Security News

A North Korean threat actor active since 2012 has been behind a new espionage campaign targeting high-profile government officials associated with its southern counterpart to install an Android and Windows backdoor for collecting sensitive information. Cybersecurity firm Malwarebytes attributed the activity to a threat actor tracked as Kimsuky, with the targeted entities comprising of the Ministry of Foreign Affairs, Ambassador of the Embassy of Sri Lanka to the State, International Atomic Energy Agency Nuclear Security Officer, and the Deputy Consul General at Korean Consulate General in Hong Kong.

A new set of critical vulnerabilities has been disclosed in the Realtek RTL8170C Wi-Fi module that an adversary could abuse to gain elevated privileges on a device and hijack wireless communications. "Successful exploitation would lead to complete control of the Wi-Fi module and potential root access on the OS of the embedded device that uses this module," researchers from Israeli IoT security firm Vdoo said in a write-up published yesterday.

Cybersecurity researchers have disclosed two new attack techniques on certified PDF documents that could potentially enable an attacker to alter a document's visible content by displaying malicious content over the certified content without invalidating its signature. "The attack idea exploits the flexibility of PDF certification, which allows signing or adding annotations to certified documents under different permission levels," said researchers from Ruhr-University Bochum, who have systematically analyzed the security of the PDF specification over the years.

Cybersecurity researchers have disclosed a new backdoor program capable of stealing user login credentials, device information and executing arbitrary commands on Linux systems. The malware dropper has been dubbed "Facefish" by Qihoo 360 NETLAB team owing its capabilities to deliver different rootkits at different times and the use of Blowfish cipher to encrypt communications to the attacker-controlled server.

A team of security researchers from Google has demonstrated yet another variant of the Rowhammer vulnerability that targets increasingly smaller DRAM chips to bypass all current mitigations, making it a persistent threat to chip security. Dubbed "Half-Double," the new hammering technique hinges on the weak coupling between two memory rows that are not immediately adjacent to each other but one row removed in an attempt to tamper with data stored in memory and attack a system.

A team of researchers from Google has identified a new Rowhammer attack technique that works against recent generations of dynamic random-access memory chips. The new attack method disclosed this week by Google, which researchers have dubbed "Half-Double," shows that the effects of Rowhammer can extend beyond immediate neighbors, thus bypassing some of the existing defenses.

Aqua Security announced that its Team Nautilus researchers were tapped by the MITRE ATT&CK team to contribute to the development of the new Container Framework. Aqua's contributions help to create a foundation for cloud security methodologies and shape the future of container security by illuminating key cloud native security attack vectors and methods observed in the wild by Aqua's threat research team.

State-sponsored hackers affiliated with North Korea have been behind a slew of attacks on cryptocurrency exchanges over the past three years, new evidence has revealed. Attributing the attack with "Medium-high" likelihood to the Lazarus Group, researchers from Israeli cybersecurity firm ClearSky said the campaign, dubbed "CryptoCore," targeted crypto exchanges in Israel, Japan, Europe, and the U.S., resulting in the theft of millions of dollars worth of virtual currencies.

You'd think with all the recent discussion about consent, researchers would more carefully observe ethical boundaries. A group of researchers from the University of Minnesota not only crossed the line but ran across it, screaming defiantly the whole way.

Following an eight-month audit of the code in the latest infotainment system in Mercedes-Benz cars, security researchers with Tencent Security Keen Lab identified five vulnerabilities, four of which could be exploited for remote code execution. In addition to targeting the main infotainment head unit, the security researchers also analyzed Mercedes-Benz's T-Box, successfully exploited some of the identified attack scenarios, and even combined some of them to compromise the head unit even in real-world vehicles.