CyberSecurity news

FlagThis - #software

rohann@checkpoint.com@Check Point Blog //

Blind Eagle APT Targets Colombian Organizations

Blind Eagle, one of Latin America's most dangerous cyber criminal groups, has been actively targeting Colombian institutions and government entities since November 2024. According to Check Point Research (CPR), this advanced persistent threat (APT) group, also tracked as APT-C-36, is using sophisticated techniques to bypass traditional security defenses. They leverage trusted platforms like Google Drive, Dropbox, GitHub, and Bitbucket to distribute their malicious payloads, and have recently been seen using a variant of an exploit for a now-patched Microsoft Windows flaw, CVE-2024-43451. This allows them to infect victims with a high rate of success.

CPR has uncovered that Blind Eagle incorporated this exploit a mere six days after Microsoft released the patch. They use malicious .URL files distributed via phishing emails, and victims are often unaware they are triggering the infection. The final payload is often the Remcos RAT, a remote access trojan that grants attackers complete control over infected systems, allowing for data theft, remote execution, and persistent access. In one campaign in December 2024, over 1,600 victims were affected, highlighting the group's efficiency and targeted approach.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • Check Point Blog: The Growing Danger of Blind Eagle: One of Latin America’s Most Dangerous Cyber Criminal Groups Targets Colombia
  • bsky.app: Blind Eagle APT group has compromised over 1,600 victims inside Colombian institutions and government agencies. The campaign took place in November & December of last year and used an exploit similar to a zero-day exploited by Russian hackers in Ukraine.
  • The Hacker News: The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024.
  • bsky.app: The Blind Eagle APT group has compromised over 1,600 victims inside Colombian institutions and government agencies. The campaign took place in November & December of last year and used an exploit similar to a zero-day exploited by Russian hackers in Ukraine.
  • gbhackers.com: Blind Eagle Hackers Exploit Google Drive, Dropbox & GitHub to Evade Security Measures
  • : Blind Eagle has been running campaigns targeting the Colombian government with malicious .url files and phishing attacks
  • Talkback Resources: Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks
Classification:
  • HashTags: #BlindEagle #CyberEspionage #APT
  • Company: Check Point Research
  • Target: Colombian Institutions
  • Attacker: Blind Eagle APT
  • Product: Software
  • Feature: Espionage
  • Type: Espionage
  • Severity: Major
Jessica Lyons@The Register - Software //

US Government Urges Developers to Eliminate Buffer Overflows

The FBI and CISA have jointly issued an advisory urging software developers to eliminate buffer overflow vulnerabilities, labeling them "unforgivable defects." These agencies highlighted the continued presence of such vulnerabilities in products from major vendors like Microsoft and VMware. The advisory emphasizes the need for developers to adopt secure-by-design practices and memory-safe programming languages to prevent these flaws.

The agencies pointed out several recent buffer overflow vulnerabilities, including those found in Microsoft's Hyper-V, Ivanti's Connect Secure, and VMware's vCenter. These vulnerabilities, if exploited, could lead to privilege escalation, remote code execution, and full system access. The advisory stresses that buffer overflows are avoidable by using updated coding practices and safe languages. They also call on manufacturers to implement compile-time and runtime protections, conduct thorough testing, and analyze the root cause of past vulnerabilities to prevent future occurrences.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • The Register - Software: Feds want devs to stop coding 'unforgivable' buffer overflow vulnerabilities
  • Information Security Buzz: CISA and FBI warn of threats exploiting buffer overflow vulnerabilities.
  • : CISA and FBI release a joint Secure by Design Alert on eliminating buffer overflow vulnerabilities.
  • industrialcyber.co: CISA, FBI urge manufacturers to eliminate buffer overflow vulnerabilities with secure-by-design practices
  • ciso2ciso.com: CISA, FBI call software with buffer overflow issues ‘unforgivable’ – Source: www.csoonline.com
  • Talkback Resources: US govt wants developers to stop coding 'unforgivable' bugs [app] [exp]
  • Tenable Blog: Cybersecurity Snapshot: CISA Calls for Stamping Out Buffer Overflow Vulnerabilities, as Europol Tells Banks To Prep For Quantum Threat
  • cyble.com: FBI, CISA Urge Memory-Safe Practices for Software Development
  • securityonline.info: Buffer Overflows Vulnerabilities: CISA & FBI Issue Urgent Warning
Classification:
  • HashTags: #BufferOverflow #SecureByDesign #MemorySafe
  • Company: FBI, CISA
  • Target: Software Developers
  • Product: Software
  • Feature: buffer overflow prevention
  • Type: Bug
  • Severity: Informative

Blogs

Research Tools