Security News
PLUS: India calls for global action on AI and crypto; Vietnam seeks cybersecurity independence; China bans AI prescribing drugs Asia In Brief Taiwan-based infosec consultancy Team T5 has disputed...
A hitherto undocumented threat actor operating for nearly a decade and codenamed MoustachedBouncer has been attributed to cyber espionage attacks aimed at foreign embassies in Belarus. "To compromise their targets, MoustachedBouncer operators tamper with their victims' internet access, probably at the ISP level, to make Windows believe it's behind a captive portal," Faou said.
"The attackers aimed to establish a permanent channel for data exfiltration, including data stored on air-gapped systems," Kaspersky said in an analysis spotlighting APT31's previously undocumented tradecraft. Some variants of the second-stage backdoors also come with features designed to look up file names in the Microsoft Outlook folder, execute remote commands, and employ the third-step component to complete the data exfiltration step in the form of RAR archive files.
Two North Korean hacker groups had access to the internal systems of Russian missile and satellite developer NPO Mashinostoyeniya for five to six months, cyber security firm SentinelOne asserted on Monday. The attack illustrates potential North Korean efforts to advance development of missile and other military tech via cyber espionage.
Cybersecurity researchers have discovered a new high-severity security flaw in PaperCut print management software for Windows that could result in remote code execution under specific circumstances. Tracked as CVE-2023-39143, the flaw impacts PaperCut NG/MF prior to version 22.1.3.
Cybersecurity researchers have discovered a bypass for a recently fixed actively exploited vulnerability in some versions of Ivanti Endpoint Manager Mobile, prompting Ivanti to urge users to update to the latest version of the software. Tracked as CVE-2023-35082 and discovered by Rapid7, the issue "Allows unauthenticated attackers to access the API in older unsupported versions of MobileIron Core.".
Cybersecurity researchers have discovered a new post-exploitation technique in Amazon Web Services that allows the AWS Systems Manager Agent to be run as a remote access trojan on Windows and Linux environments. "The SSM agent, a legitimate tool used by admins to manage their instances, can be re-purposed by an attacker who has achieved high privilege access on an endpoint with SSM agent installed, to carry out malicious activities on an ongoing basis," Mitiga researchers Ariel Szarf and Or Aspir said in a report shared with The Hacker News.
The threat actor known as Space Pirates has been linked to attacks against at least 16 organizations in Russia and Serbia over the past year by employing novel tactics and adding new cyber weapons to its arsenal. Targets comprise government agencies, educational institutions, private security companies, aerospace manufacturers, agricultural producers, defense, energy, and healthcare firms in Russia and Serbia.
"In this instance, the PoC is a wolf in sheep's clothing, harboring malicious intent under the guise of a harmless learning tool," Uptycs researchers Nischay Hegde and Siddartha Malladi said. The repository masquerades as a PoC for CVE-2023-35829, a recently disclosed high-severity flaw in the Linux kernel.
OpenAI is seeking researchers to work on containing super-smart artificial intelligence with other AI. The end goal is to mitigate a threat of human-like machine intelligence that may or may not be science fiction. "We need scientific and technical breakthroughs to steer and control AI systems much smarter than us," wrote OpenAI Head of Alignment Jan Leike and co-founder and Chief Scientist Ilya Sutskever in a blog post.