Saturday 23rd November 2024

Saturday 23rd November 2024

Good morning everyone, happy Saturday. It feels like it's been quite a week, I'm sure I'm not the only one who it glad it's the weekend. Anyway, today we're covering stories from Russian-linked espionage campaigns targeting Central Asia to Microsoft stepping up its game in exposure management, and sneaky malware posing as popular AI tools on PyPI—there’s no rest for defenders in today’s digital age.

Enjoy!

Malicious PyPI Packages Masquerade as AI Tools

Cybersecurity researchers have uncovered two malicious packages on the Python Package Index (PyPI) that impersonated popular AI tools like OpenAI's ChatGPT and Anthropic’s Claude, spreading an information stealer called JarkaStealer.

The packages, gptplus and claudeai-eng, were downloaded over 3,500 times before their removal. Created by a user named "Xeroline," they claimed to provide APIs for AI models but instead delivered malware via Base64-encoded code in the __init__.py file. This code fetched a Java archive file, “JavaUpdater.jar,” from GitHub and installed a Java Runtime Environment if needed, activating the malicious payload.

The malware, JarkaStealer, siphons sensitive data, including browser info, session tokens (Telegram, Discord, Steam), and system details, then sends the loot to an attacker’s server. Sold as malware-as-a-service on Telegram for $20–$50, its source code is freely circulating on GitHub.

Software supply chain attacks like this highlight the critical need for vigilance in using open-source tools.


Microsoft Makes Waves with Security Exposure Management

At its Ignite conference, Microsoft unveiled its latest security offering: Microsoft Security Exposure Management, marking its formal entry into the growing field of continuous threat exposure management (CTEM). CTEM, described as the evolution of vulnerability management, aims to proactively detect and mitigate threats by analysing assets, vulnerabilities, and potential attack paths in real-time.

Microsoft's tool, now available through the Defender portal, integrates seamlessly with Microsoft 365 and Defender licenses, offering unified views of organizational attack surfaces. This means security teams can visualise and prioritise high-risk vulnerabilities, critical assets, and attack paths—essentially adopting an attacker’s perspective to strengthen defences.

With exposure management becoming a fiercely competitive market, Microsoft’s ability to leverage native telemetry from its vast customer base sets it apart. Add in the announcement of third-party integration (think Rapid7, Tenable, ServiceNow) and advanced visual tools like the Attack Map, and the tech giant is poised to shake up the space.

Gartner predicts organisations adopting CTEM could see 66% fewer breaches by 2026. Microsoft’s move might make this a reality for many.

Russian-Linked TAG-110 Group Targets Central Asia in Cyber Espionage Campaign

Threat actors tied to Russia, dubbed TAG-110, are behind a cyber espionage campaign targeting government entities, human rights groups, and educational institutions in Central Asia, East Asia, and Europe. Using custom malware HATVIBE and CHERRYSPY, the group has struck 62 victims across 11 countries since 2021, according to Recorded Future's Insikt Group.

  • HATVIBE acts as a loader, exploiting web app vulnerabilities and phishing emails to deploy CHERRYSPY, a Python-based backdoor for espionage and data exfiltration.
  • Initial incidents were observed in Ukraine in May 2023, with ongoing attacks in Tajikistan, Kazakhstan, and other Central Asian nations, indicating Moscow’s geopolitical focus.

Experts believe these attacks are part of a hybrid warfare doctrine, aligning with physical sabotage efforts targeting European critical infrastructure to destabilise NATO allies and weaken their support for Ukraine.

As tensions between Russia and the West persist, experts anticipate escalating cyber and physical operations—short of triggering direct conflict.

Marcel Velica

Senior Security Program Manager | Leading Cybersecurity Initiatives | Driving Strategic Security Solutions| Cybersecurity Excellence | Cloud Security

3 天前

Great roundup of today's cybersecurity news! It's alarming to see the rise of malware disguised as legitimate tools—it's a reminder to stay vigilant and verify our sources.Aidan Dickenson

Jitendra Sheth Founder, Cosmos Revisits

Empowering Small Businesses to Surge Ahead of Competition. 9X LinkedIn Top Voice: Brand Development | Creative Strategy | Content Marketing | Digital Marketing | Performance Marketing | SEO | SMM | Web Development

4 天前

Aidan Dickenson Staying ahead in cybersecurity means being proactive, not reactive—thanks for the timely insights!

要查看或添加评论,请登录

Aidan Dickenson的更多文章

  • Wednesday 27th November 2024

    Wednesday 27th November 2024

    Good morning. It’s one of those days where the internet feels more like a battlefield than a convenience.

    3 条评论
  • Tuesday 26th November 2024

    Tuesday 26th November 2024

    Good morning! Thank you for joining me for the latest instalment of Cyber Daily. In today's edition, we’re channeling a…

    1 条评论
  • Monday 25th November 2024

    Monday 25th November 2024

    Good morning! It’s a wild week in the world of cybersecurity, and the stakes are high—whether you’re spinning the reels…

    2 条评论
  • Sunday 24th November 2024

    Sunday 24th November 2024

    Good morning everyone, I hope you're all having a great weekend. If this week had a theme, it’d be “hackers on…

  • Friday 22nd November 2024

    Friday 22nd November 2024

    Good morning everyone, a very happy Friday and thank you for joining me for the latest instalment of Cyber Daily. In…

    6 条评论
  • Thursday 21st November 2024

    Thursday 21st November 2024

    Good morning everyone and thank you for joining me for the latest instalment of Cyber Daily. Today, we’ve got Apple…

    2 条评论
  • Wednesday 20th November 2024

    Wednesday 20th November 2024

    Good morning! Thank you for joining me for the latest edition of Cyber Daily. Today we're covering stories ranging from…

    2 条评论
  • Tuesday 19th September 2024

    Tuesday 19th September 2024

    Good morning! Thank you for joining me for the latest installment of Cyber Daily. Today's edition is covering stories…

    4 条评论
  • Monday 18th November 2024

    Monday 18th November 2024

    Good morning and thank you for joining me for this edition of Cyber Daily. In today’s installment, we’re untangling a…

    7 条评论
  • Sunday 17th November 2024

    Sunday 17th November 2024

    Good morning I hope you're all having a great weekend and thank you for joining me for the latest instalment of Cyber…

    6 条评论