Malware

Abuse of the Service Location Protocol May Lead to DoS Attacks

The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated remote attacker to register arbitrary services. This could allow an attacker to use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor. Researchers from Bitsight and Curesec have discovered a way to abuse SLP—identified as CVE-2023-29552—to conduct high amplification factor DoS attacks using spoofed source addresses. As noted by Bitsight, many SLP services visible on the internet appear to be…

Read More

VMware Releases Security Update for Aria Operations for Logs

VMware has released a security update to address multiple vulnerabilities in Aria Operations for Logs (formerly vRealize Log Insight). A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0007 and apply the necessary updates.

Read More

Nokoyawa Ransomware Attacks Leveraging Windows Zero Day

A report recently released by Kaspersky Labs has detailed a threat actor making use of a CLFS (Common Log File System) exploit to escalate privileges. The group Kaspersky attributed to this attack is well known for its many distinct but similar CLFS driver exploits that likely come from the same exploit developer. Kaspersky’s working theory is that the privilege escalation was used to dump the contents of the HKEY_LOCAL_MACHINESAM registry hive to continue their attack.…

Read More

Two Critical-Severity Vulnerabilities Patched in Latest Security Updates from SAP

The enterprise software vendor SAP has released several security updates for its products, two of which concern critical-severity vulnerabilities that impact the SAP Diagnostics Agent and the SAP BusinessObjects Business Intelligence Platform. SAP is the largest Enterprise Resource Planning (ERP) vendor in the world with over 425,000 customers in 180 countries. Over 90% of the Fortune 2000 companies utilize SAP. In the past, vulnerabilities in SAP software have been seen being exploited in the wild.…

Read More

Deluge of Fake Packages Cause DoS Attack on npm

Last week Checkmarx Security detailed the attack that led to a temporary Denial of Service (DoS) on the Node.js package repository npm in March. Threat actors uploaded hundreds of thousands of fake packages in a type of SEO-poisoning attack that relies on the reputation of package managers to place the bogus packages at the top of search results. The packages are empty, only containing a README with further instructions for infection. The sheer number of…

Read More

Evading Google Play Store Defenses: Criminals Trading Malicious Android Loaders

According to a recent report from Kaspersky, criminals are trading malicious loader programs that can trojanize Android applications to evade Google Play Store defenses. These loader programs are particularly popular for hiding malware and unwanted software in certain application categories, including cryptocurrency trackers, financial apps, QR-code scanners, and dating apps. Dropper apps are the primary means for threat actors to sneak malware via the Google Play Store. These apps often appear to be innocent, but…

Read More

Yum Brands Reports Breach After Ransomware Attack

Yum Brands, the parent company of popular fast-food chains KFC, Pizza Hut, and Taco Bell, has disclosed a data breach after a ransomware attack on its systems. The company, which operates more than 50,000 restaurants in over 150 countries, said the breach occurred in late May 2021 and was discovered during an investigation into the ransomware attack. The attackers were able to access certain information, including the payment card information of some customers who made…

Read More

Apple Releases Emergency Updates For Older iOS Devices After Recent Discovery Of Zero-Day Vulnerabilities

In order to address two actively exploited zero-day vulnerabilities discovered by Google’s Threat Analysis Group and Amnesty International’s Security Lab that also affect earlier iPhones, iPads, and Macs, Apple has published emergency updates to backport security patches that were announced on Friday. Apple stated in security advisories posted on Monday that it was “aware of a report that this problem may have been actively exploited.” The first is an out-of-bounds write vulnerability in IOSurfaceAccelerator that…

Read More

Various Industries in Israel Dealing with Cyber Issues

Over the past week, Israel has experienced significant cyber attacks on the Israel Post and irrigation systems in the North. The Israel Postal Company detected and prevented an attack on their computer servers by a “hostile party” and shut down part of their systems in response. This did not affect banking services, which operate on a separate system. While the attack was stopped early and did not result in any damage or information leaks, some…

Read More

Breached Shutdown Triggers Shift to ARES Data Leak Forums

A threat group known as ARES is becoming well-known on the cybercrime scene due to selling and leaking databases stolen from businesses and government agencies. The actor first appeared on Telegram in late 2021 and has since been linked to the RansomHouse ransomware operation, the KelvinSecurity data leak platform, and the network access group Adrastea. In order to fill the hole left by the now-defunct Breached forum, ARES Group administers its own website with database…

Read More