A new supply-chain attack, which was active throughout September 2023, has been discovered in which threat actors used Typosquatting and Startjacking techniques to lure developers using Alibaba cloud services, AWS, and Telegram into downloading malicious Pypi packages. The threat actors,…
OWASP ZAP is a free and open-source web application security scanner. It is designed to be utilized by expert penetration testers as well as individuals who are new to application security. It has received Flagship status and has been one…
European Union military personnel and political leaders working on gender equality initiatives have emerged as the target of a new campaign that delivers an updated version of RomCom RAT called PEAPOD.
Cybersecurity firm Trend Micro attributed the attacks to a threat actor it tracks under the name Void Rabisu, which is also known as Storm-0978, Tropical Scorpius, and UNC2596, and is also
The writers’ strike shows that balancing artificial intelligence and human ingenuity is the best possible outcome for creative as well as cybersecurity professionals. Read More
CISA is now flagging vulnerabilities and misconfigurations that are known to be exploited in ransomware attacks. The post CISA Now Flagging Vulnerabilities, Misconfigurations Exploited by Ransomware appeared first on SecurityWeek. Read More
Juniper Networks patches over 30 vulnerabilities in Junos OS and Junos OS Evolved, including nine high-severity bugs. The post Juniper Networks Patches Over 30 Vulnerabilities in Junos OS appeared first on SecurityWeek. Read More
In Other The post In Other News: Ex-Uber Security Chief Appeal, New Offerings From Tech Giants, Crypto Bounty appeared first on SecurityWeek. Read More
The advanced persistent threat (APT) actor known as ToddyCat has been linked to a new set of malicious tools that are designed for data exfiltration, offering a deeper insight into the hacking crew's tactics and capabilities.
The findings come from Kaspersky, which first shed light on the adversary last year, linking it to attacks against high-profile entities in Europe and Asia for nearly three
The world in brief: Microsoft fixes two zero-days, malicious NuGet packages deliver SeroXen RAT, and more. Read More
Interesting New York Times article about high-school students hacking the grading system. What’s not helping? The policies many school districts are adopting that make it nearly impossible for low-performing students to fail—they have a grading floor under them, they know…
Ransomware attacks have only increased in sophistication and capabilities over the past year. From new evasion and anti-analysis techniques to stealthier variants coded in new languages, ransomware groups have adapted their tactics to bypass common defense strategies effectively.
This article will cover just some of those new developments in Q3-2023 as well as give predictions on quarters to
A piece of malware known as DarkGate has been observed being spread via instant messaging platforms such as Skype and Microsoft Teams.
In these attacks, the messaging apps are used to deliver a Visual Basic for Applications (VBA) loader script that masquerades as a PDF document, which, when opened, triggers the download and execution of an AutoIt script designed to launch the malware.
"It's
The AvosLocker ransomware gang has been linked to attacks against critical infrastructure sectors in the U.S., with some of them detected as recently as May 2023.
That's according to a new joint cybersecurity advisory released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) detailing the ransomware-as-a-service (RaaS) operation's
Dozens of Squid caching proxy vulnerabilities remain unpatched two years after a researcher reported them to developers. The post Dozens of Squid Proxy Vulnerabilities Remain Unpatched 2 Years After Disclosure appeared first on SecurityWeek. Read More
Microsoft is offering rewards of up to $15,000 in a new bug bounty program dedicated to its new AI-powered Bing. The post Microsoft Offers Up to $15,000 in New AI Bug Bounty Program appeared first on SecurityWeek. Read More
