In a stark reminder of supply chain vulnerabilities, cybercriminals turned a trusted AI library into a covert delivery system for malware. A supply chain attack on the popular ultralytics AI library injected malicious code into two versions, distributing a crypto coinminer and creating backdoor access to compromised environments. 

Bitcoin's Lightning Network faced a storm of uncertainty. A newly disclosed vulnerability can expose the network's transaction-relay mechanism to jamming attacks, risking financial losses and degraded stability. The flaw allows malicious actors to disrupt Lightning channels, highlighting the fragile intersection of innovation and security in blockchain technologies.

Deception ran deep in a phishing campaign against Ukraine's defense sector. Threat group UAC-0185 used emails advertising a fake NATO conference to infect systems with malware. By deploying a remote management program, the attackers gained unauthorized access to messaging and military systems, aiming to compromise Ukraine's security infrastructure.

Top Malware Reported in the Last 24 Hours

Compromised PyPI package dropped cryptominer

A compromised build environment led to the malicious deployment of a popular AI library called ultralytics, which resulted in the distribution of a crypto coinminer and the potential for delivering other types of malware. The compromise involved the injection of malicious code into the library's build environment, leading to the release of two versions (8.3.41 and 8.3.42) containing the malicious code. Despite efforts to address the incident, a clean version (8.3.43) was eventually published to resolve the supply chain attack. The attack exploited a known GitHub Actions Script Injection, allowing malicious actors to create backdoor access to the compromised environment.

Top Vulnerabilities Reported in the Last 24 Hours

Bugs plague Qlik Sense Enterprise

Qlik has reported two vulnerabilities in Qlik Sense Enterprise for Windows, identified as CVE-2024-55579 and CVE-2024-55580. These could let unprivileged users with network access take over the server, risking remote code execution and broken access control. CVE-2024-55579 (CVSS 8.8) could allow attackers to run arbitrary EXE files, granting them significant control. CVE-2024-55580 (CVSS 7.5) may enable remote command execution, threatening data security. 

Transaction-relay jamming flaw in Bitcoin network

The recently disclosed vulnerability, CVE-2024-55563, poses a critical security risk to the Bitcoin network's transaction-relay mechanism and could impact the stability and security of the Lightning Network. Malicious actors can exploit this vulnerability to disrupt the network, potentially compromising the integrity of Lightning channels. The vulnerability stems from the susceptibility of Bitcoin full nodes to transaction-relay jamming, which can lead to financial loss, payment disruption, and network degradation within the Lightning Network. 

Top Scams Reported in the Last 24 Hours

Phishing scam targets Ukraine

CERT-UA identified a series of phishing emails targeting Ukrainian defense companies and security forces. The emails advertised a fake NATO standards conference, but contained a malicious link that, when clicked, infected the victim's computer with malware. The phishing attack was carried out by UAC-0185, which aims to steal credentials from messaging services and military systems. The group also ran a remote management program, MESHAGENT, on the victim's device to gain unauthorized access.

QR codes bypass browser isolation

Mandiant discovered a new way to bypass browser isolation technology using QR codes to carry out C2 operations. Browser isolation routes web requests through remote browsers to protect local devices from malicious code, but Mandiant's technique encodes commands in QR codes to circumvent this protection. Although effective, the method has limitations, such as a maximum data stream of 2,189 bytes and slow transfer rates, making it unsuitable for large data transfers.