banner
News center
Instant delivery

PowerDrop targets Defense, YKK attack, Barracuda urges replacement

Oct 08, 2023

Researchers from the Adlumin Threat Research group warn that the PowerShell-based malware uses advanced techniques to evade detection, including deception, encoding, and encryption. At this time Adlumin has yet to link the malware to a specific threat actor, but they believe it could be a nation-state actor due to the level of sophistication of the malware and the nature of the targets. The researchers discovered PowerDrop in the network of a domestic aerospace defense contractor in May 2023.

(Security Affairs)

Japanese zipper giant YKK confirmed that its U.S. operations were targeted by hackers in recent weeks but said it was able to contain the threat before damage was caused. The Tokyo-based corporation would not say if it had been hit with ransomware, but a spokesperson told Recorded Future News that its cybersecurity team "contained the threat before significant damage was done or sensitive information was exfiltrated." Although no group has been formally identified in this attack, the LockBit ransomware group posted the company on its leak site on June 2, threatening to leak data stolen from YKK by June 16.

(The Record)

Following up on a story we covered last week, enterprise security company Barracuda has now warned its customers against using email security gateway (ESG) appliances impacted by a recently disclosed zero-day exploit and to replace them immediately. A patch for the vulnerability, which has been exploited since October 2022, had been issued by Barracuda last month to stop the exploit from allowing ESG backdooring. "The vulnerability existed in a module which initially screens the attachments of incoming emails," the company had said previously. "No other Barracuda products, including our SaaS email security services, were subject to the vulnerability identified."

(CSO Online)

Security researchers are warning about a bug in Microsoft Visual Studio installer that gives cyberattackers a way to create and distribute malicious extensions to application developers, under the guise of being a legitimate software publisher. From there, they could infiltrate development environments, taking control, poisoning code, stealing high-value intellectual property, and more. Microsoft issued a patch for the spoofing vulnerability—tracked as CVE-2023-28299—with its monthly security update for April. According to Varonis, the bug merits attention because it's easily exploitable and exists in a product with a 26% market share and more than 30,000 customers.

(Dark Reading)

A team of researchers led by the University of Kansas believe their classifier is effective, because it homes in on a range of stylistic differences between human and AI writing. Scientists are more likely to have a richer vocabulary and write longer paragraphs containing more diverse words than machines. They also use punctuation like question marks, brackets, semicolons more frequently than ChatGPT, except for speech marks used for quotations. They claim ChatGPT is also less precise, and doesn't provide specific information about figures or other scientist names compared to humans. Real science papers also use more equivocal language, using words like like "however", "but", "although", "this", and "because". "Since the key goal of this work was a proof-of-concept study, the scope of the work was limited, and follow-up studies are needed to determine the extent of this approach's applicability," the researchers wrote in their paper.

(The Register)

Cisco has now fixed a high-severity vulnerability found in Cisco Secure Client (formerly AnyConnect Secure Mobility Client) software that can let attackers escalate privileges to the SYSTEM account used by the operating system. This software enables employees to work from anywhere via a secure Virtual Private Network (VPN) and provides admins with endpoint management and telemetry features. Low-privileged, local attackers would have been able to exploit this security flaw (tracked as CVE-2023-20178) in low-complexity attacks that don't require user interaction. The bug was fixed in AnyConnect Secure Mobility Client for Windows 4.10MR7 and Cisco Secure Client for Windows 5.0MR2.

(Bleeping Computer)

Vulcan Cyber's Voyager18 research team described the discovery in an advisory published this week. Based on their proof of concept, researcher Bar Lanyado said the team identified a new malicious package spreading technique they called "AI package hallucination." The technique involves posing a question to ChatGPT, requesting a package to solve a coding problem, and receiving multiple package recommendations, including some not published in legitimate repositories. By replacing these non-existent packages with their own malicious ones, attackers can deceive future users who rely on ChatGPT's recommendations.

(InfoSecurity Magazine and Vulcan Cyber)

The research team at Cybernews has discovered an open Amazon Web Services (AWS) cloud instance containing over 360,000 files that it has deduced as belonging to Pflegia, a German healthcare recruitment platform that hires healthcare professionals for hospitals, nursing homes, outpatient services, and intensive care. The exposed AWS bucket held hundreds of files containing sensitive information within user-submitted resumes. This included full names dates of birth, occupation history, home addresses, phone numbers, and email addresses.

(Security Affairs)