New Python URL Parsing Flaw Enables Command Injection Attacks

New Python URL Parsing Flaw Enables Command Injection Attacks,

A high-severity security flaw has been disclosed in the Python URL parsing function that could be exploited to bypass domain or protocol filtering methods implemented with a blocklist, ultimately resulting in arbitrary file reads and command execution.
« urlparse has a parsing problem when the entire URL starts with blank characters, » the CERT Coordination Center (CERT/CC) said in a Friday

,

A high-severity security flaw has been disclosed in the Python URL parsing function that could be exploited to bypass domain or protocol filtering methods implemented with a blocklist, ultimately resulting in arbitrary file reads and command execution.
« urlparse has a parsing problem when the entire URL starts with blank characters, » the CERT Coordination Center (CERT/CC) said in a Friday

, ,
https://thehackernews.com/2023/08/new-python-url-parsing-flaw-enables.html

Researchers Uncover Years-Long Cyber Espionage on Foreign Embassies in Belarus

Researchers Uncover Years-Long Cyber Espionage on Foreign Embassies in Belarus,

A hitherto undocumented threat actor operating for nearly a decade and codenamed MoustachedBouncer has been attributed to cyber espionage attacks aimed at foreign embassies in Belarus.
« Since 2020, MoustachedBouncer has most likely been able to perform adversary-in-the-middle (AitM) attacks at the ISP level, within Belarus, in order to compromise its targets, » ESET security researcher Matthieu

,

A hitherto undocumented threat actor operating for nearly a decade and codenamed MoustachedBouncer has been attributed to cyber espionage attacks aimed at foreign embassies in Belarus.
« Since 2020, MoustachedBouncer has most likely been able to perform adversary-in-the-middle (AitM) attacks at the ISP level, within Belarus, in order to compromise its targets, » ESET security researcher Matthieu

, ,
https://thehackernews.com/2023/08/researchers-uncover-decade-long-cyber.html

Enhancing TLS Security: Google Adds Quantum-Resistant Encryption in Chrome 116

Enhancing TLS Security: Google Adds Quantum-Resistant Encryption in Chrome 116,

Google has announced plans to add support for quantum-resistant encryption algorithms in its Chrome browser, starting with version 116.
« Chrome will begin supporting X25519Kyber768 for establishing symmetric secrets in TLS, starting in Chrome 116, and available behind a flag in Chrome 115, » Devon O’Brien said in a post published Thursday.
Kyber was chosen by the U.S. Department of Commerce’s

,

Google has announced plans to add support for quantum-resistant encryption algorithms in its Chrome browser, starting with version 116.
« Chrome will begin supporting X25519Kyber768 for establishing symmetric secrets in TLS, starting in Chrome 116, and available behind a flag in Chrome 115, » Devon O’Brien said in a post published Thursday.
Kyber was chosen by the U.S. Department of Commerce’s

, ,
https://thehackernews.com/2023/08/enhancing-tls-security-google-adds.html

Researchers Shed Light on APT31’s Advanced Backdoors and Data Exfiltration Tactics

Researchers Shed Light on APT31’s Advanced Backdoors and Data Exfiltration Tactics

,

The Chinese threat actor known as APT31 (aka Bronze Vinewood, Judgement Panda, or Violet Typhoon) has been linked to a set of advanced backdoors that are capable of exfiltrating harvested sensitive information to Dropbox.
The malware is part of a broader collection of more than 15 implants that have been put to use by the adversary in attacks targeting industrial organizations in Eastern Europe

,

The Chinese threat actor known as APT31 (aka Bronze Vinewood, Judgement Panda, or Violet Typhoon) has been linked to a set of advanced backdoors that are capable of exfiltrating harvested sensitive information to Dropbox.
The malware is part of a broader collection of more than 15 implants that have been put to use by the adversary in attacks targeting industrial organizations in Eastern Europe

, ,
https://thehackernews.com/2023/08/researchers-shed-light-on-apt31s.html

New SystemBC Malware Variant Targets Southern African Power Company

New SystemBC Malware Variant Targets Southern African Power Company,

An unknown threat actor has been linked to a cyber attack on a power generation company in southern Africa with a new variant of the SystemBC malware called DroxiDat as a precursor to a suspected ransomware attack.
« The proxy-capable backdoor was deployed alongside Cobalt Strike Beacons in a south African nation’s critical infrastructure, » Kurt Baumgartner, principal security researcher at

,

An unknown threat actor has been linked to a cyber attack on a power generation company in southern Africa with a new variant of the SystemBC malware called DroxiDat as a precursor to a suspected ransomware attack.
« The proxy-capable backdoor was deployed alongside Cobalt Strike Beacons in a south African nation’s critical infrastructure, » Kurt Baumgartner, principal security researcher at

