According to a group of researchers, Microsoft's Visual Studio Code (VSCode) extensions marketplace has malicious uploads and poor security. In May, the team conducted an experiment in which they hacked over 100 organizations with a typosquatted version of a popular VSCode extension. During their study of the marketplace, they found many security design flaws implemented by Microsoft that allow threat actors to gain credibility and access. This article continues to discuss findings from the group's research on Microsoft's VSCode extensions marketplace.

According to Mandiant, a cyber threat actor is suspected of stealing a large amount of customer data from the data warehousing platform Snowflake. UNC5537, a financially motivated threat actor, is advertising the stolen data on cybercrime forums and trying to extort many victims. About 165 organizations that use Snowflake have been notified that they may have been exposed. The threat actor is said to be compromising Snowflake customer instances using stolen credentials. This article continues to discuss UNC5537's targeting of Snowflake customer instances for data theft and extortion.

A team of researchers led by Rice University's Edward Knightly discovered an eavesdropping security vulnerability in high-frequency and high-speed wireless backhaul links. These links are widely used in applications such as 5G wireless cell phone signals.

Researchers have discovered a new campaign spreading an updated version of the "ValleyRAT" malware. According to Zscaler ThreatLabz, the latest version includes screenshot capturing, process filtering, Windows event log clearing, and more. In 2023, QiAnXin and Proofpoint documented ValleyRAT's use in a phishing campaign targeting Chinese-speaking users and Japanese organizations that distributed "Purple Fox" and "Sainbox RAT," a variant of the "Gh0st" Remote Access Trojan (RAT) Trojan. This article continues to discuss findings regarding the China-linked ValleyRAT malware.

The "TellYouThePass" ransomware group has been using PHP's recently patched Remote Code Execution (RCE) vulnerability to deliver web shells and execute the encryptor payload. Attacks began on June 8, less than 48 hours after PHP's maintainers released security updates, using publicly available exploit code. TellYouThePass ransomware quickly uses public exploits for highly impactful vulnerabilities. Last November, the gang used an Apache ActiveMQ RCE in attacks, and in December 2021, they adopted the Log4j exploit.

Redfox Security warns that discontinued Netgear WNR614 routers contain vulnerabilities that enable attackers to bypass authentication, intercept communications, and steal credentials. Six flaws were discovered in the Netgear WNR614 N300 router model running the latest available firmware version. The first flaw discovered by Redfox Security lets attackers bypass the device's authentication mechanism and access the administrative interface.

Apple recently updated visionOS, the operating system powering its Vision Pro virtual reality headset, to version 1.2, which addresses several vulnerabilities, including what may be the first security flaw that is specific to this product.  The company noted that the update patches nearly two dozen vulnerabilities.  However, a vast majority of them are in components that visionOS shares with other Apple products, such as iOS, macOS and tvOS.

British semiconductor giant Arm has recently warned customers about a memory safety bug in Mali GPU kernel drivers that has been exploited in the wild.  The vulnerability is tracked as CVE-2024-4610 and is a use-after-free issue that could be exploited by local users to make improper GPU memory processing operations.  The company noted that successful exploitation of the flaw allows a non-privileged attacker to access previously freed memory.  According to Arm, CVE-2024-4610 impacts the Bifrost and Valhall GPU kernel drivers.

Researchers from the University of Illinois Urbana-Champaign found that GPT-4-powered teams of bots can scan websites for zero-day vulnerabilities and attack them with 53 percent success. According to the researchers, Large Language Models (LLMs) can collaborate and work more effectively than a single instance of chatbot in exploiting real-world vulnerabilities. Their paper shows up to 4.5 times improvement over a standalone Artificial Intelligence (AI) agent.

Cisco's Talos research and threat intelligence unit found 15 vulnerabilities impacting AutomationDirect’s Productivity series Programmable Logic Controllers (PLCs). The vulnerabilities are all classified as being of high or critical severity. They can be exploited for Remote Code Execution (RCE) or Denial-of-Service (DoS) attacks, potentially disrupting industrial environments and causing significant costs.