Search Results for: Payload

March 5, 2024 As many as 100 malicious artificial intelligence (AI)/machine learning (ML) models have been discovered in the Hugging Face platform. These include instances where loading a pickle file leads to code execution, software supply chain security firm JFrog said. “The model’s payload grants the attacker a shell on the compromised machine, enabling them to gain …

Over 100 Malicious AI/ML Models Found on Hugging Face Platform Read More »

February 9, 2024 The threat actors behind a loader malware called HijackLoader have added new techniques for defense evasion, as the malware continues to be increasingly used by other threat actors to deliver additional payloads and tooling. “The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent …

HijackLoader Evolves: Researchers Decode the Latest Evasion Methods Read More »

February 2, 2024 Exposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat. “The campaign deploys a benign container generated using the Commando project,” Cado security researchers Nate Bill and Matt Muir said in a new report published today. “The attacker escapes this container and runs multiple payloads on the Article posted by: …

Exposed Docker APIs Under Attack in ‘Commando Cat’ Cryptojacking Campaign Read More »

February 1, 2024 A pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited to deliver a Rust-based payload called KrustyLoader that’s used to drop the open-source Sliver adversary simulation tool. The security vulnerabilities, tracked as CVE-2023-46805 (CVSS score: 8.2) and CVE-2024-21887 (CVSS score: 9.1), could be abused Article …

Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader Malware Read More »

January 26, 2024 A new Go-based malware loader called CherryLoader has been discovered by threat hunters in the wild to deliver additional payloads onto compromised hosts for follow-on exploitation. Arctic Wolf Labs, which discovered the new attack tool in two recent intrusions, said the loader’s icon and name masquerades as the legitimate CherryTree note-taking application to dupe …

New CherryLoader Malware Mimics CherryTree to Deploy PrivEsc Exploits Read More »

January 20, 2024 Pirated applications targeting Apple macOS users have been observed containing a backdoor capable of granting attackers remote control to infected machines. “These applications are being hosted on Chinese pirating websites in order to gain victims,” Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley said. “Once detonated, the malware will download and execute …

Experts Warn of macOS Backdoor Hidden in Pirated Versions of Popular Software Read More »

January 19, 2024 Vulnerable Docker services are being targeted by a novel campaign in which the threat actors are deploying XMRig cryptocurrency miner as well as the 9Hits Viewer software as part of a multi-pronged monetization strategy. “This is the first documented case of malware deploying the 9Hits application as a payload,” cloud security firm …

New Docker Malware Steals CPU for Crypto & Drives Fake Website Traffic Read More »

January 12, 2024 Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to execute a memory-resident payload. The vulnerability in question is CVE-2023-51467 (CVSS score: 9.8), a bypass for another severe shortcoming in the same software ( Article posted by: https://thehackernews.com/2024/01/new-poc-exploit-for-apache-ofbiz.html ——————————————————————————————————————– Infocerts, 5B 306 …

New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems Read More »

January 12, 2024 The ubiquity of GitHub in information technology (IT) environments has made it a lucrative choice for threat actors to host and deliver malicious payloads and act as dead drop resolvers, command-and-control, and data exfiltration points. “Using GitHub services for malicious infrastructure allows adversaries to blend in with legitimate network traffic, often bypassing traditional …

Threat Actors Increasingly Abusing GitHub for Malicious Purposes Read More »

January 10, 2024 Poorly secured Microsoft SQL (MS SQL) servers are being targeted in the U.S., European Union, and Latin American (LATAM) regions as part of an ongoing financially motivated campaign to gain initial access. “The analyzed threat campaign appears to end in one of two ways, either the selling of ‘access’ to the compromised …

Turkish Hackers Exploiting Poorly Secured MS SQL Servers Across the Globe Read More »