Security Flaws in Popular ML Toolkits Enable Server Hijacks, Privilege Escalation Cybersecurity researchers have uncovered nearly two dozen security flaws spanning 15 different machine learning (ML) related open-source projects. These comprise vulnerabilities discovered both on the server- and client-side, software supply chain security firm JFrog said in an analysis published last week. The server-side weaknesses "allow attackers to hijack important servers in the organization such as ML model registries, ML databases and ML pipelines," it said. The vulnerabilities, discovered in Weave, ZenML, Deep Lake, Vanna.AI, and Mage AI, have been broken down into broader sub-categories that allow for remotely hijacking model registries, ML database frameworks, and taking over ML Pipelines. See more:
The Hacker News
Security Flaws in Popular ML Toolkits Enable Server Hijacks, Privilege Escalation
Over 20 vulnerabilities found in ML open-source tools pose severe risks, including server hijacking and data breaches.
 #cybersecurity #machinelearning
Hackers now use ZIP file concatenation to evade detection Hackers are targeting Windows machines using the ZIP file concatenation technique to deliver malicious payloads in compressed archives without security solutions detecting them. The technique exploits the different methods ZIP parsers and archive managers handle concatenated ZIP files. This new trend was spotted by Perception Point, who discovered a a concatentated ZIP archive hiding a trojan while analyzing a phishing attack that lured users with a fake shipping notice. The researchers found that the attachment was disguised as a RAR archive and the malware leveraged the AutoIt scripting language to automate malicious tasks. See more:
BleepingComputer
Hackers now use ZIP file concatenation to evade detection
Hackers are targeting Windows machines using the ZIP file concatenation technique to deliver malicious payloads in compressed archives without secu...
 #cybersecurity #malware #windows
5 Most Common Malware Techniques in 2024 Tactics, techniques, and procedures (TTPs) form the foundation of modern defense strategies. Unlike indicators of compromise (IOCs), TTPs are more stable, making them a reliable way to identify specific cyber threats. Here are some of the most commonly used techniques, according to ANY.RUN's Q3 2024 report on malware trends, complete with real-world examples. 1. Disabling of Windows Event Logging (T1562.002), e.g. XWorm Disables Remote Access Service Logs 2. PowerShell Exploitation (T1059.001), e.g. BlanGrabber Uses PowerShell to Disable Detection 3. Abuse of Windows Command Shell (T1059.003), e.g. Lumma Employs CMD in Payload Execution 4. Modification of Registry Run Keys (T1547.001), e.g. Remcos Gains Persistence via RUN Key 5. Time Based Evasion (T1497.003), e.g. DCRAT Delays Execution During Attack See more:
The Hacker News
5 Most Common Malware Techniques in 2024
ANY.RUN's Q3 2024 report reveals malware's top techniques, from disabling event logs to using PowerShell
 #cybersecurity #malware
Summary of noteworthy news from the last week by SecurityWeek! China’s Volt Typhoon hacked Singtel, GuLoader targets European industrial organizations, and US agency warns employees about phone use. See more
SecurityWeek
In Other News: China Hacked Singtel, GuLoader Attacks on Industrial Firms, LastPass Phishing Campaign
China’s Volt Typhoon hacked Singtel, GuLoader targets European industrial organizations, and US agency warns employees about phone use.
 #cybersecurity #news
Bitcoin Fog Founder Sentenced to 12 Years for Cryptocurrency Money Laundering The 36-year-old founder of the Bitcoin Fog cryptocurrency mixer has been sentenced to 12 years and six months in prison for facilitating money laundering activities between 2011 and 2021. Roman Sterlingov, a dual Russian-Swedish national, pleaded guilty to charges of money laundering and operating an unlicensed money-transmitting business earlier this March. The U.S. Department of Justice (DoJ) described Bitcoin Fog as the darknet's longest-running cryptocurrency mixer, allowing cybercriminals to conceal the source of their cryptocurrency proceeds. See more:
The Hacker News
Bitcoin Fog Founder Sentenced to 12 Years for Cryptocurrency Money Laundering
Bitcoin Fog founder sentenced to 12 years for laundering $400M in criminal proceeds using his darknet mixer.
