CyberSecure Specialist

A report recently released by Kaspersky Labs has detailed a threat actor making use of a CLFS (Common Log File System) exploit to escalate privileges. The group Kaspersky attributed to this attack is well known for its many distinct but similar CLFS driver exploits that likely come from the same exploit developer. Kaspersky’s working theory is that the privilege escalation was used to dump the contents of the HKEY_LOCAL_MACHINESAM registry hive to continue their attack.…

The enterprise software vendor SAP has released several security updates for its products, two of which concern critical-severity vulnerabilities that impact the SAP Diagnostics Agent and the SAP BusinessObjects Business Intelligence Platform. SAP is the largest Enterprise Resource Planning (ERP) vendor in the world with over 425,000 customers in 180 countries. Over 90% of the Fortune 2000 companies utilize SAP. In the past, vulnerabilities in SAP software have been seen being exploited in the wild.…

Last week Checkmarx Security detailed the attack that led to a temporary Denial of Service (DoS) on the Node.js package repository npm in March. Threat actors uploaded hundreds of thousands of fake packages in a type of SEO-poisoning attack that relies on the reputation of package managers to place the bogus packages at the top of search results. The packages are empty, only containing a README with further instructions for infection. The sheer number of…

According to a recent report from Kaspersky, criminals are trading malicious loader programs that can trojanize Android applications to evade Google Play Store defenses. These loader programs are particularly popular for hiding malware and unwanted software in certain application categories, including cryptocurrency trackers, financial apps, QR-code scanners, and dating apps. Dropper apps are the primary means for threat actors to sneak malware via the Google Play Store. These apps often appear to be innocent, but…