Toggle light / dark theme

The Cybersecurity and Infrastructure Security Agency (CISA) has added nine more security flaws to its list of actively exploited bugs, including a VMware privilege escalation flaw and a Google Chrome zero-day that could be used for remote code execution.

The VMware vulnerability (CVE-2022–22960) was patched on April 6th, and it allows attackers to escalate privileges to root on vulnerable servers due to improper permissions in support scripts.

A Chrome zero-day was also included in CISA’s Known Exploited Vulnerabilities (KEV) catalog, a bug tracked as CVE-2022–1364 and allowing remote code execution due to a V8 type confusion weakness.

“This is the most expansive industrial control system attack tool that anyone has ever documented,” says Sergio Caltagirone, the vice president of threat intelligence at industrial-focused cybersecurity firm Dragos, which contributed research to the advisory and published its own report about the malware. Researchers at Mandiant, Palo Alto Networks, Microsoft, and Schneider Electric also contributed to the advisory. “It’s like a Swiss Army knife with a huge number of pieces to it.”

Dragos says the malware has the ability to hijack target devices, disrupt or prevent operators from accessing them, permanently brick them, or even use them as a foothold to give hackers access to other parts of an industrial control system network. He notes that while the toolkit, which Dragos calls “Pipedream,” appears to specifically target Schneider Electric and OMRON PLCs, it does so by exploiting underlying software in those PLCs known as Codesys, which is used far more broadly across hundreds of other types of PLCs. This means that the malware could easily be adapted to work in almost any industrial environment. “This toolset is so big that it’s basically a free-for-all,” Caltagirone says. “There’s enough in here for everyone to worry about.”

The CISA advisory refers to an unnamed “APT actor” that developed the malware toolkit, using the common acronym APT to mean advanced persistent threat, a term for state-sponsored hacker groups. It’s far from clear where the government agencies found the malware, or which country’s hackers created it—though the timing of the advisory follows warnings from the Biden administration about the Russian government making preparatory moves to carry out disruptive cyberattacks in the midst of its invasion of Ukraine.

Medical tech company Viz.ai, a developer of an AI-powered stroke detection and care platform, has pulled in a new investment of $100 million at a valuation of $1.2 billion, making it Israel’s newest unicorn (a private company valued at over $1 billion).

The company said Thursday that the Series D funding will be used to expand the Viz platform to detect and triage additional diseases and grow its customer base globally.

Viz.ai’s newest round was led by Tiger Global Management, a New York-based investment firm focused on software and financial tech, and Insight Partners, a VC and private equity firm also based in New York. Tiger Global has invested in Israeli companies such as cybersecurity companies Snyk and SentinelOne as well as payroll tech companies Papaya Global and HoneyBook. Insight Partners is a very active foreign investor in Israeli companies, with at least 76 local portfolio startups to its name including privacy startup PlainID, bee tech startup Beewise, and music tech startup JoyTunes.

Closes July 31st at Midnight

The Texas Cyber Summit is a three day multi-track novice to ninja technical cybersecurity event held annually with an expectation of over 1,200 participants in-person. Note that the in-person will take place in September 22nd – 24th, and the Virtual Conference will take place in November 5th. Featuring five dedicated learning tracks for the aspiring Cybersecurity novice to the expert operator. Deeply technical, research and management briefings that address the entire cyber threat landscape. The Texas Cyber Summit is held in Austin, Tx and is a IRS 501C3 Non-Profit Organization.

Austin is home to major fortune 500 companies, Cyber Futures Command, Defense Logistics Agency, and Air force logistics. We host Specialized tracks include teaching, training, responsibilities, and ethics in specialized fields such as digital forensics, Scada, Supply Chain, Red Team Tools, Tactics and Procedures, Blue Team and the Art of Defense, and much more.

A banking trojan for Android that researchers call Fakecalls comes with a powerful capability that enables it to take over calls to a bank’s customer support number and connect the victim directly with the cybercriminals operating the malware.

Disguised as a mobile app from a popular bank, Fakecalls displays all the marks of the entity it impersonates, including the official logo and the customer support number.

