes per victim. Its detection capabilities and targets, primarily SMBs, are … Read more

Docker-OSX image used for security research hit by Apple DMCA takedown

September 1, 2024 at 09:08AM The popular open-source project Docker-OSX, allowing virtualization of macOS on non-Apple hardware, has been removed from Docker Hub due to a DMCA takedown request from Apple, citing copyright violation. Although still available on GitHub without installer binaries, the case highlights legal challenges for open-source projects dealing with proprietary software and … Read more