New variant of Mallox ransomware targets Linux systems using custom encryption and a builder web panel. Cybersecurity researchers…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
The vulnerability could be exploited to compromise systems without requiring user interaction, contrary to some severity assessments initially made by Tenable and Red Hat.
Cyware News – Latest Cyber News – Read More
Traeger grills face security bugs that could spell trouble for BBQ enthusiasts. High-severity vulnerabilities in the Traeger Grill D2 Wi-Fi Controller could allow remote attackers to control the grill’s temperature or shut it down.
Cyware News – Latest Cyber News – Read More
Eldorado also encrypts network shares using the SMB protocol, deletes shadow volume copies, and skips certain file types to prevent system damage. Affiliates can customize attacks on Windows, while Linux customization is limited.
Cyware News – Latest Cyber News – Read More
Travelling for work can open employees up to a new host of security threats, including insecure Wi-Fi networks, infected public charging ports and Bluetooth attacks.
Security | TechRepublic – Read More
The persistent threat of social engineering tactics sees cybercriminals blending technology with human manipulation to exploit individuals.
darkreading – Read More
An archive containing malicious code is being distributed on the social network X (formerly known as Twitter), under the guise of an exploit for the recently discovered CVE-2024-6387 aka regreSSHion. According to our experts, this may be an attempt to attack cybersecurity specialists. In this post we explain what actually is in the archive and how attackers are trying to lure researchers into a trap.
Presumably, there is a server that has a working exploit for the CVE-2024-6387 vulnerability in OpenSSH. Moreover, this server actively uses this exploit to attack a list of IP addresses. The archive, offered to anyone wishing to investigate this attack, allegedly contains a working exploit, a list of IP addresses and some kind of payload.
In fact, the archive contains some source code, a set of malicious binaries and scripts. The source code looks like a slightly edited version of a non-functional proof-of-concept for this vulnerability, which was already distributed in the public domain.
One of the scripts, written in Python, simulates the exploitation of a vulnerability on servers located at IP addresses from the list. In reality, it launches a malicious file called exploit — a malware that serves to achieve persistence in the system and to retrieve additional payload from a remote server. The malicious code is saved in a file located at the /etc/cron.hourly directory. In order to achieve persistence, it modifies the ls file and writes a copy of itself into it, repeating the execution of malicious code every time it is launched.
Apparently, the authors of the attack are counting on the fact that, when working with obviously malicious code, researchers tend to disable security solutions and focus on analyzing the exchange of data between the malware and a server vulnerable to CVE-2024-6387. Meanwhile, completely different malicious code will be used to compromise the researchers’ computers.
Therefore, we remind all information security experts and other persons who like to analyze suspicious code not to work with malware outside of a specially prepared isolated environment, from which external infrastructure is inaccessible.
Kaspersky products detect elements of this attack with the following verdicts:
UDS:Trojan-Downloader.Shell.FakeChecker.a
UDS:Trojan.Python.FakeChecker.a
HEUR:Trojan.Linux.Agent.gen
Virus.Linux.Lamer.b
HEUR:DoS.Linux.Agent.dt
As for the regreSSHion vulnerability, as we wrote earlier, its practical exploitation is far from being simple.
Kaspersky official blog – Read More
Security breach potentially exposed internal secrets at AI research firm OpenAI after hackers accessed discussions on sensitive AI…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
ChatGPT maker OpenAI was breached in 2023, but the company says source code and customer data were not accessed.
The post Hacker Stole Secrets From OpenAI appeared first on SecurityWeek.
SecurityWeek – Read More
SOC 2 reports are a valuable tool for evaluating vendor security, but they shouldn’t be the only piece of the puzzle.
darkreading – Read More