Kapeka: A novel backdoor spotted in Eastern Europe
WithSecure has uncovered a novel backdoor that has been used in attacks against victims in Eastern Europe since at least mid-2022. The malware, which is called ‘Kapeka’, is a flexible backdoor with all the necessary functionalities to serve as an early-stage toolkit for its operators, and also to provide long-term access to the victim estate.

The malware’s victimology, infrequent sightings, and level of stealth and sophistication indicate APT-level activity.
Read more here

Finding & Exploiting the AWS Client VPN on macOS
AWS Client VPN 3.9.0 allows a local attacker to maliciously kill the VPN connection, revert/fix the DNS settings and completely uninstall the AWS Client VPN without elevation. The uninstall primitive allows an attacker to abuse launched due to the persistence of the privileged helper tool post-uninstall, and facilitates local privilege escalation through script planting which leads to arbitrary script execution.

As no client verification was carried out in the XPC service, a threat actor who has compromised a standard user account can interact with the XPC service to invoke root privileged functionality. This functionality facilitated a complete uninstall the software. As the privileged helper service was not forcefully unloaded after an uninstall, the fix_dns or revert_dns functionality can be invoked in order to execute a planted script as root. This results in Local Privilege Escalation (LPE).
Read more here

AI in Cybersecurity market expected to reach revenue of USD 147.5 Bn by 2033
In the coming years, AI will play a highly important role in cybersecurity, driving innovation in threat detection, incident response, and predictive intelligence. As AI algorithms advance, they will improve security measures by automating tasks, identifying complex threats, and enhancing overall resilience against cyberattacks. However, challenges like data privacy, adversarial attacks, and ethical considerations will require constant attention and reduction strategies.
Read more here

Domain-specific prompt injection detection
Using a BERT-based classifier can detect adversarial prompts and the article produced secifically focusses on the latter point and delves into developing a machine learning classifier to detect prompt injection attempts.

We detail our approach to constructing a domain-specific dataset and fine-tuning DistilBERT for this purpose. This technical exploration focuses on integrating this classifier within a sample LLM application, covering its effectiveness in realistic scenarios.
Read more here