July 25, 2024 at 03:59PM Truffle Security researchers discovered a vulnerability termed CFOR, allowing data access from deleted GitHub repository forks. Accessing a deleted commit through the original repo’s fork poses security risks. GitHub views this as an intended feature, not a flaw. The platform contains lingering “dangling commits” even after deletion. Truffle Security advises … Read more
July 18, 2024 at 09:03AM Researchers from several universities have identified a vulnerability, named Port Shadow (CVE-2021-3773), that allows threat actors to exploit VPNs to launch man-in-the-middle attacks, intercepting and redirecting traffic. This affects OpenVPN, WireGuard, and OpenConnect on Linux or FreeBSD. Mitigation involves specific firewall rules, and end users are advised to connect to … Read more
July 8, 2024 at 08:51AM Avast researchers have provided decryptors for victims of the DoNex ransomware, a threat that has undergone several rebrands and targeted victims in various countries. The decryptor is freely available and can be run as administrator, with the password-cracking process recommended for the 64-bit version due to its memory-intensive nature. Based … Read more
June 23, 2024 at 06:45AM Google claims to effectively vet Chrome extensions to catch most malicious code, though researchers argue that the risk is more substantial. There has been considerable installation of risky extensions, representing a significant problem. The authors emphasize the critical need for stronger oversight by Google to address these issues. After reviewing … Read more
June 17, 2024 at 01:02PM China’s Velvet Ant cyber-espionage group executed a persistent and adaptable campaign to steal data from a large East Asian company. Despite eradication attempts by security researchers at Sygnia, the threat actor maintained footholds within the victim’s network for years. The group utilized legacy and unmonitored systems, deploying malware and backdoors … Read more
May 31, 2024 at 04:19PM Researchers have tied LilacSquid, a new advanced persistent threat actor, to data exfiltration attacks across US, Europe. The group employs methods including exploiting known vulnerabilities, stealing remote desktop protocol credentials, and using open source tools like MeshAgent and InkLoader to establish control and deploy custom malware such as PurpleInk. LilacSquid … Read more
May 21, 2024 at 01:54PM Infosec researchers have flagged a critical vulnerability (CVE-2024-4323) in Fluent Bit, a widely used logging component. Tenable discovered the flaw, potentially leading to denial of service, information leakage, and remote code execution. The issue affects versions 2.0.7 through 3.0.3 and may compromise the security of major cloud providers and blue … Read more
May 10, 2024 at 10:07AM A team of researchers has developed an undetectable attack system, GhostStripe, capable of manipulating the image recognition of autonomous vehicles by exploiting the reliance on CMOS sensors. This attack causes the vehicles to not recognize road signs, posing a serious security concern. While countermeasures are available, the study highlights ongoing … Read more
May 5, 2024 at 10:02PM Amnesty International’s Security Lab reveals Indonesia’s emergence as a hub for surveillance tools, receiving invasive spyware from Israel, Greece, Singapore, and Malaysia since 2017. Companies like Q Cyber Technologies, Intellexa consortium, Saito Tech, FinFisher, Raedarius M8 Sdn Bhd, and Wintego Systems are linked to these tools. Malicious domain names and … Read more
April 25, 2024 at 03:22PM Researchers sinkholed a PlugX malware server, logging over 2.5 million unique IP connections from 170 countries in six months. Sekoia obtained control of the server and observed self-spreading capabilities, indicating global infections. They aim to disinfect impacted computers with self-delete commands, but highlight the challenge of re-infection via USB devices. … Read more