According to researchers at Netcraft, the Chinese-language Phishing-as-a-Service (PhaaS) platform "Darcula" created 19,000 phishing domains in cyberattacks against over 100 countries. The platform provides cybercriminals with easy access to branded phishing campaigns for a monthly subscription fee of around $250. Darcula is said to be more sophisticated than other PhaaS platforms. It supports many of the same tools used by application developers, such as JavaScript, React, Docker, and Harbor.

According to Google, the volume of zero-day vulnerabilities it detected increased by over 50% from 2022 to 2023, with bugs in third-party components on the rise.  Google discovered a total of 97 zero days in 2023, just shy of the record 106 detected in 2021.  Google claimed end-user platform vendors like Apple, Google, and Microsoft have made “notable investments” to reduce the number of exploitable zero days threat actors can find, making certain types “virtually non-existent” today.

By grigby1 

By krahal

The U.S. House of Representatives has been very busy lately, and the Senate and White House are keeping unusual working hours as well. Tempus fugit, and so also may TikTok though in a different direction.

By aekwall 

CISA recently added a second SharePoint flaw, demonstrated last year at a Pwn2Own hacking competition, to its Known Exploited Vulnerabilities (KEV) list.  The Star Labs team demonstrated the flaw, tracked as CVE-2023-24955, in March 2023 at Pwn2Own Vancouver alongside CVE-2023-29357.   This two-bug exploit chain, which allows unauthenticated remote code execution on SharePoint servers with elevated privileges, earned the Star Labs team $100,000 at Pwn2Own. Microsoft patched CVE-2023-24955 and CVE-2023-29357 with SharePoint updates released in May and June 2023, respectively.

A new hacking campaign called "ShadowRay" exploits an unpatched vulnerability in Ray, a popular open source Artificial Intelligence (AI) framework, to hijack computing power and leak sensitive data. Oligo reported that these attacks have been ongoing since at least September 5, 2023, with targets including education, cryptocurrency, biopharma, and others. Ray is a framework developed by Anyscale that allows users to scale AI and Python applications across a cluster of machines for distributed computing workloads.

Researchers at ReversingLabs have discovered a suspicious package in the NuGet package manager that is likely aimed at developers using tools developed by a Chinese company specializing in industrial and digital equipment manufacturing. The package, "SqzrFramework480," first published on January 24, 2024, has been downloaded 2,999 times. ReversingLabs believes that the campaign is being used to orchestrate industrial espionage on systems equipped with cameras, machine vision, and robotic arms. This article continues to discuss findings regarding the malicious NuGet package.

Security researchers at Lumen Technologies recently discovered a 40,000-strong botnet packed with end-of-life routers and IoT devices being used in cybercriminal activities.  According to the researchers, a notorious cybercriminal group has been running a multi-year campaign targeting end-of-life small home/small office (SOHO) routers and IoT devices worldwide.  The router botnet, first seen in 2014, has been operating quietly while growing to more than 40,000 bots from 88 countries in January and February 2024.

The US government is trying to close gaps in its sanctions program against Russia by going after blockchain and virtual currency firms, which it says have helped entities circumvent existing controls.