Sep 23, 2023THNCyber Espionage / Malware Cybersecurity researchers have discovered a previously undocumented advanced backdoor dubbed Deadglyph employed by a threat actor known as Stealth Falcon as part of a cyber espionage campaign. “Deadglyph’s architecture is unusual as it consists of cooperating components – one a native x64 binary, the other a .NET assembly,” ESET […]
Two vulnerabilities discovered earlier this year in Atos Unify products could allow malicious actors to cause disruption and even backdoor the targeted system. The flaws were found in the unified communications and collaboration solution by researchers at SEC Consult, an Austria-based cybersecurity consulting firm that is part of the Atos Group’s Eviden business. The vulnerabilities […]
Sep 20, 2023THNKubernetes / Supply Chain Attack Cybersecurity researchers have discovered a fresh batch of malicious packages in the npm package registry that are designed to exfiltrate Kubernetes configurations and SSH keys from compromised machines to a remote server. Sonatype said it has discovered 14 different npm packages so far: @am-fe/hooks, @am-fe/provider, @am-fe/request, @am-fe/utils, @am-fe/watermark, […]
A recently discovered Linux backdoor malware, named SprySOCKS, was observed in a cyberespionage campaign targeting government agencies in multiple countries. The campaign was attributed to the Chinese hacking group Earth Lusca. More about SprySOCKS In the campaign, the attackers used a Linux variant of the ELF injector called mandibule to drop SprySOCKS. The backdoor employs […]
Sep 14, 2023THNEndpoint Security / Vulnerability A set of memory corruption flaws have been discovered in the ncurses (short for new curses) programming library that could be exploited by threat actors to run malicious code on vulnerable Linux and macOS systems. “Using environment variable poisoning, attackers could chain these vulnerabilities to elevate privileges and run […]
Sep 13, 2023THNKubernetes / Cloud Security Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster. The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact all Kubernetes environments with Windows nodes. Fixes for the […]
The cybercriminal community is increasingly adopting a newly discovered malware loader named HijackLoader. First discovered in July, the loader is being used to distribute different malware families such as DanaBot, SystemBC, and RedLine Stealer. Key capabilities HijackLoader uses a modular architecture that facilitates threat actors to perform code injection and execution. While the exact initial […]
Check Point researchers have discovered hackers exploiting Google Looker Studio to create fraudulent cryptocurrency phishing websites. These phishing sites target digital asset holders, leading to compromised accounts and financial losses. Google Looker Studio (previously known as Data Studio, is an online tool for converting data from spreadsheets and various sources into customizable reports. Scam tactics […]
Security researchers have discovered what they described as a critical vulnerability in the relatively widely used PHPFusion open source content management system (CMS). The authenticated local file inclusion flaw, identified as CVE-2023-2453, allows for remote code execution if an attacker can upload a maliciously crafted “.php” file to a known path on a target system. […]