"South Korean Spies Exploit WPS Office Zero-Day"

"South Korean Spies Exploit WPS Office Zero-Day"

ESET discovered a cyber espionage campaign, traced to the Seoul-aligned APT-C-60 group, that exploited a novel Remote Code Execution (RCE) vulnerability in WPS Office for Windows to launch a custom backdoor. The APT used the "SpyGlace" backdoor against victims in East Asia. This article continues to discuss the new APT-C-60 group's campaign involving the exploitation of an RCE vulnerability in WPS Office for Windows.

Infosecurity Magazine reports "South Korean Spies Exploit WPS Office Zero-Day"

Submitted by Gregory Rigby on

"Malware Delivered via Malicious Pidgin Plugin, Signal Fork"

"Malware Delivered via Malicious Pidgin Plugin, Signal Fork"

Threat actors have been delivering malware to users of instant messaging apps. They have used a malicious Pidgin plugin and an unofficial fork of the Signal app. On August 22, the Pidgin messaging app's developers informed users that they had discovered a malicious plugin called "ScreenShare-OTR (ss-otr)" on the official third-party plugins list. The plugin was found to include keylogging code. It also sent screenshots to its operators. This article continues to discuss findings regarding threat actors' delivery of malware through instant messaging apps.

Submitted by Gregory Rigby on

"DICK’s Shuts Down Email, Locks Employee Accounts After Cyberattack"

"DICK’s Shuts Down Email, Locks Employee Accounts After Cyberattack"

DICK'S Sporting Goods, the largest chain of sporting goods retail stores in the United States, recently announced that confidential information was exposed in a cyberattack detected last Wednesday.  The company has hired outside cybersecurity experts to help contain the security breach and assess the cyberattack's impact.  The company said that on August 21, 2024, they discovered unauthorized third-party access to its information systems, including portions of its systems containing certain confidential information.

Submitted by Adam Ekwall on

"Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites"

"Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites"

According to security researchers at Defiant, a critical vulnerability in the WPML multilingual plugin for WordPress could expose over one million websites to remote code execution (RCE).  Tracked as CVE-2024-6386 (CVSS score of 9.9), the bug could be exploited by an attacker with contributor-level permissions.  The researchers noted that WPML relies on Twig templates for shortcode content rendering but does not properly sanitize input, which results in a server-side template injection (SSTI).

Submitted by Adam Ekwall on

"950,000 Impacted by Young Consulting Data Breach"

"950,000 Impacted by Young Consulting Data Breach"

Software solutions provider Young Consulting recently notified over 950,000 individuals that their personal information was compromised in a data breach earlier this year.  The incident was discovered on April 13, when the company "became aware of technical difficulties" within its environment.

Submitted by Adam Ekwall on

"US Offering $2.5 Million Reward for Belarusian Malware Distributor"

"US Offering $2.5 Million Reward for Belarusian Malware Distributor"

The US Department of State recently announced a $2.5 million reward for information leading to the arrest of a Belarusian national allegedly involved in the mass distribution of malware.  Volodymyr Kadariya, 38, a Belarussian and Ukrainian national, reportedly participated in a “significant malware organization” that distributed the Angler Exploit Kit and other malware to the computers of millions of victims.

Submitted by Adam Ekwall on

"How We're Using 'Chaos Engineering' to Make Cloud Computing Less Vulnerable to Cyberattacks"

"How We're Using 'Chaos Engineering' to Make Cloud Computing Less Vulnerable to Cyberattacks"

In a study titled "Towards Antifragility of Cloud Systems: An Adaptive Chaos Driven Framework," researchers used different strategies to show how stress can bolster the security of cloud computing systems. They applied "chaos engineering" and adaptive strategies to help the cloud computing system learn from faults and cyberattacks. This article continues to discuss the use of chaos engineering to decrease the vulnerability of cloud computing to cyberattacks.

Submitted by Gregory Rigby on

"China's Volt Typhoon Hackers Caught Exploiting Zero-Day in Servers Used by ISPs, MSPs"

"China's Volt Typhoon Hackers Caught Exploiting Zero-Day in Servers Used by ISPs, MSPs"

Lumen Technologies found the Chinese Advanced Persistent Threat (APT) group "Volt Typhoon" exploiting a new zero-day in Versa Director servers to steal credentials and break into downstream customers' networks. The vulnerability was recently added to the US Cybersecurity and Infrastructure Security Agency's (CISA) must-patch list after Versa Networks confirmed the zero-day exploitation, warning that the Versa Director Graphical User Interface (GUI) could be hacked to plant malware on affected devices.

Submitted by Gregory Rigby on

"macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users"

"macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users"

An Apple macOS version of a backdoor named "HZ RAT" targets users of Chinese instant messaging apps such as DingTalk and WeChat. The artifacts almost replicate the functionality of the Windows version of the backdoor, with the only difference being the payload, which is received from the attackers' server in the form of shell scripts.

Submitted by Gregory Rigby on
Subscribe to