CyberAlerts

Description: Written by: Nino Isakovic Introduction Since 2022, Google Threat Intelligence Group (GTIG) has been tracking multiple cyber espionage operations conducted by China-nexus actors utilizing POISONPLUG.SHADOW. These operations employ a custom obfuscating compiler that we refer to as "ScatterBrain," facilitating attacks against various entities across Europe and the Asia Pacific (APAC) region. ScatterBrain appears to be a substantial evolution of ScatterBee, an obfuscating compiler previously analyzed by PWC. GTIG assesses that POISONPLUG is an advanced modular backdoor used by multiple distinct, but likely related threat groups based in the PRC, however we assess that POISONPLUG.SHADOW usage appears to be further restricted to clusters associated with APT41. GTIG currently tracks three known POISONPLUG variants: POISONPLUG POISONPLUG.DEED POISONPLUG.SHADOW POISONPLUG.SHADOW—often referred to as "Shadowpad," a malware family name first introduced by Kaspersky—stands out due to its use of a custom obfuscating compiler specifically designed to evade detection and analysis. Its complexity is compounded by not only the extensive obfuscation mechanisms employed but also by the attackers' highly sophisticated threat tactics. These elements collectively make analysis exceptionally challenging and complicate efforts to identify, understand, and mitigate the associate...

Source: Google Threat Intelligence

January 28th, 2025 (5 months ago)

EnergyWeaponUser is Allegedly Selling Access to an Unidentified Bodycam Company

Description: EnergyWeaponUser is Allegedly Selling Access to an Unidentified Bodycam Company

Source: DarkWebInformer

January 28th, 2025 (5 months ago)

CVE-2024-12703

Schneider Electric RemoteConnect and SCADAPack x70 Utilities

Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: Electric RemoteConnect and SCADAPack x70 Utilities Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to loss of confidentiality, integrity, and potential remote code execution on workstation when a non-admin authenticated user opens a malicious project file. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: RemoteConnect: All versions SCADAPackTM x70 Utilities: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 DESERIALIZATION OF UNTRUSTED DATA CWE-502 A deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity, and potential remote code execution on workstation when a non-admin authenticated user opens a malicious project file. CVE-2024-12703 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-12703. A base score of 8.5 has been calculated; the CVSS vector string is (CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Energy, Critical Manufacturing. COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: France 3.4 RESEARCHER Schneider Electr...

CVSS: HIGH (8.5)

EPSS Score: 0.04%

Source: All CISA Advisories

January 28th, 2025 (5 months ago)

CVE-2024-8603

B&R Automation Runtime

Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: B&R Equipment: Automation Runtime Vulnerability: Use of a Broken or Risky Cryptographic Algorithm 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to masquerade as legitimate services on impacted devices. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS B&R reports that the following products are affected: B&R Automation Runtime: versions prior to 6.1 B&R mapp View: versions prior to 6.1 3.2 VULNERABILITY OVERVIEW 3.2.1 USE OF A BROKEN OR RISKY CRYPTOGRAPHIC ALGORITHM CWE-327 A "Use of a Broken or Risky Cryptographic Algorithm" vulnerability in the SSL/TLS component used in B&R Automation Runtime versions <6.1 and B&R mapp View versions <6.1 may be abused by unauthenticated network-based attackers to masquerade as legitimate services on impacted devices. CVE-2024-8603 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Austria 3.4 RESEARCHER ABB PSIRT reported this vulnerability to CISA. 4. MITIGATIONS B&R has identified the following specific workarounds and mitigations users can apply to reduce risk: All affected products: The problem is corrected in the following product versions: B&...

CVSS: HIGH (8.2)

EPSS Score: 0.04%

Source: All CISA Advisories

January 28th, 2025 (5 months ago)

A Threat Actor Claims to be Selling Unauthorized VPN Access to an Electrical Manufacturing Organization in Taiwan

Description: A Threat Actor Claims to be Selling Unauthorized VPN Access to an Electrical Manufacturing Organization in Taiwan

Source: DarkWebInformer

January 28th, 2025 (5 months ago)

What's Yours is Mine: Is Your Business Ready for Cryptojacking Attacks?

Description: Cryptojacking may be stealthy, but its impact is anything but. From inflated cloud bills to sluggish performance, it's a threat that companies can't ignore. Learn more from Pentera about how automated security validation can protect your org from these threats. [...]

Source: BleepingComputer

January 28th, 2025 (5 months ago)

PowerSchool starts notifying victims of massive data breach

Description: Education software giant PowerSchool has started notifying individuals in the U.S. and Canada whose personal data was exposed in a late December 2024 cyberattack. [...]

Source: BleepingComputer

January 28th, 2025 (5 months ago)

2024 Annual Report

Description: Discover key insights from Recorded Future's 2024 report on cyber threats, criminal networks, SaaS identity risks, and strategies for 2025 cybersecurity.

Source: RecordedFuture

January 28th, 2025 (5 months ago)

Protecting AWS environments from cyberthreats

Source: TheRegister

January 28th, 2025 (5 months ago)

Chinese AI DeepSeek R1 Is a Privacy and Security Nightmare

Description: Chinese AI model DeepSeek R1, hailed as a major breakthrough in reasoning capabilities, has been found to be highly vulnerable to security exploits, allowing it to generate harmful content, including malware, disinformation, and instructions for criminal activities. A recent investigation by cyber-intelligence firm KELA revealed that the model is particularly easy to jailbreak, posing a … The post Chinese AI DeepSeek R1 Is a Privacy and Security Nightmare appeared first on CyberInsider.

