#Summary:

- Zscaler ThreatLabz has discovered a new malware called BunnyLoader, available on underground forums.

- BunnyLoader is a fileless loader coded in C/C++, making it difficult to detect.

- It has various capabilities including keylogging, hijacking cryptocurrency wallet addresses, and remote command execution.

- BunnyLoader has been evolving and offering updates and bug fixes since its release on September 4, 2023.

- It uses a command-and-control panel for tasks like downloading additional malware and managing infected machines.

- The malware employs persistence mechanisms, anti-sandbox tactics, and interactions with C2 servers.

- It records keystrokes, exfiltrates data from web browsers, cryptocurrency wallets, and VPN clients.

- BunnyLoader also includes a clipper module that replaces cryptocurrency addresses in a victim's clipboard.

- Zscaler's ThreatLabz will continue monitoring BunnyLoader to ensure customer safety.

#Hashtags:

#BunnyLoader #malware #filelessloader #keylogging #cryptocurrency #cybersecurity #C2panel

https://www.infosecurity-magazine.com/news/bunnyloader-targets-browsers-crypto/

FBI warns of dual ransomware attacks and data destruction trends. Rising occurrence of dual ransomware attacks observed. Cyber threat actors deploying multiple ransomware variants. Custom data theft and wiper tools used to pressure victims. FBI recommendations for countering ransomware: maintain offline backups, review vendor security posture, strengthen IAM. Network segmentation, monitoring, and endpoint detection tools advised. Organizations urged to report suspicious activity. FBI partners with Joint Ransomware Task Force to address the threat. #RansomwareAttacks #DataDestruction #Cybersecurity #FBI #RansomwareThreats

https://www.infosecurity-magazine.com/news/fbi-warns-dual-ransomware-data/

Apache NiFi RCE vulnerability enables attackers to exfiltrate sensitive data. Patches and upgrades have been provided to fix the issue. The vulnerability has a high severity score and affects widely distributed installations of Apache NiFi. Unidentified hackers are selling Apache NiFi exploits on dark web forums. Mitigation measures include installing fixes, implementing network segmentation, monitoring for unusual activity, and implementing access restrictions and authentication procedures. #ApacheNiFi #Vulnerabilities

https://cybersecuritynews.com/apache-nifi-rce-vulnerability/

New Android banking malware poses as government app to target users. #cyberattack #cybersecurity #malware

https://cybersecuritynews.com/new-android-banking-malware-government-app/

Critical infrastructure cyberattacks are increasing, with damages expected to reach $10.5 trillion by 2025. Machine learning tools can detect both known and unknown threats but often have high false positive rates. Large Language Models like HuntGPT integrate AI tasks and reduce costs in cybersecurity. HuntGPT is an AI-based intrusion detection tool that uses XAI frameworks to present threats in an explainable format. SMEs struggle with cybersecurity due to budget constraints, staffing shortages, and limited time. HuntGPT helps with policy formulation and log parsing, and has potential for non-professional users. The IDS Dashboard combines visualizations, AI explanations, and interactive conversations to aid decision-making. HuntGPT demonstrates strong cybersecurity knowledge but also highlights areas for improvement. Use Patch Manager Plus to patch vulnerabilities and ensure 100% security. #Cybersecurity #HuntGPT #AI #IntrusionDetection #CyberThreats #XAI

https://cybersecuritynews.com/huntgpt/

Malicious npm & PyPi packages exfiltrate SSH keys from servers. #npm #PyPi #SSHKeys

https://cybersecuritynews.com/malicious-npm-and-pypi-packages/

Microsoft's Bing AI is facing a malware threat from deceptive ads that can trick users into visiting malicious websites and downloading malware. The rising popularity of Bing Chat has attracted advertisers, but this has also created an avenue for potential abuse. Deceptive ads are introduced into Bing Chat conversations by displaying them when users hover over a link. These ads are often disguised as legitimate search results, leading users to click on them and unknowingly download malware. Users are advised to exercise caution while browsing and to use security tools for enhanced online security. The incident has been reported to Microsoft to address the security breach.

