Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through FirewallsIn yet another campaign targeting the Python Package Index (PyPI) repository, six malicious packages have been found...
Month: January 2023
Sonatype Nexus Lifecycle Boosts Open Source Security and Dependency Management
Sonatype Nexus Lifecycle Boosts Open Source Security and Dependency Management The post Sonatype Nexus Lifecycle Boosts Open Source Security and Dependency Management appeared first on...
Russians say they can grab software from Intel again
Russians say they can grab software from Intel againAnd Windows updates from Microsoft, too People in Russia can reportedly once again download drivers and some other...
Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands
Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car BrandsMultiple bugs affecting millions of vehicles from 16 different manufacturers could be abused to...
Control Web Panel Vulnerability, CVE-2022-44877, Actively Exploited in the Wild
Control Web Panel Vulnerability, CVE-2022-44877, Actively Exploited in the WildThis post offers details on the Control Web Panel Vulnerability, CVE-2022-44877, which is actively being exploited in...
USENIX Security ’22 – Aloni Cohen, University of Chicago – ‘Attacks on Deidentification’s Defenses’
USENIX Security ’22 – Aloni Cohen, University of Chicago – ‘Attacks on Deidentification’s Defenses’Distinguished Paper Award Winner Our thanks to USENIX for publishing their Presenter’s outstanding...
Tesla Factories Pollute Schools? A Story Nobody is Talking About
Tesla Factories Pollute Schools? A Story Nobody is Talking AboutFrom a long list of horrible societal harms from Tesla, some obviously criminal, this one surprised me...
Why Do User Permissions Matter for SaaS Security?
Why Do User Permissions Matter for SaaS Security?Earlier this year, threat actors infiltrated Mailchimp, the popular SaaS email marketing platform. They viewed over 300 Mailchimp customer accounts...
New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks
New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS AttacksA group of academics has demonstrated novel attacks that leverage Text-to-SQL models to produce malicious...
Microsoft January Patch Tuesday 2023: 98 Security Vulnerabilities and a Zero Day
Microsoft January Patch Tuesday 2023: 98 Security Vulnerabilities and a Zero DayOn January 10th, 2023 Microsoft released their January Patch Tuesday fixes and revealed 98 vulnerability...
Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQL
Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQLThe threat actors behind the Kinsing cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial...
Severe Security Flaw Found in “jsonwebtoken” Library Used by 22,000+ Projects
Severe Security Flaw Found in "jsonwebtoken" Library Used by 22,000+ ProjectsA high-severity security flaw has been disclosed in the open source jsonwebtoken (JWT) library that, if...
Italian Users Warned of Malware Attack Targeting Sensitive Information
Italian Users Warned of Malware Attack Targeting Sensitive InformationA new malware campaign has been observed targeting Italy with phishing emails designed to deploy an information stealer...
Expert Analysis Reveals Cryptographic Weaknesses in Threema Messaging App
Expert Analysis Reveals Cryptographic Weaknesses in Threema Messaging AppA comprehensive analysis of the cryptographic protocols used in the Swiss encrypted messaging application Threema has revealed a...
StrongPity Hackers Distribute Trojanized Telegram App to Target Android Users
StrongPity Hackers Distribute Trojanized Telegram App to Target Android UsersThe advanced persistent threat (APT) group known as StrongPity has targeted Android users with a trojanized version of the...
Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day Exploit
Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day ExploitThe first Patch Tuesday fixes shipped by Microsoft for 2023 have addressed a total of 98 security...
Dark Pink APT Group Targets Governments and Military in APAC Region
Dark Pink APT Group Targets Governments and Military in APAC RegionGovernment and military organizations in the Asia-Pacific region are being targeted by a previously unknown advanced...
Unlock Your Potential: Get 9 Online Cyber Security Courses for Just $49.99
Unlock Your Potential: Get 9 Online Cyber Security Courses for Just $49.99Are you looking to take your career in the information security industry to the next...
Australian Healthcare Sector Targeted in Latest Gootkit Malware Attacks
Australian Healthcare Sector Targeted in Latest Gootkit Malware AttacksA recent wave of Gootkit malware loader attacks has targeted the Australian healthcare sector by leveraging legitimate tools...
New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat Actors
New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat ActorsA new analysis of Raspberry Robin's attack infrastructure has revealed that it's possible for other threat actors...
Alert: Hackers Actively Exploiting Critical “Control Web Panel” RCE Vulnerability
Alert: Hackers Actively Exploiting Critical "Control Web Panel" RCE VulnerabilityMalicious actors are actively attempting to exploit a recently patched critical vulnerability in Control Web Panel (CWP)...
Twitter Denies Hacking Claims, Assures Leaked User Data Not from its System
Twitter Denies Hacking Claims, Assures Leaked User Data Not from its SystemTwitter on Wednesday said that its investigation found "no evidence" that users' data sold online...
Patch Where it Hurts: Effective Vulnerability Management in 2023
Patch Where it Hurts: Effective Vulnerability Management in 2023A recently published Security Navigator report data shows that businesses are still taking 215 days to patch a reported vulnerability....
Experts Detail Chromium Browser Security Flaw Putting Confidential Data at Risk
Experts Detail Chromium Browser Security Flaw Putting Confidential Data at RiskDetails have emerged about a now-patched vulnerability in Google Chrome and Chromium-based browsers that, if successfully...
Over 100 Siemens PLC Models Found Vulnerable to Firmware Takeover
Over 100 Siemens PLC Models Found Vulnerable to Firmware TakeoverSecurity researchers have disclosed multiple architectural vulnerabilities in Siemens SIMATIC and SIPLUS S7-1500 programmable logic controllers (PLCs)...
IcedID Malware Strikes Again: Active Directory Domain Compromised in Under 24 Hours
IcedID Malware Strikes Again: Active Directory Domain Compromised in Under 24 HoursA recent IcedID malware attack enabled the threat actor to compromise the Active Directory domain...
FortiOS Flaw Exploited as Zero-Day in Attacks on Government and Organizations
FortiOS Flaw Exploited as Zero-Day in Attacks on Government and OrganizationsA zero-day vulnerability in FortiOS SSL-VPN that Fortinet addressed last month was exploited by unknown actors...
Get Unified Cloud and Endpoint Security: Only $1 for 1,000 Assets for all of 2023!
Get Unified Cloud and Endpoint Security: Only $1 for 1,000 Assets for all of 2023!As the new year begins, it's more important than ever to protect...
Cybercriminals Using Polyglot Files in Malware Distribution to Fly Under the Radar
Cybercriminals Using Polyglot Files in Malware Distribution to Fly Under the RadarRemote access trojans such as StrRAT and Ratty are being distributed as a combination of...
Beware: Tainted VPNs Being Used to Spread EyeSpy Surveillanceware
Beware: Tainted VPNs Being Used to Spread EyeSpy SurveillancewareTainted VPN installers are being used to deliver a piece of surveillanceware dubbed EyeSpy as part of a malware campaign...