June 23, 2024 at 06:45AM Google claims to effectively vet Chrome extensions to catch most malicious code, though researchers argue that the risk is more substantial. There has been considerable installation of risky extensions, representing a significant problem. The authors emphasize the critical need for stronger oversight by Google to address these issues. After reviewing … Read more
June 17, 2024 at 01:02PM China’s Velvet Ant cyber-espionage group executed a persistent and adaptable campaign to steal data from a large East Asian company. Despite eradication attempts by security researchers at Sygnia, the threat actor maintained footholds within the victim’s network for years. The group utilized legacy and unmonitored systems, deploying malware and backdoors … Read more
May 31, 2024 at 04:19PM Researchers have tied LilacSquid, a new advanced persistent threat actor, to data exfiltration attacks across US, Europe. The group employs methods including exploiting known vulnerabilities, stealing remote desktop protocol credentials, and using open source tools like MeshAgent and InkLoader to establish control and deploy custom malware such as PurpleInk. LilacSquid … Read more
May 21, 2024 at 01:54PM Infosec researchers have flagged a critical vulnerability (CVE-2024-4323) in Fluent Bit, a widely used logging component. Tenable discovered the flaw, potentially leading to denial of service, information leakage, and remote code execution. The issue affects versions 2.0.7 through 3.0.3 and may compromise the security of major cloud providers and blue … Read more
May 10, 2024 at 10:07AM A team of researchers has developed an undetectable attack system, GhostStripe, capable of manipulating the image recognition of autonomous vehicles by exploiting the reliance on CMOS sensors. This attack causes the vehicles to not recognize road signs, posing a serious security concern. While countermeasures are available, the study highlights ongoing … Read more
May 5, 2024 at 10:02PM Amnesty International’s Security Lab reveals Indonesia’s emergence as a hub for surveillance tools, receiving invasive spyware from Israel, Greece, Singapore, and Malaysia since 2017. Companies like Q Cyber Technologies, Intellexa consortium, Saito Tech, FinFisher, Raedarius M8 Sdn Bhd, and Wintego Systems are linked to these tools. Malicious domain names and … Read more
April 25, 2024 at 03:22PM Researchers sinkholed a PlugX malware server, logging over 2.5 million unique IP connections from 170 countries in six months. Sekoia obtained control of the server and observed self-spreading capabilities, indicating global infections. They aim to disinfect impacted computers with self-delete commands, but highlight the challenge of re-infection via USB devices. … Read more
April 18, 2024 at 04:04PM The FIN7 threat group recently conducted a spear-phishing attack on a major US-based automotive manufacturer, using a malicious URL to install the Anunak backdoor and gain initial access to high-level IT employee accounts. BlackBerry’s threat and research team halted the attack before ransomware deployment. FIN7 has expanded its targets beyond … Read more
April 15, 2024 at 04:55PM Purdue University researchers have launched Project FIREFLY, aiming to enhance the robustness of cyber-physical systems (CPS) to prevent disruptions and damages in mission-critical applications for the Department of Defense. The $6.5 million project under the Defense Advanced Research Projects Agency will model, simulate, and analyze CPS to identify vulnerabilities and … Read more
April 10, 2024 at 01:24PM Researchers have developed the first native Spectre v2 exploit, affecting Linux systems on modern Intel processors. The discovery highlights the ongoing challenge of balancing performance optimization with security. Spectre V2 leverages speculative execution, leaving traces of sensitive data in CPU caches, and introduces security risks. Various entities are responding with … Read more