Cyber Creatures

Threat actors have been observed leveraging the QEMU open-source hardware emulator as tunneling software during a cyber attack targeting an unnamed " large company " to connect to their infrastructure. While a number of legitimate tunneling tools like Chisel, FRP, ligolo, ngrok, and Plink have been used by adversaries to their advantage , the development marks the first QEMU that has been used for this purpose. " We found that QEMU supported connections between virtual machines: the -netdev option creates network devices (backend) that can then connect to the virtual machines, " Kaspersky researchers Grigory Sablin, Alexander Rodchenko, and Kirill Magaskin said. " Each of the numerous network devices is defined by its type and supports extra options ." In other words, the idea is to create a virtual network interface and a socket-type network interface , thereby allowing the virtual machine to communicate with any remote server . The Russian cyber...

A new tool dunned BlueDucky , automating the exploitation of a critical Bluetooth pairing vulnerability that allows for 0-click code execution on unpatched devices . This revelation comes on the heels of Marc Newlin’s January 2024 publication of a proof of concept script , which targets a Bluetooth vulnerability identified as CVE-2023-45866 . The vulnerability, as detailed by Newlin, enables attackers to inject keystrokes into any Android and Linux device within Bluetooth range without the need for pairing , by masquerading as a Bluetooth keyboard . The exploit tool , dubbed “hi_my_name_is_keyboard,” was initially designed to demonstrate the feasibility of such an attack . The mobile hacker team successfully compromised a range of devices , including Android smartphones, Google Chromecast TVs, Meta Quest 3, and Linux-based smart TVs . However, the original script required users to manually discover and enter the MAC address of the target Bluetooth device and modify ...