Aug 11, 2024Ravie LakshmananSupply Chain / Software Security Cybersecurity researchers have discovered a new malicious package on the Python Package Index (PyPI) repository that masquerades as a library from the Solana blockchain platform but is actually designed to steal victims' secrets. "The legitimate Solana Python API project is known as 'solana-py' on GitHub, but simply … [Read more...] about Rogue PyPI Library Solana Users, Steals Blockchain Wallet Keys
rogue
New Malware Hits 300,000 Users with Rogue Chrome and Edge Extensions
Aug 10, 2024Ravie LakshmananBrowser Security / Online Fraud An ongoing, widespread malware campaign has been observed installing rogue Google Chrome and Microsoft Edge extensions via a trojan distributed via fake websites masquerading as popular software. "The trojan malware contains different deliverables ranging from simple adware extensions that hijack searches to more … [Read more...] about New Malware Hits 300,000 Users with Rogue Chrome and Edge Extensions
Hackers Created Rogue VMs to Evade Detection in Recent MITRE Cyber Attack
May 24, 2024NewsroomEndpoint Security / Threat Intelligence The MITRE Corporation has revealed that the cyber attack targeting the not-for-profit company towards late December 2023 by exploiting zero-day flaws in Ivanti Connect Secure (ICS) involved the actor creating rogue virtual machines (VMs) within its VMware environment. "The adversary created their own rogue VMs within … [Read more...] about Hackers Created Rogue VMs to Evade Detection in Recent MITRE Cyber Attack
Rogue WordPress Plugin Exposes E-Commerce Sites to Credit Card Theft
Dec 22, 2023NewsroomSkimming / Web Security Threat hunters have discovered a rogue WordPress plugin that's capable of creating bogus administrator users and injecting malicious JavaScript code to steal credit card information. The skimming activity is part of a Magecart campaign targeting e-commerce websites, according to Sucuri. "As with many other malicious or fake … [Read more...] about Rogue WordPress Plugin Exposes E-Commerce Sites to Credit Card Theft
Searching for AI Tools? Watch Out for Rogue Sites Distributing RedLine Malware
May 19, 2023Ravie LakshmananArtificial Intelligence / Cyber Threat Malicious Google Search ads for generative AI services like OpenAI ChatGPT and Midjourney are being used to direct users to sketchy websites as part of a BATLOADER campaign designed to deliver RedLine Stealer malware. "Both AI services are extremely popular but lack first-party standalone apps (i.e., users … [Read more...] about Searching for AI Tools? Watch Out for Rogue Sites Distributing RedLine Malware
Rogue NuGet Packages Infect .NET Developers with Crypto-Stealing Malware
Mar 22, 2023Ravie LakshmananDevOpsSec / Malware The NuGet repository is the target of a new "sophisticated and highly-malicious attack" aiming to infect .NET developer systems with cryptocurrency stealer malware. The 13 rogue packages, which were downloaded more than 160,000 times over the past month, have since been taken down. "The packages contained a PowerShell script … [Read more...] about Rogue NuGet Packages Infect .NET Developers with Crypto-Stealing Malware
Rogue TrendMicro Employee Sold Customer Data to Tech Support Scammers
Do you always uncomfortable trusting companies with your data? If so, you're not alone.While companies do much to protect themselves from external threats, insiders always pose the highest risk to a company's data.Unfortunately, when we say companies can't eliminate insider threat completely, cybersecurity firms, who are meant to protect others, are not an … [Read more...] about Rogue TrendMicro Employee Sold Customer Data to Tech Support Scammers