12 JUNE 2024 WEEKLY NEWSLETTER

BOCRA website

     

NEWSLETTER

 

Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs

                                                     LATEST CYBER HACKS 
 
 
icon

DDoS attacks target EU political parties as elections begin

Hacktivists are conducting DDoS attacks on European political parties that represent and promote strategies opposing their interests, according to a report by Cloudflare.
icon

Gitloker attacks abuse GitHub notifications to push malicious OAuth apps

Threat actors impersonate GitHub's security and recruitment teams in phishing attacks to hijack repositories using malicious OAuth apps in an ongoing extortion campaign wiping compromised repos.
icon

A Novel Cryptojacking Attack Abusing Docker Remote API Servers

We observed an attack campaign abusing exposed Docker remote API servers to deploy cryptocurrency miners. This attack campaign bears the name Commando Cat due to its initial step, which involves the deployment of benign containers generated using the publicly-available Commando project (an open-source GitHub project that creates Docker images on-demand for developers).

                                                      VULNERABILITIES
 
 
icon

JetBrains warns of IntelliJ IDE bug exposing GitHub access tokens

JetBrains warned customers to patch a critical vulnerability that impacts users of its IntelliJ integrated development environment (IDE) apps and exposes GitHub access tokens.
icon

Exploit for critical Veeam auth bypass available, patch  now

A proof-of-concept (PoC) exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available, making it urgent that admins apply the latest security updates.

                                     MALWARES
 
 
icon

Technical Analysis of the Latest Variant of ValleyRAT

ValleyRAT is a remote access trojan (RAT) that was initially documented in early 2023. Its main objective is to infiltrate and compromise systems, providing remote attackers with unauthorized access and control over infected machines.
icon

Noodle RAT: Reviewing the New Backdoor Used by Chinese-Speaking Groups

Since 2022, we have been investigating numerous targeted attacks in the Asia-Pacific region that used the same ELF backdoor. Most vendors identify this backdoor as a variant of existing malware such as Gh0st RAT or Rekoobe. However, we unearthed the truth: this backdoor is not merely a variant of existing malware, but is a new type altogether.
icon

Malicious VSCode extensions with millions of installs discovered

A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs.

                               GENERAL NEWS
 
 
icon

Apple Launches Private Cloud Compute for Privacy-Centric AI Processing

Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute (PCC) that's designed for processing artificial intelligence (AI) tasks in a privacy-preserving manner in the cloud.
icon

How to Use AI-Powered Grammarly to Do All of Your Editing

Is it a cheat? Absolutely not. Has artificial intelligence helped me become a better writer? Definitely.