Latest Intelligence
Cyberattackers Target LastPass, Top Password Managers
A recent wave of phishing campaigns is exploiting the trust employees place in password managers, particularly LastPass, to secure their credentials. This situation highlights the vulnerabilities associated with relying on such tools for password management. Read Original »
Leaks in Microsoft VS Code Marketplace Put Supply Chain at Risk
Researchers found over 550 unique secrets exposed in the Visual Studio Code marketplaces, highlighting significant vulnerabilities in the supply chain. In response to these findings, Microsoft is taking steps to enhance security measures. Read Original »
China Hackers Test AI-Optimized Attack Chains in Taiwan
The article discusses how a group of hackers in China is utilizing AI to optimize their cyberattack strategies, yet it suggests that there are limitations to the effectiveness of AI in these scenarios. Despite the advancements in AI technology, the article implies that threat actors may still face challenges in executing successful cyberattacks. Read Original »
North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts
North Korean hackers have utilized the EtherHiding technique to distribute malware and facilitate cryptocurrency theft, marking a significant development in state-sponsored cyber activities. This method, attributed to the threat cluster UNC5342 by Google Threat Intelligence Group, represents a novel approach in the hacking landscape. Read Original »
Hackers Abuse Blockchain Smart Contracts to Spread Malware via Infected WordPress Sites
A financially motivated threat actor known as UNC5142 is utilizing blockchain smart contracts to distribute malware, specifically targeting information stealers like Atomic, Lumma, Rhadamanthys, and Vidar. This operation primarily exploits compromised WordPress websites and employs a technique called 'EtherHiding'. Read Original »
Microsoft Revokes Over 200 Certificates to Disrupt Ransomware Campaign
Microsoft has revoked over 200 certificates to counter a ransomware campaign attributed to the group Vanilla Tempest, also known as Vice Spider and Vice Society. This action aims to disrupt the ongoing attacks associated with this cybercriminal organization. Read Original »
LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets
A new GNU/Linux rootkit named LinkPro has been discovered, which utilizes eBPF modules to hide its presence and enable remote activation. This finding emerged from an investigation into a compromised AWS-hosted infrastructure. Read Original »
AISLE Emerges From Stealth With AI-Based Reasoning System That Remediates Vulnerabilities on the Fly
AISLE has developed an AI-based reasoning system that automates the process of detecting, exploiting, and patching software vulnerabilities in real time. This innovation aims to enhance cybersecurity by remediating vulnerabilities on the fly. Read Original »
Matters.AI Raises $6.25 Million to Safeguard Enterprise Data
Matters.AI has successfully raised $6.25 million to enhance the protection of enterprise data through its AI Security Engineer, which autonomously safeguards data across various devices and environments. This funding aims to bolster the company's capabilities in cybersecurity. Read Original »
Organizations Warned of Exploited Adobe AEM Forms Vulnerability
Organizations have been warned about a vulnerability in Adobe Experience Manager Forms (AEM Forms) that has been exploited. A public proof of concept (PoC) was available following Adobe's patch of the bug in early August. Read Original »
Siemens Solid Edge
Siemens Solid Edge has multiple vulnerabilities related to out-of-bounds write and read issues, which could allow attackers to crash the application or execute arbitrary code. CISA will no longer update advisories for these vulnerabilities, and users are advised to take specific mitigations to reduce risk. Read Original »
Hitachi Energy MACH GWS
The Hitachi Energy MACH GWS product has multiple vulnerabilities that could allow remote exploitation, including tampering with system files and man-in-the-middle attacks. Users are urged to update to Version 3.5 and follow recommended security practices to mitigate risks. Read Original »
Siemens HyperLynx and Industrial Edge App Publisher
Siemens has reported a vulnerability in its HyperLynx and Industrial Edge App Publisher products, specifically a type confusion issue that could allow remote attackers to execute arbitrary code via crafted HTML pages. CISA will no longer update advisories for Siemens product vulnerabilities, urging users to follow Siemens' security recommendations and apply mitigations. Read Original »
Siemens SIMATIC ET 200SP Communication Processors
The Siemens SIMATIC ET 200SP communication processors have a critical vulnerability due to missing authentication for critical functions, allowing unauthenticated remote access to configuration data. This vulnerability has a high CVSS score, indicating significant risk for affected systems. Read Original »
Rockwell Automation FactoryTalk View Machine Edition and PanelView Plus 7
Rockwell Automation's FactoryTalk View Machine Edition and PanelView Plus 7 have vulnerabilities that could allow unauthenticated attackers to access the device's file system. These vulnerabilities include a path traversal issue and an authentication bypass, both of which pose significant security risks. Read Original »