03-Oct-23: In Security News Today

Iran-Linked APT34 Targets Saudis with Menorah Malware

APT34, a notorious advanced persistent threat group linked to Iran, is conducting a phishing campaign targeting users in the Middle East. The campaign utilizes a custom tool called Menorah, which can identify the target’s machine, upload and download files, and execute shell commands. The document used in the attack contains pricing information in Saudi Riyal, suggesting at least one targeted victim is located in Saudi Arabia.

KillNet Claims DDoS Attack Against Royal Family Website

The official website of the UK royal family was targeted by a distributed denial-of-service (DDoS) attack by pro-Russian hacktivists. The attack lasted for around 90 minutes and was claimed by the Russian threat actor KillNet. Security experts believe that KillNet’s activities are designed to bring attention to their political cause and shift popular support within Ukraine’s allies. The incident highlights the need for organizations to protect against DDoS attacks and defend their domain name servers and workloads.

New Quantum Factoring Algorithm Notably Reduces RSA Cryptography Breach Times

Oded Regev, a scientist at New York University, has developed a groundbreaking algorithm that reduces the qubits required for breaching advanced cryptographic systems. Regev’s algorithm efficiently identifies the prime multipliers of a number, significantly reducing the logical steps needed for factorization. While there are practical limitations and uncertainties about integration and quantum memory requirements, this research highlights the evolving threat of quantum computers to encryption and the pressing challenge of adapting to post-quantum schemes in cybersecurity.

Qualcomm Releases Patch for 3 new Zero-Days Under Active Exploitation

Chipmaker Qualcomm has released security updates to address 17 vulnerabilities, including three zero-days that are actively being exploited. The vulnerabilities range in severity from Critical to Medium. Qualcomm has provided patches for the affected components and has urged OEMs to deploy the updates as soon as possible. Users are advised to apply updates from OEMs when available.

North Korea’s Lazarus Group Deploys Complex Backdoor at Aerospace Org

North Korea’s state-sponsored Lazarus Group has developed a new backdoor malware called LightlessCan, which is based on the group’s flagship BlindingCan RAT. The malware was first discovered in a successful cyber attack on a Spanish aerospace company. LightlessCan is designed to evade detection by executing native Windows commands within the RAT itself, making it difficult for real-time monitoring and forensic tools to identify malicious activity.

PyTorch Models Vulnerable to Remote Code Execution via ShellTorch

Cybersecurity researchers have discovered critical security flaws in the TorchServe tool for serving and scaling PyTorch models, which could lead to remote code execution. The vulnerabilities, known as ShellTorch, can allow unauthorized access, insertion of malicious AI models, and potentially full server takeover. The flaws have been addressed in version 0.8.2, and users are urged to update to this version to mitigate the risks.

Tom Hanks Warns of AI Imposter Ads

Actor Tom Hanks and talk show co-host Gayle King have warned fans about ads featuring imposters generated by artificial intelligence. Hanks posted on Instagram about an unauthorized digital version of him being used in a dental plan ad, while King shared a bogus video clip promoting a weight loss product. The incident highlights concerns about AI being used to replicate screen talent and the potential for deep fake pictures and videos that can deceive people.

Researcher Reveals New Techniques to Bypass Cloudflare’s Firewall and DDoS Protection

A researcher has discovered techniques to bypass Cloudflare’s firewall and DDoS protection by exploiting gaps in cross-tenant security controls. The researcher found that attackers can abuse the trust relationship between Cloudflare and its customers’ websites by using their own Cloudflare accounts. The vulnerabilities include the use of shared infrastructure and the abuse of allowlisting Cloudflare IP addresses.

Arm Issues Patch for Mali GPU Kernel Driver Vulnerability Amidst Ongoing Exploitation

Arm has released security patches to address a vulnerability in the Mali GPU Kernel Driver that is being actively exploited. The vulnerability, tracked as CVE-2023-4211, allows a local non-privileged user to gain access to already freed memory through improper GPU memory processing operations. Google has found indications of targeted exploitation of this vulnerability, potentially as part of a spyware campaign targeting high-risk individuals. Arm has also resolved two other flaws in the Mali GPU Kernel Driver that allow for improper GPU memory processing operations.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.