North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin https://firewall.firm.in/wp-content/uploads/2024/12/bitcoin.png Dec 24, 2024Ravie LakshmananCybercrime / Malware Japanese and U.S. authorities have formerly attributed the theft of cryptocurrency worth $308 million from cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors. “The theft is affiliated with TraderTraitor threat activity, which is also tracked as ...

AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case https://firewall.firm.in/wp-content/uploads/2024/12/malware-ai.png Dec 23, 2024Ravie LakshmananMachine Learning / Threat Analysis Cybersecurity researchers have found that it’s possible to use large language models (LLMs) to generate new variants of malicious JavaScript code at scale in a manner that can better evade detection. “Although LLMs struggle to create malware from scratch, ...

CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List https://firewall.firm.in/wp-content/uploads/2024/12/cisa.jpg Dec 20, 2024Ravie LakshmananCISA / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The ...

Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation https://firewall.firm.in/wp-content/uploads/2024/12/firewall.png Dec 20, 2024Ravie LakshmananFirewall Security / Vulnerability Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions. Of the three, two are rated Critical in severity. There is ...

LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages https://firewall.firm.in/wp-content/uploads/2024/12/ransomware.png A dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation since its inception in or around 2019 through at least February 2024. Rostislav Panev, 51, was arrested in Israel earlier this August and ...

Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack https://firewall.firm.in/wp-content/uploads/2024/12/code.png Dec 20, 2024Ravie LakshmananMalware / Supply Chain Attack The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency ...

Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware https://firewall.firm.in/wp-content/uploads/2024/12/chrome.png The Lazarus Group, an infamous threat actor linked to the Democratic People’s Republic of Korea (DPRK), has been observed leveraging a “complex infection chain” targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024. The attacks, which culminated in the ...

Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools https://firewall.firm.in/wp-content/uploads/2024/12/cyberattack.png Dec 20, 2024Ravie LakshmananVulnerability / Cyber Attack A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as AnyDesk and ScreenConnect. The vulnerability in question is CVE-2023-48788 (CVSS score: 9.3), an ...

Thousands Download Malicious npm Libraries Impersonating Legitimate Tools https://firewall.firm.in/wp-content/uploads/2024/12/npm.png Dec 19, 2024Ravie LakshmananSupply Chain / Software Security Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry. The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and retrieve ...

HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft https://firewall.firm.in/wp-content/uploads/2024/12/password.png Dec 18, 2024Ravie LakshmananEmail Security / Cloud Security Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims’ Microsoft Azure cloud infrastructure. The campaign has been codenamed HubPhish by Palo Alto ...