Tag: malicious
-
Federal Cyber Operations Would Downgrade Under Shutdown
by
in SecurityNewsGovernment Shutdown Could See Thousands of Federal Cyber Workers Furloughed. A looming shutdown could sharply reduce the Cybersecurity and Infrastructure Security Agency’s operations, furloughing two-thirds of its workforce and exposing critical federal networks to heightened cyber threats, especially as malicious actors target vulnerable systems during the holiday season. First seen on govinfosecurity.com Jump to article:…
-
Critical flaw in WordPress plugin exploited to install malicious software
First seen on scworld.com Jump to article: www.scworld.com/brief/critical-flaw-in-wordpress-plugin-exploited-to-install-malicious-software
-
Malicious Rspack, Vant packages published using stolen NPM tokens
by
in SecurityNewsThree popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-rspack-vant-packages-published-using-stolen-npm-tokens/
-
Cybersecurity Snapshot: CISA Hands Down Cloud Security Directive, While Threat from North Korean IT Workers Gets the Spotlight
by
in SecurityNews
Tags: access, ai, authentication, best-practice, business, china, cisa, cisco, cloud, computer, control, cyber, cybersecurity, data, data-breach, email, extortion, finance, framework, fraud, google, government, guide, hacker, identity, incident, incident response, infrastructure, intelligence, international, Internet, jobs, korea, kubernetes, law, lessons-learned, linux, login, malicious, microsoft, mobile, monitoring, network, north-korea, office, password, regulation, risk, risk-management, russia, service, software, tactics, technology, threat, tool, updateCheck out the new cloud security requirements for federal agencies. Plus, beware of North Korean government operatives posing as remote IT pros. Also, learn how water plants can protect their HMIs against cyberattacks. And get the latest on the U.S. cyber incident response framework; the CIS Benchmarks; and local and state governments’ cyber challenges. Dive…
-
Threat Actors Selling Nunu Stealer On Hacker Forums
A new malware variant calledNunu Stealeris making headlines after being advertised on underground hacker forums and Telegram channels. Priced at $100 per month, this malicious tool is gaining attention for its extensive capabilities and potential to wreak havoc on individuals and organizations alike. According to a post shared by a ThreatMon on X, the malware…
-
Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack
by
in SecurityNewsThe developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware.Following the discovery, versions 1.1.7 of both libraries have been unpublished from the npm registry.…
-
CISA Warns of BeyondTrust Privileged Remote Access Exploited in Wild
by
in SecurityNews
Tags: access, cisa, cyber, cybersecurity, exploit, flaw, infrastructure, malicious, risk, tool, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm over a critical vulnerability impacting BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) products. This newly uncovered flaw tracked as CVE-2024-12356, could allow attackers to execute malicious commands, posing a severe risk to global enterprises relying on these tools for secure remote access and…
-
Android malware found on Amazon Appstore disguised as health app
A malicious Android spyware application named ‘BMI CalculationVsn’ was discovered on the Amazon Appstore, masquerading as a simple health tool but stealing data from infected devices in the background. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/android-spyware-found-on-amazon-appstore-disguised-as-health-app/
-
From reactive to proactive: Redefining incident response with unified, cloud-native XDR
by
in SecurityNewsIn today’s rapidly evolving threat landscape, cybersecurity is a constant game of cat and mouse. The average security operations center (SOC) team receives 4,484 alerts every day and can spend up to 3 hours manually triaging to understand which signals represent a genuine threat and which are just noise.However, this model traps SOCs in a…
-
Thousands Download Malicious npm Libraries Impersonating Legitimate Tools
by
in SecurityNewsThreat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry.The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and retrieve second-stage payloads, respectively.”While typosquatting attacks are First seen on thehackernews.com Jump to article:…
-
Google Calendar Phishing Scam Targets Users with Malicious Invites
Protect yourself from sophisticated phishing attacks that leverage Google Calendar to steal your personal information. First seen on hackread.com Jump to article: hackread.com/google-calendar-phishing-scam-users-malicious-invites/
-
Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords
Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malicious campaign that deploys the Mirai botnet malware.The company said it’s issuing the advisory after “several customers” reported anomalous behavior on their Session Smart Network (SSN) platforms on December 11, 2024.”These systems have been infected…
-
US eyes ban on TP-Link routers amid cybersecurity concerns
by
in SecurityNews
Tags: attack, business, china, compliance, computer, corporate, country, cyber, cyberattack, cybercrime, cybersecurity, ddos, defense, espionage, exploit, flaw, government, hacking, infrastructure, intelligence, law, malicious, microsoft, network, risk, router, technology, threat, vulnerability, wifiThe US government is investigating TP-Link, a Chinese company that supplies about 65% of routers for American homes and small businesses, amid concerns about national security risks. Reports suggest these routers have vulnerabilities that cybercriminals exploit to compromise sensitive enterprise data.Investigations by the Commerce, Defense, and Justice Departments indicate that the routers may have been…
-
Malicious Supply Chain Attacking Moving From npm Community To VSCode Marketplace
by
in SecurityNewsResearchers have identified a rise in malicious activity on the VSCode Marketplace, highlighting the vulnerability of the platform to supply chain attacks similar to those previously seen in the npm community. Malicious actors are increasingly exploiting npm packages to distribute malicious code, mirroring tactics previously used in VSCode extensions that involve the npm package etherscancontracthandler,…