When the victim tries to call the bank, the malware breaks the connection and shows its call screen, which is almost indistinguishable from the real one.

Cybersecurity researchers have detailed a “simple but efficient” persistence mechanism adopted by a relatively nascent malware loader called Colibri, which has been observed deploying a Windows information stealer known as Vidar as part of a new campaign.

“The attack starts with a malicious Word document deploying a Colibri bot that then delivers the Vidar Stealer,” Malwarebytes Labs said in an analysis. “The document contacts a remote server at (securetunnel[.]co) to load a remote template named ‘trkal0.dot’ that contacts a malicious macro,” the researchers added.

First documented by FR3D.HK and Indian cybersecurity company CloudSEK earlier this year, Colibri is a malware-as-a-service (MaaS) platform that’s engineered to drop additional payloads onto compromised systems. Early signs of the loader appeared on Russian underground forums in August 2021.

Cybercriminals have started using Static Web Apps, an Azure service, in their phishing attacks against Microsoft 365 (opens in new tab) users.

Researchers from MalwareHunterTeam noted Static Web Apps have two features that are being abused with ease — custom branding for web apps, and web hosting for static content such as HTML, CSS, JavaScript, or images.

Hackers so far are focusing on decentralized finance (DeFi) projects to steal crypto this year, a new report found, a reversal from 2021 when they used scams and online fraud for most of their exploits.

So far, investors have lost over $1.22 billion to hackers in the first three months of the year, nearly eight times more than the $154 million lost in the first quarter of 2021, according to crypto security firm Immunefi. Ninety-nine percent of those losses were from software exploits, the report found, specifically the hacks against Wormhole and Ronin.

This is not an anomaly, experts warn. It’s likely this kind of nefarious activity will become more common, while scamming of investors could wane.

A newly discovered data wiper malware that wipes routers and modems has been deployed in the cyberattack that targeted the KA-SAT satellite broadband service to wipe SATCOM modems on February 24, affecting thousands in Ukraine and tens of thousands more across Europe.

The malware, dubbed AcidRain by researchers at SentinelOne, is designed to brute-force device file names and wipe every file it can find, making it easy to redeploy in future attacks.

SentinelOne says this might hint at the attackers’ lack of familiarity with the targeted devices’ filesystem and firmware or their intent to develop a reusable tool.

We’ve seen this funky dual disk polar printer already recently, but [Heinz Loepmeier] has been busy working on it, so here’s an update. The primary focus here is nozzleboss, a blender plugin which enables the surface textures of already sliced objects to be manipulated. The idea is to read in the gcode for the object, and convert it to an internal mesh representation that blender needs in order to function. From there the desired textures can be applied to the surfaces for subsequent stages to operate upon. One trick that nozzleboss can do is to create weight maps to tweak the extrusion flow rate or print velocity value according to the pixel value at the surface — such ‘velocity painting’ can produce some very subtle surface effects on previously featureless faces. Another

trick is to use the same weight maps and simply map colours to blender text blocks which are injected into the gcode at export time. These gcode blocks can be used swap tool heads or extruders, enabling blending of multiple filament colours or types in the same object.

Some nice examples of such printing manipulation can be seen on [Heinz’s] instagram page for the project. So, going back to the hardware again, the first video embedded below shows the ‘dual disk polar printer’ fitted with a crazy five-extruders-into-one-nozzle mixing hotend setup, which should be capable of full CMYK colour mixing and some. The second video below shows an interesting by-product of the wide horizontal motion range of the machine, that the whole printing area can be shifted to a nozzle at the other end of the gantry. This enables a novel way to switch extruders, by just moving the whole bed and print under the nozzle of interest! One final observation — is that of the print surface — it does look rather like they’re printing direct onto a slab of marble, which I think is the first time we’ve seen that.

Interesting printer designs are being worked on a lot these days, here’s a really nice 5-axis prusa i3 hack, and if you want to stay in the cartesian world, but your desktop machine is just too small, then you can always supersize it.