"CISA: Second SharePoint Flaw Disclosed at Pwn2Own Exploited in Attacks"

"CISA: Second SharePoint Flaw Disclosed at Pwn2Own Exploited in Attacks"

CISA recently added a second SharePoint flaw, demonstrated last year at a Pwn2Own hacking competition, to its Known Exploited Vulnerabilities (KEV) list.  The Star Labs team demonstrated the flaw, tracked as CVE-2023-24955, in March 2023 at Pwn2Own Vancouver alongside CVE-2023-29357.   This two-bug exploit chain, which allows unauthenticated remote code execution on SharePoint servers with elevated privileges, earned the Star Labs team $100,000 at Pwn2Own. Microsoft patched CVE-2023-24955 and CVE-2023-29357 with SharePoint updates released in May and June 2023, respectively.

Submitted by Adam Ekwall on

"Hackers Exploit Ray Framework Flaw to Breach Servers, Hijack Resources"

"Hackers Exploit Ray Framework Flaw to Breach Servers, Hijack Resources"

A new hacking campaign called "ShadowRay" exploits an unpatched vulnerability in Ray, a popular open source Artificial Intelligence (AI) framework, to hijack computing power and leak sensitive data. Oligo reported that these attacks have been ongoing since at least September 5, 2023, with targets including education, cryptocurrency, biopharma, and others. Ray is a framework developed by Anyscale that allows users to scale AI and Python applications across a cluster of machines for distributed computing workloads.

Submitted by Gregory Rigby on

"Malicious NuGet Package Linked to Industrial Espionage Targets Developers"

"Malicious NuGet Package Linked to Industrial Espionage Targets Developers"

Researchers at ReversingLabs have discovered a suspicious package in the NuGet package manager that is likely aimed at developers using tools developed by a Chinese company specializing in industrial and digital equipment manufacturing. The package, "SqzrFramework480," first published on January 24, 2024, has been downloaded 2,999 times. ReversingLabs believes that the campaign is being used to orchestrate industrial espionage on systems equipped with cameras, machine vision, and robotic arms. This article continues to discuss findings regarding the malicious NuGet package.

Submitted by Gregory Rigby on

"Researchers Discover 40,000-Strong EOL Router, IoT Botnet"

"Researchers Discover 40,000-Strong EOL Router, IoT Botnet"

Security researchers at Lumen Technologies recently discovered a 40,000-strong botnet packed with end-of-life routers and IoT devices being used in cybercriminal activities.  According to the researchers, a notorious cybercriminal group has been running a multi-year campaign targeting end-of-life small home/small office (SOHO) routers and IoT devices worldwide.  The router botnet, first seen in 2014, has been operating quietly while growing to more than 40,000 bots from 88 countries in January and February 2024.

Submitted by Adam Ekwall on

"US Targets Crypto Firms Aiding Russia Sanctions Evasion"

"US Targets Crypto Firms Aiding Russia Sanctions Evasion"

The US government is trying to close gaps in its sanctions program against Russia by going after blockchain and virtual currency firms, which it says have helped entities circumvent existing controls.

Submitted by Adam Ekwall on

"Apple Patches Code Execution Vulnerability in iOS, macOS"

"Apple Patches Code Execution Vulnerability in iOS, macOS"

Apple has recently released fresh security updates for iOS and macOS devices to resolve an arbitrary code execution vulnerability.  The issue, tracked as CVE-2024-1580 and described as an integer overflow leading to out-of-bounds write, impacts the CoreMedia and WebRTC components of both iOS and macOS and could be triggered during image processing.  Apple noted that the security defect is not specific to Apple’s products but affects the dav1d open-source AV1 cross-platform decoder, which was resolved in dav1d version 1.4.0 in February.

Submitted by Adam Ekwall on

Science of Security Virtual Institutes

Science of Security Virtual Institutes

The Science of Security (SoS) initiative has announced its newest iteration of collaborative academic research, the SoS Virtual Institutes (VIs). The goal of the SoS program is to foster a self-sustaining, open, and public security science research community to discover key cyber principles necessary to support improved security and privacy.

Submitted by Gregory Rigby on

"CISA Seeks to Curtail 'Unforgivable' SQL Injection Defects"

"CISA Seeks to Curtail 'Unforgivable' SQL Injection Defects"

Supply chains are facing SQL injection vulnerabilities, which have prompted a joint warning from the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) to develop safer software products. CISA and the FBI have announced the new "Secure by Design" guidance as a direct response to the recent widespread exploitation of a SQLi flaw in the MoveIT file transfer application. SQL injection vulnerabilities enable threat actors to inject their own data into SQL commands.

Submitted by Gregory Rigby on

"US Treasury Slaps Sanctions on China-Linked APT31 Hackers"

"US Treasury Slaps Sanctions on China-Linked APT31 Hackers"

The U.S. government recently announced a fresh round of sanctions against a pair of Chinese hackers, who are said to be responsible for “malicious cyber operations targeting U.S. entities that operate within U.S. critical infrastructure sectors.”  The Department of the Treasury’s Office of Foreign Assets Control (OFAC) noted that the sanctions also extend to a Wuhan, China-based technology company serving as a front for multiple malicious cyber operations.  In tandem, the U.S.

Submitted by Adam Ekwall on

"New Tycoon 2FA Phishing Kit Raises Cybersecurity Concerns"

"New Tycoon 2FA Phishing Kit Raises Cybersecurity Concerns"

The Sekoia Threat Detection and Research (TDR) team discovered a new phishing kit called "Tycoon 2FA" in October 2023. The kit, associated with the Adversary-in-the-Middle (AiTM) technique, is allegedly used by multiple threat actors to launch widespread attacks. Findings suggest that the Tycoon 2FA platform has been active since at least August 2023. An analysis revealed that the kit has become one of the most common AiTM phishing kits, with more than 1,100 domain names detected between October 2023 and February 2024.

Submitted by Gregory Rigby on
Subscribe to