#Microsoft #Bing #AI #malware #deceptiveads #onlinesecurity

https://www.infosecurity-magazine.com/news/bing-ai-faces-malware-threat-ads/

Russian company offers $20m for hacking tools to compromise iPhones and Android devices. Operation Zero is looking for critical exploits like Remote Code Execution (RCE), Local Privilege Escalation (LPE), and Sandbox Escape (SBX) for mobile devices. These devices are increasingly targeted by both nation-state and non-nation-state actors. The company's stipulation is that the end user must belong to a non-NATO country. This raises concerns about the potential misuse of the hacking tools. Some question the ethics and consequences of offering such lucrative rewards for exploits that can compromise the security and privacy of smartphone users. The timing of this announcement follows OpenAI's bug bounty program that offers rewards of up to $20,000 for uncovering security vulnerabilities. #RussianCompany #HackingTools #NonNATO #MobileDevices #Exploits #Security #Privacy

https://www.infosecurity-magazine.com/news/russian-firm-non-nato-mobile/

Chinese hackers breached Microsoft's email platform, stealing over 60,000 US government emails. The breach was part of a series of cyberattacks on US organizations. The compromised accounts were primarily focused on East Asia, the Pacific, and European affairs. The extent of the breach and the consequences of the stolen emails remain unclear. China denies involvement in the cyberattacks. The State Department is taking measures to enhance its cybersecurity defenses. The breach highlights the need for stronger cybersecurity and a reevaluation of reliance on a single vendor. #cybersecurity #news #emails #Microsoft

https://cybersecuritynews.com/chinese-hackers-microsofts-email-platform/

Microsoft SharePoint Server Vulnerabilities Achieve RCE.

#Microsoft #SharePoint #vulnerability

https://cybersecuritynews.com/microsoft-sharepoint-server-vulnerabilities/

The origin server stores a website's or application's content and data. It serves as the starting point for all requests made to a website, accessing the requested resource from the server's file system and sending it back to the client. Origin servers can be public or private, with public servers delivering static content and private servers serving exclusive content to a predefined group of users.

Key characteristics of origin servers include being the primary data source, generating and storing content, ensuring security through measures like firewalls and encryption, maintaining availability, and potentially using content delivery networks (CDNs) to improve performance.

Origin servers work by managing incoming requests and delivering website content to users, but the distance between the user and server can cause delays. Regular maintenance and updates are important to prevent downtime.

Protecting origin servers is crucial to prevent unauthorized access and downtime. Vulnerabilities include unidentified applications, application weaknesses, brute force attacks, and DDoS attacks. Employing a CDN and implementing a web application firewall (WAF) are effective ways to protect origin servers. However, evaluating the status of origin protection is necessary to avoid potential direct attacks on the server.

https://cybersecuritynews.com/what-is-origin-server/

Progress Software has released patches for critical file transfer bugs in its WS_FTP product. Thousands of customers worldwide may be affected. One of the vulnerabilities, CVE-2023-40044, allows a pre-authenticated attacker to execute remote commands on the underlying operating system. Another critical bug, CVE-2023-42657, enables an attacker to perform file operations outside of their authorized folder path. Immediate attention and mitigation steps are advised. #ProgressSoftware #filetransferbugs #WS_FTP #vulnerabilities #patching

https://www.infosecurity-magazine.com/news/moveit-patches-critical-file/

- Chinese cyber-espionage campaign breached Microsoft Outlook accounts, accessing tens of thousands of US government emails.

- Storm-0558 group stole 60,000 emails from 10 State Department accounts, including those of individuals working on East Asia and Pacific diplomacy.

- Hackers also obtained a list of all State Department email accounts.

- Concerns raised about the federal government's reliance on a single vendor for cybersecurity.

- Microsoft previously revealed the campaign's compromise of at least 25 organizations, including the US government.

