The North Korean threat actor "ScarCruft" exploited a Windows security flaw to infect devices with the "RokRAT" malware. The flaw is a memory corruption bug in the Scripting Engine that enables Remote Code Execution (RCE) when using the Edge browser in Internet Explorer Mode. To exploit it, an attacker must convince a user to click on a specially crafted URL to execute the malicious code. This article continues to discuss findings regarding ScarCruft's delivery of RokRAT malware.

According to security researchers at Symantec, RansomHub is now the number one ransomware operation in terms of claimed successful attacks.  Overall, threat actors claimed 1255 attacks in the third quarter, down slightly from 1325 in Q2.    The researchers noted that RansomHub only became active in February this year but claimed top spot in Q3 with 191 victims posted to leak sites, up 155% on Q2's haul.

New variants of the Android banking trojan "TrickMo" have features for stealing a device's unlock pattern or PIN. According to Aazim Yaswant, a security researcher at Zimperium, these previously undocumented features allow the threat actor to operate on the device even when it is locked. TrickMo, first discovered in the wild in 2019, can grant remote control over infected devices, steal SMS-based One-Time Passwords (OTPs), and display overlay screens to capture credentials. This article continues to discuss findings regarding new TrickMo variants.

A critical vulnerability in Kubernetes could enable unauthorized SSH access to a Virtual Machine (VM) that is running an image created with Kubernetes Image Builder. The Kubernetes Image Builder project lets users create VM images for Cluster API (CAPI) providers running the Kubernetes environment, such as Proxmox or Nutanix. These VMs are used to set up nodes that will become part of a Kubernetes cluster. The vulnerability stems from default credentials being enabled during image-building and not being disabled after the process.

Etay Maor, Chief Security Strategist and founding member of the Cyber Threats Research Lab (CTRL) at Cato Networks, has highlighted how both defenders and attackers could use Artificial Intelligence (AI) in their operations. For example, Maor points out that AI models can be applied to augment human researchers and security products by generating a human-readable report of all security events and alerts with one button. Cybercriminals can conduct prompt injection attacks against AI models used in the analysis of malware code.

Google recently announced a fresh Chrome browser update that addresses 17 vulnerabilities, including 13 security defects reported by external researchers.  Google noted that the most severe of the externally reported bugs is CVE-2024-9954, a high-risk use-after-free defect in AI, for which it handed out a $36,000 bug bounty reward.  The browser update resolves five medium-severity use-after-free issues as well, impacting Web Authentication, UI, DevTools, Dawn, and Parcel Tracking.

Apparel giant Varsity Brands recently disclosed a data breach impacting a significant number of individuals. Varsity provides uniforms, apparel, and services for sports teams, schools, and student-athletes.  The company said it detected "unusual activity" on its systems in May 2024 and, upon detection, took certain systems offline and launched an investigation with the assistance of external cybersecurity experts.  The company noted that it also notified law enforcement.

A research team led by Wang Chao from Shanghai University has presented a method involving the use of D-Wave's quantum annealing systems to crack classic encryption. The study titled "Quantum Annealing Public Key Cryptographic Attack Algorithm Based on D-Wave Advantage" describes how D-Wave's machines were used to break RSA encryption and attack symmetric encryption systems. Their method raises significant concerns about the future of cybersecurity.

Researchers at Trend Micro have discovered that threat actors are using the open source "EDRSilencer" tool to evade Endpoint Detection and Response (EDR) systems. According to the researchers, the software designed for red teaming is being used to "silence" EDR solutions. It involves using the Windows Filtering Platform (WFP), which enables the creation of custom rules for monitoring, blocking, and modifying network traffic. This article continues to discuss the use of the EDRSilencer tool by threat actors.

The Entrust Cybersecurity Institute found that many organizations have not begun post-quantum threat preparations despite the National Institute of Standards and Technology's (NIST) recent publication of post-quantum standards. NIST published its first three finalized post-quantum encryption standards in August, providing usage and implementation guidelines for organizations transitioning to quantum cryptography.