software vulnerability

Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files

Apr 12, 2024 by iHash Leave a Comment

"Test files" associated with the XZ Utils backdoor have made their way to a Rust crate known as liblzma-sys, new findings from Phylum reveal. liblzma-sys, which has been downloaded over 21,000 times to date, provides Rust developers with bindings to the liblzma implementation, an underlying library that is part of the XZ Utils data compression software. The impacted version in … [Read more...] about Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files

TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer

Apr 11, 2024 by iHash Leave a Comment

Apr 11, 2024NewsroomEndpoint Security / Ransomware A threat actor tracked as TA547 has targeted dozens of German organizations with an information stealer called Rhadamanthys as part of an invoice-themed phishing campaign. "This is the first time researchers observed TA547 use Rhadamanthys, an information stealer that is used by multiple cybercriminal threat actors," … [Read more...] about TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer

‘eXotic Visit’ Spyware Campaign Targets Android Users in India and Pakistan

Apr 10, 2024 by iHash Leave a Comment

Apr 10, 2024NewsroomMobile Security / Spyware An active Android malware campaign dubbed eXotic Visit has been primarily targeting users in South Asia, particularly those in India and Pakistan, with malware distributed via dedicated websites and Google Play Store. Slovak cybersecurity firm said the activity, ongoing since November 2021, is not linked to any known threat actor … [Read more...] about ‘eXotic Visit’ Spyware Campaign Targets Android Users in India and Pakistan

10-Year-Old ‘RUBYCARP’ Romanian Hacker Group Surfaces with Botnet

Apr 9, 2024 by iHash Leave a Comment

Apr 09, 2024NewsroomBotnet / Crypto Mining A threat group of suspected Romanian origin called RUBYCARP has been observed maintaining a long-running botnet for carrying out crypto mining, distributed denial-of-service (DDoS), and phishing attacks. The group, believed to be active for at least 10 years, employs the botnet for financial gain, Sysdig said in a report shared with … [Read more...] about 10-Year-Old ‘RUBYCARP’ Romanian Hacker Group Surfaces with Botnet

Google Chrome Adds V8 Sandbox

Apr 8, 2024 by iHash Leave a Comment

Apr 08, 2024NewsroomSoftware Security / Cybersecurity Google has announced support for what's called a V8 Sandbox in the Chrome web browser in an effort to address memory corruption issues. The sandbox, according to V8 Security technical lead Samuel Groß, aims to prevent "memory corruption in V8 from spreading within the host process." The search behemoth has described V8 … [Read more...] about Google Chrome Adds V8 Sandbox

Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites

Apr 6, 2024 by iHash Leave a Comment

Apr 06, 2024NewsroomSkimmer / Threat Intelligence Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been described by Adobe as a case of "improper neutralization of special elements" that could pave the way for arbitrary code … [Read more...] about Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites

AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks

Apr 5, 2024 by iHash Leave a Comment

Apr 05, 2024NewsroomArtificial Intelligence / Supply Chain Attack New research has found that artificial intelligence (AI)-as-a-service providers such as Hugging Face are susceptible to two critical risks that could allow threat actors to escalate privileges, gain cross-tenant access to other customers' models, and even take over the continuous integration and continuous … [Read more...] about AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks

CISO Perspectives on Complying with Cybersecurity Regulations

Apr 5, 2024 by iHash Leave a Comment

Compliance requirements are meant to increase cybersecurity transparency and accountability. As cyber threats increase, so do the number of compliance frameworks and the specificity of the security controls, policies, and activities they include. For CISOs and their teams, that means compliance is a time-consuming, high-stakes process that demands strong organizational and … [Read more...] about CISO Perspectives on Complying with Cybersecurity Regulations

Vietnam-Based Hackers Steal Financial Data Across Asia with Malware

Apr 4, 2024 by iHash Leave a Comment

A suspected Vietnamese-origin threat actor has been observed targeting victims in several Asian and Southeast Asian countries with malware designed to harvest valuable data since at least May 2023. Cisco Talos is tracking the cluster under the name CoralRaider, describing it as financially motivated. Targets of the campaign include India, China, South Korea, Bangladesh, … [Read more...] about Vietnam-Based Hackers Steal Financial Data Across Asia with Malware

U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers

Apr 3, 2024 by iHash Leave a Comment

Apr 03, 2024NewsroomData Breach / Incident Response The U.S. Cyber Safety Review Board (CSRB) has criticized Microsoft for a series of security lapses that led to the breach of nearly two dozen companies across Europe and the U.S. by a China-based nation-state group called Storm-0558 last year. The findings, released by the Department of Homeland Security (DHS) on Tuesday, … [Read more...] about U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers

« Previous Page

JBL Flip 6 Portable Bluetooth Speaker (Open Box) for $74

Navee V25 300W Foldable e-Scooter for $299

Smart Tracker Includes Key Ring – Works with Apple Find My App (2-Pack) for $34

Harmony Premium Plan Lifetime Subscription for $99

Lenovo 11.6" 100e Chromebook 2nd Gen (2019) MediaTek MT8173C 4GB RAM 16GB eMMC (Refurbished) for $54