Security News

ESET Threat Report: ChatGPT Name Abuses, Lumma Stealer Malware Increases, Android SpinOk SDK Spyware’s Prevalence
2023-12-22 22:47

Cybersecurity company ESET released its H2 2023 threat report, and we're highlighting three particularly interesting topics in it: the abuse of the ChatGPT name by cybercriminals, the rise of the Lumma Stealer malware and the Android SpinOk SDK spyware. In the second half of 2023, ESET has blocked 650,000 attempts to access malicious domains whose names include "Chatgpt" or similar string in an apparent reference to the ChatGPT chatbot.

16 New CODESYS SDK Flaws Expose OT Environments to Remote Attacks
2023-08-11 05:20

A set of 15 high-severity security flaws have been disclosed in the CODESYS V3 software development kit that could result in remote code execution and denial-of-service under specific conditions, posing risks to operational technology environments. "Exploitation of the discovered vulnerabilities, which affect all versions of CODESYS V3 prior to version 3.5.19.0, could put operational technology infrastructure at risk of attacks, such as remote code execution and denial-of-service," Vladimir Tokarev of the Microsoft Threat Intelligence Community said in a report.

Tython: Open-source Security as Code framework and SDK
2023-05-03 04:00

Security teams must adopt automation and incorporate security measures into code to keep up with the quickly evolving software development. Tython allows security teams to build custom security reference architectures and design patterns as code.

Malware exploited critical Realtek SDK bug in millions of attacks
2023-01-25 18:00

Hackers have leveraged a critical remote code execution vulnerability in Realtek Jungle SDK 134 million attacks trying to infect smart devices in the second half of 2022. Most of these attacks originate from botnet malware families like Mirai, Gafgyt, Mozi, and derivatives of them.

Botnets exploited Realtek SDK critical bug in millions of attacks
2023-01-25 18:00

Hackers have leveraged a critical remote code execution vulnerability in Realtek Jungle SDK 134 million attacks trying to infect smart devices in the second half of 2022. Unit 42 logged activity leveraging CVE-2021-35394 from all over the world but almost half of the attacks originated from the United States.

Malicious PyPI package found posing as a SentinelOne SDK
2022-12-21 09:45

Threat researchers have found a rapidly updated malicious Python package on PyPI masquerading as a legitimate software-development kit from cybersecurity firm SentinelOne, but actually contains malware designed to exfiltrate data from infected systems. The package, which carried the name SentinelOne and has since been taken down, was uploaded to the Python Package Index - an online index of packages for Python developers - on December 11 and over two days was updated 20 times.

Researchers Discover Malicious PyPI Package Posing as SentinelOne SDK to Steal Data
2022-12-19 18:05

Cybersecurity researchers have discovered a new malicious package on the Python Package Index repository that impersonates a software development kit for SentinelOne, a major cybersecurity company, as part of a campaign dubbed SentinelSneak. "The SentinelOne imposter package is just the latest threat to leverage the PyPI repository and underscores the growing threat to software supply chains, as malicious actors use strategies like 'typosquatting' to exploit developer confusion and push malicious code into development pipelines and legitimate applications," ReversingLabs threat researcher Karlo Zanki said in a report shared with The Hacker News.

Android apps with 45 million installs used data harvesting SDK
2022-04-07 14:06

Mobile malware analysts warn about a set of applications available on the Google Play Store, which collected sensitive user data from over 45 million installs of the apps. The apps collected this data through a third-party SDK that includes the ability to capture clipboard content, GPS data, email addresses, phone numbers, and even the user's modem router MAC address and network SSID. This sensitive data could lead to significant privacy risks for the users if misused or leaked due to poor server/database security.

Vulnerabilities in Eltima SDK affect popular cloud desktop and USB sharing services
2021-12-10 12:22

SentinelOne researchers have unearthed a number of privilege escalation vulnerabilities in Eltima SDK, a library used by many cloud desktop and USB sharing services like Amazon Workspaces, NoMachine and Accops to allow users to connect and share local devices over network. The vulnerabilities affect both the cloud services and their end users.

AWS Among 12 Cloud Services Affected by Flaws in Eltima SDK
2021-12-08 18:54

Researchers have found a number of high-security vulnerabilities in a library created by network virtualization firm Eltima, that leave about a dozen cloud services used by millions of users worldwide open to privilege-escalation attacks. The flaws are in the USB Over Ethernet function of the Eltima SDK, not in the cloud services themselves, but because of code-sharing between the server side and the end user apps, they affect both clients - such as laptops and desktops running Amazon WorkSpaces software - and cloud-based machine instances that rely on services such as Amazon Nimble Studio AMI, that run in the Amazon cloud.