Cybersecurity

The recommended Ripple cryptocurrency NPM JavaScript library named "xrpl.js" was compromised to steal XRP wallet seeds and private keys and transfer them to an attacker-controlled server, allowing threat actors to steal all the funds stored in the wallet

It's now hitting govt, enterprise targets

10 other certificates 'were mis-issued and have now been revoked'

Certain companies recruit app developers to create botnets by injecting “network sharing” SDKs into their apps. These botnets then use the network bandwidth of unsuspecting users of said apps to crawl the web, brute-force mail servers and other nasty things.

Late at night, I was testing a proof-of-concept (PoC) exploit for CVE-2020-35489 (https://github/[.]com/gh202503/poc-cve-2020-35489) that I found on GitHub. The repository looked legitimate, and in my exhaustion, I skipped the usual precautions. I cloned the repository and ran the script without inspecting its contents.

A few hours later, my system started behaving strangely. CPU usage was abnormally high, and after further investigation, I found that a hidden malware had infected my machine. Worse, my credentials, SSH keys, and other sensitive data had been stolen and uploaded to an attacker-controlled repository.

• Invidious
• Youtube

"Our recommendation is to do what your antivirus software says especially in regards to this one (WinRing0) because again it's not a false positive; it's a true positive. This is a real potential vulnerability and if Windows quarantines WinRing0 we'd say let it happen.

If anyone tells you to ignore those warnings then treat those people or those groups with extreme skepticism. Again there are real vulnerabilities that have been used which can exploit your machine."

• Steve Burke from Gamers Nexus

the EUVD comes with a holistic approach and aims for ensuring a high level of interconnection of information sources. It does so by leveraging the open-source software Vulnerability-Lookup which enables a quick correlation of vulnerabilities from multiple known sources. ... Utilising the Common Security Advisory Framework (CSAF), a standardised format for vulnerability advisories, the EUVD supports automation in the processing, consumption, and distribution of security advisories.

The EUVD collects and references vulnerability information collected from existing databases (such as MITRE’s CVE DB, GitHub's Advisory Database, JVN iPedia, GSD-Database), adds additional information via references to advisories and alerts issued by national CSIRTs, mitigation and patching guidelines published by vendors, and enriches it with exploited vulnerability markings (such as CISA KEV) and FIRST’s Exploit Prediction scores (EPSS).

(Note: ENISA has been tasked with establishing the EUVD as outlined in Article 12 of the NIS-2 Directive.)

The Global CVE (GCVE) allocation system is a new, decentralized approach to vulnerability identification and numbering, designed to improve flexibility, scalability, and autonomy for participating entities.

While remaining compatible with the traditional CVE system, GCVE introduces GCVE Numbering Authorities (GNAs). GNAs are independent entities that can allocate identifiers without relying on a centralised block distribution system or rigid policy enforcement.

• Check Point Research has been tracking an advanced phishing campaign conducted by APT29, a Russia linked threat group, which is targeting diplomatic entities across Europe.
• The campaign, which appears to be a continuation of a previous one that utilized a backdoor known as WINELOADER, impersonates a major European foreign affairs ministry to distribute fake invitations to diplomatic events—most commonly, wine tasting events.
• This campaign employs a new loader, called GRAPELOADER, which is downloaded via a link in the phishing email. In addition, we discovered a new variant of WINELOADER which is likely used in later stages of the campaign.
• While the improved WINELOADER variant is still a modular backdoor used in later stages, GRAPELOADER is a newly observed initial-stage tool used for fingerprinting, persistence, and payload delivery. Despite differing roles, both share similarities in code structure, obfuscation, and string decryption. GRAPELOADER refines WINELOADER’s anti-analysis techniques while introducing more advanced stealth methods.

cross-posted from: https://midwest.social/post/26331167

This is an utter failure of oversight in governance. And likely a misappropriation of government funds.

What a colossally shortsighted decision.