Non classé

Ivanti has released software updates to address multiple security flaws impacting Endpoint Manager (EPM), including 10 critical vulnerabilities that could result in remote code execution.
A brief description of the issues is as follows –

CVE-2024-29847 (CVSS score: 10.0) – A deserialization of untrusted data vulnerability that allows a remote unauthenticated attacker to achieve code execution.

Ivanti has released software updates to address multiple security flaws impacting Endpoint Manager (EPM), including 10 critical vulnerabilities that could result in remote code execution.
A brief description of the issues is as follows –

CVE-2024-29847 (CVSS score: 10.0) – A deserialization of untrusted data vulnerability that allows a remote unauthenticated attacker to achieve code execution.

The threat actor known as CosmicBeetle has debuted a new custom ransomware strain called ScRansom in attacks targeting small- and medium-sized businesses (SMBs) in Europe, Asia, Africa, and South America, while also likely working as an affiliate for RansomHub.
« CosmicBeetle replaced its previously deployed ransomware, Scarab, with ScRansom, which is continually improved, » ESET researcher Jakub

The threat actor known as CosmicBeetle has debuted a new custom ransomware strain called ScRansom in attacks targeting small- and medium-sized businesses (SMBs) in Europe, Asia, Africa, and South America, while also likely working as an affiliate for RansomHub.
« CosmicBeetle replaced its previously deployed ransomware, Scarab, with ScRansom, which is continually improved, » ESET researcher Jakub

A trio of threat activity clusters linked to China has been observed compromising more government organizations in Southeast Asia as part of a renewed state-sponsored operation codenamed Crimson Palace, indicating an expansion in the scope of the espionage effort.
Cybersecurity firm Sophos, which has been monitoring the cyber offensive, said it comprises three intrusion sets tracked as Cluster

A trio of threat activity clusters linked to China has been observed compromising more government organizations in Southeast Asia as part of a renewed state-sponsored operation codenamed Crimson Palace, indicating an expansion in the scope of the espionage effort.
Cybersecurity firm Sophos, which has been monitoring the cyber offensive, said it comprises three intrusion sets tracked as Cluster

Shadow apps, a segment of Shadow IT, are SaaS applications purchased without the knowledge of the security team. While these applications may be legitimate, they operate within the blind spots of the corporate security team and expose the company to attackers. 
Shadow apps may include instances of software that the company is already using. For example, a dev team may onboard their own

Shadow apps, a segment of Shadow IT, are SaaS applications purchased without the knowledge of the security team. While these applications may be legitimate, they operate within the blind spots of the corporate security team and expose the company to attackers. 
Shadow apps may include instances of software that the company is already using. For example, a dev team may onboard their own

A new side-channel attack dubbed PIXHELL could be abused to target air-gapped computers by breaching the « audio gap » and exfiltrating sensitive information by taking advantage of the noise generated by the pixels on the screen.
« Malware in the air-gap and audio-gap computers generates crafted pixel patterns that produce noise in the frequency range of 0 – 22 kHz, » Dr. Mordechai Guri, the head of

A new side-channel attack dubbed PIXHELL could be abused to target air-gapped computers by breaching the « audio gap » and exfiltrating sensitive information by taking advantage of the noise generated by the pixels on the screen.
« Malware in the air-gap and audio-gap computers generates crafted pixel patterns that produce noise in the frequency range of 0 – 22 kHz, » Dr. Mordechai Guri, the head of

The threat actor tracked as Mustang Panda has refined its malware arsenal to include new tools in order to facilitate data exfiltration and the deployment of next-stage payloads, according to new findings from Trend Micro.
The cybersecurity firm, which is monitoring the activity cluster under the name Earth Preta, said it observed « the propagation of PUBLOAD via a variant of the worm HIUPAN. »

The threat actor tracked as Mustang Panda has refined its malware arsenal to include new tools in order to facilitate data exfiltration and the deployment of next-stage payloads, according to new findings from Trend Micro.
The cybersecurity firm, which is monitoring the activity cluster under the name Earth Preta, said it observed « the propagation of PUBLOAD via a variant of the worm HIUPAN. »

A novel side-channel attack has been found to leverage radio signals emanated by a device’s random access memory (RAM) as a data exfiltration mechanism, posing a threat to air-gapped networks.
The technique has been codenamed RAMBO by Dr. Mordechai Guri, the head of the Offensive Cyber Research Lab in the Department of Software and Information Systems Engineering at the Ben Gurion University of

A novel side-channel attack has been found to leverage radio signals emanated by a device’s random access memory (RAM) as a data exfiltration mechanism, posing a threat to air-gapped networks.
The technique has been codenamed RAMBO by Dr. Mordechai Guri, the head of the Offensive Cyber Research Lab in the Department of Software and Information Systems Engineering at the Ben Gurion University of

The proliferation of cybersecurity tools has created an illusion of security. Organizations often believe that by deploying a firewall, antivirus software, intrusion detection systems, identity threat detection and response, and other tools, they are adequately protected. However, this approach not only fails to address the fundamental issue of the attack surface but also introduces dangerous

The proliferation of cybersecurity tools has created an illusion of security. Organizations often believe that by deploying a firewall, antivirus software, intrusion detection systems, identity threat detection and response, and other tools, they are adequately protected. However, this approach not only fails to address the fundamental issue of the attack surface but also introduces dangerous

The Colombian insurance sector is the target of a threat actor tracked as Blind Eagle with the end goal of delivering a customized version of a known commodity remote access trojan (RAT) known as Quasar RAT since June 2024.
« Attacks have originated with phishing emails impersonating the Colombian tax authority, » Zscaler ThreatLabz researcher Gaetano Pellegrino said in a new analysis published

The Colombian insurance sector is the target of a threat actor tracked as Blind Eagle with the end goal of delivering a customized version of a known commodity remote access trojan (RAT) known as Quasar RAT since June 2024.
« Attacks have originated with phishing emails impersonating the Colombian tax authority, » Zscaler ThreatLabz researcher Gaetano Pellegrino said in a new analysis published

The China-linked advanced persistent threat (APT) group known as Mustang Panda has been observed weaponizing Visual Studio Code software as part of espionage operations targeting government entities in Southeast Asia.
« This threat actor used Visual Studio Code’s embedded reverse shell feature to gain a foothold in target networks, » Palo Alto Networks Unit 42 researcher Tom Fakterman said in a

The China-linked advanced persistent threat (APT) group known as Mustang Panda has been observed weaponizing Visual Studio Code software as part of espionage operations targeting government entities in Southeast Asia.
« This threat actor used Visual Studio Code’s embedded reverse shell feature to gain a foothold in target networks, » Palo Alto Networks Unit 42 researcher Tom Fakterman said in a