Posts

Showing posts from September, 2023

Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability

Image
Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as  CVE-2023-5217 , the high-severity vulnerability has been described as a heap-based buffer overflow in the VP8 compression format in libvpx, a free software video codec library from Google and the Alliance for Open Media (AOMedia). Exploitation of such buffer overflow flaws can result in program crashes or execution of arbitrary code, impacting its availability and integrity. Clément Lecigne of Google's Threat Analysis Group (TAG) has been credited with discovering and reporting the flaw on September 25, 2023, with fellow researcher Maddie Stone  noting  on X (formerly Twitter) that it has been abused by a commercial spyware vendor to target high-risk individuals. No additional details have been disclosed by the tech giant other than to acknowledge that it's "aware that an exploit for CVE-2023-5217 exists in the wild." The latest dis...

Red Cross-Themed Phishing Attacks Distributing DangerAds and AtlasAgent Backdoors

Image
A new threat actor known as  AtlasCross  has been observed leveraging Red Cross-themed phishing lures to deliver two previously undocumented backdoors named DangerAds and AtlasAgent. NSFOCUS Security Labs described the adversary as having a "high technical level and cautious attack attitude," adding that "the phishing attack activity captured this time is part of the attacker's targeted strike on specific targets and is its main means to achieve in-domain penetration." The attack chains start with a macro-laced Microsoft document that purports to be about a blood donation drive from the American Red Cross that, when launched, runs the malicious macro to set up persistence, exfiltrate system metadata to a remote server (data.vectorse[.]com) that's a sub-domain of a legitimate website belonging to a structural and engineering firm based in the U.S. It also extracts a file named KB4495667.pkg (codenamed DangerAds), which, subsequently acts as a loader to launch...

New ZenRAT Malware Targeting Windows Users via Fake Password Manager Software

Image
A new malware strain called  ZenRAT  has emerged in the wild that's distributed via bogus installation packages of the Bitwarden password manager. "The malware is specifically targeting Windows users and will redirect people using other hosts to a benign web page," enterprise security firm Proofpoint said in a technical report. "The malware is a modular remote access trojan (RAT) with information stealing capabilities." ZenRAT is hosted on fake websites pretending to be associated with Bitwarden, although it's uncertain as to how traffic is being directed to the domains. Such malware has been propagated via phishing, malvertising, or SEO poisoning attacks in the past. The payload (Bitwarden-Installer-version-2023-7-1.exe), downloaded from crazygameis[.]com, is a trojanized version of the standard Bitwarden installation package that contains a malicious .NET executable (ApplicationRuntimeMonitor.exe). A noteworthy aspect of the campaign is that users who end ...

RANSOMEDVC Ransomware Group Claims Breach of Sony Corporation

Image
  The infamous RANSOMEDVC ransomware group claimed to have successfully breached Sony Group Corporation, the Japanese multinational conglomerate giant. This claim was made through listings on both its clearnet and dark web platforms, where the group declared its complete infiltration of all Sony systems. The ransomware group proclaimed that it had “successfully compromised all of Sony’s systems.” Distinct from the typical ransomware approach of locking the victim’s system, disrupting IT operations, and demanding a ransom for the decryption key, the RANSOMEDVC ransomware group has taken a different method. Instead of ransom demands, the group has declared its intention to monetize the stolen data, citing Sony’s alleged reluctance to comply with their demands. An analysis of the sample data published by RANSOMEDVC on its websites reveals limited insights. Among the leaked files are a PowerPoint Presentation purportedly from Sony’s Quality Assurance Division, internal screenshots disp...

New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware

Image
The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called  Predator  targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023. "The targeting took place after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections," the Citizen Lab said, attributing the attack with high confidence to the Egyptian government owing to it being a known customer of the commercial spying tool. According to a joint investigation conducted by the Canadian interdisciplinary laboratory and Google's Threat Analysis Group (TAG), the mercenary surveillance tool is said to have been delivered via links sent on SMS and WhatsApp. "In August and September 2023, Eltantawy's Vodafone Egypt mobile connection was persistently selected for targeting via network injection; when Eltantawy visited certain websites not...

Best Enterprise Password Managers According to IT Specialists.

Image
Even with advances in security practices and technologies, passwords continue to remain a weak point in an organization’s cyber security strategy. Strong passwords are still an essential part of security strategy for most organizations, and poor password hygiene can make their IT network vulnerable.  According to the 2021 Verizon data breach investigation report, shared credentials and poor access management practices were among the top reasons for data breaches all over the globe.  But the simple fact is that maintaining passwords is simply difficult. According to studies, an average person has around 100 passwords (if you’re not convinced, just look up the passwords your browser has saved for you). And this number only goes higher for network managers and other IT professionals.  This is where password managers become useful.  Bitwarden Bitwarden is one of the leading password managers that network engineers use. It’s open-source, end-to-end AES 256-bit encrypted, ...

As Democracy Goes Digital, Cybersecurity Takes Precedence: 5 Critical Resources For Protecting Elections Against Digital Threats

Image
From introducing biometric voter verification machines in Kenya to testing an internet voting pilot in Norway, election management bodies (EMBs) have increasingly digitized elections in efforts to increase efficiency, promote transparency, and encourage greater voter participation. While many elections have increasingly involved technology, including digital voter rolls, biometric voter registration, and electronic voting machines, these critical democratic processes have become more susceptible to a rapidly evolving threat—cyberattacks. Failure to address cybersecurity risks inherent to a digitized electoral process can pose a grave threat to electoral integrity. Poll workers read out presidential election ballot results to observers and officials in Tabarre in Port-au-Prince. Photo: Kendra Helmer/USAID. Recognizing the need to secure election infrastructure, the U.S. Agency for International Development (USAID) supported DAI’s  Digital Frontiers  project and the  Intern...

Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data

Image
Microsoft on Monday said it took steps  correct a glaring security gaffe that led to the exposure of 38 terabytes of private data. The leak was discovered on the company's AI GitHub repository and is said to have been inadvertently made public when publishing a bucket of open-source training data, Wiz said. It also included a disk backup of two former employees' workstations containing secrets, keys, passwords, and over 30,000 internal Teams messages. The repository, named " robust-models-transfer ," is no longer accessible. Prior to its takedown, it featured source code and machine learning models pertaining to a  2020 research paper   titled  "Do Adversarially Robust ImageNet Models Transfer Better?" "The exposure came as the result of an overly permissive  SAS token  – an Azure feature that allows users to share data in a manner that is both hard to track and hard to revoke," Wiz said in a report. The issue was reported to Microsoft on June 22,...