April 4, 2024 at 07:03PM Latrodectus, a new malware linked to the IcedID loader, was discovered in November 2023. It is believed to be an evolution of IcedID with similar operational ties. The malware is capable of carrying out various malicious activities, including evasive sandbox checks and communication with command and control servers. Its widespread … Read more
April 1, 2024 at 11:42AM Report by Lasso Security warns of AI chatbots leading software developers to use nonexistent packages, potentially exploited by threat actors. Bar Lanyado demonstrated large language model (LLM) chatbots’ susceptibility to spreading and recommending hallucinated packages. The research emphasizes the importance of cross-verifying uncertain LLM answers and exercising caution when integrating … Read more
April 1, 2024 at 02:15AM The Android banking trojan Vultur has reappeared with enhanced features and sophisticated tactics to avoid detection, allowing remote manipulation and data harvesting. Distribution involves trojanized apps and a dropper-as-a-service operation. A similar transition was observed with the Octo trojan, offering advanced features and infecting thousands of devices, primarily in specific … Read more
March 28, 2024 at 02:04PM PyPI, the Python Package Index, has suspended user registrations and new project creation due to an ongoing malware campaign. Threat actors are uploading fake packages to compromise developers, with the latest report from Checkmarx revealing 365 malicious entries and an info-stealer payload. This emphasizes the importance of rigorously verifying open-source … Read more
March 28, 2024 at 09:12AM Israeli cybersecurity company Zafran emerged from stealth mode, unveiling its $30 million funding and a risk mitigation platform. Founded in 2022 by Sanaz Yashar, Ben Seri, and Snir Havdala, the firm’s platform leverages security tools to address vulnerabilities. Their industry-first mitigation knowledgebase works with endpoint detection, firewall, and cloud products. … Read more
March 27, 2024 at 01:01PM Threat actors are increasingly using the inexpensive and rapidly expanding phishing-as-a-service (PhaaS) platform, available for purchase through Telegram. Certainly! The takeaway from the meeting notes is that threat actors are increasingly utilizing the inexpensive and rapidly expanding phishing-as-a-service (PhaaS) platform, which is being distributed through Telegram. This insight highlights the … Read more
March 27, 2024 at 06:42AM CISA added the CVE-2023-24955 SharePoint flaw, part of an exploit chain for unauthenticated remote code execution, to its Known Exploited Vulnerabilities list, after it was demonstrated at Pwn2Own. Microsoft patched this flaw in May 2023. CISA’s catalog now holds four exploited SharePoint vulnerabilities, with CVE-2023-24955 requiring attention by government organizations … Read more
March 22, 2024 at 11:21AM Cybersecurity researchers have detected a new wave of phishing attacks delivering a new information stealer called StrelaStealer, impacting over 100 organizations in the E.U. and the U.S. The attacks involve spam emails with evolving attachments, targeting various sectors with diverse tactics. Other malware families like Stealc and Rescoms RAT have … Read more
March 21, 2024 at 11:18AM Security researchers have released a PoC exploit for a critical SQL injection vulnerability in Fortinet’s FortiClient EMS. Tracked as CVE-2023-48788, it impacts versions 7.0 and 7.2, allowing unauthenticated threat actors to gain RCE with SYSTEM privileges. With Horizon3’s PoC, attackers can modify it to use Microsoft SQL Server xp_cmdshell for … Read more
March 21, 2024 at 10:52AM Researchers at JFrog have uncovered over 800 npm registry packages with discrepancies from their registry entries, 18 of which exploit a technique called manifest confusion. This technique can trick developers into running malicious code by supplying a different manifest with hidden dependencies during installation. They stress the importance of verifying … Read more