Source: CyberInsider

January 28th, 2025 (5 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	Written by: Nino Isakovic Description: Written by: Nino Isakovic Introduction Since 2022, Google Threat Intelligence Group (GTIG) has been tracking multiple cyber espionage operations conducted by China-nexus actors utilizing POISONPLUG.SHADOW. These operations employ a custom obfuscating compiler that we refer to as "ScatterBrain," facilitating attacks against various entities across Europe and the Asia Pacific (APAC) region. ScatterBrain appears to be a substantial evolution of ScatterBee, an obfuscating compiler previously analyzed by PWC. GTIG assesses that POISONPLUG is an advanced modular backdoor used by multiple distinct, but likely related threat groups based in the PRC, however we assess that POISONPLUG.SHADOW usage appears to be further restricted to clusters associated with APT41. GTIG currently tracks three known POISONPLUG variants: POISONPLUG POISONPLUG.DEED POISONPLUG.SHADOW POISONPLUG.SHADOW—often referred to as "Shadowpad," a malware family name first introduced by Kaspersky—stands out due to its use of a custom obfuscating compiler specifically designed to evade detection and analysis. Its complexity is compounded by not only the extensive obfuscation mechanisms employed but also by the attackers' highly sophisticated threat tactics. These elements collectively make analysis exceptionally challenging and complicate efforts to identify, understand, and mitigate the associate... Source: Google Threat Intelligence January 28th, 2025 (5 months ago)
	EnergyWeaponUser is Allegedly Selling Access to an Unidentified Bodycam Company Description: EnergyWeaponUser is Allegedly Selling Access to an Unidentified Bodycam Company Source: DarkWebInformer January 28th, 2025 (5 months ago)
CVE-2024-12703	Schneider Electric RemoteConnect and SCADAPack x70 Utilities Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: Electric RemoteConnect and SCADAPack x70 Utilities Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to loss of confidentiality, integrity, and potential remote code execution on workstation when a non-admin authenticated user opens a malicious project file. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: RemoteConnect: All versions SCADAPackTM x70 Utilities: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 DESERIALIZATION OF UNTRUSTED DATA CWE-502 A deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity, and potential remote code execution on workstation when a non-admin authenticated user opens a malicious project file. CVE-2024-12703 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-12703. A base score of 8.5 has been calculated; the CVSS vector string is (CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Energy, Critical Manufacturing. COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: France 3.4 RESEARCHER Schneider Electr... CVSS: HIGH (8.5) EPSS Score: 0.04% Source: All CISA Advisories January 28th, 2025 (5 months ago)
CVE-2024-8603	B&R Automation Runtime Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: B&R Equipment: Automation Runtime Vulnerability: Use of a Broken or Risky Cryptographic Algorithm 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to masquerade as legitimate services on impacted devices. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS B&R reports that the following products are affected: B&R Automation Runtime: versions prior to 6.1 B&R mapp View: versions prior to 6.1 3.2 VULNERABILITY OVERVIEW 3.2.1 USE OF A BROKEN OR RISKY CRYPTOGRAPHIC ALGORITHM CWE-327 A "Use of a Broken or Risky Cryptographic Algorithm" vulnerability in the SSL/TLS component used in B&R Automation Runtime versions <6.1 and B&R mapp View versions <6.1 may be abused by unauthenticated network-based attackers to masquerade as legitimate services on impacted devices. CVE-2024-8603 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Austria 3.4 RESEARCHER ABB PSIRT reported this vulnerability to CISA. 4. MITIGATIONS B&R has identified the following specific workarounds and mitigations users can apply to reduce risk: All affected products: The problem is corrected in the following product versions: B&... CVSS: HIGH (8.2) EPSS Score: 0.04% Source: All CISA Advisories January 28th, 2025 (5 months ago)
	A Threat Actor Claims to be Selling Unauthorized VPN Access to an Electrical Manufacturing Organization in Taiwan Description: A Threat Actor Claims to be Selling Unauthorized VPN Access to an Electrical Manufacturing Organization in Taiwan Source: DarkWebInformer January 28th, 2025 (5 months ago)
	What's Yours is Mine: Is Your Business Ready for Cryptojacking Attacks? Description: Cryptojacking may be stealthy, but its impact is anything but. From inflated cloud bills to sluggish performance, it's a threat that companies can't ignore. Learn more from Pentera about how automated security validation can protect your org from these threats. [...] Source: BleepingComputer January 28th, 2025 (5 months ago)
	PowerSchool starts notifying victims of massive data breach Description: Education software giant PowerSchool has started notifying individuals in the U.S. and Canada whose personal data was exposed in a late December 2024 cyberattack. [...] Source: BleepingComputer January 28th, 2025 (5 months ago)
	2024 Annual Report Description: Discover key insights from Recorded Future's 2024 report on cyber threats, criminal networks, SaaS identity risks, and strategies for 2025 cybersecurity. Source: RecordedFuture January 28th, 2025 (5 months ago)
	Protecting AWS environments from cyberthreats Source: TheRegister January 28th, 2025 (5 months ago)
	Chinese AI DeepSeek R1 Is a Privacy and Security Nightmare Description: Chinese AI model DeepSeek R1, hailed as a major breakthrough in reasoning capabilities, has been found to be highly vulnerable to security exploits, allowing it to generate harmful content, including malware, disinformation, and instructions for criminal activities. A recent investigation by cyber-intelligence firm KELA revealed that the model is particularly easy to jailbreak, posing a … The post Chinese AI DeepSeek R1 Is a Privacy and Security Nightmare appeared first on CyberInsider. Source: CyberInsider January 28th, 2025 (5 months ago)