September 9, 2024 at 02:15AM In 2024, a previously unknown threat actor, named TIDRONE, targeted drone manufacturers in Taiwan in a cyber attack campaign. Trend Micro suspects Chinese-speaking groups’ involvement and notes espionage-driven activity. The attack involves custom malware like CXCLNT and CLNTEND, exploiting an ERP software commonality, and using backdoors via Microsoft Word to … Read more
September 6, 2024 at 05:43AM The report discusses the TIDRONE threat cluster targeting military-related industries in Taiwan, particularly drone manufacturers. It highlights advanced malware tools, attack chain behaviors, loaders, backdoors, and attribution analysis linking the campaign to an unidentified Chinese-speaking threat group. The report also suggests protective measures and provides indicators of compromise. Based on … Read more
September 4, 2024 at 04:43PM Security researchers have discovered a concerning method for attackers to distribute malicious payloads through the PyPI package repository. By re-registering a removed package with the same name, adversaries can pass off rogue packages as legitimate ones. This “Revival Hijack” method poses a clear threat, with 120,000 abandoned packages susceptible to … Read more
September 4, 2024 at 09:18AM A new supply chain attack technique, Revival Hijack, targets the Python Package Index (PyPI), allowing for hijacking of over 22,000 existing PyPI packages. Attackers can publish malicious packages under the same name and a higher version, posing a significant risk to developers. The attack has already been exploited, emphasizing the … Read more
September 3, 2024 at 12:17PM Malicious npm packages mimicking “noblox.js” are targeting Roblox developers, stealing Discord tokens and system data, and deploying additional payloads. Checkmarx researchers highlighted the campaign’s use of social engineering tactics like brandjacking and starjacking to appear legitimate. The malware also incorporates novel tactics, such as adding the QuasarRAT and manipulating the … Read more
August 27, 2024 at 10:33AM Volt Typhoon, a China-based cyber espionage group, has been linked with exploiting a high-severity security flaw in Versa Director. The attacks targeted U.S. and non-U.S. victims in ISP, MSP, and IT sectors. The flaw allows malicious file uploads, potentially leading to large-scale supply chain attacks. Recommendations include security mitigations and … Read more
August 22, 2024 at 01:54PM Cybersecurity researchers discovered a hardware backdoor in a specific model of MIFARE Classic contactless cards, enabling unauthorized access to open hotel rooms and office doors. The backdoor allows compromising user-defined keys and can be executed through a supply chain attack. Consumers using these cards, widely used in hotels across the … Read more
August 20, 2024 at 02:24PM Quarkslab has uncovered a significant backdoor in Shanghai Fudan Microelectronics Group’s contactless cards, enabling instant cloning of RFID smart cards. This vulnerability affects widely-used MIFARE Classic cards and their variants, potentially compromising user-defined keys. Quarkslab urges swift infrastructure checks and risk assessment, as these cards are not limited to the … Read more
August 5, 2024 at 01:24AM Evasive Panda, a sophisticated China-linked cyber espionage group, compromised an ISP to push malware updates to target companies, displaying high levels of skill. The threat actor has been active since 2012, using various malware, including a macOS strain called MACMA. The group has targeted organizations through supply chain attacks, DNS … Read more
August 2, 2024 at 12:37PM The US State and Local Cybersecurity Grant Program (SLCGP) aims to enhance cybersecurity for public entities. However, by promoting monoculture through standardizing on a single cybersecurity vendor, it may create a perfect storm for major cyber incidents, risking widespread disruption. Instead, promoting diverse layers of defense architecture is crucial to … Read more