China’s ‘Velvet Ant’ APT Nests Inside Multiyear Espionage Effort

June 17, 2024 at 01:02PM China’s Velvet Ant cyber-espionage group executed a persistent and adaptable campaign to steal data from a large East Asian company. Despite eradication attempts by security researchers at Sygnia, the threat actor maintained footholds within the victim’s network for years. The group utilized legacy and unmonitored systems, deploying malware and backdoors … Read more

LilacSquid APT Employs Open Source Tools, QuasarRAT

May 31, 2024 at 04:19PM Researchers have tied LilacSquid, a new advanced persistent threat actor, to data exfiltration attacks across US, Europe. The group employs methods including exploiting known vulnerabilities, stealing remote desktop protocol credentials, and using open source tools like MeshAgent and InkLoader to establish control and deploy custom malware such as PurpleInk. LilacSquid … Read more

Critical Fluent Bit bug affects all major cloud providers, say researchers

May 21, 2024 at 01:54PM Infosec researchers have flagged a critical vulnerability (CVE-2024-4323) in Fluent Bit, a widely used logging component. Tenable discovered the flaw, potentially leading to denial of service, information leakage, and remote code execution. The issue affects versions 2.0.7 through 3.0.3 and may compromise the security of major cloud providers and blue … Read more

GhostStripe attack haunts self-driving cars by making them ignore road signs

May 10, 2024 at 10:07AM A team of researchers has developed an undetectable attack system, GhostStripe, capable of manipulating the image recognition of autonomous vehicles by exploiting the reliance on CMOS sensors. This attack causes the vehicles to not recognize road signs, posing a serious security concern. While countermeasures are available, the study highlights ongoing … Read more

Amnesty International Cites Indonesia as a Spyware Hub

May 5, 2024 at 10:02PM Amnesty International’s Security Lab reveals Indonesia’s emergence as a hub for surveillance tools, receiving invasive spyware from Israel, Greece, Singapore, and Malaysia since 2017. Companies like Q Cyber Technologies, Intellexa consortium, Saito Tech, FinFisher, Raedarius M8 Sdn Bhd, and Wintego Systems are linked to these tools. Malicious domain names and … Read more

Researchers sinkhole PlugX malware server with 2.5 million unique IPs

April 25, 2024 at 03:22PM Researchers sinkholed a PlugX malware server, logging over 2.5 million unique IP connections from 170 countries in six months. Sekoia obtained control of the server and observed self-spreading capabilities, indicating global infections. They aim to disinfect impacted computers with self-delete commands, but highlight the challenge of re-infection via USB devices. … Read more

Russian APT Group Thwarted in Attack on US Automotive Manufacturer

April 18, 2024 at 04:04PM The FIN7 threat group recently conducted a spear-phishing attack on a major US-based automotive manufacturer, using a malicious URL to install the Anunak backdoor and gain initial access to high-level IT employee accounts. BlackBerry’s threat and research team halted the attack before ransomware deployment. FIN7 has expanded its targets beyond … Read more

Defense Award Launches Purdue Project to Strengthen Cyber-Physical Systems

April 15, 2024 at 04:55PM Purdue University researchers have launched Project FIREFLY, aiming to enhance the robustness of cyber-physical systems (CPS) to prevent disruptions and damages in mission-critical applications for the Department of Defense. The $6.5 million project under the Defense Advanced Research Projects Agency will model, simulate, and analyze CPS to identify vulnerabilities and … Read more

New Spectre v2 attack impacts Linux systems on Intel CPUs

April 10, 2024 at 01:24PM Researchers have developed the first native Spectre v2 exploit, affecting Linux systems on modern Intel processors. The discovery highlights the ongoing challenge of balancing performance optimization with security. Spectre V2 leverages speculative execution, leaving traces of sensitive data in CPU caches, and introduces security risks. Various entities are responding with … Read more

LG Smart TVs at Risk of Attacks, Thanks to 4 OS Vulnerabilities

April 9, 2024 at 04:58PM Researchers at Bitdefender have identified four vulnerabilities in LG webOS, affecting various smart TV models and exposing around 91,000 devices. These bugs include command injection, privilege escalation, and bypass vulnerabilities, tracked as CVE-2023-6317, CVE-2023-6318, CVE-2023-6319, and CVE-2023-6320. LG released security updates after being alerted in November 2023. Users should check … Read more