"Cthulhu Stealer Malware Targets macOS With Deceptive Tactics"

"Cthulhu Stealer Malware Targets macOS With Deceptive Tactics"

"Cthulhu Stealer," a recently discovered malware, has been targeting macOS users, posing another significant cybersecurity threat to Apple's operating system. Cado Security has identified the tool as a Malware-as-a-Service (MaaS) that disguises itself as legitimate software using Apple disk images (DMG). The Cthulhu Stealer mainly steals sensitive information from its victims, such as credentials and cryptocurrency wallets. This article continues to discuss findings regarding Cthulhu Stealer.

Submitted by Gregory Rigby on

"Two Years On, Log4Shell Vulnerability Still Being Exploited to Deploy Malware"

"Two Years On, Log4Shell Vulnerability Still Being Exploited to Deploy Malware"

Over two years after the Log4j zero-day caused global chaos, organizations still face exploits that push cryptocurrency miners and malicious backdoor scripts. Researchers at Datadog Security Labs have found that cybercriminals are still using "Log4Shell" exploits to avoid detection and plant malware scripts on unpatched corporate systems. This article continues to discuss the continued impact of the Log4Shell vulnerability.

Submitted by Gregory Rigby on

"Cisco Patches High-Severity Vulnerability Reported by NSA"

"Cisco Patches High-Severity Vulnerability Reported by NSA"

Cisco recently announced patches for multiple vulnerabilities across its products, including a high-severity bug in its enterprise collaboration solutions.  Tracked as CVE-2024-20375, the high-severity issue (CVSS score of 8.6) impacts the SIP call processing function of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and can be exploited remotely, without authentication.

Submitted by Adam Ekwall on

"FAA Admits Gaps in Aircraft Cybersecurity Rules: New Regulation Proposed"

"FAA Admits Gaps in Aircraft Cybersecurity Rules: New Regulation Proposed"

New cybersecurity rules have been proposed by the Federal Aviation Administration (FAA) to mitigate vulnerabilities caused by the interconnectedness of modern aircraft.  The proposal, published in the Federal Register on August 21, highlighted the current trend in aircraft design of increased integration of airplane, engine, and propeller systems with internal or external data networks and services.

Submitted by Adam Ekwall on

"Critical LiteSpeed Cache Plugin Flaw Exposes WordPress Sites"

"Critical LiteSpeed Cache Plugin Flaw Exposes WordPress Sites"

A security researcher named John Blackbourn, through the Patchstack zero-day bug bounty program, has discovered a critical vulnerability in the LiteSpeed Cache plugin, potentially exposing millions of WordPress sites to severe security risks. The researcher noted that the vulnerability allows unauthorized users to gain administrator-level access and could lead to installing malicious plugins and compromising affected websites.  The researcher said the vulnerability arises from the plugin’s weak security hash used in its user simulation feature.

Submitted by Adam Ekwall on

"'Styx Stealer' Malware Developer Accidentally Exposes Personal Info to Researchers in 'Critical OPSEC Error'"

"'Styx Stealer' Malware Developer Accidentally Exposes Personal Info to Researchers in 'Critical OPSEC Error'"

Researchers at Check Point found that a suspected developer of the "Styx Stealer" malware made an Operational Security (OPSEC) mistake, leaking client and earnings data from his computer. Styx Stealer collects browser data and cryptocurrency, as well as instant messenger sessions from Telegram and Discord. The developer's significant error and data leak from his computer gave Check Point a lot of intelligence.

Submitted by Gregory Rigby on

"PostgreSQL Databases Under Attack"

"PostgreSQL Databases Under Attack"

Cryptojacking attackers are targeting poorly protected PostgreSQL databases running on Linux machines. Aqua Security researchers observed the attack on a honeypot system, which began with the threat actors brute-forcing access credentials. Once access is gained, the threat actor creates a new user role with login capability and high privileges, strips the user role they compromised of superuser privileges, and more. The first payload, "PG_Core," mainly removes cron jobs for the current user and terminates processes associated with other cryptomining malware.

Submitted by Gregory Rigby on

"Thousands of Apps Using AWS ALB Exposed to Attacks Due to Configuration Issue"

"Thousands of Apps Using AWS ALB Exposed to Attacks Due to Configuration Issue"

According to the application security company Miggo, about 15,000 apps that use Amazon Web Services' (AWS) Application Load Balancer (ALB) for authentication may be vulnerable to attacks. The attacks dubbed "ALBeast" stem from a critical configuration issue, not a vulnerability in the AWS ALB solution. AWS was informed of the possible risks in April, and since then, it has updated its documentation and added new code to help prevent ALBeast attacks. This article continues to discuss the vulnerability of thousands of apps using AWS ALB to ALBeast attacks.

Submitted by Gregory Rigby on

"New MoonPeak RAT Linked to North Korean Threat Group UAT-5394"

"New MoonPeak RAT Linked to North Korean Threat Group UAT-5394"

"MoonPeak," a newly discovered Remote Access Trojan (RAT) family, has been linked to the North Korean threat group "UAT-5394." Cisco Talos research shows that this sophisticated malware, based on the open source "XenoRAT," is actively being developed to avoid detection and improve functionality.

Submitted by Gregory Rigby on

2024 National Cybersecurity Education Colloquium

Submitted by Amy Karns on

Join us for the 2024 National Cybersecurity Education Colloquium (NCEC) in St. Louis, Missouri from October 7-10, 2024. The main goal is to tackle the increasing need for cybersecurity education, training, and workforce development in the nation. Please be aware that ELF participation is by invitation only and subject to approval. Reserve your spot by registering now! The registration deadline is September 17, 2024, at 11:59 p.m. ET.

 

Subscribe to