A previously unknown threat actor dubbed "Unfading Sea Haze" has been targeting military and government entities in the South China Sea region since 2018, remaining undetected all this time. Bitdefender researchers who discovered the threat group report that its operations align with Chinese geo-political interests, focusing on intelligence collection and espionage. As is typical for Chinese state-sponsored threat actors, they demonstrate overlaps with other groups, most notably APT41. READ MORE...
Rockwell Automation has issued a security notice urging customers to ensure that their industrial control systems (ICS) are not connected to the internet and exposed to cyber threats. The industrial automation giant has told customers to take 'immediate' action and check whether any devices that are not specifically designed for public connectivity are exposed to the web. A Shodan search for 'Rockwell' currently returns more than 7,000 results. READ MORE...
Malware recently spotted in the wild uses sophisticated measures to disable antivirus protections, destroy evidence of infection, and permanently infect machines with cryptocurrency-mining software, researchers said Tuesday. Key to making the unusually complex system of malware operate is a function in the main payload, named GhostEngine, that disables Microsoft Defender or any other antivirus or endpoint-protection software that may be running on the targeted computer. READ MORE...
A Russia-linked advanced persistent threat (APT) group has been abusing PDF and MSBuild project files in a campaign that uses socially engineered emails to deliver the TinyTurla backdoor as a fileless payload. The campaign's seamless delivery routine is a notable evolution in sophistication, researchers said. Researchers from Cyble Researchers and Intelligence Labs (CRIL) identified the campaign, which uses emails pitching invitations to human rights seminars as a lure to infect users. READ MORE...
GitHub has patched its Enterprise Server software to fix a security flaw that scored a 10 out of 10 CVSS severity score. The vulnerability affects instances of GitHub Enterprise Server, and gives full admin access to anyone exploiting the issue in any version of the code prior to version p3.13.0 of the code base. The bug has been assigned as CVE-2024-4985 and received the maximum severity score of 10. READ MORE...
Researchers have found 15 vulnerabilities in QNAP's network attached storage (NAS) devices, and have released a proof-of-concept for one: an unauthenticated stack overflow vulnerability (CVE-2024-27130) that may be leveraged for remote code execution. "With a codebase bearing some long 10+ year legacy, and a long history of security weaknesses," QNAP's QTS operating system and its "variants" (QuTSCloud and QTS hero) enticed WatchTowr Labs researchers to probe for vulnerabilities. READ MORE...
US businesses are believed to have recruited thousands of North Korean IT workers, sending earnings (and potentially data) to North Korea. This week, an American woman named Christina Marie Chapman was arrested in Arizona. She is accused of being part of an elaborate scheme that generated almost US $7 million in funds for North Korea, potentially to fund its weapons programme. READ MORE...
Microsoft has announced the Copilot+ line of Windows 11-powered PCs that, among other things, will have Recall, a feature that takes screenshots every few seconds, encrypts them, saves them, and leverages AI to allow users to search through them for specific content that has been viewed in apps, websites, documents, etc. Security and privacy professionals, who are used to viewing technology through an attacker's lens, have immediately pinpointed its possible disadvantages. READ MORE...
Infosec researchers are alerting the industry to a critical vulnerability in Fluent Bit - a logging component used by a swathe of blue chip companies and all three major cloud providers. Experts at Tenable discovered the flaw (CVE-2024-4323), which can lead to denial of service (DoS) and information leakage, and under the right conditions remote code execution (RCE). READ MORE...
?Veeam warned customers today to patch a critical security vulnerability that allows unauthenticated attackers to sign into any account via the Veeam Backup Enterprise Manager (VBEM). VBEM is a web-based platform that enables administrators to manage Veeam Backup & Replication installations via a single web console. It helps control backup jobs and perform restoration operations across an organization's backup infrastructure and large-scale deployments. READ MORE...
OT, IoT and medical device cybersecurity firm Claroty has disclosed information on vulnerabilities found by its researchers in Honeywell's Control Edge Unit Operations Controller (UOC). Claroty researchers have found vulnerabilities in the ControlEdge Virtual UOC industrial automation controller, which can be deployed as a Linux-based virtual machine, eliminating the need for a physical controller. READ MORE...