AWS and GitHub have become cybercriminals’ grounds for deploying RAT (remote access trojans).
Researchers warned that cybercriminals have taken to AWS and GitHub to populate VCURMS and STRRAT trojans through an infected Java-based downloader. Details about the attack revealed that the chain starts with a phishing email persuading victims to verify payment information by clicking a button, which triggers the download of “Payment-Advice.jar,” a malicious file hosted on AWS. VCURMS utilizes a proton mail email address, “[email protected],” to communicate with a command-and-control (C2) server.
A researcher also mentioned, “The attackers stored malware on public services like Amazon Web Services (AWS) and GitHub, employing a commercial protector to avoid malware detection.”
Brewer Davidson and Forstinger Österreich suffer a ransomware attack from the 8base ransomware group.
Brewer Davidson is an architectural company with over 50 employees and a revenue of $5 million. The company specializes in Architecture, urban design, urban planning, Master Planning, Educational Design, Commercial Design, Residential Design, Sustainable Design, Sustainability Advice, and Environmental Sustainable Design.
Forstinger Österreich GmbH is an Australian car accessories company with over 500 employees and $6.1 million in revenue. The company specializes in car speciality stores, car accessories, speciality workshops, moped dealers, bicycle dealers, trailer dealers, tyre dealers, mobility speciality stores, accessories, spare parts, and speciality trades.
Blacksuit ransomware attacked Judge Rotenberg Center, a behavioural school for children and adults specializing in special education, emotionally disabled student services, developmentally delayed services, Special needs, Behavioral management, and Autism services. The educational institute has over 1,000 employees and a revenue of $74.5 million.
Cybersecurity researchers found Google Gemini LLM (Large language model) susceptible to security threats.
Recent research showed that Google Gemini’s threat vulnerability allowed it to divulge system prompts, generate harmful content, and carry out indirect injection attacks. Microsoft’s statement reads, “A system message can be used to inform the LLM about the context.”
The vulnerability allows security bypass, which exposes system prompts meant for setting conversation-wide instructions to the LLM so it can generate meaningful responses. Another researcher notes, “Most LLMs are trained to respond to queries with a clear delineation between the user’s input and the system prompt.”
Microsoft release released security updates to address 61 security flaws.
The tech giant reported updating security to address two critical security vulnerabilities (CVE-2024-21407 and CVE-2024-21408) impacting Windows Hyper-V, which could result in DoS and remote code execution, among 58 other important vulnerabilities. Among the 58 others, privilege escalation flaws in Azure Kubernetes service confidential container (CVE-2024-21400, CVSS score: 9.0), windows composite image file system (CVE-2024-26170, CVSS score: 7.8) and authenticator (CVE-2024-21390, CVSS score: 7.1) were also addressed.
Microsoft, in a statement, also shed more light on what could happen if an attacker exploits these vulnerabilities: “Exploitation of this vulnerability could allow an attacker to gain access to multi-factor authentication codes for the victim’s accounts, as well as modify or delete accounts in the authenticator app but not prevent the app from launching or running,”
.Researchers warned that cybercriminals have taken to AWS and GitHub to populate VCURMS and STRRAT trojans through an infected Java-based downloader. Details about the attack revealed that the chain starts with a phishing email persuading victims to verify payment information by clicking a button, which triggers the download of “Payment-Advice.jar,){kind=link}