Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode

Cybersecurity researchers have unearthed a new controller component associated with a known backdoor called BPFDoor as part of cyber attacks targeting telecommunications, finance, and retail sectors in South Korea, Hong Kong, Myanmar, Malaysia, and Egypt in 2024.

“The controller could open a reverse shell,” Trend Micro researcher Fernando Mercês said in a technical report published earlier in the week. “This could allow lateral movement, enabling attackers to enter deeper into compromised networks, allowing them to control more systems or gain access to sensitive data.

The campaign has been attributed with medium confidence to a threat group it tracks as Earth Bluecrow, which is also known as DecisiveArchitect, Red Dev 18, and Red Menshen. The lower confidence level boils down to the fact that the BPFDoor malware source code was leaked in 2022, meaning it could also have bee adopted by other hacking groups.

Read more | >

MITRE Vice President Yosry Barsoum has warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs expires today, which could lead to widespread disruption across the global cybersecurity industry.

CVE, the most critical of the two, is maintained by MITRE with funding from the U.S. National Cyber Security Division of the U.S. Department of Homeland Security (DHS). CVE is crucial for providing accuracy, clarity, and shared standards when discussing security vulnerabilities.

The program is widely adopted across various cybersecurity tools, including vulnerability management systems, and it allows tracking all newly discovered vulnerabilities using CVE Identifiers (CVE IDs) assigned by CVE Numbering Authorities (CNAs) worldwide, with MITRE as the CVE Editor and Primary CNA.

Read more | >

The threat actor known as Paper Werewolf has been observed exclusively targeting Russian entities with a new implant called PowerModul.

The activity, which took place between July and December 2024, singled out organizations in the mass media, telecommunications, construction, government entities, and energy sectors, Kaspersky said in a new report published Thursday.

Paper Werewolf, also known as GOFFEE, is assessed to have conducted at least seven campaigns since 2022, according to BI.ZONE, with the attacks mainly aimed at government, energy, financial, media, and other organizations.

Read more | >

The clone websites identified by DTI include a carousel of images that, when clicked, download a malicious APK file onto the user’s device. The package file acts as a dropper to install a second embedded APK payload via the DialogInterface. OnClickListener interface that allows for the execution of the SpyNote malware when an item in a dialog box is clicked.

“Upon installation, it aggressively requests numerous intrusive permissions, gaining extensive control over the compromised device,” DTI said.

“This control allows for the theft of sensitive data such as SMS messages, contacts, call logs, location information, and files. SpyNote also boasts significant remote access capabilities, including camera and microphone activation, call manipulation, and arbitrary command execution.”

Read more | >

As websites incorporate more third-party tracking technologies, robust CSRF attack prevention becomes paramount. This case study illustrates how a misconfigured third-party vendor exposed CSRF tokens on a major retailer’s website, highlighting the risks of inadequate third-party security.

The Problem

A misconfiguration allowed a third-party pixel used by a major online retailer to access CSRF tokens and authentication tokens, which, as we noted, are critical security elements for preventing unauthorized actions. This exposure transmitted the tokens to remote third-party servers, creating a significant vulnerability that risked potential data breaches.

Read more | >