A newly discovered PyPI hijack technique called “Revival Hijack” has been exploited in the wild, posing a significant threat to thousands of Python packages. Identified by JFrog’s security research team, the method takes advantage of a loophole in the PyPI software registry that allows attackers to re-register package names that have been removed by their original owners. Jfrog researchers Andrey Polkovnichenko and Brian Moussalli said this technique has the potential to affect over 22,000 packages, putting countless systems at risk. What is the “Revival Hijack” Technique? The Revival Hijack method allows attackers to take control of package names that have been deleted…
Author: ISB Staff Reporter
The US Department of Justice has disrupted a covert Russian government-sponsored influence operation targeting audiences within its borders and other nations. The operation, dubbed “Doppelganger,” involved using influencers, AI-generated content, and paid social media advertisements to spread disinformation aimed at undermining international support for Ukraine and influencing the 2024 US Presidential Election. Authorities revealed the seizure of 32 internet domains used by Russian entities, including Social Design Agency (SDA), Structura National Technology (Structura), and ANO Dialog. These companies, directed by Sergei Kiriyenko, a key figure in President Vladimir Putin’s inner circle, employed tactics like cybersquatting to impersonate legitimate news outlets…
Cisco has warned of multiple critical vulnerabilities in its Smart Licensing Utility, potentially enabling unauthenticated, remote attackers to collect sensitive information or gain administrative control over the software. The vulnerabilities, identified as CVE-2024-20439 and CVE-2024-20440, can be found in several versions of the software. Both have been rated a critical severity score of 9.8 on the CVSS scale, meaning exploitation of the flaw could result in a full system or data compromise. The company has released software updates to address these issues but emphasized that there are no workarounds available for the vulnerabilities. It also said that, to date, it…
Phishing remains the most common cyber threat, representing 37% of incidents in Q3 2024. However, incidents of credential exposure have increased to almost 89%, raising concerns about data security risks across industries, according to the latest report by ReliaQuest on quarterly attacker trends analysis. Between May 1 and July 31, 2024, ReliaQuest analyzed customer incident data and cybercriminal forums to identify common cyber threats. While phishing still leads the list of threats, its impact has slightly diminished from previous years. On the other hand, exposed credentials are skyrocketing, now making up a substantial portion of security alerts—a jump of 29%…
A sophisticated cyber campaign, dubbed SLOW#TEMPEST, has been uncovered by the Securonix Threat Research team, targeting Chinese-speaking users. The attack, characterized by the deployment of Cobalt Strike payloads, managed to evade detection for over two weeks, demonstrating the malicious actors’ ability to establish persistence and move laterally within compromised systems. SLOW#TEMPEST primarily targets victims in China, with evidence suggesting that the attack leverages phishing emails to deliver malicious ZIP files. The lure files and the command-and-control (C2) infrastructure are predominantly written in Chinese, reinforcing the likelihood that Chinese users are the primary targets. The C2 infrastructure is hosted by Shenzhen…
Cybersecurity researchers discovered a vulnerability in the Known Crewmember (KCM) system, a TSA program that allows airline pilots and flight attendants to bypass security screening. The flaw, which could potentially compromise the safety of millions of air travelers, was found by researchers Ian Carroll and Sam Curry in a system operated by FlyCASS – a service used by smaller airlines to manage KCM and Cockpit Access Security System (CASS) authorizations. Gaining Administrative Access KCM and CASS are crucial security programs that streamline airport security checks for airline personnel. KCM enables pilots and flight attendants to bypass regular security lines by…
A North Korean threat actor has been found exploiting a zero-day vulnerability in Chromium, now designated as CVE-2024-7971. The exploit, which enables remote code execution (RCE), is being attributed with high confidence to a North Korean group known as Citrine Sleet. The actor primarily targets the cryptocurrency sector for financial gain. Microsoft’s ongoing analysis has linked the observed exploitation of CVE-2024-7971 to Citrine Sleet. The threat actor has previously been associated with other North Korean groups, including Diamond Sleet, which shares tools and infrastructure with Citrine Sleet. The FudModule rootkit, which has been deployed in this attack, has also been…
RansomHub, previously known as Cyclops and Knight, has quickly gained traction, targeting over 210 victims across US critical infrastructure sectors. This ransomware-as-a-service (RaaS) model has been active since February 2024. These include water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services, commercial facilities, critical manufacturing, transportation, and communications critical infrastructure sectors. This was revealed in a new joint Cybersecurity Advisory that was issued by the FBI, CISA, MS-ISAC, and the Department of Health and Human Services. This advisory is part of the broader #StopRansomware campaign, which aims to protect…
Users in the Middle East are being targeted by sophisticated threat actors deploying malware disguised as the Palo Alto GlobalProtect tool, Trend Micro has revealed. The malware employs a two-stage infection process, leveraging advanced command-and-control (C&C) infrastructure to evade detection and maintain persistent access to compromised systems. The infection begins with a malicious setup.exe file, which initiates contact with specific hostnames to report infection progress and collect victim data. The malware uses the Interactsh project, a tool originally intended for penetration testing for beaconing purposes. This allows the attackers to monitor which targets advance through the infection chain, further enhancing…
The FBI needs to improve its handling of electronic media designated for destruction at its facilities, according to a scathing audit from the Justice Department’s Inspector General, released publicly last week. . The memo, issued by DOJ Inspector General Michael Horowitz, highlights that the bureau is failing to properly label and track internal hard drives containing sensitive and top-secret national security information once they are removed from computers and servers. Storage devices containing sensitive information, including national security data, Foreign Intelligence Surveillance Act (FISA) material, and documents classified as Secret, were often improperly labeled or not labeled at all, heightening…
