Security News > 2023 > August

A Syrian threat actor named EVLF has been outed as the creator of malware families CypherRAT and CraxsRAT. "These RATs are designed to allow an attacker to remotely perform real-time actions and control the victim device's camera, location, and microphone," Cybersecurity firm Cyfirma said in a report published last week. EVLF is said to be operating a web shop to advertise their warez since at least September 2022.

Json from CRED FILE NAMES file name array to GCLOUD CREDS FILES file name array[+] added netrc, kubeconfig, adc. Db from CRED FILE NAMES file name array[-] removed dload function[+] added commented dload function invocation for posting final results[+] added commented wget command to download and execute https://everlost.

A new macOS-specific variant of the well known XLoader malware is being delivered disguised as the "OfficeNote" app. XLoader is a malware-as-a-service infostealer and botnet that has been active since 2015, but first appeared as a macOS variant in 2021, written in Java.

Certainly we don't want to all have to vote on every amendment to every bill, but what's the optimal balance between votes made in our name and ballot measures that we all vote on? How would we feel about an AI device in our pocket that voted in our name, thousands of times per day, based on preferences that it inferred from our actions? If an AI system could determine optimal policy solutions that balanced every voter's preferences, would it still make sense to have representatives? Maybe we should vote directly for ideas and goals instead, and leave the details to the computers.

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management.It has been downloaded over 2 million times and is being used by security teams worldwide.

Phishing attacks using open redirect flaws are on the rise again, according to Kroll's Cyber Threat Intelligence team, which means organizations should consider refreshing employees' awareness and knowledge on how to spot them. Open redirect vulnerabilities in web applications allows threat actors to manipulate legitimate URLs to redirect victims to an external malicious URL. "They occur when a website allows for user-supplied input as part of a URL parameter in a redirect link, without proper validation or sanitization," says George Glass, Kroll's Head of Threat Intelligence.

A malicious toolset dubbed Spacecolon is being deployed as part of an ongoing campaign to spread variants of the Scarab ransomware across victim organizations globally. The Slovak cybersecurity firm, which dubbed the threat actor CosmicBeetle, said the origins of the Spacecolon date back to May 2020.

CloudNordic has told customers to consider all of their data lost following a ransomware infection that encrypted the large Danish cloud provider's servers and "Paralyzed CloudNordic completely," according to the IT outfit's online confession. While none of this is good news to organizations that have now lost all of their website and email data, CloudNordic does offer a slight silver lining: the biz doesn't believe that the criminals exfiltrated any information before encrypting the systems.

More than a dozen malicious packages have been discovered on the npm package repository since the start of August 2023 with capabilities to deploy an open-source information stealer called Luna Token Grabber on systems belonging to Roblox developers. "The malicious packages reproduce code from the legitimate noblox.js package but add malicious, information-stealing functions," software threat researcher Lucija Valentić said in a Tuesday analysis.

Belts have tightened, and that ROI and cost reduction are now driving CISO decision-making more than ever. In this Help Net Security video, Sara Behar, Content Manager at YL Ventures, discusses how enterprise cybersecurity budgets have been impacted by the downmarket and how vendors can adapt.