Security News

New findings released last week showcase the overlapping source code and techniques between the operators of Shamoon and Kwampirs, indicating that they "Are the same group or really close collaborators." "Research evidence shows identification of co-evolution between both Shamoon and Kwampirs malware families during the known timeline," Pablo Rincón Crespo of Cylera Labs said.

Linux distributions are in the process of issuing patches to address a newly disclosed security vulnerability in the kernel that could allow an attacker to overwrite arbitrary data into any read-only files and allow for a complete takeover of affected systems. The Linux kernel flaw is said to have existed since version 5.8, with the vulnerability sharing similarities to that of Dirty Cow, which came to light in October 2016.

A group of academics from the North Carolina State University and Dokuz Eylul University have demonstrated what they say is the "First side-channel attack" on homomorphic encryption that could be exploited to leak data as the encryption process is underway. "Basically, by monitoring power consumption in a device that is encoding data for homomorphic encryption, we are able to read the data as it is being encrypted," Aydin Aysu, one of the authors of the study, said.

A Ukrainian researcher continues to deal devastating blows to the Conti ransomware operation, leaking further internal conversations, as well as the source for their ransomware, administrative panels, and more.On Monday, the researcher kept leaking more damaging Conti data, including an additional 148 JSON files containing 107,000 internal messages since June 2020, which is around when the Conti ransomware operation was first launched.

The group behind the TrickBot malware is back after an unusually long lull between campaigns, according to researchers - but it's now operating with diminished activity. A report from Intel 471 published on Thursday flagged a "Strange" period of relative inactivity, where "From December 28, 2021 until February 17, 2022, Intel 471 researchers have not seen new TrickBot campaigns."

A few days after the rickroll business, we were writing up another AirTag hack that documented how to create Bluetooth messages that could hitch a ride on Apple's AirTag network. Every two seconds, regular AirTags broadcast an identifier via a low-energy Bluetooth; any passing iPhones in the vicinity that are AirTag enabled and happen to pick up these broadcast messages co-operatively relay them back to Apple's AirTag backend, where they're saved for later lookup.

Security researchers have created exploit code for CVE-2022-24086, the critical vulnerability affecting Adobe Commerce and Magento Open Source that Adobe that patched in an out-of-band update last Sunday. The vulnerability, which Adobe saw being "Exploited in the wild in very limited attacks," received a severity score of 9.8 out of 10 and adversaries exploiting it can achieve remote code execution on affected systems without the need to authenticate.

Cybersecurity researchers have unpacked a new Golang-based botnet called Kraken that's under active development and features an array of backdoor capabilities to siphon sensitive information from compromised Windows hosts. The botnet - not to be confused with a 2008 botnet of the same name - is perpetuated using SmokeLoader, which chiefly acts as a loader for next-stage malware, allowing it to quickly scale in size and expand its network.

"The DDoS attacks against the Ukrainian defense ministry and financial institutions appear to be harassment similar to the previous DDoS attacks seen in January," Rick Holland, CISO at Digital Shadows, said via email. In the past two months, Russian- advanced persistent threats have been tied to an attack on 70 Ukrainian government websites, a wiper targeting government, non-profit and IT organizations, and increased attacks and espionage against military targets.

Cybersecurity researchers have detailed the inner workings of ShadowPad, a sophisticated and modular backdoor that has been adopted by a growing number of Chinese threat groups in recent years, while also linking it to the country's civilian and military intelligence agencies. ShadowPad is a modular malware platform sharing noticeable overlaps to the PlugX malware and which has been put to use in high-profile attacks against NetSarang, CCleaner, and ASUS, causing the operators to shift tactics and update their defensive measures.