This article contains spoilers for Creature Commandos episode 4.In the post-credit scene of James Gunns first DC outing The Suicide Squad, we see that one of the team members didnt live up to the groups name. Weasel is still alive, free to scurry back out into the night.To the viewers of the movie, Weasels fate was a very, very bad thing. Sure, he may seem harmless and sure, hes played by the lovable Sean Gunn. But he ended up in the Squad because he did very bad things. Namely, he killed 27 children.Thats dark, even for the nasty things that have happened in Gunns DC run so far, which includes The Suicide Squad, Peacemaker, and Creature Commandos. Yet, in all of the press leading up to the premiere of Creature Commandos, including a conversation with Den of Geek, Gunn and the shows stars have said that Weasel is their favorite character. Sean Gunn even went so far as to tell Den of Geek that he didnt think Weasel had an ounce of evil in him.How could they say that about a creature imprisoned for the murder of children?With the fourth episode of Creature Commandos, we finally get the answer. Chasing Squirrels delves into Weasels backstory. In-between prepping for trial with his lawyer (voiced by Linda Cardellini, who previously worked with Gunn playing Velma in Scooby-Doo), a group of neglected children find Weasel while playing in an abandoned school. The outcasts form a community, with Weasel finally discovering people who accept him and the kids getting to have the childhood denied to them.It all goes wrong when a passerby notices the kids playing with Weasel. Mistaking their horseplay for an attack, the passerby calls the authorities, but also grabs a gun to help the kids himself. Between the mans fear and the kids playing recklessly with fire, a boiler explodes, killing many of the kids instantly. Worse, the authorities confuse Weasels attempts to rescue the survivors as a further attack, and they prevent him from saving anyone. In the end, all 27 die, Weasel taking all of the blame.Chasing Squirrels continues the Creature Commandos model of revealing that its main monsters have far more humanity than previously expected. On one hand, theres nothing too novel to a story that shows we misunderstood a good person for something horrible after all Frankensteins Monster is a character on the show. On the other hand, the further context gives us more insight into the DC Universe that Gunn is making with DC Studios co-head Peter Safran.Its been remarked by many that Gunns superhero movies, excellent as they are, tend to be edgier and nasty. Remember, one of the high points in Guardians of the Galaxy Vol. 2 involved Yondu slaughtering a bunch of people. So its a bit odd that he would take the reins on Superman. And even though the first trailer to Superman looks (and feels!) amazing, the guts and insults in Creature Commandos revives those questions.Yet, Creature Commandos is as much about our limited judgments as it is everything else. As Chasing Squirrels shows, with its reveal of Princess Ilanas true plan, goodness and badness isnt skin deep. And if thats not something Superman would say, I dont know what is.Creature Commandos streams every Thursday on Max.Join our mailing listGet the best of Den of Geek delivered right to your inbox!

This article originally appeared in the December 2009 issue of ELLE DECOR. For more stories from our archive, subscribe to ELLE DECOR All Access.Marcel Proust made us aware that even the most seemingly insignificant sensory experience can trigger important memories. For him it was a madeleine and a cup of linden tea. For me there is nothing quite like the satisfying crunch of fresh snow beneath the tires as I turn on to the long driveway of North Creek Farm, with its majestic alle of century-old maple trees. Silhouetted against the snow are two large red barns, a family of golden-haired Shetland cows, Nubian goats, miniature donkeys, and woolly sheep. By the time I pass the icicle-encrusted winter gardens and pull up to the white 1860 Georgian manor house, my children and I are full of joyous memories of being home for the holidays. William WaldronThe living rooms tufted-leather armchairs are from John Rosselli Antiques and Decorations; the ottoman, which is covered In a vintage kllim, and the 19th-century painting are both from Myrtle.North Creek Farm is the Hudson Valley weekend getaway shared by my mother, Dolores Barrett, and my stepfather, Edward Klein, who bought the house and its 56 acres on a total lark nearly seven years ago, after I had stumbled on an enticing magazine ad for a gentlemans farm.We weren't even house hunting, Dolores remembers. At the time she owned a place in Bridgehampton, Long Island, where she and Ed maintained a