The discovery of a new deceptive package hidden within the npm package registry that deploys the open-source rootkit r77 marks the first time a malicious package has provided rootkit functionality. The package is node-hide-console-windows, and it imitates the legitimate npm package node-hide-console-window as part of a typosquatting campaign. It was downloaded 704 times in the previous two months before being removed. According to ReversingLabs, which detected the activity in August 2023, the package downloaded a Discord bot that facilitated the planting of the open-source rootkit r77.

By exploiting a buffer overflow flaw in the GNU C Library's (glibc) ld.so dynamic loader, a newly discovered Linux vulnerability called Looney Tunables allows local attackers to gain root privileges. The glibc is present in most Linux kernel-based systems, providing essential functionality, including system calls such as open, malloc, printf, and exit, required for the execution of a program. The dynamic loader within glibc is responsible for program preparation and execution on Linux systems that use glibc.

Threat actors in a Business Email Compromise (BEC) campaign are using Dropbox messages to steal Microsoft user credentials. The campaign bypasses security scans based on Natural Language Processing (NLP) and shows how fast these types of attacks evolve. In the first two weeks of September alone, researchers at Check Point Harmony observed over 5,000 attacks where fake login pages directed victims to a credential-harvesting site.

According to Cloudflare, organizations are facing a growing need to connect everything in their business while trying to maintain control over their security, productivity, and competitive growth. Over the past several years, organizations worldwide have seen a significant increase in adopting more Software-as-a-Service (SaaS)-based applications to help teams operate in a hybrid work environment efficiently and collaboratively.

Police in Northern Ireland have recently warned organizations in the province to be on their guard after issuing a new Crime Prevention Notice on “quishing,” or phishing via QR code.  QR phishing, or quishing, has a similar end goal to regular scam emails, which are designed to trick the victim into handing over their credentials/personal information or unwittingly installing malware.  The police noted that the victim typically receives an unsolicited email, but this time containing a PDF or PNG image of a QR code.

International mobile virtual network operator Lyca Mobile has recently confirmed that its services were significantly disrupted due to a cyberattack that may have also resulted in a data breach.   The company noted that the attack, which started late last week, prevented customers and retailers from accessing top-ups and also impacted national and international calling. Lyca Mobile, which claims to have more than 16 million customers, is based in the UK and operates across 60 countries.

We are pleased to announce the transitioning of the CPS VO to a more current version of the open-source content management system, Drupal 9. 

The Advanced Research Projects Agency for Health (ARPA-H) has awarded $9.5 million to researchers at the University of California San Diego School of Medicine as part of the DIGIHEALS initiative, which supports innovative research aimed at protecting the US healthcare system from malicious cyber threats. The new award, the first ARPA-H contract award for any campus of the University of California, will help the researchers develop better methods to prevent and mitigate ransomware attacks. Ransomware attacks impacting healthcare delivery have increased in frequency and sophistication.

According to cybersecurity experts at RMIT University, young people are more vulnerable to online scams than other generations. The ACCC 2022 Targeting Scams report suggests that young people are more susceptible to online scams despite being more Internet savvy. Young people have been found to be more vulnerable to employment scams on social media, their primary source of information. Many young adults attempt to make ends meet or save money by securing additional income through task-based, work-from-home jobs, such as data entry or content creation.

The wave of MOVEit Transfer attacks launched by the Cl0p ransomware gang will likely be among the largest of 2023. The zero-day exploit used by Cl0p has thus far affected over 2,100 organizations and 62 million individuals. However, researchers at Palo Alto's Unit 42 discovered that large-scale attacks present the perpetrators with unanticipated challenges, such as how to anonymously leak stolen data to coax victims into paying. Due to slow download speeds, sharing terabytes of data via a TOR leak site is nearly impossible. Cl0p addressed the issue by torrenting the files.