Apr 16, 2024NewsroomSupply Chain / Software Security Security researchers have uncovered a “credible” takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities to the recently uncovered incident aimed at the open-source XZ Utils project. “The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names […]
Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets Pierluigi Paganini April 15, 2024 The Ukrainian hacking group Blackjack used a destructive ICS malware dubbed Fuxnet in attacks against Russian infrastructure. Industrial and enterprise IoT cybersecurity firm Claroty reported that the Ukrainian Blackjack hacking group claims to have damaged emergency detection and response capabilities […]
Healthcare , Industry Specific , Legislation & Litigation Orrick Herrington Cyberattack Compromised Clients’ Data, Affected Nearly 638,000 Marianne Kolbasuk McGee (HealthInfoSec) • April 15, 2024 Image: Orrick A global law firm that provides data breach legal services has agreed to an $8 million settlement to resolve a proposed class action lawsuit filed against […]
The attacks begin with malicious emails containing seemingly innocuous document attachments (Excel and Word files) that exploit the CVE-2017-11882 flaw, a commonly targeted Microsoft Office Equation Editor vulnerability fixed in 2017.
Apr 16, 2024NewsroomEncryption / Network Security The maintainers of the PuTTY Secure Shell (SSH) and Telnet client are alerting users of a critical vulnerability impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery of NIST P-521 (ecdsa-sha2-nistp521) private keys. The flaw has been assigned the CVE identifier CVE-2024-31497, with the […]
Apr 16, 2024NewsroomThreat Intelligence / Endpoint Security The threat actor tracked as TA558 has been observed leveraging steganography as an obfuscation technique to deliver a wide range of malware such as Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm, among others. “The group made extensive use of steganography by sending VBSs, PowerShell […]
Cassy’s label is firing on all cylinders Cassy – pic by William Worrell Cassy admits herself that she needed a push to start her own label, but since founding it in 2017 she’s found her groove and found a disitinctive “deeper, individual and unique version” of house music on which to concentrate. With her ‘Chateau […]
A recent incident in West Africa has once again brought attention to the persistent threat posed by the LockBit ransomware. Cybercriminals, armed with stolen administrator credentials, have deployed a customized variant of the encryption malware equipped with self-propagation capabilities. Exploiting privileged access, they breached corporate infrastructure, demonstrating the ongoing risk posed by the leaked LockBit […]
Security researchers have stopped a “credible” takeover attempt reminiscent of the recent XZ Utils backdoor incident — further highlighting the urgent need to address weaknesses in the management of open source software. Researchers at the OpenJS Foundation — which monitors JavaScript projects used by billions of websites worldwide — said Monday that they “received a […]