Security News

Process Ghosting expands on previously documented endpoint bypass methods such as Process Doppelgänging and Process Herpaderping, thereby enabling the veiled execution of malicious code that may evade anti-malware defenses and detection. Process Doppelgänging, analogous to Process Hollowing, involves injecting arbitrary code in the address space of a legitimate application's live process that can then be executed from the trusted service.

As Microsoft preps the next version of Windows, a hole has been spotted in an earlier Great Hope for the company: MS Paint 3D. The raster graphics and 3D modelling app was part of Microsoft's Creators Update back in 2016 and was released in 2017. The idea was that users would embrace its support for 3D objects and ditch the ancient Microsoft Paint for the new shiny.

Rather than do the heavy lifting themselves, ransomware gangs are buying their way onto networks, partnering with other criminal groups that have already paved the way for entry with first-stage malware, researchers have found. Before the ultimate ransomware payload hits the network, known ransomware gangs such as Ryuk, Egregor and REvil first team up with threat actors who specialize in initial infection using various forms of malware - such as TrickBot, BazaLoader and IcedID, according to the report.

A researcher says he has earned $30,000 through Facebook's bug bounty program for reporting an Instagram vulnerability that exposed private posts. In a blog post published on Tuesday, Mayur Fartade, a researcher based in India, said the flaw could have been exploited to access private or archived posts, stories, reels and IGTV videos without following the user whose content was targeted.

The cyberattack on SITA that impacted multiple airlines around the world was orchestrated by a Chinese nation-state threat actor tracked as APT41, security researchers at detection and prevention firm Group-IB say. Air India revealed that the attack was related to SITA PSS, which processes personally identifiable information.

An advanced persistent threat that Russia found inside government systems was too crude to have been the work of a Western nation, says security researcher Juan Andrés Guerrero-Saade of Sentinel Labs, before suggesting the malware came from a Chinese entity. Russian telco and IT services provider Rostelecom and the nation's National Coordination Center for Computer Incidents, an arm of the Russian Federal Security Service, in May published a joint report that detailed their assessment of attacks on several Russian government entities detected in 2020.

Security researchers have discovered the first known malware, dubbed "Siloscope," targeting Windows Server containers to infect Kubernetes clusters in cloud environments. "Siloscape is heavily obfuscated malware targeting Kubernetes clusters through Windows containers," said Unit 42 researcher Daniel Prizmant.

A North Korean threat actor active since 2012 has been behind a new espionage campaign targeting high-profile government officials associated with its southern counterpart to install an Android and Windows backdoor for collecting sensitive information. Cybersecurity firm Malwarebytes attributed the activity to a threat actor tracked as Kimsuky, with the targeted entities comprising of the Ministry of Foreign Affairs, Ambassador of the Embassy of Sri Lanka to the State, International Atomic Energy Agency Nuclear Security Officer, and the Deputy Consul General at Korean Consulate General in Hong Kong.

A new set of critical vulnerabilities has been disclosed in the Realtek RTL8170C Wi-Fi module that an adversary could abuse to gain elevated privileges on a device and hijack wireless communications. "Successful exploitation would lead to complete control of the Wi-Fi module and potential root access on the OS of the embedded device that uses this module," researchers from Israeli IoT security firm Vdoo said in a write-up published yesterday.

Cybersecurity researchers have disclosed two new attack techniques on certified PDF documents that could potentially enable an attacker to alter a document's visible content by displaying malicious content over the certified content without invalidating its signature. "The attack idea exploits the flexibility of PDF certification, which allows signing or adding annotations to certified documents under different permission levels," said researchers from Ruhr-University Bochum, who have systematically analyzed the security of the PDF specification over the years.