Researchers from the Graz University of Technology have published a paper on "SLUBStick," a new Linux kernel exploitation technique that makes heap vulnerabilities increasingly dangerous. The team pointed out that Linux kernel flaws have increased in recent years, but many have limited impact. The researchers showed that the new SLUBStick technique can elevate a limited heap vulnerability to an arbitrary memory read/write primitive, enabling privilege escalation and container escapes even with the implementation of modern defenses.

According to a team of researchers from the University of Tokyo and NTT Security, attackers can conceal their malicious injection activity by inserting commands into the machine code stored in memory by the software interpreters that many programming languages use. Interpreters translate each line of human-readable software code into bytecode. The researchers successfully inserted malicious instructions into the bytecode stored in memory before execution. Since most security software does not scan bytecode, their changes went undetected.

According to Proofpoint, threat actors have been using Cloudflare Tunnels to deliver different Remote Access Trojan (RAT) families. Since February 2024, attackers have abused the TryCloudflare feature to create one-time tunnels without an account in order to distribute "AsyncRAT," "GuLoader," and other RATs. This article continues to discuss threat actors' abuse of Cloudflare's TryCloudflare feature to create one-time tunnels for the distribution of RATs.

The SANS Internet Storm Center reported that new Mirai botnet variants are targeting the open source Enterprise Resource Planning (ERP) framework OFBiz. The Apache Foundation supports OFBiz, a Java-based framework for creating ERP applications. OFBiz seems less prevalent than commercial alternatives, but like any other ERP system, organizations use it for sensitive business data, making security crucial. This article continues to discuss the targeting of the ERP framework OFBiz by the Mirai botnet.

Attackers have been pushing fake ads to lure users into downloading the popular Google Authenticator Multi-Factor Authentication (MFA) app, which actually leads to downloading malware on GitHub. According to Malwarebytes researchers, hosting the malware file on GitHub enables the threat actor to use a trusted cloud resource that is unlikely to get blocked through traditional means. This article continues to discuss attackers luring users to download malware on GitHub through fake Google Authenticator ads.

According to Checkmarx researchers, threat actors uploaded malicious Python packages to the PyPI repository and promoted them on the online question-and-answer platform StackExchange. The packages download scripts that steal sensitive data from messaging apps, cryptocurrency wallets, and more. The information-stealing malware can also exfiltrate files containing specific keywords, take screenshots, and send all of the data to a Telegram channel. This article continues to discuss hackers' distribution of malicious Python packages through StackExchange.

According to Akamai, layer 7 Distributed Denial-of-Service (DDoS) attacks on the gaming industry have increased 94 percent over the past year. The gaming industry is an attractive target for cybercriminals due to its high revenues and extensive player base. The increase in subscription services, which are important for accessing several new games, introduces vulnerabilities. In addition, the rise in new accounts and transactions is accompanied by increased credential theft and phishing scams.

According to Picus Security, 40 percent of tested environments enabled attack paths leading to domain admin access. Since domain admin access is the highest level of access within an organization's Information Technology (IT) infrastructure, it is like giving attackers a master key. Based on the analysis of over 136 million cyberattacks simulated by the Picus Security Validation Platform, the company's report shows that, on average, organizations prevent 7 out of 10 attacks.

Over 35,000 registered domains have been hijacked in "Sitting Ducks" attacks. These attacks enable a domain to be claimed without access to the owner's account at the Domain Name System (DNS) provider or registrar. Cybercriminals exploit configuration flaws at the registrar level and DNS providers' inadequate ownership verification. Infoblox and Eclypsium found that there are over a million exploitable target domains on any given day. Multiple Russian cybercriminal groups have used this attack vector and the hijacked domains in spam campaigns, malware delivery, and more.

According to Cleafy, "BingoMod," a recently discovered Remote Access Trojan (RAT), targets Android users to steal information and money via Account Takeover (ATO). BingoMod enables threat actors to initiate money transfers from infected devices. It evades authentication, verification, and behavioral detection protections through On-Device Fraud (ODF). Once the device is infected, the malware abuses permissions, performs overlay attacks, and more. This article continues to discuss findings regarding the BingoMod Android RAT.