glamorous-and hectic-social life. But the photos of bucolic North Creek Farm spoke to them both, so they drove up to take a peek. William WaldronIn the game room, Regency chairs from Yale Burge Antiqus surround a table from Mill House Antiques & Gardens; the walls are covered in a Bennison linen.I immediately fell in love, says Dolores, whose sense of style and exacting eye for detail served her well during her eight years as vice president of public relations for Polo Ralph Lauren. Id always wanted a place far back from the road, with unforced landscaping. The house and its setting were not ostentatious, yet they had a kind of innate elegance and dignity. For Ed, the former editor in chief of The New York Times Magazine who now contributes to Vanity Fair and writes best-selling biographies, a tranquil place to wind down, work, and be with his family was irresistible. It's a very rural area surrounded on all sides by farms-inspirational for a writer, he says. Dolores and I knew instantly that this magical place would be the ideal gathering spot for our grandchildren.William WaldronA brass chandelier by Vaughan Designs hangs above an heirloom dining table; the chairs are upholstered in a Cowtan & Tout fabric.They made an offer then and there. It was completely unlike them to do something so impulsive and was thrilling for the rest of the family, which now numbers four adult children and seven grandchildren. Our clan is a modern one: step-parents, step-siblings, cousins. and step-cousins all mingled together. Both Christmas and Hanukkah are celebrated at North Creek Farm. Many of us are in the media, and dinner discussions often turn into heated debates, while pajama-clad children run in and out, seeking attention or another lollipop. The interiors needed to embrace this raucous spirit. And given its year-round use, the house had to transition seamlessly from Thanksgiving to Christmas to the Fourth of July, from corn-on-the-cob casual to my mother's famously chic, formally decorated holiday tables. William WaldronThe vent hood is by Broan, and the dishwasher is by Bosch. Rob Southern, a Manhattan-based interior designer, was the perfect choice to help Dolores implement her dream of a refined yet relaxed country home. It's a place to connect. But let's face it, Southern says, families work best when members are able to have private time as well as public time. As much as I wanted it to feel farm like, its for writers and avid readers, so every room had to support many functions, with a surface for a laptop and good lighting to read by. Everything had to be child-friendly, but also have the ability to close off and be private. Each room has a lovely view, either of the lake, the barns and paddocks, or the extensive gardens. Southern capitalized on this by bringing natural motifs indoors, in both colors and patterns. "The outside really dictated the inside, he says. Dolores, Ed, and I wanted to retain tradition, but without being overly historical or too literal. William WaldronIn the primary bedroom, the Sheraton-style bed, a family heirloom, is dressed in a skirt of a Travers print that Is also used for the curtains; the lamps are from Myrtle, and the etching is by Caio Fonseca. Southern used textiles have references to the past, but in a modern palette. In the game room"the site of Monopoly marathons, my daughter Annalises fashion shows, and my son Jack's chess games with Pa (his nickname for Ed)," Southern saysthe walls are upholstered in an 18th-century design of birds and flowering branches, updated in a sophisticated watery blue and beige. He anchored the living room with a bold crewel on two walls. It has a handcraftiness to it, a nod to the time the house was built, he says, but it feels fresh on the walls. William WaldronA guest room is sheathed in Cowtan & Touts Stria wallpaper; the firms Ferns linen is used for the headboard, which was designed by Southern, as well as for the shades and the wing chair. Throughout, family antiques are mixed with modern elements, a reflection of his parents' eclectic taste. A Sheraton-style tester bed in the master bedroom is flanked by a pair of overscale contemporary ambercolor glass urn lamps and offset with a Caio Fonseca print and a vivid geometric American needlepoint rug. The key with Dolores and Ed, Southern says, "was to take all of their various likes and interests and marry them in a way that would make the place flow. And it does. When we're alone in this house, Ed and I marvel at its beauty and serenity, Dolores says. Yet when it's filled with the laughter of our grandchildren, North Creek Farm is at its very best.Tour this elegant house in the Hudson Valley This story originally appeared in the December 2009 issue of ELLE DECOR.