, ,
https://thehackernews.com/2023/08/new-systembc-malware-variant-targets.html

16 New CODESYS SDK Flaws Expose OT Environments to Remote Attacks

16 New CODESYS SDK Flaws Expose OT Environments to Remote Attacks,

A set of 16 high-severity security flaws have been disclosed in the CODESYS V3 software development kit (SDK) that could result in remote code execution and denial-of-service under specific conditions, posing risks to operational technology (OT) environments.
The flaws, tracked from CVE-2022-47378 through CVE-2022-47393 and dubbed CoDe16, carry a CVSS score of 8.8 with the exception of

,

A set of 16 high-severity security flaws have been disclosed in the CODESYS V3 software development kit (SDK) that could result in remote code execution and denial-of-service under specific conditions, posing risks to operational technology (OT) environments.
The flaws, tracked from CVE-2022-47378 through CVE-2022-47393 and dubbed CoDe16, carry a CVSS score of 8.8 with the exception of

, ,
https://thehackernews.com/2023/08/15-new-codesys-sdk-flaws-expose-ot.html

16 New CODESYS SDK Flaws Expose OT Environments to Remote Attacks

16 New CODESYS SDK Flaws Expose OT Environments to Remote Attacks,

A set of 16 high-severity security flaws have been disclosed in the CODESYS V3 software development kit (SDK) that could result in remote code execution and denial-of-service under specific conditions, posing risks to operational technology (OT) environments.
The flaws, tracked from CVE-2022-47378 through CVE-2022-47393 and dubbed CoDe16, carry a CVSS score of 8.8 with the exception of

,

A set of 16 high-severity security flaws have been disclosed in the CODESYS V3 software development kit (SDK) that could result in remote code execution and denial-of-service under specific conditions, posing risks to operational technology (OT) environments.
The flaws, tracked from CVE-2022-47378 through CVE-2022-47393 and dubbed CoDe16, carry a CVSS score of 8.8 with the exception of

, ,
https://thehackernews.com/2023/08/15-new-codesys-sdk-flaws-expose-ot.html

CISA Adds Microsoft .NET Vulnerability to KEV Catalog Due to Active Exploitation

CISA Adds Microsoft .NET Vulnerability to KEV Catalog Due to Active Exploitation,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched security flaw in Microsoft’s .NET and Visual Studio products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2023-38180 (CVSS score: 7.5), the high-severity flaw relates to a case denial-of-service (DoS) impacting .NET and Visual Studio.
It

,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched security flaw in Microsoft’s .NET and Visual Studio products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2023-38180 (CVSS score: 7.5), the high-severity flaw relates to a case denial-of-service (DoS) impacting .NET and Visual Studio.
It

, ,
https://thehackernews.com/2023/08/cisa-adds-microsoft-net-vulnerability.html

New Attack Alert: Freeze[.]rs Injector Weaponized for XWorm Malware Attacks

New Attack Alert: Freeze[.]rs Injector Weaponized for XWorm Malware Attacks,

Malicious actors are using a legitimate Rust-based injector called Freeze[.]rs to deploy a commodity malware called XWorm in victim environments.
The novel attack chain, detected by Fortinet FortiGuard Labs on July 13, 2023, is initiated via a phishing email containing a booby-trapped PDF file. It has also been used to introduce Remcos RAT by means of a crypter called SYK Crypter, which was

,

Malicious actors are using a legitimate Rust-based injector called Freeze[.]rs to deploy a commodity malware called XWorm in victim environments.
The novel attack chain, detected by Fortinet FortiGuard Labs on July 13, 2023, is initiated via a phishing email containing a booby-trapped PDF file. It has also been used to introduce Remcos RAT by means of a crypter called SYK Crypter, which was

, ,
https://thehackernews.com/2023/08/new-attack-alert-freezers-injector.html

New Statc Stealer Malware Emerges: Your Sensitive Data at Risk

New Statc Stealer Malware Emerges: Your Sensitive Data at Risk,

A new information malware strain called Statc Stealer has been found infecting devices running Microsoft Windows to siphon sensitive personal and payment information.
« Statc Stealer exhibits a broad range of stealing capabilities, making it a significant threat, » Zscaler ThreatLabz researchers Shivam Sharma and Amandeep Kumar said in a technical report published this week.
« It can steal

,

A new information malware strain called Statc Stealer has been found infecting devices running Microsoft Windows to siphon sensitive personal and payment information.
« Statc Stealer exhibits a broad range of stealing capabilities, making it a significant threat, » Zscaler ThreatLabz researchers Shivam Sharma and Amandeep Kumar said in a technical report published this week.
« It can steal

, ,
https://thehackernews.com/2023/08/new-statc-stealer-malware-emerges-your.html