Hackerzhome

hackerzhome-logo-bg
Hackerzhome-logo-sm

Cybersecurity news all over the world

HACKERZHOME NEWS

April 25, 2023

www.hackerzhome.org

Tuesday

An AI-powered malware analysis feature is now available on VirusTotal.

A new code analysis tool called Code Insight, powered by artificial intelligence was launched, according to VirusTotal, on Monday.

The new functionality is driven by the Sec-PaLM large language model (LLM), which is specially tailored for security use cases, and is part of the Google Cloud Security AI Workbench, which was unveiled at the RSA Conference 2023.

In order to understand their (malicious) behavior, possibly hazardous files are analyzed by VirusTotal Code Insight, which makes it easier to determine which of them actually constitute a threat.

This new functionality is now being used to examine a portion of the PowerShell files uploaded to VirusTotal. According to Bernardo Quintero, the founder of VirusTotal, the system eliminates files that are strikingly identical to those that have already been examined as well as ones that are too huge.


Since only the file’s content is being evaluated, Code Insight’s analysis is completely independent of any accompanying metadata (such as antivirus results), which can help with understanding false positives and negatives.

It’s also critical to remember that the accuracy of the code analysis LLM model might vary and is subject to inaccuracies. Security analysts should therefore interpret the information produced by Code Insight while taking into account contextual information pertinent to the analyzed file.

Quintero pointed out that despite this, the addition of LLMs to the suite of code analysis tools is a significant development that enables security experts to learn invaluable information about the composition and behavior of potentially harmful code, enhancing the effectiveness of threat detection and response.

NEWS 1
An AI-powered malware analysis feature is now available on VirusTotal.

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

New transient execution side-channel vulnerability threatens Intel CPUs

Data can now be released through the EFLAGS register thanks to a fresh side-channel exploit that affects several versions of Intel CPUs.

Researchers from Tsinghua University, the University of Maryland, and a computer lab (BUPT) run by the Chinese Ministry of Education have uncovered a unique side-channel assault that differs from most others.

This new attack takes advantage of a weakness in transient execution that enables timing analysis to extract secret data from user memory space, as opposed to relying on the cache mechanism like many other side-channel attacks.

Meltdown makes use of the performance enhancement technique known as “speculative execution” to let attackers get around memory separation safeguards and access information like passwords, encryption keys, and other sensitive information kept in kernel memory.

Meltdown has been largely mitigated by software patches, microcode upgrades, and hardware redesigns; nevertheless, no solution has completely solved the issue, and depending on hardware, software, and patch configurations, the most recent attack method may be effective even in fully patched systems.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

April 25, 2023 /

Tuesday

Hackerzhome News

2

Have you heard?
Hacked TWiki And MediaWiki Websites Used By Universities Fortnite Trolls Know more!

Twitter account for KuCoin hacked to spread cryptocurrency fraud

Twitter account for KuCoin hacked to spread cryptocurrency fraud

Attackers who gained access to KuCoin’s Twitter account then propagated a false giveaway scam that led to the theft of more than $22.6K in Bitcoin.

The verified theft of the Bitcoin trading and exchange platform’s official Twitter account will result in full compensation for all damages suffered by victims. It also ensures that all user assets on the platform are completely secure.

The cryptocurrency exchange asserts that despite the account being compromised for only around 45 minutes, during that time users sent 22 transactions involving Bitcoin and Ethereum, giving hackers access to $22,600.

Up until 02:00 on April 24 (UTC+2), we have identified 22 transactions, including ETH/BTC, with a combined value of 22,628 USDT that are connected to the fake activity, according to a KuCoins Twitter thread on the issue.

They were easily tricked since the con artists created a convincing campaign that mimicked the platform’s typical promotional activities, as some KuCoin users pointed out on social media.

5,000 Bitcoin and 10,000 Ethereum were allegedly being airdropped on “kucoinevent[.]com,” the website hosting the malicious giveaway, to celebrate the exchange reaching a milestone of 10 million users.

NEWS 3

PaperCut vulnerability used to compromise servers; update now

PaperCut vulnerability used to compromise servers; update now
NEWS 4

Attackers are installing Atera remote management software on servers to gain control of them by taking advantage of serious flaws in the widely used PaperCut MF/NG print management software.

According to the software’s creator, more than 100 million people from more than 70,000 businesses utilize it globally.

In low-complexity attacks that don’t involve user interaction, the two security holes (listed as CVE-2023-27350 and CVE-2023-27351) enable remote attackers to bypass authentication and execute arbitrary code with SYSTEM privileges on compromised PaperCut servers.

A proof-of-concept (PoC) exploit for CVE-2023-27350 was also released in a blog post earlier today by the attack surface assessment company Horizon3, which attackers might use to circumvent authentication and run code on unpatched PaperCut servers.

Despite the fact that unpatched PaperCut servers are already a target in the wild, it is possible that other threat actors may employ the Horizon3 exploit code in additional assaults.

Fortunately, a Shodan search reveals that only about 1,700 PaperCut servers that were exposed to the Internet were susceptible to attack.

Recent blog posts

Critical unauthenticated RCE vulnerability in UPS software, according to APC

With unauthenticated arbitrary remote code execution, hackers can take control of devices and, in the worst case, completely disable their operation using APC’s Easy UPS Online Monitoring Software.

By guaranteeing smooth operation in the face of power fluctuations or outages, UPS systems are essential for protecting data centers, server farms, and smaller network infrastructures.

One of the most well-known UPS brands is APC (by Schneider Electric). Its products are widely used in both consumer and business industries, including infrastructure for government, healthcare, industrial, information technology, and retail.

The firm issued a security alert earlier this month to inform customers of the following three bugs that affect its products: CVE-2023-29411, CVE-2023-29412, and, CVE-2023-29413.

Given that many UPS devices are found in data centers, denial-of-service (DoS) issues are typically not regarded as being highly harmful, but the effects of such an outage are exacerbated because it can prevent remote device maintenance.

Critical unauthenticated RCE vulnerability in UPS software, according to APC
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

Cyberghost

Cyberghost

A Computer science Engineer, Certified Ethical hacker (CEH), Offensive Security Certified professional (OSCP), SOC Analyst & Content Creator.