With iOS 18.2, Apple supercharged AirTags with a new feature called Share Item Location. This feature lets you share the location of a lost AirTag or Find My network accessory with a trusted third party. As part of the launch of Share Item Location, Apple is teaming up with airlines worldwide. Here are all the airlines that support this new featureAs weve covered before, the Share Item Location feature lets you generate a link to the location of a lost AirTag or other Find My network accessory. Through this link, a third party can view the location of the lost item to help you find it. The link will show the items location on an interactive map that automatically updates as the location changes. Theres also a timestamp that shows the most recent update. To generate a Share Item Location link, you just need to go to the Find My app on your iPhone, iPad, and Mac. Here are all of the airlines that have implemented support for accepting location links from the Find My app: UnitedDeltaBritish AirwaysLufthansaAir CanadaAir New ZealandTurkish AirlinesAer LingusAustrian AirlinesBrussels AirlinesSwissEurowingsIberia AirlinesThis means that if you fly with one of these airlines and your luggage with an AirTag is lost or misplaced, you can share the location of that AirTag to help the airline find it. For example, United travelers can file a delayed baggage report in the United and attach a Find My link to that report. Once that link is submitted, United customer service agents can use it to expedite tracking down the misplaced luggage. Apple also touts several privacy protections that have been implemented alongside this new Share Item Location feature for AirTags: Location sharing automatically ceases when a customer reunites with their bag. The user can stop sharing their location at any time. The link will expire automatically after 7 days. The entire process is end-to-end encrypted and anonymous. This means no one, including Apple or accessory manufacturers, can access an items location.This is yet another new feature that makes AirTags a must-have product while traveling. Best AirTag and Find My accessoriesFollow Chance:Threads,Bluesky,Instagram, andMastodon.Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

This is Rumor Replay, a weekly column at 9to5Mac offering a quick rundown of the most recent Apple product rumors, with analysis and commentary. Today: Apples foldable iPad and iPhone are coming, plus a fresh Magic Mouse approach, and AirTag 2. Here are this weeks Apple rumors.iPhone 18 Fold and more affordable iPhone 17 AirThis week The Wall Street Journal reported on Apples next two years of iPhone updates:iPhone 18 FoldiPhone 17 AirNeither of these devices carry official names yet, but running with the two names above, WSJ says that 2026s foldable iPhone will unfold to a display size that would be larger than an iPhone 16 Pro Max. they also state that next years 17 Air is intended to be cheaper than Pro models.My takeawaysEvery time we get a report about the foldable iPhone, it makes the device seem more realespecially as 2026 draws near. Im intrigued to see what Apple can uniquely bring to foldables, but Im not sure a display larger than the Pro Max is what I want. One-handed use is extremely important to me, which is why I use an iPhone 16 Pro, not Pro Max. However, the market seems to show that people love huge phones, so Apples probably on the right track.The iPhone 17 Airs expected pricing is welcome news, especially because it makes sense of the specs were getting. Previous reports said the device would be ultra-premium, yet with compromises that dont justify that price. Now, the reported A18 chip, single rear camera, and ultra-thin design all cohere nicely with a moderate price point.Weve heard rumblings before of a roughly 19-inch iPad-Mac hybrid foldable device, and this week Mark Gurman shed more light on the project.Though some of Gurmans report is intentionally ambiguous, he seems to believe this is an iPad were talking about, not a Mac. Its always possible, though, that it could include key capabilities from both products.My takeawaysTheres a lot we dont know yet, but this foldable iPad could be my dream all-in-one product. Apples two iPad Pro sizes each have very different strengths and weaknesses, and this foldable could potentially combine the best of both sizes. Gurman says well have to wait until 2028 for this foldable though, so Im not getting my hopes up yet.Radically new Magic Mouse comingApples Magic Mouse has, for a long time, played second fiddle to the Magic Trackpad. But according to Mark Gurman, the company isnt content to let the accessory remain stagnant.Apple is apparently working on a whole new Magic Mouse design that could radically alter the way the device works. Its a full overhaul of the Magic Mouse that better fits the modern era.My takeawaysGurman doesnt say this, but I wonder if Apples motivation, in part, is to create a new Magic Mouse thats optimized for Vision Pro and spatial computing. Current Mac accessories arent ideal for spatial environments, even if they technically