"Palo Alto's GlobalProtect VPN Spoofed to Deliver New Malware Variant"

"Palo Alto's GlobalProtect VPN Spoofed to Deliver New Malware Variant"

Researchers at Palo Alto Networks discovered that its Virtual Private Network (VPN) software, GlobalProtect, was used to distribute a new variant of the "WikiLoader" loader malware, also known as "WailingCrab." WikiLoader is a sophisticated downloader malware first identified in 2022 by Proofpoint researchers who made it public in 2023. Palo Alto Networks' Unit 42 shared findings regarding the WikiLoader campaign involving GlobalProtect-themed Search Engine Optimization (SEO) poisoning. This article continues to discuss findings surrounding the new WikiLoader campaign.

Submitted by Gregory Rigby on

"Vulnerabilities in Microsoft Apps for macOS Allow Stealing Permissions"

"Vulnerabilities in Microsoft Apps for macOS Allow Stealing Permissions"

Cisco Talos researchers found eight vulnerabilities in Microsoft apps for macOS that enable attackers to inject malicious libraries and steal permissions. Exploitation could allow access to the microphone, camera, and other sensitive resources. The researchers analyzed the platform's permission-based security model, which is based on the Transparency, Consent, and Control (TCC) framework. This article continues to discuss the potential exploitation and impact of vulnerabilities in Microsoft apps for macOS.

Submitted by Gregory Rigby on

"Ransomware Crisis Deepens as Attacks and Payouts Rise"

"Ransomware Crisis Deepens as Attacks and Payouts Rise"

According to Corvus Insurance, new ransomware groups such as "PLAY," "Medusa," "RansomHub," "INC Ransom," "BlackSuit," and others led a series of attacks in the second quarter that surpassed the first quarter of this year by 16 percent and the second quarter of 2023 by 8 percent. These new threat actors emerged after the international law enforcement takedown of "LockBit" and "BlackCat." This article continues to discuss the rise in ransomware attacks and payouts.

Submitted by Gregory Rigby on

"Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus"

"Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus"

"Head Mare" is a hacktivist group linked to cyberattacks targeting organizations in Russia and Belarus. The group uses up-to-date methods to obtain initial access. For example, the attackers exploited WinRAR's relatively new vulnerability, which allows them to run arbitrary code on the system using a specially prepared archive. This method enables the group to effectively deliver and hide the malicious payload. This article continues to discuss findings regarding the Head Mare hacktivist group's tactics and tools.

Submitted by Gregory Rigby on

"Evolving npm Package Campaign Targets Roblox Devs, for Years"

"Evolving npm Package Campaign Targets Roblox Devs, for Years"

For at least a year, attackers have used malicious Node Package Manager (npm) packages mimicking the popular "noblox.js" library to infect Roblox game developers with malware. The malware steals Discord tokens and system data, as well as deploys additional payloads. Checkmarx researchers say the campaign involves brandjacking, combosquatting, and starjacking. This article continues to discuss findings regarding the evolving npm package campaign targeting Roblox game developers.

Submitted by Gregory Rigby on

"VMware Patches High-Severity Code Execution Flaw in Fusion"

"VMware Patches High-Severity Code Execution Flaw in Fusion"

Virtualization software technology vendor VMware recently announced a security update for its Fusion hypervisor to address a high-severity vulnerability that exposes users to code execution exploits.  The root cause of the issue, which is tracked as CVE-2024-38811 (CVSS 8.8/10), is an insecure environment variable.  VMware noted that the CVE-2024-38811 defect could be exploited to execute code in the context of Fusion, which could potentially lead to complete system compromise.

Submitted by Adam Ekwall on

"Chrome 128 Updates Patch High-Severity Vulnerabilities"

"Chrome 128 Updates Patch High-Severity Vulnerabilities"

 According to Google, two security updates released over the past week for the Chrome browser resolve eight vulnerabilities, including six high-severity bugs reported by external researchers.  Last week, Google announced a Chrome 128 update with patches for four externally reported high-severity memory safety flaws.  Google noted that three of the security defects affect the browser’s V8 JavaScript engine.  They include two type confusion issues and a heap buffer overflow.

Submitted by Adam Ekwall on

"Irish Wildlife Park Warns Customers to Cancel Credit Cards Following Breach"

"Irish Wildlife Park Warns Customers to Cancel Credit Cards Following Breach"

Fota Wildlife Park, in County Cork, Ireland, has recently advised customers to cancel their payment cards following a cyberattack.  The attraction is warning customers who carried out financial transactions on its website between 12 May and 27 August 2024 to cancel their debit or credit cards via their bank.  The advice only applies to online transactions.  Fota Wildlife Park stated that visitors who bought tickets or made other purchases in the park itself do not need to cancel their cards.  The park is open for visitors as normal.

Submitted by Adam Ekwall on

"TfL Claims Cyber-Incident is Not Impacting Services"

"TfL Claims Cyber-Incident is Not Impacting Services"

Transport for London (TfL) recently announced that it is dealing with an "ongoing cybersecurity incident." TfL is responsible for the extensive London Underground network, Docklands Light Railway, buses, taxis, river services, major road and cycle routes, and selected train services, including London Overground and the Elizabeth Line.  TfL noted that currently, there is no evidence that any customer data has been compromised and that there has been no impact on TfL services.

Submitted by Adam Ekwall on

"Researchers Identify Over 20 Supply Chain Vulnerabilities in MLOps Platforms"

"Researchers Identify Over 20 Supply Chain Vulnerabilities in MLOps Platforms"

JFrog researchers have brought further attention to security risks in the Machine Learning (ML) software supply chain after discovering over 20 vulnerabilities that attackers could exploit to target ML Operations (MLOps) platforms. The discovered flaws, which are said to be inherent and implementation-based, could result in arbitrary code execution, the loading of malicious datasets, and more. This article continues to discuss the discovery of supply chain vulnerabilities in MLOps platforms.

Submitted by Gregory Rigby on
Subscribe to