-
Vulnerable API Exposes Private npm Packages
Aqua Nautilus security researchers have revealed that threat actors could perform a timing attack on npm’s API to uncover private packages. The timing attack on the JavaScript package manager can work even if npm returns a 404 error to unauthorized or unauthenticated users who try to request the following endpoint (generic pattern): https://registry.npmjs.org/@<scope_name>/<secret_package_name> A malicious […]
-
Ransomware Group Uses Vulnerability to Bypass EDR Products
The BlackByte ransomware group is actively exploiting a vulnerability in RTCore32.sys and RTCore64.sys, the drivers of a widely used graphic card utility called Micro-Star MSI AfterBurner (version 4.6.2.15658). Recorded as CVE-2019-16098, the flaw allows any authenticated user to read and write to arbitrary memory, I/O ports and model-specific registers (MSRs). Cybercriminals can abuse it to […]
-
ZINC Hackers Leverage Open-source Software to Lure IT Pros
ZINC, a sub-group of the notorious North Korean Lazarus hacking group, has implanted malicious payloads in open-source software to infiltrate corporate networks, Microsoft’s threat hunting team has reported. PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and the muPDF/Subliminal Recording software installer have been backdoored to perform a wide range of social engineering campaigns that started in […]
-
Software Supply Chain Security Guidance for Developers
Whether it’s package hijacking, dependency confusing, typosquatting, continuous integration and continuous delivery (CI/CD) compromises, or basic web exploitation of outdated dependencies, there are many software supply chain attacks adversaries can perform to take down their victims, hold them to ransom, and exfiltrate critical data. It’s often more efficient to attack a weak link in the […]
-
Unpatched Python Library Affects More Than 300,000 Open Source Projects
Trellix security researchers have revealed a major vulnerability in the Python tarfile library that could be exploited in software supply chain attacks. The researchers believe it could be used against organizations at scale, which could lead to attacks as serious as the one that hit SolarWinds two years ago. Perhaps more troubling is that the […]
-
Threat Group TeamTNT Returns with New Cloud Attacks
A retired threat actor has returned with new attacks aimed at the cloud, containers – and encryption keys. The Aqua Nautilus research team observed three attacks that appeared very similar to those performed by TeamTNT, a threat actor specializing in cloud platforms and online instances such as Kubernetes clusters, Redis servers, and Docker APIs. These […]
-
New Linux Malware Shikitega Can Take Full Control of Devices
AT&T Alien Labs has discovered a new Linux malware that can be used for highly evasive attacks, as the infection has been designed for persistence and runs on practically all kinds of Linux devices. The identity and goals of the authors are as yet unknown, but the technical details have been disclosed. The malware seems […]
-
New GIFShell Attack Targets Microsoft Teams
A cybersecurity consultant has discovered a new attack chain that leverages GIF images in Microsoft Teams to execute arbitrary commands on the target’s machine. The exploit uncovered by Bobby Rauch is dubbed “GIFShell,” and the main component is a GIF image that contains a hidden Python script. This crafted image is sent to a Microsoft […]
-
CVSS Vulnerability Scores Can Be Misleading: Security Researchers
Vulnerability management systems based on the Common Vulnerability Scoring System (CVSS) v2 scoring system may be misguided, as a new report found that roughly half of the most critical vulnerabilities may be scored incorrectly. “Looking at the past 10 years, in the same midyear period, we see that on average, 51.5 percent of all known […]
-
GitLab Patches Critical RCE in Community and Enterprise Editions
The widely-used DevOps platform GitLab has released critical security updates for its Community Edition (CE) and Enterprise Edition (EE). The vulnerability was reported for a number of versions of GitLab CE/EE: all versions starting from 11.3.4 before 15.1.5 all versions starting from 15.2 before 15.2.3 all versions starting from 15.3 before 15.3.1 Affected versions allow […]
