April 30, 2024 at 02:35PM Google has increased rewards for reporting remote code execution vulnerabilities in select Android apps, now offering up to $450,000. The company aims to focus on flaws leading to data theft, paying $75,000 for such exploits. The changes to the Mobile Vulnerability Rewards Program also include bonuses for exceptional quality reports … Read more
April 30, 2024 at 01:33PM JFrog researchers discovered large-scale malicious campaigns targeting Docker Hub, where 3.2 million repositories hosted spam, malware, and phishing content. Analyzing three years of activity, they identified 4.6 million imageless repositories, with 2.9 million used in the campaigns. The repositories were unusable but contained malicious payloads, including trojans and scams. All … Read more
April 30, 2024 at 10:01AM Cybersecurity researchers have found malicious “imageless” containers in Docker Hub, creating a potential for supply chain attacks. The containers house documentation that leads users to phishing or malware websites. Over 4 million such repositories have been identified, used to redirect users to fraudulent sites in three distinct campaigns. This underscores … Read more
April 24, 2024 at 09:15AM Cisco’s Talos security research unit warns of threat actor CoralRaider using information stealers to target users worldwide and harvest credentials and financial data. The threat actor, likely of Vietnamese origin, has been active since at least 2023 and has been targeting users with a combination of three information stealers—Cryptbot, LummaC2, … Read more
April 23, 2024 at 11:28AM Researchers have found a vulnerability in the archived Apache project Cordova App Harness, leading to dependency confusion attacks. Over 49% of organizations are vulnerable. Despite npm’s efforts to fix the issue, the Cordova App Harness project remains at risk. The discovery emphasizes the importance of addressing vulnerabilities in third-party projects … Read more
April 22, 2024 at 10:45AM SafeBreach security researcher Shmuel Cohen demonstrated how endpoint detection and response (EDR) solutions, such as Palo Alto Networks’ Cortex XDR, could be manipulated into malicious offensive tools. Cohen identified weaknesses, allowing an attacker to deploy ransomware, elevate privileges, and remain undetected. Palo Alto Networks addressed these issues with automatic content … Read more
April 18, 2024 at 11:03AM Summary: Ukrainian government networks have been infected with OfflRouter malware since 2015, spreading through infected documents and USB media. The malware targets .DOC files and can modify Windows Registry. Its unusual propagation mechanism and coding mistakes indicate an inventive but inexperienced creator. The malware has been relatively contained within Ukraine. … Read more
April 18, 2024 at 02:15AM Microsoft Threat Intelligence team has observed threat actors exploiting vulnerabilities in the OpenMetadata platform to access Kubernetes workloads for cryptocurrency mining. These flaws, discovered by Alvaro Muñoz, enable authentication bypass and code execution. Threat actors conduct reconnaissance activities, establish command-and-control communications, and deploy crypto-mining malware. Users are urged to update … Read more
April 18, 2024 at 01:10AM A new malvertising campaign by Google uses multiple fake domains to distribute the backdoor “MadMxShell,” targeting users searching for IP scanning and IT management software. The Windows backdoor is distributed through JavaScript code and DLL side-loading, using DNS MX queries for command-and-control. The threat actor’s origins and motivations are currently … Read more
April 15, 2024 at 09:39AM The cyber threat actor “Muddled Libra” is targeting SaaS applications and cloud service provider environments to exfiltrate sensitive data. They leverage sophisticated techniques, such as social engineering and reconnaissance, to gain unauthorized access and utilize various tactics for data exfiltration. Their activities pose new challenges, requiring organizations to enhance their … Read more