Security News

Google announced today that bug bounty hunters who report sandbox escape chain exploits targeting its Chrome web browser are now eligible for triple the standard reward until December 1st, 2023. "The full chain exploit must result in a Chrome browser sandbox escape, with a demonstration of attacker control / code execution outside of the sandbox. The exploit scenario must be fully remote and the exploit able to be used by a remote attacker," Google explains.

Cybersecurity researchers have offered a closer look at the RokRAT remote access trojan that's employed by the North Korean state-sponsored actor known as ScarCruft. "RokRAT is a sophisticated remote access trojan that has been observed as a critical component within the attack chain, enabling the threat actors to gain unauthorized access, exfiltrate sensitive information, and potentially maintain persistent control over compromised systems," ThreatMon said.

A researcher has published a working exploit for a remote code execution flaw impacting ReportLab Toolkit, a popular Python library used by numerous projects to generate PDF files from HTML input. ReportLab Toolkit is used by multiple projects as a PDF library and has approximately 3.5 million monthly downloads on PyPI. The problem stems from the ability to bypass sandbox restrictions on 'rl safe eval,' whose role is to prevent malicious code execution, leading to the attacker accessing potentially dangerous Python built-in functions.

Hackers are performing widespread exploitation of a critical-severity command injection flaw in Zyxel networking devices, tracked as CVE-2023-28771, to install malware. The flaw, which is present in the default configuration of impacted firewall and VPN devices, can be exploited to perform unauthenticated remote code execution using a specially crafted IKEv2 packet to UDP port 500 on the device.

Enterprise security firm Barracuda on Tuesday disclosed that a recently patched zero-day flaw in its Email Security Gateway appliances had been abused by threat actors since October 2022 to backdoor the devices. The latest findings show that the critical vulnerability, tracked as CVE-2023-2868, has been actively exploited for at least seven months prior to its discovery.

Google-owned threat intelligence firm Mandiant dubbed the malware COSMICENERGY, adding it was uploaded to a public malware scanning utility in December 2021 by a submitter in Russia. "The malware is designed to cause electric power disruption by interacting with IEC 60870-5-104 devices, such as remote terminal units, that are commonly leveraged in electric transmission and distribution operations in Europe, the Middle East, and Asia," the company said.

A newly identified ransomware operation has refashioned leaked LockBit and Babuk payloads into Buhti ransomware, to launch attacks on both Windows and Linux systems. One notable aspect of the attackers leveraging the Buhti ransomware is their ability to quickly exploit newly disclosed vulnerabilities.

Perception Point's team has identified a 356% increase in the number of advanced phishing attacks attempted by threat actors in 2022. Overall, the total number of attacks increased by 87%, highlighting the growing threat that cyber attacks now pose to organizations.

Ongoing attacks are targeting an Unauthenticated Stored Cross-Site Scripting vulnerability in a WordPress cookie consent plugin named Beautiful Cookie Consent Banner with more than 40,000 active installs. WordPress security company Defiant, which spotted the attacks, says the vulnerability in question also allows unauthenticated attackers to create rogue admin accounts on WordPress websites running unpatched plugin versions.

A financially motivated threat actor of Indonesian origin has been observed leveraging Amazon Web Services Elastic Compute Cloud instances to carry out illicit crypto mining operations. Cloud security company's Permiso P0 Labs, which first detected the group in November 2021, has assigned it the moniker GUI-vil.