Kirsten Doyle

In a chilling discovery, Trellix Advanced Research Center has uncovered a malicious campaign that turns trusted security tools into instruments of attack. The malware manipulates Avast’s Anti-Rootkit driver (aswArPot.sys) to gain deep system access, disable protective measures, and take full control of compromised systems. This sophisticated campaign is an example of a growing threat: the exploitation of kernel-mode drivers, usually designed to protect critical system components. When compromised, these drivers become potent weapons for malicious actors. “What makes this even more alarming is the level of trust associated with kernel-mode drivers—designed to protect the system at its core—which, in this…

More than 2,000 Palo Alto Networks PAN-OS firewalls have been targeted following the disclosure and patching of two security vulnerabilities earlier this month—one of which is classified as critical. This was reported by the Shadowserver Foundation on 20 November. Warnings Unheeded Palo Alto Networks and its threat intelligence team, Unit 42, issued a security advisory regarding the active exploitation of the vulnerabilities, calling them a significant threat, as attackers could leverage them to compromise administrative privileges and deploy malicious payloads. CVE-2024-0012, an authentication bypass flaw, allows an unauthenticated attacker with network access to the management interface to gain administrative control…

The Australian Government has unveiled world-first legislation setting a minimum age of 16 for social media use, aiming to bolster online safety for young Australians. The Online Safety Amendment (Social Media Minimum Age) Bill 2024, introduced today, seeks to protect children during critical developmental years by requiring social media platforms to prevent underage users from creating accounts. Under the new law, social media platforms such as Snapchat, TikTok, Instagram, and X will be categorized as “age-restricted social media platforms” and will be required to implement robust measures to verify users’ ages. This responsibility shifts accountability away from parents or children…

ESET researchers have uncovered WolfsBane, a Linux cyberespionage backdoor attributed with high confidence to the Gelsemium advanced persistent threat (APT) group. This discovery is a major development, as it is the first public report of Gelsemium deploying Linux malware. The newly identified backdoors and tools are designed for cyberespionage, targeting sensitive data, including system information, user credentials, and specific files or directories. They also enable persistent access and stealthy command execution, allowing prolonged intelligence gathering while evading detection. Origins and Links to Gelsemium The researchers discovered WolfsBane and related tools on VirusTotal, with samples uploaded from Taiwan, the Philippines, and…

In a surprising discovery, Aqua Nautilus researchers have identified an emerging attack vector that leverages misconfigured servers to hijack resources for streaming sports events. Using honeypots designed to mimic real-world development environments, researchers uncovered how attackers exploited JupyterLab and Jupyter Notebook applications to conduct illegal live streaming operations, exposing a new facet of cybercrime. A Novel Attack Strategy The investigation uncovered how attackers have exploited publicly exposed Jupyter servers, using weak or absent authentication to gain remote code execution capabilities. Once inside, they deployed the open-source tool ffmpeg to capture live sports broadcasts, redirecting the streams to their illegal platforms…

A cybersecurity breach has exposed sensitive information from over 1.1 million records associated with Conduitor Limited’s Forces Penpals, a dating and social networking service for members of the US and UK armed forces and their supporters. The exposed database, discovered by cybersecurity researcher Jeremiah Fowler and reported to vpnMentor, was left unprotected without encryption or password protection. Sensitive Military Records Left Exposed The database contained 1,187,296 documents, including user images and highly sensitive proof-of-service documents. These files revealed personally identifiable information (PII) such as full names, mailing addresses, Social Security Numbers (US), National Insurance Numbers (UK), military ranks, service branches,…

A recently disclosed flaw in Microsoft Active Directory Certificate Services (ADCS), identified as CVE-2024-49019, could allow attackers to escalate privileges and gain control of a domain. The vulnerability, rated with a CVSS score of 7.8, is classified as an elevation-of-privilege (EoP) issue. If exploited, attackers could potentially obtain domain administrator privileges, compromising the security of the entire network. Microsoft’s advisory shares several ways entities can mitigate the risks, including removing excessive enrollment rights for users or groups, eliminating unused certificate templates, and securing templates that allow users to specify a subject in the request. While no active attacks have been…

T-Mobile has confirmed its involvement in the recent wave of telecom network breaches, which have been attributed to a China-linked cyber threat group, Salt Typhoon. The malicious actor previously breached major telecom providers, including AT&T, Verizon, and Lumen Technologies, as part of a larger operation that targeted US telecom infrastructure. This included accessing sensitive systems such as the US court wiretap system and gathering phone data from top US officials, including President-elect Donald Trump, Vice President-elect JD Vance, key congressional figures, and Vice President Kamala Harris’s campaign. T-Mobile, in a statement to The Wall Street Journal, confirmed its systems were…

Google has launched a regular fraud and scams advisory to combat the growing volume and sophistication of online scams. Multinational crime entities are increasingly using advanced technology and complex schemes to target victims worldwide. To protect users and the broader digital ecosystem, Google’s Trust & Safety (T&S) teams are tracking emerging trends, developing new protective measures, and sharing vital information with the public. The first advisory outlines five major trends shaping today’s online scam landscape: Public Figure Impersonation Campaigns The accessibility of deepfake technology has fueled a surge in public figure impersonation scams, where criminals use AI to mimic well-known…

In a new and sophisticated cyber campaign dubbed the “Iranian Dream Job Campaign,” the Iranian threat group TA455 is using deceptive job offers to infiltrate the aerospace industry, ClearSky Cyber Security reported. The campaign relies on distributing SnailResin malware, which activates the SlugResin backdoor, a malware set ClearSky links to the well-known Iranian cyber actor subgroup Charming Kitten. The deceptive nature of the operation has led some cyber research companies to mistakenly attribute the malware files to North Korea’s Kimsuky/Lazarus Advanced Persistent Threat (APT) group. The overlapping “Dream Job” recruitment tactics, attack methods, and malware signatures suggest that Charming Kitten…