Guyana Governmental Entity Hit by DinodasRAT in Cyber Espionage Attack
A governmental entity in Guyana has been targeted as part of a cyber espionage campaign dubbed Operation Jacana. The activity, which was detected by ESET in February 2023, entailed a spear-phishing attack that led to the deployment of a hitherto undocumented implant written in C++ called DinodasRAT. The Slovak cybersecurity firm said it could link the intrusion […]
CISA Warns of Active Exploitation of JetBrains and Windows Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation, while removing five bugs from the list due to lack of adequate evidence. The vulnerabilities newly added are below – CVE-2023-42793 (CVSS score: 9.8) – JetBrains TeamCity Authentication Bypass Vulnerability
Atlassian Confluence Hit by Newly Actively Exploited Zero-Day – Patch Now
Atlassian has released fixes to contain an actively exploited critical zero-day flaw impacting publicly accessible Confluence Data Center and Server instances. The vulnerability, tracked as CVE-2023-22515, is remotely exploitable and allows external attackers to create unauthorized Confluence administrator accounts and access Confluence servers. It does not impact Confluence versions prior to
Apple Rolls Out Security Patches for Actively Exploited iOS Zero-Day Flaw
Apple on Wednesday rolled out security patches to address a new zero-day flaw in iOS and iPadOS that it said has come under active exploitation in the wild. Tracked as CVE-2023-42824, the kernel vulnerability could be abused by a local attacker to elevate their privileges. The iPhone maker said it addressed the problem with improved checks. […]
Researchers Link DragonEgg Android Spyware to LightSpy iOS Surveillanceware
New findings have identified connections between an Android spyware called DragonEgg and another sophisticated modular iOS surveillanceware tool named LightSpy. DragonEgg, alongside WyrmSpy (aka AndroidControl), was first disclosed by Lookout in July 2023 as a strain of malware capable of gathering sensitive data from Android devices. It was attributed to the Chinese nation-state group APT41. On
Rogue npm Package Deploys Open-Source Rootkit in New Supply Chain Attack
A new deceptive package hidden within the npm package registry has been uncovered deploying an open-source rootkit called r77, marking the first time a rogue package has delivered rootkit functionality. The package in question is node-hide-console-windows, which mimics the legitimate npm package node-hide-console-window in what’s an instance of a typosquatting campaign. It was downloaded 704
Microsoft Warns of Cyber Attacks Attempting to Breach Cloud via SQL Server Instance
Microsoft has detailed a new campaign in which attackers unsuccessfully attempted to move laterally to a cloud environment through a SQL Server instance. « The attackers initially exploited a SQL injection vulnerability in an application within the target’s environment, » security researchers Sunders Bruskin, Hagai Ran Kestenberg, and Fady Nasereldeen said in a Tuesday report. « This allowed the
Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions
A new Linux security vulnerability dubbed Looney Tunables has been discovered in the GNU C library’s ld.so dynamic loader that, if successfully exploited, could lead to a local privilege escalation and allow a threat actor to gain root privileges. Tracked as CVE-2023-4911 (CVSS score: 7.8), the issue is a buffer overflow that resides in the dynamic loader’s […]
Qualcomm Releases Patch for 3 new Zero-Days Under Active Exploitation
Chipmaker Qualcomm has released security updates to address 17 vulnerabilities in various components, while warning that three other zero-days have come under active exploitation. Of the 17 flaws, three are rated Critical, 13 are rated High, and one is rated Medium in severity. « There are indications from Google Threat Analysis Group and Google Project Zero […]
Warning: PyTorch Models Vulnerable to Remote Code Execution via ShellTorch
Cybersecurity researchers have disclosed multiple critical security flaws in the TorchServe tool for serving and scaling PyTorch models that could be chained to achieve remote code execution on affected systems. Israel-based runtime application security company Oligo, which made the discovery, has coined the vulnerabilities ShellTorch. « These vulnerabilities […] can lead to a full chain Remote