May 09, 2023Ravie LakshmananAdvanced Persistent Threat The advanced persistent threat (APT) actor known as SideWinder has been accused of deploying a backdoor in attacks directed against Pakistan government organizations as part of a campaign that commenced in late November 2022. "In this campaign, the SideWinder advanced persistent threat (APT) group used a server-based … [Read more...] about Researchers Uncover SideWinder’s Latest Server-Based Polymorphism Technique
cyber security news today
CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine
May 08, 2023Ravie LakshmananCyber Attack / Data Safety An ongoing phishing campaign with invoice-themed lures is being used to distribute the SmokeLoader malware in the form of a polyglot file, according to the Computer Emergency Response Team of Ukraine (CERT-UA). The emails, per the agency, are sent using compromised accounts and come with a ZIP archive that, in reality, is … [Read more...] about CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine
Dragon Breath APT Group Using Double-Clean-App Technique to Target Gambling Industry
May 06, 2023Ravie LakshmananAdvanced Persistent Threat An advanced persistent threat (APT) actor known as Dragon Breath has been observed adding new layers of complexity to its attacks by adopting a novel DLL side-loading mechanism. "The attack is based on a classic side-loading attack, consisting of a clean application, a malicious loader, and an encrypted payload, with … [Read more...] about Dragon Breath APT Group Using Double-Clean-App Technique to Target Gambling Industry
New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyberattacks
May 06, 2023Ravie Lakshmanan Users of Advanced Custom Fields plugin for WordPress are being urged to update version 6.1.6 following the discovery of a security flaw. The issue, assigned the identifier CVE-2023-30777, relates to a case of reflected cross-site scripting (XSS) that could be abused to inject arbitrary executable scripts into otherwise benign websites. The plugin, … [Read more...] about New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyberattacks
Over a Dozen PHP Packages with 500 Million Compromised
May 05, 2023Ravie LakshmananProgramming / Software Security PHP software package repository Packagist revealed that an "attacker" gained access to four inactive accounts on the platform to hijack over a dozen packages with over 500 million installs to date. "The attacker forked each of the packages and replaced the package description in composer.json with their own message … [Read more...] about Over a Dozen PHP Packages with 500 Million Compromised
Meta Takes Down Malware Campaign That Used ChatGPT as a Lure to Steal Accounts
May 04, 2023Ravie LakshmananOnline Security / ChatGPT Meta said it took steps to take down more than 1,000 malicious URLs from being shared across its services that were found to leverage OpenAI's ChatGPT as a lure to propagate about 10 malware families since March 2023. The development comes against the backdrop of fake ChatGPT web browser extensions being increasingly used … [Read more...] about Meta Takes Down Malware Campaign That Used ChatGPT as a Lure to Steal Accounts
Apple and Google Join Forces to Stop Unauthorized Tracking Alert System
May 03, 2023Ravie LakshmananPrivacy / Technology Apple and Google have teamed up to work on a draft industry-wide specification that's designed to tackle safety risks and alert users when they are being tracked without their knowledge or permission using devices like AirTags. "The first-of-its-kind specification will allow Bluetooth location-tracking devices to be compatible … [Read more...] about Apple and Google Join Forces to Stop Unauthorized Tracking Alert System
A Stealthy, Financial Trojan and Info Stealer Delivered through Google Ads
May 02, 2023Ravie LakshmananMalvertising / Cyber Threat In yet another instance of how threat actors are abusing Google Ads to serve malware, a threat actor has been observed leveraging the technique to deliver a new Windows-based financial trojan and information stealer called LOBSHOT. "LOBSHOT continues to collect victims while staying under the radar," Elastic Security … [Read more...] about A Stealthy, Financial Trojan and Info Stealer Delivered through Google Ads
Vietnamese Threat Actor Infects 500,000 Devices Using ‘Malverposting’ Tactics
May 01, 2023Ravie LakshmananMalverposting / Scam A Vietnamese threat actor has been attributed as behind a "malverposting" campaign on social media platforms to infect over 500,000 devices worldwide over the past three months to deliver variants of information stealers such as S1deload Stealer and SYS01stealer. Malverposting refers to the use of promoted social media posts on … [Read more...] about Vietnamese Threat Actor Infects 500,000 Devices Using ‘Malverposting’ Tactics
CISA Warns of Critical Flaws in Illumina’s DNA Sequencing Instruments
Apr 29, 2023Ravie LakshmananHealthcare / Cybersecurity The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) medical advisory warning of a critical flaw impacting Illumina medical devices. The issues impact the Universal Copy Service (UCS) software in the Illumina MiSeqDx, NextSeq 550Dx, iScan, iSeq 100, MiniSeq, … [Read more...] about CISA Warns of Critical Flaws in Illumina’s DNA Sequencing Instruments