work. Perhaps Apple can create something well suited both for fresh platforms like the Vision Pro and legacy ones like the Mac.AirTag 2AirTag 2 is coming in 2025, and this week Gurman reported that its expected to boast a more modern Ultra Wideband chip.That chip upgrade will enable significantly improved Precision Finding support, so you can get very precise guidance from your iPhone when tracking down a lost AirTag from, potentially, up to 90 meters away.My takeawaysMy biggest issue with AirTag is its battery life (something a new add-on accessory just fixed), so I hope AirTag 2 offers improvements on that front too. That aside, expanded support for Precision Finding seems like a no-brainer enhancement.Which of this weeks Apple rumors are you most interested in? Let us know in the comments.Best iPhone accessoriesAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

What do you get the iPhone user who has everything? CarPlay solutions and accessories are a great place to start! These are the best CarPlay related gifts for the holiday season. more

They changed their mind yet again.Commitment PhobiaRussia's space program has thrown its weight behind NASA's plans to destroy the International Space Station starting in 2030.As Ars Technica reports, it's a change of tune for the country's space program. Its head, Yuri Borisov, who has been leading Roscosmos since 2022, has repeatedly changed his mind on whether Russia would be committed to supporting operations onboard the aging orbital outpost or simply abandon it, as his outspoken predecessor Dmitry Rogozin has threatened in the past.In 2022, roughly five months after Russia invaded Ukraine, Borisov said that "the decision to leave the station after 2024 has been made." Then in 2023, he agreed to continue Russia's participation until at least 2028.Now, in a televised interview with Russian broadcaster RBC TV, Borisov announced that in "coordination with our American colleagues, we plan to de-orbit the station sometime around the beginning of 2030," as quoted by Ars."The final scenario will probably be specified after the transition to a new NASA administration," he added.Scared InvestorsNASA has long planned to deorbit the massive station beginning in 2030. In June, the agency hired SpaceX to develop a "US Deorbit Vehicle" to pull the ISS out of its orbit and have it burn up during reentry.During the interview, Borisov reiterated that his agency sees the ISS, which has suffered plenty of leaks and cracks, as not worth maintaining."Today our cosmonauts have to spend more time repairing equipment and less and less time conducting experiments," he said.Indeed, Russian crew members have been hard at work identifying several leaks located in the country's segment of the space station.Other notable equipment failures include two coolant leaks affecting a Soyuz spacecraft in late 2022 and a Progress cargo spacecraft in early 2023.Borisov also said that the process of subsidizing a private space industry "has only just begun with us.""This is a very risky business for potential investors," he added.It's a surprisingly level-headed media appearance for the head of Roscosmos. Borisov's predecessor, Dmitry Rogozin, garnered a reputation for making deranged and at times baffling comments. In 2022, days into Russia's invasion of Ukraine, Rogozin went as far as to threaten the West with dropping the ISS on the United States.During this new interview, Borisov only hinted at the possibility that Russia's war may have depleted its available resources and put a dent in its efforts to launch its own space station."Right now, the dynamic growth of private space is being influenced by the general economic situation, high inflation and interest rates, which leads to expensive money for private investors," he told RBC TV. "We can hope that this will be a temporary period and more favorable times will come soon."Borisov also "guaranteed" that Russia would launch a competitor to SpaceX's Starlink as soon as 2030 but a super heavy launch platform would be a far more "expensive undertaking" that's still many years out, he said.More on Borisov: Russia Says the International Space Station Is a Dangerous, Decrepit MessShare This Article

The mysterious drones seen over New York and New Jersey have a strange new fan the queer erotica icon Chuck Tingle.In a post on Bluesky, the pseudonymous sci-fi author of such hits as "Bury Your Gays" and "Trans Wizard Harriet Porber And The Bad Boy Parasaurolophus" announced that his latest "Tingler" would feature bisexual drones.The synopsis for "Bisexually Pounded By The Mysterious New Jersey Drones," which uses Tingle's characteristic syntax to describe being "pounded" by anthropomorphized objects, describes main character Hank discovering the truth behind these strange sightings that have taken social media by storm."When two of these drones arrive at Hanks door, the truth starts gradually falling into place," the book's description reads. "It seems theres much more happening in the New Jersey skies than previously thought, and its more erotic and bisexual than anyone couldve ever imagined.""This erotic tale," the synopsis continues, "is 4,000 words of sizzling bisexual drone on human threesome action."Though many of us are longtime fans of theauthor's bizarre meta-fiction that he's been spitting out at a rapid pace for a decade now, it seems lots of folks on Bluesky were not familiar with the Hugo Award-nominated Tingle's game."