Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks
The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers.
The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by means of an open-source repository hosted on GitHub that’s associated with a profile named ”
The Hacker News – Read More
This Security Firm’s ‘Bias’ Is Also Its Superpower
Credible Security’s founders bring their varied experiences to help growing companies turn trust into a strategic advantage.
darkreading – Read More
N. Korean Hackers Suspected in DEEP#DRIVE Attacks Against S. Korea
A phishing attack dubbed DEEP#DRIVE is targeting South Korean entities, with thousands already affected. North Korean hackers from…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Meta confirms ‘Project Waterworth,’ a global subsea cable project spanning 50,000km
Back in November, we broke the news that Meta — owner of Facebook, Instagram and WhatsApp, with billions of users accounting for 10% of all fixed and 22% of all mobile traffic — was close to announcing work on a major new, $10 billion+ subsea cable project to connect up the globe. The aim was […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Pennsylvania utility says MOVEit breach at vendor exposed some customer data
A Pennsylvania utility company says that basic customer data stolen from one of its vendors in 2023 was recently exposed online, but the incident did not affect its core systems.
The Record from Recorded Future News – Read More
Virginia Attorney General’s Office Struck by Cyberattack Targeting Attorneys’ Computer Systems
The chief deputy attorney general of the agency sent an email on Wednesday that said nearly all of is computer systems were offline.
The post Virginia Attorney General’s Office Struck by Cyberattack Targeting Attorneys’ Computer Systems appeared first on SecurityWeek.
SecurityWeek – Read More
Scammers Exploit JFK Files Release with Malware and Phishing
Veriti Research reported a developing cyber threat campaign centred around the declassification and release of the RFK, MLK…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
ClearML and Nvidia vulns
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed two vulnerabilities in ClearML and four vulnerabilities in Nvidia.
The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.
ClearML XSS and information disclosure vulnerabilities
Discovered by Edwin Molenaar of Cisco Meraki.
ClearML contains two vulnerabilities. ClearML is an open-source AI platform that supports the entire AI development lifecycle from research to production. It is designed to integrate with existing tools and infrastructures, allowing developers and DevOps teams to build, train and deploy models at scale.
TALOS-2024-2110 (CVE-2024-39272) is a cross-site scripting vulnerability. A specially crafted HTTP request can allow an attacker to upload HTML files to a dataset through an existing ClearML account. The files can later be rendered within the browser of an authenticated ClearML user and execute JavaScript.
TALOS-2024-2112 (CVE-2024-43779) is an information disclosure vulnerability. A specially crafted HTTP request can lead to an attacker reading vaults that have been previously disabled, possibly leaking sensitive credentials. An attacker can send a series of HTTP requests to trigger this vulnerability.
Nvidia memory corruption and heap-based buffer overflow vulnerabilities
Discovered by Dimitrios Tatsis.
The nvJPEG2000 library is provided by NVIDIA as a high-performance JPEG2000 encoding and decoding library. The prerequisite is a CUDA enabled GPU in the system that allows faster processing than traditional CPU implementations.
TALOS-2024-2080 (CVE-2024-0142) and TALOS-2024-2095 (CVE-2024-0143) are memory corruption vulnerabilities. A specially crafted JPEG2000 file can lead to an out-of-bounds write with arbitrary data which can lead to further memory corruption and arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
TALOS-2024-2108 (CVE-2024-0144) and TALOS-2024-2113 (CVE-2024-0145) are heap-based buffer overflow vulnerabilities in the Ndecomp field handling and parameter. A specially crafted JPEG2000 file can lead to memory corruption and arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.
Cisco Talos Blog – Read More
Sean Cairncross is Trump Nominee for National Cyber Director
Former RNC official Sean Cairncross has been nominated for the post of National Cyber Director to streamline the US cybersecurity strategy.
The post Sean Cairncross is Trump Nominee for National Cyber Director appeared first on SecurityWeek.
SecurityWeek – Read More