A Hacker ‘Ghost’ Network Is Quietly Spreading Malware on GitHub

A secretive network of around 3,000 “ghost” accounts on GitHub has quietly been manipulating pages on the code-hosting website to promote malware and phishing links, according to new research seen by WIRED.

Since at least June last year, according to researchers at cybersecurity company Check Point, a cybercriminal they dubbed “Stargazer Goblin” has been hosting malicious code repositories on the Microsoft-owned platform. GitHub is the world’s largest open-source code website, hosting millions of developers’ work. As well as uploading malicious repositories, Stargazer Goblin has been boosting the pages by using GitHub’s own community tools.

Source: https://www.wired.com/story/github-malware-spreading-network-stargazer-goblin/

New Linux Kernel Exploit Technique ‘SLUBStick’ Discovered by Researchers

Cybersecurity researchers have shed light on a novel Linux kernel exploitation technique dubbed SLUBStick that could be exploited to elevate a limited heap vulnerability to an arbitrary memory read-and-write primitive.

SLUBStick has been demonstrated on versions 5.19 and 6.2 of the Linux kernels using nine security flaws (e.g., double free, use-after-free, and out-of-bounds write) discovered between 2021 and 2023, leading to privilege escalation to root with no authentication and container escapes.

Source: https://thehackernews.com/2024/08/new-linux-kernel-exploit-technique.html

BlankBot Trojan Targets Turkish Android Users

A threat intelligence firm discovered samples of a malicious Android program that appears to target Turkish-language speakers. The program can take screen grabs, capture keystrokes, and create custom overlays — also known as Web injections — that can fool users into entering sensitive information.

While still under development, the malware contains Turkish-language filenames, can record the screen and keystrokes, and inject custom overlays to steal passwords and sensitive data.

Source: https://www.darkreading.com/vulnerabilities-threats/blankbot-trojan-targets-turkish-android-users

Nearly 40 French museums reportedly affected by ransomware attack

Cybercriminals have reportedly attacked the system that centralizes the financial data of around 40 French museums in a ransomware attack over the weekend. According to the local newspaper Le Parisien, the attack was detected by a security specialist at the Grand Palais museum — which is currently hosting an Olympic competition for fencing and martial arts — over the weekend.

Following the attack, access to Grand Palais servers was reportedly cut off. As a result, the 36 bookstores and boutiques at associated museums, such as the Louvre, the Palace of Versailles, Orsay and the Picasso Museum, were affected. The museums themselves did not have their operations disrupted.

Source: https://therecord.media/french-museums-reportedly-affected-by-cyberattack

INTERPOL Recovers $41 Million in Largest Ever BEC Scam in Singapore

INTERPOL said it devised a “global stop-payment mechanism” that helped facilitate the largest-ever recovery of funds defrauded in a business email compromise (BEC) scam.

The development comes after an unnamed commodity firm based in Singapore fell victim to a BEC scam in mid-July 2024. It refers to a type of cybercrime where a malicious actor poses as a trusted figure and uses email to trick targets into sending money or divulging confidential company information.

Source: https://thehackernews.com/2024/08/interpol-recovers-41-million-in-largest.html

Attackers Use Multiple Techniques to Bypass Reputation-Based Security

A new study by researchers at Elastic Security found attackers have developed several effective techniques over the past few years to bypass mechanisms that block or allow applications and content based on their reputation and trustworthiness. For the study, the researchers used Microsoft Windows Smart App Control (SAC) and SmartScreen technologies as examples of a reputation-based mechanism for which attackers have developed bypasses.

The techniques include using digitally signed malware tools to make them appear legit, as well as reputation hijacking, reputation tampering, and specially crafted LNK files.

Source: https://www.darkreading.com/application-security/attackers-use-multiple-techniques-to-bypass-reputation-based-security

North Korean Hackers Moonstone Sleet Push Malicious JS Packages to npm Registry

The North Korea-linked threat actor known as Moonstone Sleet has continued to push malicious npm packages to the JavaScript package registry with the aim of infecting Windows systems, underscoring the persistent nature of their campaigns.

The packages in question, harthat-api and harthat-hash, were published on July 7, 2024, according to Datadog Security Labs. Both the libraries did not attract any downloads and were shortly pulled after a brief period of time.

Source: https://thehackernews.com/2024/08/north-korean-hackers-moonstone-sleet.html

Google says Android zero-day was exploited in the wild

Google has patched a “high-severity” vulnerability that may be “under limited, targeted exploitation” in Android devices. In an advisory on Monday, Google said that the bug, tracked as CVE-2024-36971, impacts the Linux kernel — a core component of an operating system that serves as a bridge between the software and the physical hardware of a computer.

The vulnerability allows hackers to remotely execute code on the affected device, Google said. The company hasn’t provided any details about specific attacks and which threat actor was behind them.

Source: https://therecord.media/android-zero-day-google-fix-august-patch

Cyber training organization pledges $15 million in education programs

The White House on Monday announced a new pledge by a cyber certification organization to offer $15 million in scholarships for cybersecurity programs at educational institutions, with a goal of reaching more than 50,000 students.

U.S National Cyber Director Harry Coker Jr. said on Monday that EC-Council, a cybersecurity technical certification body, has pledged $15 million in scholarships to reach over 50,000 students, “supporting them in earning new industry credentials and participating in growing their cybersecurity skills through hands-on programs.”

Source: https://therecord.media/cyber-training-org-pledges-15-million-white-house-coker

Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords

Cybersecurity researchers have disclosed details of security flaws in the Roundcube webmail software that could be exploited to execute malicious JavaScript in a victim’s web browser and steal sensitive information from their account under specific circumstances.

“When a victim views a malicious email in Roundcube sent by an attacker, the attacker can execute arbitrary JavaScript in the victim’s browser,” cybersecurity company Sonar said in an analysis published this week.

Source: https://thehackernews.com/2024/08/roundcube-webmail-flaws-allow-hackers.html

Smarttech247