-
Beware Of Malicious SharePoint Notifications That Delivers Xloader Malware
by
in SecurityNewsThrough the use of XLoader and impersonating SharePoint notifications, researchers were able to identify a sophisticated malware delivery campaign. A link that was disguised as a legitimate SharePoint notification was included in the emails that were sent out at the beginning of the attack. The engine flagged the message as malicious based on several factors:…
-
Hackers Weaponizing LNK Files To Create Scheduled Task And Deliver Malware Payload
by
in SecurityNewsTA397, also known as Bitter, targeted a Turkish defense organization with a spearphishing email containing a RAR archive, which included a decoy PDF, a malicious LNK file disguised as a PDF, and an ADS file with PowerShell code. This technique, common for TA397, leverages NTFS ADS to establish persistence and deploy further malware like wmRAT…
-
BADBOX Botnet Hacked 74,000 Android Devices With Customizable Remote Codes
by
in SecurityNewsBADBOX is a cybercriminal operation infecting Android devices like TV boxes and smartphones with malware before sale, which are often sold through reputable retailers and pose a significant threat to users due to their pre-installed malicious software, making detection challenging. It previously thought eradicated has resurfaced with a significantly expanded reach, infecting over 192,000 Android…
-
IAM Predictions for 2025: Identity as the Linchpin of Business Resilience
by
in SecurityNews
Tags: access, ai, apple, attack, authentication, banking, breach, business, cloud, compliance, corporate, credentials, crime, data, deep-fake, detection, finance, iam, identity, malicious, microsoft, mobile, office, passkey, password, privacy, regulation, resilience, risk, service, supply-chain, theft, threat, tool, vulnerabilityIAM Predictions for 2025: Identity as the Linchpin of Business Resilience madhav Thu, 12/19/2024 – 05:33 As we look toward 2025, the lessons of 2024 serve as a stark reminder of the rapidly evolving identity and access management (IAM) landscape. The numbers tell the story: The latest Identity Theft Resource Center report indicates that consumers…
-
Fighting on the New Front Line of Security with Snowflake and LogLMs
by
in SecurityNews
Tags: access, ai, attack, cyber, cybersecurity, data, detection, finance, incident response, intelligence, malicious, mitre, monitoring, network, siem, soc, threat, toolTempo”Š”, “Ša Snowflake Native App”Š”, “Šharnesses AI and Log Language Models for Proactive Cybersecurity Cybersecurity attackers are innovating, challenging traditional security measures, and pushing organizations to seek more innovative solutions. Tempo, a Snowflake Native App that revolutionizes cybersecurity using AI-powered proactive security, sees even novel attacks. By leveraging Log Language Models (LogLMs), which are a…
-
Iranian Hackers Launched A Massive Attack to Exploit Global ICS Infrastructure
by
in SecurityNewsIn a joint cybersecurity advisory, the FBI, CISA, NSA, and partner agencies from Canada, the United Kingdom, and Israel have issued an urgent warning about ongoing malicious cyber activities by advanced persistent threat (APT) actors affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC). The advisory provides critical new details on tactics, techniques, and procedures (TTPs)…
-
CISA Released Secure Mobile Communication Best Practices 2025
by
in SecurityNews
Tags: best-practice, china, cisa, communications, cyber, cybersecurity, espionage, infrastructure, malicious, mobile, threatThe Cybersecurity and Infrastructure Security Agency (CISA) has released new best practice guidance to safeguard mobile communications amid rising concerns over cyber espionage activities linked to People’s Republic of China (PRC)-affiliated threat actors. These malicious actors have been targeting commercial telecommunications infrastructure to intercept call records and compromise the private communications of highly targeted individuals,…
-
Are threat feeds masking your biggest security blind spot?
by
in SecurityNewsSecurity teams that subscribe to threat feeds get lists of known malicious domains, IPs, and file signatures that they can leverage to blacklist and prevent attacks from those … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/19/threat-feeds/
-
Russia-linked APT29 group used red team tools in rogue RDP attacks
by
in SecurityNewsRussia-linked APT29 group uses malicious RDP configuration files, adapting red teaming methods for cyberattacks to compromise systems. In October 2024, the Russia-linked cyber espionage group APT29 (aka Earth Koshchei, SVR group, Cozy Bear, Nobelium, BlueBravo, Midnight Blizzard, and The Dukes) used rogue RDP attacks via phishing emails targeting governments, think tanks, and Ukrainian entities to steal data and install malware. The…
-
Russian hackers use RDP proxies to steal data in MiTM attacks
by
in SecurityNewsThe Russian hacking group tracked as APT29 (aka “Midnight Blizzard”) is using a network of 193 remote desktop protocol proxy servers to perform man-in-the-middle (MiTM) attacks to steal data and credentials and to install malicious payloads. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-hackers-use-rdp-proxies-to-steal-data-in-mitm-attacks/
-
Threat actors are attempting to exploit Apache Struts vulnerability CVE-2024-53677
by
in SecurityNewsResearchers warn that threat actors are attempting to exploit a recently disclosed Apache Struts vulnerability CVE-2024-53677. Researchers warn that threat actors are attempting to exploit the vulnerability CVE-2024-53677 (CVSS score of 9.5) in Apache Struts. A remote attacker could exploit this vulnerability to upload malicious files, potentially leading to arbitrary code execution. >>An attacker can…
-
Malicious Microsoft VSCode extensions target devs, crypto community
by
in SecurityNewsMalicious Visual Studio Code extensions were discovered on the VSCode marketplace that download heavily obfuscated PowerShell payloads to target developers and cryptocurrency projects in supply chain attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-microsoft-vscode-extensions-target-devs-crypto-community/