[I'm] concerned by how quickly he was able to write this," one user remarked. "Did he already have a rough draft before this news???"After another user claimed that the autistic author's "process" is akin to "Mad Libs," the man himself responded in kind."Absolutely not," Tingle clapped back.In case you're tempted to suggest that the author of hundreds of titles uses AI to put out so many self-published books, his own social media statements seem to suggest that like many creatives, he finds the idea of using bots to do human work equal parts humorous and offensive."When starting out, [I] had to make my own covers in specific way which now IMMEDIATELY evokes 'tingle' identity," he posted on Bluesky earlier this year. "Would my books have taken off if covers were just [AI] art that 'looked better'? OF COURSE NOT. [B]uds wouldve scrolled on.""SO MUCH of artistry (but also branding and self promotion) is creating a visual identity," Tingle continued. "[Don't] make your identity 'generalized slop.'"We obviously can't say definitively how exactly the author manages to put out books and novellas at such speed, but considering he's been doing it since way before ChatGPT was a thing, it seems that "Bisexually Pounded By The Mysterious New Jersey Drones" is just the latest example of his one-of-a-kind creativity.More on the Jersey drones: Dimwit Americans Are Looking at the Night Sky and Mistaking Stars and Airplanes for "Drones"Share This Article

Dec 20, 2024Ravie LakshmananMalware / Supply Chain AttackThe developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware.Following the discovery, versions 1.1.7 of both libraries have been unpublished from the npm registry. The latest safe version is 1.1.8."They were released by an attacker who gained unauthorized npm publishing access, and contain malicious scripts," software supply chain security firm Socket said in an analysis.Rspack is billed as an alternative to the webpack, offering a "high performance JavaScript bundler written in Rust." Originally developed by ByteDance, it has since been adopted by several companies such as Alibaba, Amazon, Discord, and Microsoft, among others.The npm packages in question, @rspack/core, and @rspack/cli, attract weekly downloads of over 300,000 and 145,000, respectively, indicative of their popularity.An analysis of the rogue versions of the two libraries has revealed that they incorporate code to make calls to a remote server ("80.78.28[.]72") in order to transmit sensitive configuration details such as cloud service credentials, while also collecting IP address and location details by making an HTTP GET request to "ipinfo[.]io/json."In an interesting twist, the attack also limits the infection to machines located in a specific set of countries, such as China, Russia, Hong Kong, Belarus, and Iran.The end goal of the attacks is to trigger the download and execution of an XMRig cryptocurrency miner on compromised Linux hosts upon installation of the packages by means of a postinstall script specified in the "package.json" file."The malware is executed via the postinstall script, which runs automatically when the package is installed," Socket said. "This ensures the malicious payload is executed without any user action, embedding itself into the target environment."Besides publishing a new version of the two packages sans the malicious code, the project maintainers said they invalidated all existing npm tokens and GitHub tokens, checked the permissions of the repository and npm packages, and audited the source code for any potential vulnerabilities. An investigation into the root cause of the token theft is underway."This attack highlights the need for package managers to adopt stricter safeguards to protect developers, like enforcing attestation checks, to prevent updating to unverified versions," Socket said. "But it's not totally bullet-proof.""As seen in the recent Ultralytics supply chain attack in the Python ecosystem, attackers may still be able to publish versions with attestation by compromising GitHub Actions through cache poisoning."