Non classé

The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents.
« A notable aspect of the current variant of ViperSoftX is that it uses the Common Language Runtime (CLR) to dynamically load and run PowerShell commands, thereby creating a PowerShell environment within AutoIt for operations, » Trellix security researchers Mathanraj Thangaraju and Sijo Jacob

The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents.
« A notable aspect of the current variant of ViperSoftX is that it uses the Common Language Runtime (CLR) to dynamically load and run PowerShell commands, thereby creating a PowerShell environment within AutoIt for operations, » Trellix security researchers Mathanraj Thangaraju and Sijo Jacob

Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution (RCE).
The vulnerability, tracked as CVE-2024-6409 (CVSS score: 7.0), is distinct from CVE-2024-6387 (aka RegreSSHion) and relates to a case of code execution in the privsep child process due to a race condition in signal handling. It only impacts versions 8.7p1

Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution (RCE).
The vulnerability, tracked as CVE-2024-6409 (CVSS score: 7.0), is distinct from CVE-2024-6387 (aka RegreSSHion) and relates to a case of code execution in the privsep child process due to a race condition in signal handling. It only impacts versions 8.7p1

Cybersecurity researchers have discovered a security vulnerability in the RADIUS network authentication protocol called BlastRADIUS that could be exploited by an attacker to stage Mallory-in-the-middle (MitM) attacks and bypass integrity checks under certain circumstances.
« The RADIUS protocol allows certain Access-Request messages to have no integrity or authentication checks, » InkBridge

Cybersecurity researchers have discovered a security vulnerability in the RADIUS network authentication protocol called BlastRADIUS that could be exploited by an attacker to stage Mallory-in-the-middle (MitM) attacks and bypass integrity checks under certain circumstances.
« The RADIUS protocol allows certain Access-Request messages to have no integrity or authentication checks, » InkBridge

Cybersecurity researchers have found that it’s possible for attackers to weaponize improperly configured Jenkins Script Console instances to further criminal activities such as cryptocurrency mining.
« Misconfigurations such as improperly set up authentication mechanisms expose the ‘/script’ endpoint to attackers, » Trend Micro’s Shubham Singh and Sunil Bharti said in a technical write-up

Cybersecurity researchers have found that it’s possible for attackers to weaponize improperly configured Jenkins Script Console instances to further criminal activities such as cryptocurrency mining.
« Misconfigurations such as improperly set up authentication mechanisms expose the ‘/script’ endpoint to attackers, » Trend Micro’s Shubham Singh and Sunil Bharti said in a technical write-up

Clear Web vs. Deep Web vs. Dark Web
Threat intelligence professionals divide the internet into three main components:

Clear Web – Web assets that can be viewed through public search engines, including media, blogs, and other pages and sites.
Deep Web – Websites and forums that are unindexed by search engines. For example, webmail, online banking, corporate intranets, walled gardens, etc. Some

Clear Web vs. Deep Web vs. Dark Web
Threat intelligence professionals divide the internet into three main components:

Clear Web – Web assets that can be viewed through public search engines, including media, blogs, and other pages and sites.
Deep Web – Websites and forums that are unindexed by search engines. For example, webmail, online banking, corporate intranets, walled gardens, etc. Some

Military personnel from Middle East countries are the target of an ongoing surveillanceware operation that delivers an Android data-gathering tool called GuardZoo.
The campaign, believed to have commenced as early as October 2019, has been attributed to a Houthi-aligned threat actor based on the application lures, command-and-control (C2) server logs, targeting footprint, and the attack

Military personnel from Middle East countries are the target of an ongoing surveillanceware operation that delivers an Android data-gathering tool called GuardZoo.
The campaign, believed to have commenced as early as October 2019, has been attributed to a Houthi-aligned threat actor based on the application lures, command-and-control (C2) server logs, targeting footprint, and the attack

Cybersecurity Agencies Warn of China-linked APT40’s Rapid Exploit Adaptation

Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the U.K., and the U.S. have released a joint advisory about a China-linked cyber espionage group called APT40, warning about its ability to co-opt exploits for newly disclosed security flaws within hours or days of public release.
« APT40 has previously targeted organizations in various countries, including

Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the U.K., and the U.S. have released a joint advisory about a China-linked cyber espionage group called APT40, warning about its ability to co-opt exploits for newly disclosed security flaws within hours or days of public release.
« APT40 has previously targeted organizations in various countries, including

Unknown threat actors have been found propagating trojanized versions of jQuery on npm, GitHub, and jsDelivr in what appears to be an instance of a « complex and persistent » supply chain attack.
« This attack stands out due to the high variability across packages, » Phylum said in an analysis published last week.
« The attacker has cleverly hidden the malware in the seldom-used ‘end’ function of

Unknown threat actors have been found propagating trojanized versions of jQuery on npm, GitHub, and jsDelivr in what appears to be an instance of a « complex and persistent » supply chain attack.
« This attack stands out due to the high variability across packages, » Phylum said in an analysis published last week.
« The attacker has cleverly hidden the malware in the seldom-used ‘end’ function of

New APT Group « CloudSorcerer » Targets Russian Government Entities

A previously undocumented advanced persistent threat (APT) group dubbed CloudSorcerer has been observed targeting Russian government entities by leveraging cloud services for command-and-control (C2) and data exfiltration.
Cybersecurity firm Kaspersky, which discovered the activity in May 2024, the tradecraft adopted by the threat actor bears similarities with that of CloudWizard, but pointed

A previously undocumented advanced persistent threat (APT) group dubbed CloudSorcerer has been observed targeting Russian government entities by leveraging cloud services for command-and-control (C2) and data exfiltration.
Cybersecurity firm Kaspersky, which discovered the activity in May 2024, the tradecraft adopted by the threat actor bears similarities with that of CloudWizard, but pointed

An analysis of information-stealing malware logs published on the dark web has led to the discovery of thousands of consumers of child sexual abuse material (CSAM), indicating how such information could be used to combat serious crimes.
« Approximately 3,300 unique users were found with accounts on known CSAM sources, » Recorded Future said in a proof-of-concept (PoC) report published last week. « 

An analysis of information-stealing malware logs published on the dark web has led to the discovery of thousands of consumers of child sexual abuse material (CSAM), indicating how such information could be used to combat serious crimes.
« Approximately 3,300 unique users were found with accounts on known CSAM sources, » Recorded Future said in a proof-of-concept (PoC) report published last week. «