Dec 18, 2024Ravie LakshmananEmail Security / Cloud Security Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims' Microsoft Azure cloud infrastructure. The campaign has been codenamed HubPhish by Palo Alto Networks Unit 42 owing to the abuse of HubSpot … [Read more...] about HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft
Users
SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation
Sep 06, 2024Ravie LakshmananNetwork Security / Threat Detection SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The vulnerability, tracked as CVE-2024-40766, carries a CVSS score of 9.3 out of a maximum of 10. "An improper … [Read more...] about SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation
macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users
Aug 27, 2024Ravie LakshmananCyber Espionage / Malware Users of Chinese instant messaging apps like DingTalk and WeChat are the target of an Apple macOS version of a backdoor named HZ RAT. The artifacts "almost exactly replicate the functionality of the Windows version of the backdoor and differ only in the payload, which is received in the form of shell scripts from the … [Read more...] about macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users
Black Basta-Linked Attackers Target Users with SystemBC Malware
Aug 14, 2024Ravie LakshmananMalware / Network Security An ongoing social engineering campaign with alleged links to the Black Basta ransomware group has been linked to "multiple intrusion attempts" with the goal of conducting credential theft and deploying a malware dropper called SystemBC. "The initial lure being utilized by the threat actors remains the same: an email bomb … [Read more...] about Black Basta-Linked Attackers Target Users with SystemBC Malware
Rogue PyPI Library Solana Users, Steals Blockchain Wallet Keys
Aug 11, 2024Ravie LakshmananSupply Chain / Software Security Cybersecurity researchers have discovered a new malicious package on the Python Package Index (PyPI) repository that masquerades as a library from the Solana blockchain platform but is actually designed to steal victims' secrets. "The legitimate Solana Python API project is known as 'solana-py' on GitHub, but simply … [Read more...] about Rogue PyPI Library Solana Users, Steals Blockchain Wallet Keys
New Malware Hits 300,000 Users with Rogue Chrome and Edge Extensions
Aug 10, 2024Ravie LakshmananBrowser Security / Online Fraud An ongoing, widespread malware campaign has been observed installing rogue Google Chrome and Microsoft Edge extensions via a trojan distributed via fake websites masquerading as popular software. "The trojan malware contains different deliverables ranging from simple adware extensions that hijack searches to more … [Read more...] about New Malware Hits 300,000 Users with Rogue Chrome and Edge Extensions
North Korean Hackers Update BeaverTail Malware to Target MacOS Users
Jul 17, 2024NewsroomCyber Espionage / Cryptocurrency Cybersecurity researchers have discovered an updated variant of a known stealer malware that attackers affiliated with the Democratic People's Republic of Korea (DPRK) have delivered as part of prior cyber espionage campaigns targeting job seekers. The artifact in question is an Apple macOS disk image (DMG) file named … [Read more...] about North Korean Hackers Update BeaverTail Malware to Target MacOS Users
How Orca leverages Search AI to help users gain visibility, achieve compliance, and prioritize risks
Orca Security needed a tool to stay ahead of the curve and keep pace with the demands of cybersecurity teams (as well as developers, DevOps, cloud architects, risk governance, and compliance teams) who need to easily and intuitively understand exactly what’s in their cloud environments. Orca wanted teams across the organization, regardless of their skill level, to quickly … [Read more...] about How Orca leverages Search AI to help users gain visibility, achieve compliance, and prioritize risks
Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users
Jun 03, 2024NewsroomSoftware Security / Supply Chain Cybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that's designed to drop a remote access trojan (RAT) on compromised systems. The package in question is glup-debugger-log, which targets users of the gulp toolkit by masquerading as a "logger for gulp and gulp plugins." It … [Read more...] about Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users
‘eXotic Visit’ Spyware Campaign Targets Android Users in India and Pakistan
Apr 10, 2024NewsroomMobile Security / Spyware An active Android malware campaign dubbed eXotic Visit has been primarily targeting users in South Asia, particularly those in India and Pakistan, with malware distributed via dedicated websites and Google Play Store. Slovak cybersecurity firm said the activity, ongoing since November 2021, is not linked to any known threat actor … [Read more...] about ‘eXotic Visit’ Spyware Campaign Targets Android Users in India and Pakistan