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Dec 20, 2024Ravie LakshmananFirewall Security / VulnerabilitySophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions.Of the three, two are rated Critical in severity. There is currently no evidence that the shortcomings have been exploited in the wild. The list of vulnerabilities is as follows -CVE-2024-12727 (CVSS score: 9.8) - A pre-auth SQL injection vulnerability in the email protection feature that could lead to remote code execution, if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode.CVE-2024-12728 (CVSS score: 9.8) - A weak credentials vulnerability arising from a suggested and non-random SSH login passphrase for High Availability (HA) cluster initialization that remains active even after the HA establishment process completed, thereby exposing an account with privileged access if SSH is enabled.CVE-2024-12729 (CVSS score: 8.8) - A post-auth code injection vulnerability in the User Portal that allows authenticated users to gain remote code execution.The security vendor said CVE-2024-12727 impacts about 0.05% of devices, whereas CVE-2024-12728 affects approximately 0.5% of them. All three identified vulnerabilities impact Sophos Firewall versions 21.0 GA (21.0.0) and older. It has been remediated in the following versions -CVE-2024-12727 - v21 MR1 and newer (Hotfixes for v21 GA, v20 GA, v20 MR1, v20 MR2, v20 MR3, v19.5 MR3, v19.5 MR4, v19.0 MR2)CVE-2024-12728 - v20 MR3, v21 MR1 and newer (Hotfixes for v21 GA, v20 GA, v20 MR1, v19.5 GA, v19.5 MR1, v19.5 MR2, v19.5 MR3, v19.5 MR4, v19.0 MR2, v20 MR2)CVE-2024-12729 - v21 MR1 and newer (Hotfixes for v21 GA, v20 GA, v20 MR1, v20 MR2, v19.5 GA, v19.5 MR1, v19.5 MR2, v19.5 MR3, v19.5 MR4, v19.0 MR2, v19.0 MR3)To ensure that the hotfixes have been applied, users are being recommended to follow the below-mentioned steps -CVE-2024-12727 - Launch Device Management > Advanced Shell from the Sophos Firewall console, and run the command "cat /conf/nest_hotfix_status" (The hotfix is applied if the value is 320 or above)CVE-2024-12728 and CVE-2024-12729 - Launch Device Console from the Sophos Firewall console, and run the command "system diagnostic show version-info" (The hotfix is applied if the value is HF120424.1 or later)As temporary workarounds until the patches can be applied, Sophos is urging customers to restrict SSH access to only the dedicated HA link that is physically separate, and/or reconfigure HA using a sufficiently long and random custom passphrase.Another security measure that users can take is to disable WAN access via SSH, as well as ensure that User Portal and Webadmin are not exposed to WAN.The development comes a little over a week after the U.S. government unsealed charges against a Chinese national named Guan Tianfeng for allegedly exploiting a zero-day security vulnerability (CVE-2020-12271, CVSS score: 9.8) to break into about 81,000 Sophos firewalls across the world.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Dec 20, 2024Ravie LakshmananVulnerability / Cyber AttackA now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as AnyDesk and ScreenConnect. The vulnerability in question is CVE-2023-48788 (CVSS score: 9.3), an SQL injection bug that allows attackers to execute unauthorized code or commands by sending specially crafted data packets.Russian cybersecurity firm Kaspersky said the October 2024 attack targeted an unnamed company's Windows server that was exposed to the internet and had two open ports associated with FortiClient EMS."The targeted company employs this technology to allow employees to download specific policies to their corporate devices, granting them secure access to the Fortinet VPN," it said in a Thursday analysis.Further analysis of the incident found that the threat actors took advantage of CVE-2023-48788 as an initial access vector, subsequently dropping a ScreenConnect executable to obtain remote access to the compromised host."After the initial installation, the attackers began to upload additional payloads to the compromised system, to begin discovery and lateral movement activities, such as enumerating network resources, trying to obtain credentials, perform defense evasion techniques, and generating a further type of persistence via the AnyDesk remote control tool," Kaspersky said.Some of the other notable tools dropped over the course of the attack are listed below -webbrowserpassview.exe, a password recovery tool that reveals passwords stored in Internet Explorer (version 4.0 11.0), Mozilla Firefox (all versions), Google Chrome, Safari, and OperaMimikatznetpass64.exe, a password recovery toolnetscan.exe, a network scannerThe threat actors behind the campaign are believed to have targeted various companies located across Brazil, Croatia, France, India, Indonesia, Mongolia, Namibia, Peru, Spain, Switzerland, Turkey, and the U.A.E. by making use of different ScreenConnect subdomains (e.g., infinity.screenconnect[.]com).Kaspersky said it detected further attempts to weaponize CVE-2023-48788 on October 23, 2024, this time to execute a PowerShell script hosted on a webhook[.]site domain in order to "collect responses from vulnerable targets" during a scan of a system susceptible to the flaw.The disclosure comes more than eight months after cybersecurity company Forescout uncovered a similar campaign that involved exploiting CVE-2023-48788 to deliver ScreenConnect and Metasploit Powerfun payloads."The analysis of this incident helped us to establish that the techniques currently used by the attackers to deploy remote access tools are constantly being updated and growing in complexity," the researchers said.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE