"There was an exploit affecting the native cross-chain bridge between BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20 or BSC), known as 'BSC Token Hub,'" it said last week. "The exploit was through a sophisticated forging of the low level proof into one common library.
This week, security experts reported that ESKOM Hld SOC Ltd was having some server issues. At the same time, the Everest Ransom gang posted a claim about the hack of the South African state-owned electricity company.
Several vulnerabilities have been patched in the Google Android operating system (OS), the most severe of which could allow for arbitrary code execution. None of the vulnerabilities have been spotted in the wild.
On September 10, an attack was reported in the Zimbra forums where a malicious actor was able to upload a JSP web shell into the /public directory to execute a command, generating a pre-authentication key to login to an existing account. The attack vector was a specially crafted TAR archive, which was sent with a .jpg extension as an email attachment.
Fortinet has privately warned its customers of a security flaw affecting FortiGate firewalls and FortiProxy web proxies that could potentially allow an attacker to perform unauthorized actions on susceptible devices.
In May, threat actors launched a multipurpose cybercrime service that claimed to benefit both low-skilled and sophisticated attackers. Dubbed Eternity Project, it soon became a popular Malware-as-a-Service (MaaS). Now, the threat actor has come up with a multi-function malware, named LilithBot. The Eternity Group is, in turn, associated with the Russian Jester Group.
In yet another case of bring your own vulnerable driver (BYOVD) attack, the operators of the BlackByte ransomware are leveraging a flaw in a legitimate Windows driver to bypass security solutions.
A novel Android malware called RatMilad has been observed targeting a Middle Eastern enterprise mobile device by concealing itself as a VPN and phone number spoofing app.
Their reasons are simple. One: Handling memory and volatile data is a complex endeavor, made more difficult by legacy tools. Two: The average analyst is a highly educated individual but is generally not an expert in memory architecture. That knowledge is often reserved for systems engineers.
When Russian forces invaded Ukraine earlier this year, many observers believed that the conflict would be marked by overwhelming use of the Kremlin’s cyberweapons. Possessing a technically sophisticated cadre of hackers and toolkits to attack digital infrastructure, the Kremlin, according to this line of thinking, would deploy these weapons in an effort to cripple the Ukrainian government and deliver a decisive advantage on the battlefield.
