Cybersecurity
Category Added in a WPeMatico Campaign
⚠️ September 5, 2023: This appears to be an ongoing campaign with additional packages published. The package timeline table has been updated to reflect this. Phylum has been extremely busy in the past few weeks, reporting on multiple malware campaigns, including malicious updates to npm packages, malware masquerading as a GCC binary, and a package […]
Researchers from Security Joes have identified an unknown threat actor exploiting vulnerabilities in the MinIO Object Storage system to remotely execute arbitrary code on vulnerable servers. Researchers discovered the exploit code Evil_MinIO, abusing CVE-2023-28434 and CVE-2023-28432 vulnerabilities, on a GitHub repository. MinIO is a high-performance and distributed object storage system used by various organizations. Attack […]
Freecycle, a nonprofit organization which sees members exchange reusable items to divert them from landfill, has recently suffered a data breach impacting 7 million of its members. According to Freecycle, data stolen in the cyber attack included “usernames, User IDs, email addresses and passwords” but “no other personal information was compromised and the breach has […]
Freecycle, a nonprofit organization which sees members exchange reusable items to divert them from landfill, has recently suffered a data breach impacting 7 million of its members. According to Freecycle, data stolen in the cyber attack included “usernames, User IDs, email addresses and passwords” but “no other personal information was compromised and the breach has […]
These packages have unconventional names and some of them do not follow naming guidelines. While not all of them pose a security risk, they could potentially cause confusion or break software development tooling.
Sep 06, 2023THNCyber Crime / Email Security A previously undocumented “phishing empire” has been linked to cyber attacks aimed at compromising Microsoft 365 business email accounts over the past six years. “The threat actor created a hidden underground market, named W3LL Store, that served a closed community of at least 500 threat actors who could […]
Sep 05, 2023THNCyber Threat / Malware An updated version of a malware loader known as BLISTER is being used as part of SocGholish infection chains to distribute an open-source command-and-control (C2) framework called Mythic. “New BLISTER update includes keying feature that allows for precise targeting of victim networks and lowers exposure within VM/sandbox environments,” Elastic […]
Sep 06, 2023THNCyber Attack / Critical Infrastructure The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday said it thwarted a cyber attack against an unnamed critical energy infrastructure facility in the country. The intrusion, per the agency, started with a phishing email containing a link to a malicious ZIP archive that activates the infection […]
The current challenges facing cyber security practitioners in the Asia-Pacific region and where they are focusing their investment decisions in 2023 and beyond Add bookmark Contents About the respondents The current state of cyber security Cyber security threats and challenges Final remarks Foreword As the threat landscape develops, […]