A new software supply chain attack is being exploited in the wild, according to security researchers. The technique targets Python applications distributed via the Python Package Index, or PyPI. Researchers at software supply chain security firm JFrog believe that the attack, dubbed “Revival Hijack,” could affect 22,000 existing Python packages. That, in turn, could lead
Month: September 2024
ESET Research ESET researchers discuss HotPage, a recently discovered adware armed with a highest-privilege, yet vulnerable, Microsoft-signed driver ESET Research 05 Sep 2024 • , 1 min. read Usually when someone mentions adware, people think of low-quality half-baked malicious code used to spam victims with sketchy ads. But as we explain in this episode of
Sep 06, 2024Ravie LakshmananWordPress / Webinar Security Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts. The vulnerability, tracked as CVE-2024-44000 (CVSS score: 7.5), impacts versions before and including 6.4.1. It has been addressed in version 6.5.0.1.
The US government has set out measures to improve the security for a key part of the internet. The Office of the National Cyber Director (ONCD) has released a roadmap to improve internet routing security, by tackling weaknesses associated with the Border Gateway Protocol (BGP). The ONCD’s roadmap calls for wider adoption of Resource Public
Malware Sometimes there’s more than just an enticing product offer hiding behind an ad Márk Szabó 03 Sep 2024 • , 3 min. read One thing is true: Malware developers are deeply invested in improving their malware and exploring different ways to compromise end users. Malware spreading through ads is nothing new; for a long
Sep 05, 2024Ravie LakshmananCyber Attack / Malware The Chinese-speaking threat actor known as Earth Lusca has been observed using a new backdoor dubbed KTLVdoor as part of a cyber attack targeting an unnamed trading company based in China. The previously unreported malware is written in Golang, and thus is a cross-platform weapon capable of targeting
Civil society and journalists’ groups in Europe are calling on the EU to take tougher action against spyware applications. The Center for Democracy and Technology (CDT Europe), and the fellow organizations in a “co-ordination group”, argue that spyware “poses a significant threat to EU democratic values, public debate and healthy civic spaces.” In a joint
Sep 04, 2024Ravie LakshmananMalware / Network Security A new malware campaign is spoofing Palo Alto Networks’ GlobalProtect VPN software to deliver a variant of the WikiLoader (aka WailingCrab) loader by means of a search engine optimization (SEO) campaign. The malvertising activity, observed in June 2024, is a departure from previously observed tactics wherein the malware
Fota Wildlife Park, in County Cork, Ireland, has been forced to advise customers to cancel their payment cards following a cyber-attack. The attraction is warning customers who carried out “financial transactions on our website” between 12 May and 27 August 2024, to cancel their debit or credit cards via their bank. The park says it has
In the digital realm, secrets (API keys, private keys, username and password combos, etc.) are the keys to the kingdom. But what if those keys were accidentally left out in the open in the very tools we use to collaborate every day? A Single Secret Can Wreak Havoc Imagine this: It’s a typical Tuesday in
The ransomware group BlackByte, believed to be a spin-off of the infamous Conti group, has been observed by cybersecurity experts exploiting a recently disclosed VMware ESXi vulnerability to gain control over virtual machines and escalate privileges within compromised environments. The pivot, discovered by Cisco Talos Incident Response, shows BlackByte’s ability to quickly integrate new vulnerabilities
Sep 02, 2024The Hacker NewsCybercrime / CISO Insights The FBI and CISA Issue Joint Advisory on New Threats and How to Stop Ransomware Note: on August 29, the FBI and CISA issued a joint advisory as part of their ongoing #StopRansomware effort to help organizations protect against ransomware. The latest advisory, AA24-242A, describes a new
In a world-first, a Russian state-sponsored hacking group has used software vulnerability exploits “identical or strikingly similar” to ones previously used by NSO Group and Intellexa, two infamous commercial spyware vendors. In a new report, Google Threat Analysis Group (TAG) shared insights on two watering hole attacks targeting Mongolian government websites between November 2023 and
Aug 31, 2024Ravie LakshmananRootkit / Threat Intelligence A recently patched security flaw in Google Chrome and other Chromium web browsers was exploited as a zero-day by North Korean actors in a campaign designed to deliver the FudModule rootkit. The development is indicative of the persistent efforts made by the nation-state adversary, which had made a