GhostEmperor is a threat group first discovered and described by Kaspersky in 2021. It has not been recognized since. In a late 2023 compromise investigation, Sygnia discovered what it believes to be a variant of the GhostEmperor infection chain leading to the Demodex rootkit – which was first seen and described by Kaspersky in 2021….
The critical bug, tracked as CVE-2024-31320, impacts Android versions 12 and 12L and allows an attacker to escalate privileges on a vulnerable device. “The most severe of these issues is a critical security vulnerability in the Framework component that could lead to local escalation of privilege with no additional execution privileges needed,” Google explains in…
Tracked as CVE-2024-4610, the bug is described as a use-after-free issue that could be exploited by local users to make improper GPU memory processing operations. Successful exploitation of the flaw allows a non-privileged attacker to access previously freed memory, Arm explains in an advisory. “Arm is aware of reports of this vulnerability being exploited in…
In summary, Trend Micro has found only one criminal LLM: WormGPT. Instead, there is a growing incidence, and therefore potential use, of jailbreaking services: EscapeGPT, BlackHatGPT, and LoopGPT. (The RSA presentation is supported by a separate Trend Micro blog.) There is also an increasing number of ‘services’ whose purpose is unclear. These provide no demo…
The case is yet another reason why everyone — not just politicians and celebrities — should be concerned about this increasingly powerful deep-fake technology, experts say. “Everybody is vulnerable to attack, and anyone can do the attacking,” said Hany Farid, a professor at the University of California, Berkeley, who focuses on digital forensics and misinformation….
As part of the malware operation, referred to as GuptiMiner, the threat actor exploited a vulnerability in the eScan antivirus update mechanism and performed a man-in-the-middle (MitM) attack to replace the legitimate update package with a malicious one. eScan is a brand of India-based MicroWorld. Once the antivirus unpacks and loads the malicious payload, a…
The incident was detected on May 30, 2023, but it took the firm roughly eight months to investigate and determine what type of information was compromised and to identify the impacted individuals. According to GMA’s notification letter to the affected individuals, a copy of which was submitted to the Maine Attorney General’s Office, both personal…
The company disclosed the incident in a regulatory filing on March 10, when it admitted that the attack caused some disruption and involved unauthorized access to some of its IT systems. However, MarineMax said at the time that the breached environment did not store any sensitive data. Roughly 10 days later, the Rhysida ransomware group…
Healthcare comprises a critical industry combining a large-scale use of converged IT and OT with a huge quantity of disparate OT devices dependent on IT control delivered over WiFi – and a very low tolerance for disruption. The industry is eminently exploitable and has a strong incentive to settle extortion attacks as quickly and as…
The first of the high-severity bugs, CVE-2024-20321, exists because External Border Gateway Protocol (eBGP) traffic “is mapped to a shared hardware rate-limiter queue”, allowing an unauthenticated, remote attacker to send large amounts of traffic and cause a denial-of-service (DoS) condition. According to Cisco, under certain conditions, the security defect impacts Nexus 3600 series switches and…
Is GhostEmperor Back? Sygnia Finds Clues in Recent Cyber Incident
