Security News

New research has linked the operations of a politically motivated hacktivist group known as Moses Staff to another nascent threat actor named Abraham's Ax that emerged in November 2022. The geopolitical group is believed to be sponsored by the Iranian government and has since been linked to a string of espionage and sabotage attacks that make use of tools like StrifeWater RAT and open source utilities such as DiskCryptor to harvest sensitive information and lock victim data on infected hosts.

Recently, Chinese researchers have claimed that an existing algorithm can be used with today's quantum computers to break the RSA algorithm, which is the fundamental basis of secure internet communication. The basic claim of the paper, published last Christmas by 24 Chinese researchers, is that they have found an algorithm that enables 2,048-bit RSA keys to be broken even with the relatively low-power quantum computers available today.

The packages - named colorslib, httpslib, and libhttps - by the author between January 7, 2023, and January 12, 2023. The modules come with identical setup scripts that are designed to invoke PowerShell and run a malicious binary hosted on Dropbox, Fortinet disclosed in a report published last week.

On Friday, security researchers with Horizon3's Attack Team warned admins that they created a proof-of-concept exploit for CVE-2022-47966. "The vulnerability is easy to exploit and a good candidate for attackers to 'spray and pray' across the Internet. This vulnerability allows for remote code execution as NT AUTHORITYSYSTEM, essentially giving an attacker complete control over the system," Horizon3 vulnerability researcher James Horseman said.

On Friday, security researchers with Horizon3's Attack Team warned admins that they created a proof-of-concept exploit for CVE-2022-47966."The vulnerability is easy to exploit and a good candidate for attackers to 'spray and pray' across the Internet. This vulnerability allows for remote code execution as NT AUTHORITYSYSTEM, essentially giving an attacker complete control over the system," Horizon3 vulnerability researcher James Horseman said.

The paper, titled "Factoring integers with sublinear resources on a superconducting quantum processor," suggests that the application of Claus Peter Schnorr's recent factoring algorithm, in conjunction with a quantum approximate optimization algorithm, can break asymmetric RSA-2048 encryption using a non-fault tolerant quantum computer with only 372 physical quantum bits or qubits. The speculation has been that orders of magnitude more qubits, in conjunction with robust error correction at scale, may allow future quantum computers to run Peter Schor's algorithm - not to be confused with the similarly named Schnorr - quickly, on very large numbers, thereby breaking RSA encryption.

A security researcher was awarded a bug bounty of $107,500 for identifying security issues in Google Home smart speakers that could be exploited to install backdoors and turn them into wiretapping devices. The problem, in a nutshell, has to do with how the Google Home software architecture can be leveraged to add a rogue Google user account to a target's home automation device.

A new targeted phishing campaign has zoomed in on a two-factor authentication solution called Kavach that's used by Indian government officials. LNK files are used to initiate code execution which eventually downloads and runs a malicious C# payload, which functions as a remote access trojan," Securonix researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a new report.

The Raspberry Robin malware is now trying its hand at some trickery by dropping a fake payload to confuse researchers and evade detection when it detects it's being run within sandboxes and debugging tools. Raspberry Robin is a worm-like malware dropper that sells initial access to compromised networks to ransomware gangs and malware operators.

Cybersecurity researchers have discovered a new malicious package on the Python Package Index repository that impersonates a software development kit for SentinelOne, a major cybersecurity company, as part of a campaign dubbed SentinelSneak. "The SentinelOne imposter package is just the latest threat to leverage the PyPI repository and underscores the growing threat to software supply chains, as malicious actors use strategies like 'typosquatting' to exploit developer confusion and push malicious code into development pipelines and legitimate applications," ReversingLabs threat researcher Karlo Zanki said in a report shared with The Hacker News.