Sep 06, 2023THNVulnerability / ICS Nine security flaws have been disclosed in electric power management products made by Schweitzer Engineering Laboratories (SEL). “The most severe of those nine vulnerabilities would allow a threat actor to facilitate remote code execution (RCE) on an engineering workstation,” Nozomi Networks said in a report published last week. The issues, […]
Nine vulnerabilities, including potentially serious flaws, were patched recently in a couple of electric power management products made by Schweitzer Engineering Laboratories (SEL). SEL is a US-based company that provides a wide range of products and services for the electric power sector, including control systems, generator and transmission protection, and distribution automation. Researchers at industrial […]
⚠️ September 5, 2023: This appears to be an ongoing campaign with additional packages published. The package timeline table has been updated to reflect this. Phylum has been extremely busy in the past few weeks, reporting on multiple malware campaigns, including malicious updates to npm packages, malware masquerading as a GCC binary, and a package […]
Researchers from Security Joes have identified an unknown threat actor exploiting vulnerabilities in the MinIO Object Storage system to remotely execute arbitrary code on vulnerable servers. Researchers discovered the exploit code Evil_MinIO, abusing CVE-2023-28434 and CVE-2023-28432 vulnerabilities, on a GitHub repository. MinIO is a high-performance and distributed object storage system used by various organizations. Attack […]
Freecycle, a nonprofit organization which sees members exchange reusable items to divert them from landfill, has recently suffered a data breach impacting 7 million of its members. According to Freecycle, data stolen in the cyber attack included “usernames, User IDs, email addresses and passwords” but “no other personal information was compromised and the breach has […]
Freecycle, a nonprofit organization which sees members exchange reusable items to divert them from landfill, has recently suffered a data breach impacting 7 million of its members. According to Freecycle, data stolen in the cyber attack included “usernames, User IDs, email addresses and passwords” but “no other personal information was compromised and the breach has […]
These packages have unconventional names and some of them do not follow naming guidelines. While not all of them pose a security risk, they could potentially cause confusion or break software development tooling.
Sep 06, 2023THNCyber Crime / Email Security A previously undocumented “phishing empire” has been linked to cyber attacks aimed at compromising Microsoft 365 business email accounts over the past six years. “The threat actor created a hidden underground market, named W3LL Store, that served a closed community of at least 500 threat actors who could […]
Sep 05, 2023THNCyber Threat / Malware An updated version of a malware loader known as BLISTER is being used as part of SocGholish infection chains to distribute an open-source command-and-control (C2) framework called Mythic. “New BLISTER update includes keying feature that allows for precise targeting of victim networks and lowers exposure within VM/sandbox environments,” Elastic […]