September 11, 2024 at 09:41AM Researchers from the Acronis Threat Research Unit discovered an attack dubbed “WordDrone,” targeting Taiwanese drone makers. The attack involves weaponizing an old version of Microsoft Word to install a persistent backdoor, ClientEndPoint. There are similarities to a previous “TIDrone” campaign, with the attackers possibly exploiting a side-loading flaw in the … Read more
September 10, 2024 at 08:15AM A threat actor linked to China, known as Tidrone, has targeted military-related and satellite industries in Taiwan and focused on drone manufacturers. Using sophisticated malware, backdoors, and legitimate remote control tools, the group aims to disable system protections, steal information, and engage in espionage-related activities. These activities bear similarities to … Read more
September 9, 2024 at 02:15AM In 2024, a previously unknown threat actor, named TIDRONE, targeted drone manufacturers in Taiwan in a cyber attack campaign. Trend Micro suspects Chinese-speaking groups’ involvement and notes espionage-driven activity. The attack involves custom malware like CXCLNT and CLNTEND, exploiting an ERP software commonality, and using backdoors via Microsoft Word to … Read more
September 6, 2024 at 05:43AM The report discusses the TIDRONE threat cluster targeting military-related industries in Taiwan, particularly drone manufacturers. It highlights advanced malware tools, attack chain behaviors, loaders, backdoors, and attribution analysis linking the campaign to an unidentified Chinese-speaking threat group. The report also suggests protective measures and provides indicators of compromise. Based on … Read more
September 4, 2024 at 04:43PM Security researchers have discovered a concerning method for attackers to distribute malicious payloads through the PyPI package repository. By re-registering a removed package with the same name, adversaries can pass off rogue packages as legitimate ones. This “Revival Hijack” method poses a clear threat, with 120,000 abandoned packages susceptible to … Read more
September 4, 2024 at 09:18AM A new supply chain attack technique, Revival Hijack, targets the Python Package Index (PyPI), allowing for hijacking of over 22,000 existing PyPI packages. Attackers can publish malicious packages under the same name and a higher version, posing a significant risk to developers. The attack has already been exploited, emphasizing the … Read more
September 3, 2024 at 12:17PM Malicious npm packages mimicking “noblox.js” are targeting Roblox developers, stealing Discord tokens and system data, and deploying additional payloads. Checkmarx researchers highlighted the campaign’s use of social engineering tactics like brandjacking and starjacking to appear legitimate. The malware also incorporates novel tactics, such as adding the QuasarRAT and manipulating the … Read more
August 27, 2024 at 10:33AM Volt Typhoon, a China-based cyber espionage group, has been linked with exploiting a high-severity security flaw in Versa Director. The attacks targeted U.S. and non-U.S. victims in ISP, MSP, and IT sectors. The flaw allows malicious file uploads, potentially leading to large-scale supply chain attacks. Recommendations include security mitigations and … Read more
August 22, 2024 at 01:54PM Cybersecurity researchers discovered a hardware backdoor in a specific model of MIFARE Classic contactless cards, enabling unauthorized access to open hotel rooms and office doors. The backdoor allows compromising user-defined keys and can be executed through a supply chain attack. Consumers using these cards, widely used in hotels across the … Read more
August 20, 2024 at 02:24PM Quarkslab has uncovered a significant backdoor in Shanghai Fudan Microelectronics Group’s contactless cards, enabling instant cloning of RFID smart cards. This vulnerability affects widely-used MIFARE Classic cards and their variants, potentially compromising user-defined keys. Quarkslab urges swift infrastructure checks and risk assessment, as these cards are not limited to the … Read more