May 25, 2024 at 06:18AM A critical security flaw in AI-as-a-service provider Replicate allowed unauthorized access to proprietary AI models and sensitive information due to a vulnerability in its containerization process. The flaw was responsibly disclosed and addressed, and there is no evidence of exploitation. However, it highlights the potential risks of malicious models in … Read more
May 24, 2024 at 01:29PM The Gipy campaign, discovered in 2023, uses an infostealer malware to target users in Germany, Russia, Spain, and Taiwan with phishing lures promising an AI voice changing application. Upon delivery, Gipy enables data theft, cryptocurrency mining, and installation of additional malware. Researchers found various malicious programs being delivered in the … Read more
May 24, 2024 at 09:51AM Threat actors are using fake websites posing as legitimate antivirus solutions like Avast, Bitdefender, and Malwarebytes to distribute malware targeting Android and Windows devices. The malware can steal sensitive information. The firms also observed a new Android banking trojan called Antidot, posing as a Google Play update, to facilitate information … Read more
May 23, 2024 at 03:33PM Microsoft has released a “Cyber Signals” report revealing information about the hacking group Storm-0539 and an increase in gift card theft leading up to the Memorial Day holiday in the United States. The report highlights the group’s advanced techniques and a rise in their activity before major holidays. Microsoft also … Read more
May 21, 2024 at 04:01PM The issue involves threat actors breaching AWS accounts by exploiting plaintext AWS authentication secrets leaked in Atlassian Bitbucket artifacts. Mandiant discovered this during an investigation and highlighted how seemingly secured data can be exposed in public repositories, jeopardizing security. Developers are cautioned to review artifacts and deploy code scanning to … Read more
May 21, 2024 at 03:06PM Threat actors breached AWS accounts using leaked plaintext authentication secrets in Atlassian Bitbucket artifacts. Mandiant discovered this issue in the context of an investigation, highlighting the potential leakage of secured data in public repositories. Bitbucket’s secured variables encrypt sensitive information, but Mandiant found that artifact objects can contain plaintext secured … Read more
May 21, 2024 at 01:50PM Rockwell Automation urges customers to disconnect industrial control systems not designed for online exposure from the Internet due to increasing malicious activity. This reduces the attack surface and limits direct access to systems vulnerable to security threats. Additionally, CISA issued an alert regarding Rockwell’s new guidance to reduce ICS device … Read more
May 21, 2024 at 11:05AM A new attack campaign named CLOUD#REVERSER is using Google Drive and Dropbox for malicious activities. It starts with a phishing email containing a fake Excel file. The file drops multiple payloads, setting up persistence on the host and downloading additional PowerShell scripts to execute commands and download files from cloud … Read more
May 20, 2024 at 09:00AM Multiple threat actors are leveraging a design flaw in Foxit PDF Reader to deliver various malware, exploiting a security warning deception to execute harmful commands. Adobe Acrobat Reader is not susceptible to the exploit, contributing to its low detection rate. The malware-laced PDFs are being distributed via unconventional methods like … Read more
May 20, 2024 at 06:54AM A recent malvertising and cryptocurrency-related campaign uses legitimate services like GitHub and FileZilla to distribute various malware, targeting Android, macOS, and Windows. The campaign, attributed to Russian-speaking threat actors, involves multiple malware variants, including RedLine, Vidar, and DanaBot. This method increases the efficiency of attacks by abusing authentic internet services. … Read more