- Threat actors gained access to customer email accounts via Outlook Web Access in Exchange Online and Outlook.com.

- Chinese hackers exploited a zero-day validation issue to forge signed access tokens and impersonate accounts within the State Department and other organizations.

#cybersecurity #hacking #espionage #Microsoft #USgovernment #Storm0558

https://www.infosecurity-magazine.com/news/microsoft-breach-60000-state/

Summary: The UK's information commissioner has ordered public authorities to stop using excel spreadsheets to publish FOI data following a damaging leak at the Police Service of Northern Ireland. The advisory also calls for the conversion of spreadsheets into open reusable formats, investment in data management systems, training for staff involved in data disclosure, and guidance on pivot tables. The commissioner emphasized the importance of robust measures to protect personal information.

Hashtags: #PrivacyRegulator #FOI #DataProtection #SpreadsheetLeak

https://www.infosecurity-magazine.com/news/privacy-regulator-orders-end/

New GPU Side Channel Vulnerability Impacts GPUs from Intel, AMD, Apple & Nvidia. A side-channel attack can leak sensitive visual data from modern GPU cards. The attack is referred to as "GPU.zip" and was published by four American universities. The attack exploits vendor-specific compression used by Intel and AMD. Compression is a known source of side-channel data leakages. The attack can steal sensitive visual data pixel-by-pixel. The attack demonstration was conducted on the Wikipedia site. The research paper recommends further study for detailed information. Patch Manager Plus can help protect against vulnerabilities.

#cybersecurity #vulnerability #GPUSideChannel

https://cybersecuritynews.com/gpu-side-channel-vulnerability/

Google has fixed an actively exploited zero-day vulnerability in its Chrome browser and urges users to patch now. The vulnerability, CVE-2023-5217, was a heap buffer overflow vulnerability in the vp8 encoding in libvpx. Two other vulnerabilities, CVE-2023-5186 and CVE-2023-5187, were also fixed. Users are advised to upgrade to the latest version of Chrome for protection. #Google #vulnerability #ZeroDay

https://cybersecuritynews.com/google-chrome-zero-day-flaw/

Budworm APT targets telecoms and government with evolved toolset. The attack used a variant of Budworm's SysUpdate backdoor. Budworm uses custom malware and publicly available tools. The group's primary motivation is intelligence gathering. Organizations should remain vigilant.

#Budworm #APTEvolves #cybersecurity #telecoms #government

https://www.infosecurity-magazine.com/news/budworm-targets-telecom-government/

Mozilla has released Firefox 118, fixing six high-severity vulnerabilities. #cybersecurity #Firefox118 #vulnerabilities

https://cybersecuritynews.com/firefox-118-released/

Summary: The Snatch ransomware group's victim shaming site is leaking data about its visitors, including their IP addresses. The group is using paid ads on Google to distribute malware disguised as popular free software. The Snatch darknet site generates significant traffic, with many visitors coming from Russia. The site also exposes its server status page, revealing information about user access. Several internet addresses in Russia are frequently accessing the site. The domains associated with the Snatch ransomware gang are registered to Mihail Kolesnikov, who is also linked to phishing domains and malicious Google ads. The exposed "server status" page was discovered by a security researcher.

Hashtags: #SnatchRansomware #DataLeaks #MalwareDistribution #GoogleAds #IPAddresses #Darknet #ServerStatusPage #RussianInvolvement #PhishingDomains #MaliciousAds #InformationStealingMalware

https://krebsonsecurity.com/2023/09/snatch-ransom-group-exposes-visitor-ip-addresses/

UK logistics firm KNP Logistics Group has entered administration following a ransomware attack earlier this year. Over 700 employees will be made redundant. The attack impacted the company's ability to secure new funding. The group's Nelson Distribution business will survive after being sold. The financial and data losses from cyber attacks can have irreparable consequences. #ransomware #cybersecurity #businessimpact

https://www.infosecurity-magazine.com/news/uk-logistics-close-after/