Security
Headlines
HeadlinesLatestCVEs

Source

TALOS

Lazarus Group's infrastructure reuse leads to discovery of new malware

Lazarus Group appears to be changing its tactics, increasingly relying on open-source tools and frameworks in the initial access phase of their attacks, as opposed to strictly employing them in the post-compromise phase.

TALOS
#vulnerability#web#mac#windows#microsoft#amazon#linux#cisco#git#php#log4j#auth#ssl
Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT

This is the third documented campaign attributed to this actor in less than a year, with the actor reusing the same infrastructure throughout these operations.

Three vulnerabilities in NVIDIA graphics driver could cause memory corruption

The driver is vulnerable to memory corruption if an adversary sends a specially crafted shader packer, which can lead to a memory corruption problem in the driver.

Generating FLIRT signatures for Nim and other non-C programming languages

Adversaries are increasingly writing malware in programming languages such as Go, Rust, or Nim, because they present challenges to investigators using reverse-engineering tools designed to work best against the C family of languages. It’s often difficult for reverse engineers examining non-C languages to differentiate between the malware author&

The rise of AI-powered criminals: Identifying threats and opportunities

A major area of impact of AI tools in cybercrime is the reduced need for human involvement in certain aspects of cybercriminal organizations.

Reflecting on supply chain attacks halfway through 2023

With BlackHat and “Hacker Summer Camp” going on over the next few weeks, this seems like the right time to step back and reflect on what’s happened so far this year.

Out-of-bounds write vulnerabilities in popular chemistry software; Foxit PDF Reader issues could lead to remote code execution

Seven of the vulnerabilities included in today’s Vulnerability Roundup have a CVSS severity score of 9.8 out of a possible 10.

What is commercial spyware?

As the victims of commercial spyware are highly targeted individuals, the sobering truth is that some attackers have the means to be able to spend six figures to compromise a single target.

What Cisco Talos knows about the Rhysida ransomware

The group appears to commonly deploy double extortion — of the victims that have been listed on the leak site, several of them have had some portion of their exfiltrated data exposed.