On August 1, npm Inc. — the company that runs the biggest JavaScript package repository — removed 38 JavaScript npm packages that were caught stealing environment variables from infected projects. According to a subsequent investigation by npm’s team, on July 19, a person named HackTask uploaded 38 JavaScript libraries on the npm repository.
Proofpoint researchers have uncovered that the threat actor commonly referred to as FIN7 has added a new JScript backdoor called Bateleur and updated macros to its toolkit. We have observed these new tools being used to target U.S.-based chain restaurants, although FIN7 has previously targeted hospitality organizations, retailers, merchant services, suppliers and others. The new macros and Bateleur backdoor use sophisticated anti-analysis and sandbox evasion...
Read More
A team of three security researchers has found and disclosed two security flaws in the TCU (telematics control unit) components that ship with various luxury car models. TCUs are 2G modems that receive or send data from a car’s internal system and are used as an interface between the car and remote management tools such as web panels and mobile apps.
The “Blank Slate” malspam campaign has switched from distributing the Aleta BTCware variant to distributing a GlobeImposter variant that appends the .crypt extension. This malspam campaign is called Blank Slate due to the lack of a subject line and message body in the spam emails.
While studying the infamous EternalBlue exploit about 2 months ago, researchers Sean Dillon (zerosum0x0) and Zach Harding (Aleph-Naught-) found a new flaw in the Server Message Block (SMB) protocol that could allow an adversary to interrupt the service by depleting the memory and CPU resources of the targeted machine on a Denial of Service (DoS) attack. According to an article posted by ThreatPost, the flaw...
Read More
