Security News

The source code for the BlackLotus UEFI bootkit has leaked online, allowing greater insight into a malware that has caused great concern among the enterprise, governments, and the cybersecurity community. BlackLotus is a Windows-targeting UEFI bootkit that bypasses Secure Boot on fully patched Windows 11 installs, evades security software, persists on an infected system, and executes payloads with the highest level of privileges in the operating system.

"In this instance, the PoC is a wolf in sheep's clothing, harboring malicious intent under the guise of a harmless learning tool," Uptycs researchers Nischay Hegde and Siddartha Malladi said. The repository masquerades as a PoC for CVE-2023-35829, a recently disclosed high-severity flaw in the Linux kernel.

What's old is new again, with researchers seeing a threefold increase in malware distributed through USB drives in the first half of 2023. Previously, in November 2022, the cybersecurity company highlighted a China-nexus campaign leveraging USB devices to infect entities in the Philippines with four distinct malware families.

Many still lack the necessary tools to investigate the security and organizational impact of these infections and effectively mitigate follow-on attacks - with 98% indicating better visibility into at-risk applications would significantly improve their security posture. Seemingly innocuous actions like these can inadvertently expose organizations to malware and follow-on attacks including ransomware stemming from the stolen access details.

A new fileless malware named PyLoose has been targeting cloud workloads to hijack their computational resources for Monero cryptocurrency mining. Wiz's security researchers first detected PyLoose attacks in the wild on June 22nd, 2023, and have since confirmed at least 200 cases of compromise by the novel malware.

A tool that automates the delivery of malware from external attackers to target employees' Microsoft Teams inbox has been released. TeamsPhisher is a Python-based tool created by US Navy read teamer Alex Reid that allows attackers to deliver attachments to Microsoft Teams users.

Security researchers observed a new campaign they attribute to the Charming Kitten APT group where hackers used new NokNok malware that targets macOS systems. After gaining the target's trust, Charming Kitten sends a malicious link that contains a Google Script macro, redirecting the victim to a Dropbox URL. This external source hosts a password-protected RAR archive with a malware dropper that leverages PowerShell code and an LNK file to stage the malware from a cloud hosting provider.

Once the malicious software is installed, it redirects incoming calls to a call center under the control of the criminals. To facilitate the routing of voice traffic, "Letscall" utilizes cutting-edge technologies such as voice over IP and WebRTC. It also makes use of Session Traversal Utilities for NAT and Traversal Using Relays around NAT protocols, including Google STUN servers, to ensure high-quality phone or video calls and bypass NAT and firewall restrictions.

Cybersecurity agencies have warned about the emergence of new variants of the TrueBot malware. The TrueBot malware, linked with cybercriminal collectives Silence and FIN11, is deployed to siphon off data and disseminate ransomware, jeopardising the safety of numerous infiltrated networks.

Microsoft is having a rough week with troubles including an Outlook.com bug that prevented some email users from searching their messages for several hours on Thursday, and a Teams flaw that allows people to send phishing emails and malware to other Teams users. While the Outlook.com bug borking users' email was certainly an annoying inconvenience, perhaps a bigger problem is the Teams weakness.