Sep 20, 2023THNKubernetes / Supply Chain Attack Cybersecurity researchers have discovered a fresh batch of malicious packages in the npm package registry that are designed to exfiltrate Kubernetes configurations and SSH keys from compromised machines to a remote server. Sonatype said it has discovered 14 different npm packages so far: @am-fe/hooks, @am-fe/provider, @am-fe/request, @am-fe/utils, @am-fe/watermark, […]
Sep 20, 2023THNMalware Attack / Cyber Threat Chinese-language speakers have been increasingly targeted as part of multiple email phishing campaigns that aim to distribute various malware families such as Sainbox RAT, Purple Fox, and a new trojan called ValleyRAT. “Campaigns include Chinese-language lures and malware typically associated with Chinese cybercrime activity,” enterprise security firm Proofpoint […]
The 8BASE ransomware group has claimed Araújo e Policastro Advogados breach following a cyber attack on the organization. Known for its sophisticated cyber-attacks on large-scale organizations, 8BASE ransomware group announced the data breach on their dark web channel. The threat actors have boldly announced their intention to publish the compromised data on September 25, 2023. […]
Sep 20, 2023THNEncryption / Privacy Encrypted messaging app Signal has announced an update to the Signal Protocol to add support for quantum resistance by upgrading the Extended Triple Diffie-Hellman (X3DH) specification to Post-Quantum Extended Diffie-Hellman (PQXDH). “With this upgrade, we are adding a layer of protection against the threat of a quantum computer being built […]
Observability’s adoption is on the rise and full-stack observability leads to better service-level metrics, such as fewer, shorter outages and lower outage costs, according to New Relic. Respondents receive a median $2 return per $1 of investment in observability, with 41% receiving more than $1 million total annual value. According to the research, organizations are […]
In a recent security incident, Sophos detected the most recent variant of the BlackCat/ALPHV variant, named Sphynx. This version introduces new functionalities and has been employed to encrypt Azure Storage accounts. In this incident, The attackers managed to infiltrate a victim’s Sophos Central account and successfully encrypted 39 Azure Storage accounts. Modus operandi After gaining […]
Sep 20, 2023THNZero Day / Vulnerability Cybersecurity company Trend Micro has released patches and hotfixes to address a critical security flaw in Apex One and Worry-Free Business Security solutions for Windows that has been actively exploited in real-world attacks. Tracked as CVE-2023-41179 (CVSS score: 9.1), it relates to a third-party antivirus uninstaller module that’s bundled […]
While cloud storage technology is still a popular strategy for IT leaders, its track record increasingly begs the question: Is it still the easy decision it once was? Traditional reasons to move to cloud services include cost and space savings, storage capacity flexibility and emergency recoverability. Organizations are reexamining their original strategy in light of […]
Sep 20, 2023THNVulnerability / Software Security GitLab has shipped security patches to resolve a critical flaw that allows an attacker to run pipelines as another user. The issue, tracked as CVE-2023-5009 (CVSS score: 9.6), impacts all versions of GitLab Enterprise Edition (EE) starting from 13.12 and prior to 16.2.7 as well as from 16.3 and […]