"WS_FTP Servers Targeted in Ransomware Attacks"

"WS_FTP Servers Targeted in Ransomware Attacks"

The maximum severity vulnerability in unpatched WS_FTP servers from Progress Software has been exploited in ransomware attacks. According to Sophos X-Ops, not all servers have been patched despite Progress Software releasing a fix for the vulnerability last month. Researchers say that the ransomware actors, self-described as the Reichsadler Cybercrime Group, attempted unsuccessfully to deploy ransomware payloads created with a LockBit 3.0 builder reportedly stolen in September 2022. This article continues to discuss the targeting of WS_FTP servers in ransomware attacks.

Submitted by Gregory Rigby on

"Quantum Risk Is Real Now: How to Navigate the Evolving Data Harvesting Threat"

"Quantum Risk Is Real Now: How to Navigate the Evolving Data Harvesting Threat"

Due to the threat posed by Harvest Now, Decrypt Later (HNDL), data transmission itself is inherently vulnerable. To protect data from risks of the future, organizations must take proactive steps to secure data against quantum risks. In the HNDL strategy, malicious actors collect and store encrypted data to decrypt it later, either by capitalizing on technological advances and new cryptographic attacks or by using future quantum computers that can break our current encryption standards. This article continues to discuss the HNDL strategy. 

Submitted by Gregory Rigby on

"DarkGate Operator Uses Skype, Teams Messages to Distribute Malware"

"DarkGate Operator Uses Skype, Teams Messages to Distribute Malware"

A threat actor has been compromising Skype and Microsoft Teams accounts to distribute DarkGate, a loader associated with information theft, keylogging, cryptocurrency mining, and Black Basta ransomware. According to Trend Micro researchers, 41 percent of the campaign targets are organizations in the Americas. Trend Micro noted that its researchers had observed the developer of DarkGate advertising the malware on underground forums and renting it out to affiliated threat actors as Malware-as-a-Service.

Submitted by Gregory Rigby on

"Juniper Networks Patches Over 30 Vulnerabilities in Junos OS"

"Juniper Networks Patches Over 30 Vulnerabilities in Junos OS"

Networking equipment manufacturer Juniper Networks recently announced patches for more than 30 vulnerabilities in Junos OS and Junos OS Evolved, including nine high-severity flaws.  The most severe of these issues is an incorrect default permissions bug that allows an unauthenticated attacker with local access to a vulnerable device to create a backdoor with root privileges.  Tracked as CVE-2023-44194 (CVSS score of 8.4), the company noted that the flaw exists because a specific system directory has improper permissions associated with it.

Submitted by Adam Ekwall on

"Malicious Solana, Kucoin Packages Infect NuGet Devs With SeroXen RAT"

"Malicious Solana, Kucoin Packages Infect NuGet Devs With SeroXen RAT"

In order to infect developers with the SeroXen Remote Access Trojan (RAT), malicious NuGet packages with over 2 million downloads impersonate cryptocurrency wallets, cryptocurrency exchanges, and Discord libraries. NuGet is an open-source package manager and software distribution system operating package hosting servers so users can download and use them for development projects. Researchers at Phylum discovered the malicious packages uploaded to NuGet by a user named 'Disti' and published a report warning of the threat. This article continues to discuss the malicious NuGet packages.

Submitted by Gregory Rigby on

"FBI, CISA Warn of Rising AvosLocker Ransomware Attacks Against Critical Infrastructure"

"FBI, CISA Warn of Rising AvosLocker Ransomware Attacks Against Critical Infrastructure"

According to a new advisory issued by the US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI, the AvosLocker ransomware gang has been linked to attacks targeting critical infrastructure sectors in the US. The joint advisory details the tactics, techniques, and procedures (TTPs) involved in the Ransomware-as-a-Service (RaaS) operation. The agencies said AvosLocker affiliates infiltrate organizations' networks using legitimate software and open-source remote system administration tools.

Submitted by Gregory Rigby on

"Social Dominates as Victims Take $2.7bn Fraud Hit"

"Social Dominates as Victims Take $2.7bn Fraud Hit"

According to researchers at the FTC, fraud victims lost $2.7bn to scammers operating on social media between January 2021 and June 2023.  The FTC stated that the sum of money lost to fraud on sites like Instagram and Facebook dwarfed that lost via regular websites and apps ($2bn), phone calls ($1.9bn), and email ($900m).  Most common on social media were reports of online shopping scams (44%), particularly clothing and electronics that were purchased but never arrived.  Investment (20%) and romance fraud (6%) were also common during the period.

Submitted by Adam Ekwall on

"AI Researchers Expose Critical Vulnerabilities Within Major LLMs"

"AI Researchers Expose Critical Vulnerabilities Within Major LLMs"

Computer scientists from the Artificial Intelligence (AI) security startup Mindgard and Lancaster University in the UK have demonstrated the possibility of copying large chunks of Large Language Models (LLMs) such as ChatGPT and Bard in less than a week for as little as $50. The information gathered from this copying can be used to perform targeted attacks. According to the researchers, these vulnerabilities enable attackers to reveal confidential information, evade guardrails, provide incorrect answers, or stage additional targeted attacks.

Submitted by Gregory Rigby on

"Microsoft Offers Up to $15,000 in New AI Bug Bounty Program"

"Microsoft Offers Up to $15,000 in New AI Bug Bounty Program"

Microsoft recently announced the launch of a new bug bounty program focused on artificial intelligence.  The program, which initially focuses on AI-powered Bing, offers rewards of up to $15,000 for vulnerabilities in bing.com in browsers, Bing integration in Edge, Microsoft Start Application, and the Skype mobile applications.  Microsoft noted that any vulnerabilities in the AI-powered Bing experiences on bing.com, including Bing Chat, Bing Chat for Enterprise, and Bing Image Creator, are within the scope of the program.

Submitted by Adam Ekwall on

"New Cyber Algorithm Shuts Down Malicious Robotic Attack"

"New Cyber Algorithm Shuts Down Malicious Robotic Attack"

Australian researchers have developed an algorithm capable of intercepting a Man-in-the-Middle (MitM) cyberattack on an unmanned military robot and shutting it down in seconds. Artificial Intelligence (AI) experts from Charles Sturt University and the University of South Australia (UniSA) trained the robot's operating system to recognize the signature of a MitM eavesdropping cyberattack, in which an attacker interrupts a conversation or data transfer.

Submitted by Gregory Rigby on
Subscribe to