Category: IT security News

Cybersecurity Alert: Malicious Python Packages Targeting Developers In a recent discovery, cybersecurity researchers have revealed a sneaky scheme involving malicious Python packages aimed directly at software developers. These deceptive packages masquerade as coding assessments, but in reality, they are designed to infiltrate systems and compromise security. The Setup: The discovery unfolded when researchers traced the…

Microsoft Unveils Patch Tuesday Updates for September 2024 On Tuesday, Microsoft revealed three new security weaknesses in the Windows platform that have fallen prey to active exploitation. These vulnerabilities have come to light as part of the Patch Tuesday update for September 2024. The Patch Tuesday release encompasses a comprehensive review of 79 vulnerabilities, bringing…

Ivanti Addresses Critical Vulnerabilities in Endpoint Manager Ivanti recently issued software updates to tackle several security flaws affecting its Endpoint Manager (EPM) platform. Among these vulnerabilities are 10 critical threats that, if exploited, could potentially lead to remote code execution. One notable flaw is identified by the CVE-2024-29847 code, boasting a perfect 10.0 CVSS score….

The Rise of CosmicBeetle and ScRansom The cybersecurity world is abuzz with the news of a new custom ransomware strain named ScRansom, unleashed by the notorious threat actor known as CosmicBeetle. CosmicBeetle has shifted gears and moved away from its previous ransomware tool, Scarab, to this new and improved version. Targeted Attacks on Small- and…

Shadow Apps: A Risky Business in IT Security In the realm of IT security, there exists a covert operation that goes by the name of Shadow IT. Within this clandestine network lies a particularly risky segment known as Shadow Apps. Imagine them as renegade software applications that enter the organization incognito, purchased without the blessing…

Introducing PIXHELL: A Cunning Side-Channel Attack A sneaky new side-channel attack named PIXHELL has emerged on the IT security scene, proving to be a formidable threat for air-gapped computers. The attack method cunningly breaches the “audio gap” that separates such computers from the outside world. By leveraging the noise emitted by the pixels on the…

Mustang Panda Upgrades Malware Arsenal for Data Exfiltration In the ever-evolving landscape of cyber threats, the threat actor known as Mustang Panda has been making strategic advancements in their malware arsenal. According to recent findings from Trend Micro, this group has been refining their tools to not only facilitate data exfiltration but also streamline the…

Novel Side-Channel Attack Exploits Radio Signals from RAM for Data Exfiltration A groundbreaking side-channel attack, dubbed RAMBO by Dr. Mordechai Guri from Ben Gurion University, has surfaced as a potential threat to air-gapped networks. This sophisticated technique capitalizes on radio signals emitted by a device’s RAM as a means for exfiltrating data surreptitiously. Dr. Guri,…

Chinese APT Group Exploits Visual Studio Code for Espionage The notorious China-linked advanced persistent threat (APT) group, Mustang Panda, has been spotted utilizing Visual Studio Code software to carry out espionage activities against government entities across Southeast Asia. This marks a concerning development in the realm of cyber threats, showcasing the group’s evolving tactics. Utilizing…

The Colombian Insurance Sector Under Attack by Blind Eagle Threat Actor The Colombian insurance sector finds itself on the receiving end of a cyber threat orchestrated by a group known as Blind Eagle. This malevolent group has been active since June 2024, with their latest scheme involving the distribution of a modified version of the…