By grigby1 

By krahal

The backdrop flurry of the US presidential election on 5 November comes with increasing cyber heat, for worse, and with counter measures, somewhat better.

By grigby1

Hundreds of open source Large Language Model (LLM) builder servers and dozens of vector databases leak sensitive data to the web. There is a rush among companies to implement Artificial Intelligence (AI) into their business workflows, but not enough attention is paid to securing these tools and the information they handle. Naphtali Deutsch, a researcher at Legit Security, scanned the web for two potentially vulnerable open source AI services: vector databases, which store data for AI tools, and LLM application builders, such as Flowise.

"Peach Sandstorm," an Iran-backed hacking group, has created a new custom multi-stage backdoor to infiltrate targets during cyber espionage operations. Microsoft Threat Intelligence named the new malware "Tickler," which has been used in attacks against targets in the satellite, communications equipment, oil and gas as well as federal and state government sectors. Microsoft Threat Intelligence discovered two samples of the Tickler malware launched by Peach Sandstorm in compromised environments between April and July 2024.

"Pioneer Kitten" is an Iranian hacking group infiltrating US defense, education, finance, and healthcare organizations and extorting victims with affiliates of several ransomware operations. The threat group, also known as "Fox Kitten," "UNC757," and "Parisite," has been active since 2017.

"LummaC2" malware has reemerged, infiltrating and exfiltrating sensitive data. The infostealer malware actively exploits PowerShell commands. According to researchers at Ontinue, the latest variant of LummaC2 uses sophisticated tactics. LummaC2, which was first seen in Russian-speaking forums in 2022, is a C-based tool distributed as Malware-as-a-Service (MaaS).

According to Cisco Talos, "BlackByte" ransomware attackers have exploited a recently patched VMware ESXi hypervisor flaw while also abusing different vulnerable drivers to disable security. The group is changing tactics by exploiting a VMware ESXi authentication bypass vulnerability, which other ransomware groups have also weaponized. This article continues to discuss the BlackByte ransomware group's exploitation of an authentication bypass vulnerability in VMware ESXi.

ESET discovered a cyber espionage campaign, traced to the Seoul-aligned APT-C-60 group, that exploited a novel Remote Code Execution (RCE) vulnerability in WPS Office for Windows to launch a custom backdoor. The APT used the "SpyGlace" backdoor against victims in East Asia. This article continues to discuss the new APT-C-60 group's campaign involving the exploitation of an RCE vulnerability in WPS Office for Windows.

Infosecurity Magazine reports "South Korean Spies Exploit WPS Office Zero-Day"

Threat actors have been delivering malware to users of instant messaging apps. They have used a malicious Pidgin plugin and an unofficial fork of the Signal app. On August 22, the Pidgin messaging app's developers informed users that they had discovered a malicious plugin called "ScreenShare-OTR (ss-otr)" on the official third-party plugins list. The plugin was found to include keylogging code. It also sent screenshots to its operators. This article continues to discuss findings regarding threat actors' delivery of malware through instant messaging apps.