Malicious actors are taking advantage of a legitimate Windows search feature to download and install remote access trojans (RATs) such as AsyncRAT and Remcos RAT. The attackers are using the ‘search-ms’ functionality and URI protocol handlers to perform searches on an attacker-controlled server. By disguising the remote files as trusted icons, the attackers are able to deceive users into executing malicious code and compromising their systems.
The Russian nation-state actor known as BlueBravo has been observed targeting diplomatic entities throughout Eastern Europe with the goal of delivering a new backdoor called GraphicalProton. The phishing campaign utilizes legitimate internet services for command-and-control obfuscation. BlueBravo, attributed to Russia’s Foreign Intelligence Service, has used various platforms to establish communications with infected hosts, and GraphicalProton is the latest addition to their malware arsenal.
Checkmarx’s Security Research team discovered a data exfiltration attack scenario that exploits vulnerabilities in Porsche’s website and GraphQL API. By chaining security issues, attackers can perform a Cross-Site Request Forgery (CSRF) attack and exfiltrate data from the API. The vulnerabilities include the API retrieving authentication tokens from cookies, allowing requests from origins other than porsche.com, and a SameSite attribute set to Lax for the jwtToken cookie. The attack can be executed through a phishing email containing a crafted URL that triggers a Reflected XSS vulnerability.
Cybercriminals are increasingly using sophisticated techniques to launch distributed denial-of-service (DDoS) attacks, including targeting authoritative DNS servers, using botnets built with hijacked virtual machines, and employing highly randomized fingerprints in HTTP application-layer attacks. The second quarter of 2023 saw an increase in application-layer attacks and a decrease in network-layer attacks. Additionally, DNS laundering attacks, which involve flooding authoritative DNS servers with requests for non-existent subdomains, and the use of virtual machine botnets have become more prevalent.
Metabase users are urged to update to the latest version due to an “extremely severe” security flaw that could lead to pre-authenticated remote code execution. The vulnerability, tracked as CVE-2023-38646, affects open-source editions prior to 0.46.6.1 and Metabase Enterprise versions before 22.214.171.124. Over 5,000 instances of Metabase are vulnerable, and although no active exploitation has been reported, immediate action is recommended to mitigate potential risks. Users are advised to apply patches promptly, block requests to the vulnerable endpoint, and monitor for any suspicious activity.
Cybersecurity agencies in Australia and the U.S. have issued a joint advisory warning about the security flaws in web applications that can be exploited by malicious actors to orchestrate data breaches and steal confidential data. The advisory specifically highlights Insecure Direct Object Reference (IDOR) bugs, which occur when an application uses user-supplied input or an identifier to directly access internal resources without proper validation. The agencies recommend adopting secure-by-design and -default principles and ensuring authentication and authorization checks are performed for every request that modifies, deletes, or accesses sensitive data.
Ryanair is facing a lawsuit filed by the European Center for Digital Rights (Noyb) over its use of facial recognition technology. The lawsuit alleges that Ryanair’s practice of requiring customers who book flights with third-party online agents to go through an additional identity verification process violates the privacy rights of customers. Noyb claims that the additional verification is unnecessary and presents a high privacy risk, and is seeking a $210 million fine for Ryanair.
Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.