The Sonatype Security Research team is currently tracking an ongoing campaign on the npm registry that uses npm packages to retrieve and exfiltrate your Kubernetes configuration and SSH keys to an external server.
Sep 20, 2023THNCyber Crime / Dark Web Finnish law enforcement authorities have announced the takedown of PIILOPUOTI, a dark web marketplace that specialized in illegal narcotics trade since May 2022. “The site operated as a hidden service in the encrypted TOR network,” the Finnish Customs (aka Tulli) said in a brief announcement on Tuesday. “The […]
A cyberattack on a small city in Kansas has disrupted the government’s email, phone and online payment systems. Pittsburg — home to about 20,000 people along the state’s border with Missouri and Oklahoma — said it discovered the incident over the weekend. The attack caused an IT outage that limited government systems but did not […]
At present, there is no available information regarding the extent of the cyberattack’s nature and impact on the ICC’s systems or whether the perpetrators managed to access or exfiltrate any data or files from its network.
Texas startup HiddenLayer has bagged a hefty $50 million in new venture capital funding as investors continue to pour money into new technologies to protect the code flowing in and out of AI and LLM training sets. HiddenLayer, which emerged from stealth in July 2022 with $6 million in funding, said the latest financing was […]
The Securities and Exchange Commission introduced new requirements for disclosing material cybersecurity incidents on Sept. 5, placing pressure on organizations to adopt robust reporting mechanisms. The C-suite impact is clear: company leadership must be able to quickly determine whether an incident is material to business operations. A four-business-day clock at that point starts ticking, a […]
A financially motivated threat actor has been associated with an ongoing sophisticated web-skimming campaign active for over a year. Tracked as Silent Skimmer, the campaign deploys payment scraping mechanisms to extract sensitive financial data from users. Attack method As part of the campaign, the attackers are exploiting internet-facing applications for initial access and deploying various […]
The MK3 version of the DJ controller has been completely redesigned. [embedded content] Native Instruments have updated the popular Traktor X1 DJ controller to MK3 spec. The completely redesigned controller has a similar layout to the MK2 version, but features NI’s latest look and build quality, with added screens and improved lighting. There’s a built-in […]
As organizations shift their operations to the cloud, they’re experiencing more security incidents — the result of challenges around the transitions from on-premises to remote data and infrastructure management. According to a recent survey, 80% of companies experienced at least one cloud security issue in 2022, while 27% suffered a breach with a public cloud […]