Researchers Exploit Vulnerabilities to Exploit Industrial Remote Access Gateways

Summary Several security vulnerabilities in the industrial remote access solution Ewon Cosy+ can be abused to gain root privileges to the devices and stage follow-on attacks, according to new data unveiled at DEF CON 32. The elevated access could then be weaponized to decrypt encrypted firmware files and encrypted data such as passwords in configuration files, and even get…

Read More

Polyfill Supply Chain Attack Highlights Risks of Third-party Code in Modern Web Applications

The recent discovery of a website supply chain attack using the cdn.polyfill[.]io domain has left many websites vulnerable to malicious code injection. Once a trusted resource for adding JavaScript polyfills to websites, the domain has recently become the epicenter of a significant website supply chain attack. How the Attack Unfolded Funnull, a Chinese company, acquired…

Read More

New GoGra Backdoor Deployed Against South Asia Media Organization via Cloud Services in Widespread Cyberespionage Operation

Context On 7 August 2024, Symantec researchers published the technical details of multiple cyberespionage campaigns leveraging legitimate cloud services to deliver new malware to multiple organizations, several government or military and one media firm. One such new malware, the backdoor designated GoGra, has been observed delivering to a media organization located in South Asia. Technical…

Read More

Bolstering Your Modern Authentication Strategy to Align with PCI DSS 4.0.1

As a retail, hospitality, and travel organization, people turn to you for joy and to create a lifetime of happy memories through the services and experiences you provide. To build the relationship with customers and ensure you can deliver the highest level of service, collecting and storing sensitive information such as payment card data (PCI),…

Read More

Threat Actor Abuses Cloudflare Trial Tunnels to Deliver RATs

Summary Researchers from Proofpoint have released a report warning of threat actors increasingly abusing the Cloudflare Tunnel service in malware campaigns that usually deliver remote access trojans (RATs). First observed in February 2024, the cluster increased activity in May through July, with most campaigns leading to Xworm, a remote access trojan (RAT), in recent months. Community Impact…

Read More