 #privacy #bitcoin
Critical Veeam RCE bug now used in Frag ransomware attacks After being used in Akira and Fog ransomware attacks, a critical Veeam Backup & Replication (VBR) security flaw was also recently exploited to deploy Frag ransomware. Code White security researcher Florian Hauser found that the vulnerability (tracked as CVE-2024-40711) is caused by a deserialization of untrusted data weakness that unauthenticated threat actors can exploit to gain remote code execution (RCE) on Veeam VBR servers. watchTowr Labs, which published a technical analysis on CVE-2024-40711 on September 9, delayed releasing a proof-of-concept exploit until September 15 to give admins enough time to apply security updates issued by Veeam on September 4. Veeam says over 550,000 customers worldwide use its products, including roughly 74% of all companies in the Global 2,000 list. See more:
BleepingComputer
Critical Veeam RCE bug now used in Frag ransomware attacks
After being used in Akira and Fog ransomware attacks, a critical Veeam Backup & Replication (VBR) security flaw was also recently exploited to depl...
 #cybersecurity #ransomware
D-Link won’t fix critical flaw affecting 60,000 older NAS devices More than 60,000 D-Link network-attached storage devices that have reached end-of-life are vulnerable to a command injection vulnerability with a publicly available exploit. The flaw, tracked as CVE-2024-10914, has a critical 9.2 severity score and is present in the ‘cgi_user_add’ command where the name parameter is insufficiently sanitized. An unauthenticated attacker could exploit it to inject arbitrary shell commands by sending specially crafted HTTP GET requests to the devices. See more:
BleepingComputer
D-Link won’t fix critical flaw affecting 60,000 older NAS devices
More than 60,000 D-Link network-attached storage devices that have reached end-of-life are vulnerable to a command injection vulnerability with a p...
 #cybersecurity #injection
US Gov Agency Urges Employees to Limit Phone Use After China ‘Salt Typhoon’ Hack The US government’s Consumer Financial Protection Bureau (CFPB) is directing employees to minimize the use of cellphones for work-related activities, following an intrusion into major telco systems attributed to Chinese government hackers. According to a Wall Street Journal report, the agency sent an email to all employees and contractors with a simple directive: “Do NOT conduct CFPB work using mobile voice calls or text messages.” The warning comes on the heels of a series of hacks into US telcos and broadband providers blamed on Salt Typhoon, a Chinese government-backed cyberespionage hacking operation. The group has reportedly broken into companies like Verizon, AT&T and Lumen Technologies and has used that access to surveil politicians and critical communications systems See more:
SecurityWeek
US Gov Agency Urges Employees to Limit Phone Use After China ‘Salt Typhoon’ Hack
The US government's CFPB sent an email with a simple directive: “Do NOT conduct CFPB work using mobile voice calls or text messages.”
 #cybersecurity #hack #china
Malicious PyPI Package ‘Fabrice’ Found Stealing AWS Keys from Thousands of Developers Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) that has racked up thousands of downloads for over three years while stealthily exfiltrating developers' Amazon Web Services (AWS) credentials. The package in question is "fabrice," which typosquats a popular Python library known as "fabric," which is designed to execute shell commands remotely over SSH. While the legitimate package has over 202 million downloads, its malicious counterpart has been downloaded more than 37,100 times to date. As of writing, "fabrice" is still available for download from PyPI. It was first published in March 2021. The typosquatting package is designed to exploit the trust associated with "fabric," incorporating "payloads that steal credentials, create backdoors, and execute platform-specific scripts," security firm Socket said. See more:
The Hacker News
Malicious PyPI Package ‘Fabrice’ Found Stealing AWS Keys from Thousands of Developers
Malicious PyPI package ‘fabrice’ has exfiltrated AWS credentials from thousands of users undetected for three years.
 #cybersecurity #pypi #typosquatting
New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus Cybersecurity researchers have flagged a new malware campaign that infects Windows systems with a Linux virtual instance containing a backdoor capable of establishing remote access to the compromised hosts. The "intriguing" campaign, codenamed CRON#TRAP, starts with a malicious Windows shortcut (LNK) file likely distributed in the form of a ZIP archive via a phishing email. "What makes the CRON#TRAP campaign particularly concerning is that the emulated Linux instance comes pre-configured with a backdoor that automatically connects to an attacker-controlled command-and-control (C2) server," Securonix researchers Den Iuzvyk and Tim Peck said in an analysis. See more:
The Hacker News
New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus
New CRON#TRAP malware installs a Linux VM backdoor on Windows, evading antivirus, and allowing hidden control over compromised systems.
 #cybersecurity #malware