Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack https://firewall.firm.in/wp-content/uploads/2024/12/code.png Dec 20, 2024Ravie LakshmananMalware / Supply Chain Attack The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency ...

Software engineer duped of ₹1.35L by online fraudsters – ET CISO https://etimg.etb2bimg.com/thumb/msid-116490846,imgsize-29576,width-1200,height=765,overlay-etciso/cybercrime-fraud/software-engineer-duped-of-1-35l-by-online-fraudsters.jpg In a shocking case of cyber fraud, an Indore-based software engineer was held under ‘digital arrest’ for three days by cybercriminals posing as officials who duped him of Rs 1.35 lakh. The scammers coerced the victim into transferring money through threats and fake accusations, keeping him under constant ...

Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware https://firewall.firm.in/wp-content/uploads/2024/12/chrome.png The Lazarus Group, an infamous threat actor linked to the Democratic People’s Republic of Korea (DPRK), has been observed leveraging a “complex infection chain” targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024. The attacks, which culminated in the ...

DDoS attacks on Indian infrastructure grew by 50% in 2024: Positive technologies – ET CISO https://etimg.etb2bimg.com/thumb/msid-116492266,imgsize-8082,width-1200,height=765,overlay-etciso/corporate/ddos-attacks-on-indian-infrastructure-grew-by-50-in-2024-positive-technologies.jpg The number of distributed denial-of-service (DDoS) attacks on Indian infrastructure has increased by 50% since the beginning of 2024, finds a study by Positive Technologies. The study found that the attackers are primarily interested in databases and access to the infrastructure of various organizations. ...

Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools https://firewall.firm.in/wp-content/uploads/2024/12/cyberattack.png Dec 20, 2024Ravie LakshmananVulnerability / Cyber Attack A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as AnyDesk and ScreenConnect. The vulnerability in question is CVE-2023-48788 (CVSS score: 9.3), an ...

How bank frauds will evolve in 2025 – ET CISO https://etimg.etb2bimg.com/thumb/msid-116491837,imgsize-2086367,width-1200,height=765,overlay-etciso/cybercrime-fraud/how-bank-frauds-will-evolve-in-2025.jpg Bank frauds are likely to undergo significant changes in 2025, with new trends emerging as financial institutions strengthen their security measures and digital transactions continue to rise. Digital banking, which has seen widespread adoption, remains a major target for fraudsters, according to experts. As more customers prefer online and ...

Security vulnerabilities hinder AI adoption in India, reveals Deloitte report, ET CISO As many as 92 per cent of Indian executives view security vulnerabilities as the foremost challenge to responsible AI adoption, highlighting a pressing need for robust governance frameworks to foster trust and mitigate risks in an increasingly AI-driven landscape, according to a recent report by Deloitte. The ‘AI ...

Thousands Download Malicious npm Libraries Impersonating Legitimate Tools https://firewall.firm.in/wp-content/uploads/2024/12/npm.png Dec 19, 2024Ravie LakshmananSupply Chain / Software Security Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry. The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and retrieve ...

US cybersecurity agency ‘warns’ government officials, politicians: “…immediately review and apply…” – ET CISO https://etimg.etb2bimg.com/thumb/msid-116461509,imgsize-27682,width-1200,height=765,overlay-etciso/cybercrime-fraud/us-cybersecurity-agency-warns-government-officials-politicians-immediately-review-and-apply.jpg The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent recommendation for senior government officials and politicians. It has published a “Mobile Communications Best Practice Guidance”, urging them to immediately switch to end-to-end encrypted messaging apps. In a written advisory, CISA urged individuals ...

Cybersecurity threat trends that will impact Indian businesses in 2025, Barracuda highlights, ET CISO Security experts at Barracuda Networks, Inc., a leading cybersecurity company providing complete protection against complex threats have revealed their perspectives on how the cyberthreat landscape is likely to evolve in 2025 and the key trends organisations in India should prepare for. Among other things, the experts ...