Security

0 Comments
A package called “aabquerys” has been spotted on the open-source JavaScript npm repository using typosquatting techniques to enable the download of malicious components. The findings come from security researchers at ReversingLabs, who have said aabquerys was able to download second- and third-stage malware payloads to infected systems. “The package name, aabquerys, is also similar to the name
0 Comments
The US Cybersecurity and Infrastructure Security Agency (CISA) issued a new Cybersecurity Advisory (CSA) on Thursday warning critical infrastructure sector entities against ongoing North Korean state-sponsored ransomware activity. Part of the #StopRansomware campaign, the new advisory is a result of a collaboration between CISA, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Department
0 Comments
Reddit suffered a cyber-attack after its internal systems were breached on February 05 due to a “sophisticated” and “highly-targeted” phishing attack that led to employee credential compromise. “The attacker sent out plausible-sounding prompts pointing employees to a website that cloned the behavior of our intranet gateway in an attempt to steal credentials and second-factor tokens,”
0 Comments
Large-scale supply chain attacks have become a huge challenges for information security professionals. The past three years has seen a staggering 742% surge of supply chain attacks , according to cybersecurity firm Sonatype. To evolve software supply chain security, organizations should start by using the tools the open source community offers, said Thomas Steenbergen, head
0 Comments
by Paul Ducklin OpenSSL, probably the best-known if not the most widely-used encryption library in the world, has just release a trifecta of security updates. These patches cover the two current open-source versions that the organisation supports for everyone, plus the “old” 1.0.2-version series, where updates are only available to customers who pay for premium
0 Comments
For small and medium-sized businesses (SMBs) the evolving cyber insurance landscape can be particularly challenging to navigate. With the rise in ransomware attacks and their associated costs for many organizations there is a place for cyber insurance as part of their business coverage. IMB’s 2022 Data Breach Report noted that the average cost of a
0 Comments
A new Android banking Trojan dubbed “PixPirate” has been spotted targeting financial institutions in Brazil between the end of 2022 and the beginning of this year. The findings come from security experts at Cleafy, who described the new threat in an advisory published on Friday. “PixPirate belongs to the newest generation of Android banking trojan,
0 Comments
Threat actors have been observed using malvertising attacks to distribute virtualized .NET malware loaders dubbed “MalVirt.” According to a Thursday advisory by SentinelOne, the new loaders leverage obfuscated virtualization techniques to avoid detection. “The loaders are implemented in .NET and use virtualization, based on the KoiVM virtualizing protector of .NET applications, in order to obfuscate
0 Comments
Threat actors have been spotted using the legitimate ClickFunnels service to bypass security services and redirect users to malicious links. Security researchers at Avanan, a Check Point Software company, discussed the findings in an advisory shared with Infosecurity and published earlier today. “ClickFunnels is an online service that helps entrepreneurs and small businesses generate leads,
0 Comments
A ransomware attack targeting schools on the island of Nantucket, Massachusetts, forced the closure Tuesday of four establishments, counting a total of roughly 1700 students. The district’s superintendent Elizabeth Hallett announced the decision in an email to parents and seen by Infosecurity. “Together with outside data security experts, our Information Technology Department has been working
0 Comments
by Paul Ducklin Samba, simply put, is a super-useful, mega-popular, open-source reimplementation of the networking protocols used in Microsoft Windows, and its historical importance in internetworking (connecting two different sorts of network together) cannot be underestimated. In the late 1990s, Microsoft networking shed its opaque, proprietary nature and became an open standard known as CIFS,
0 Comments
A malicious campaign impersonating American financial advisors has been spotted targeting several hundred individuals in West Africa. Recently discovered by cybersecurity experts at DomainTools, the ‘pig butchering’ operation uses a complex network of social engineering techniques to defraud victims. Describing the activity in an advisory shared with Infosecurity, DomainTools said most attacks from the unnamed threat
0 Comments
Researchers have found three separate vulnerabilities in OpenEMR, an open-source software for electronic health records and medical practice management. Clean code experts at Sonar published an advisory Wednesday about the discovered flaws by security researcher Dennis Brinkrolf. “During our security research of popular web applications, we discovered several code vulnerabilities in OpenEMR,” Brinkrolf wrote. “A combination of