New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices

From thehackernews.com

A critical Bluetooth security flaw could be exploited by threat actors to take control of Android, Linux, macOS and iOS devices.

Tracked as CVE-2023-45866, the issue relates to a case of authentication bypass that enables attackers to connect to susceptible devices and inject keystrokes to achieve code execution as the victim.

Read more…

New SugarGh0st RAT targets Uzbekistan government and South Korea

From blog.talosintelligence.com

  • Cisco Talos recently discovered a malicious campaign that likely started as early as August 2023, delivering a new remote access trojan (RAT) we dubbed “SugarGh0st.” 
  • We found evidence suggesting the threat actor is targeting the Uzbekistan Ministry of Foreign Affairs and users in South Korea. 
  • We assess with high confidence that the SugarGh0st RAT is a new customized variant of Gh0st RAT, an infamous trojan that’s been active for more than a decade, with customized commands to facilitate the remote administration tasks as directed by the C2 and modified communication protocol based on the similarity of the command structure and the strings used in the code.
  • We observed two infection chains leveraging Windows Shortcut embedded with malicious JavaScript to deliver the components to drop and launch the SugarGh0st payload.
  • In one infection chain, the actor leverages the DynamixWrapperX tool to enable Windows API function calls in malicious JavaScript for running the shellcode.
  • Talos assesses with low confidence that a Chinese-speaking threat actor is operating this campaign based on the artifacts we found in the attack samples.

Read more…

Cobalt Strike: Looking for the Beacon

From gdatasoftware.com

During an incident response, looking for malware is often akin to looking for a needle in a hay stack. To complicate matters further, in the case of Cobalt Strike you often have no idea what that needle even looks like. And time is not on your side.

Cobalt Strike is essentially a tool that is used for red teaming – an attack simulation that helps to closely simulate the processes of a real attack. The responsible departments within a company that has commissioned the simulation are informed and the use of the tool is authorized. However, since various versions of this tool have fallen into the hands of criminals, Cobalt Strike is also often used for real attacks by criminals.

Read more…

Vigil: Open-source LLM security scanner

From helpnetsecurity.com

Vigil is an open-source security scanner that detects prompt injections, jailbreaks, and other potential threats to Large Language Models (LLMs).

Prompt injection arises when an attacker successfully influences an LLM using specially designed inputs. This leads to the LLM unintentionally carrying out the objectives set by the attacker.

Read more…

Interpol makes first border arrest using Biometric Hub to ID suspect

From theregister.com

European police have for the first time made an arrest after remotely checking Interpol’s trove of biometric data to identify a suspected smuggler.

The fugitive migrant, we’re told, gave a fake name and phony identification documents at a police check in Sarajevo, Bosnia and Herzegovina, while traveling toward Western Europe. And he probably would have got away with it, too, if it weren’t for you meddling kids Interpol’s Biometric Hub – a recently activated tool that uses French identity and biometrics vendor Idemia’s technology to match people’s biometric data against the multinational policing org’s global fingerprint and facial recognition databases.

Read more…

Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws

From thehackernews.com

Apple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software.

The vulnerabilities, both of which reside in the WebKit web browser engine, are described below –

  • CVE-2023-42916 – An out-of-bounds read issue that could be exploited to leak sensitive information when processing web content.
  • CVE-2023-42917 – A memory corruption bug that could result in arbitrary code execution when processing web content.

Read more…