Dec 19, 2023The Hacker NewsSoftware Security / Threat intelligence Threat actors are increasingly making use of GitHub for malicious purposes through novel methods, including abusing secret Gists and issuing malicious commands via git commit messages. “Malware authors occasionally place their samples in services like Dropbox, Google Drive, OneDrive, and Discord to host second stage malware […]
The report provides guidance on open source software adoption, including criteria for selection, risk assessment, licensing, export control, maintenance, vulnerability response, and secure software delivery.
The ultimate rundown of 2023’s best albums 1 Creep Show – Yawning Abyss (Bella Union) The Francis Bacon-style sleeve is a clue to the contents here, or at least part of them, as the impending apocalypse that was gathering steam for real in 2023 casts a dark shadow over much of the lyrical content of […]
Dec 18, 2023NewsroomSoftware Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging manufacturers to get rid of default passwords on internet-exposed systems altogether, citing severe risks that could be exploited by malicious actors to gain initial access to, and move laterally within, organizations. In an alert published last week, the agency […]
Some of you have already started budgeting for 2024 and allocating funds to security areas within your organization. It is safe to say that employee security awareness training is one of the expenditure items, too. However, its effectiveness is an open question with people still engaging in insecure behaviors at the workplace. Besides, social engineering […]
Critical Infrastructure Security , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime Cyber Group Dubbed Predatory Sparrow Takes Responsibility for Widespread Attack Chris Riotta (@chrisriotta) • December 18, 2023 The Predatory Sparrow group has taken credit for an attack on Iranian gas stations on Dec. 18, 2023. (Image: Shutterstock) Gas stations across […]
Dec 19, 2023NewsroomCyber Espionage / Cyber Attack The Iranian nation-state actor known as MuddyWater has leveraged a newly discovered command-and-control (C2) framework called MuddyC2Go in its attacks on the telecommunications sector in Egypt, Sudan, and Tanzania. The Symantec Threat Hunter Team, part of Broadcom, is tracking the activity under the name Seedworm, which is also […]
Dec 19, 2023NewsroomMalvertising / Browser Security The malware loader known as PikaBot is being distributed as part of a malvertising campaign targeting users searching for legitimate software like AnyDesk. “PikaBot was previously only distributed via malspam campaigns similarly to QakBot and emerged as one of the preferred payloads for a threat actor known as TA577,” […]
One of the biggest apparel companies in the world reported a “material” cyberattack to the U.S. Securities and Exchange Commission (SEC) on the first day that a new cyber incident reporting rule went into effect. VF Corporation said it detected unauthorized activity on a portion of its information technology systems on December 13 and was […]