Attackers have weaponized an "ancient" version of Microsoft Word in an attack dubbed "WordDrone." The wave of WordDrone attacks targeted Taiwanese drone manufacturers. The malware delivered in these attacks supports the performance of cyber espionage and disruption of military and satellite-related industrial supply chains. Researchers with the Acronis Threat Research Unit discovered the attack, which involves using a Dynamic Link Library (DLL) side-loading technique common in Microsoft Word installation.

Team82 security researchers at Claroty highlight that the uncontrolled use of Remote Access Tools (RATs) threatens Operational Technology (OT). According to the researchers, 55 percent of organizations have four or more RATs, and 33 percent use six or more. The team analyzed data from over 50,000 remote access-enabled devices. They found that businesses used non-enterprise-grade tools on OT network devices. These tools lack basic security features such as Multi-Factor Authentication (MFA) and privilege access management.

The Sekoia TDR team found more implants associated with the "Quad7" botnet, the operators of which are exploiting known and unknown vulnerabilities in targeting Small Office/Home Office (SOHO) and Virtual Private Network (VPN) devices. The botnet has evolved, targeting new SOHO devices, including Axentra media servers, Ruckus wireless routers, and Zyxel VPN appliances. This article continues to discuss the evolution of the Quad7 botnet's tactics.

SonicWall customers are urged to patch a critical firewall vulnerability that security researchers say is being exploited in ransomware attacks. The improper access control vulnerability in the SonicWall SonicOS management access and SSLVPN could enable unauthorized resource access and crash the firewall. This article continues to discuss the active exploitation of the critical improper access control vulnerability in ransomware attacks.

Intel has released four new advisories, one of which addresses 11 vulnerabilities impacting Unified Extensible Firmware Interface (UEFI) firmware for some server, workstation, mobile, and embedded processors. Over half of the security flaws have received a high severity rating as they can cause local privilege escalation, Denial-of-Service (DoS) attacks, or information disclosure. This article continues to discuss Intel's new advisories regarding 20 vulnerabilities impacting processors and other products.

With over 69,000 financial fraud and cryptocurrency complaints received by the Federal Bureau of Investigation's (FBI) Internet Crime Complaint Center (IC3) in 2023, cryptocurrency losses totaled over $5.6 billion. Overall, cryptocurrency scam losses rose 45 percent since 2022. Losses from cryptocurrency-related investment fraud schemes increased from $2.57 billion in 2022 to $3.96 billion in 2023, a growth of 53 percent. Phishing scams made up more than $9 million in losses, and Business Email Compromise (BEC) connected to cryptocurrency saw losses of over $4 million.

Mordechai Guri of the Ben-Gurion University of the Negev in Israel introduces a new side-channel attack called "RAMBO," which is short for "Radiation of Air-gapped Memory Bus for Offense." It uses radio signals emanated by a device's Random Access Memory (RAM) to exfiltrate data. According to Dr. Guri, with Software-Generated Radio (SDR) signals, malware can encode biometric information, encryption keys, and other sensitive information. An attacker can intercept transmitted raw radio signals from a distance using SDR hardware and a commercially available antenna.

A new data exfiltration method named "PIXHELL," discovered by Mordechai Guri of the Ben-Gurion University of the Negev in Israel, uses noise generated by the pixels on the screen. The PIXHELL attack involves planting malware on an air-gapped computer to steal data. This can be done with social engineering, supply chain attacks, or malicious insiders. This article continues to discuss the PIXHELL attack that uses noise generated by pixels on a screen to exfiltrate data from air-gapped computers.

The Federal Communications Commission (FCC) is accepting applications for administrator roles on a voluntary cybersecurity labeling program to help consumers purchase products less vulnerable to cyberattacks. Those serving as administrators would be authorized to certify the label's use. Accredited research labs will handle device compliance testing. The logo would be on Internet of Things (IoT) products that meet baseline cyber standards. It would be placed together with a QR code that users can scan for more information on the product's security features.

Google recently announced a new Chrome 128 update that addresses five vulnerabilities, including four reported by external researchers.  Google noted that all four externally reported flaws are high-severity memory safety issues that were reported in late August.  The first vulnerability, tracked as CVE-2024-8636, is a heap buffer overflow bug in Skia, the open-source 2D graphics library that serves as the graphics engine in the browser.  Next is CVE-2024-8637, a use-after-free security defect in Media Router.