Bogus npm Packages Used to Trick Software Developers into Installing Malware https://firewall.firm.in/wp-content/uploads/2024/04/1714212702_674_malware.png Apr 27, 2024NewsroomMalware / Software Security An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to ...
Read More »Vulnerabilities & Exploits
Why are there so many data breaches? A growing industry of criminals is brokering in stolen data – ET CISO
Why are there so many data breaches? A growing industry of criminals is brokering in stolen data – ET CISO https://etimg.etb2bimg.com/thumb/msid-95195960,imgsize-40410,width-1200,height=765,overlay-etciso/news/why-are-there-so-many-data-breaches-a-growing-industry-of-criminals-is-brokering-in-stolen-data.jpg Optus, Medibank, Woolworths, and, last Friday, electricity provider Energy Australia are all now among the household names that have fallen victim to a data breach. If it seems like barely a week goes by without news of another incident ...
Read More »U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks
U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks https://firewall.firm.in/wp-content/uploads/2024/04/iran.png Apr 24, 2024NewsroomCyber Attack / Cyber Espionage The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) on Monday sanctioned two firms and four individuals for their involvement in malicious cyber activities on behalf of the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC) from at least ...
Read More »Enabled by AI, phishing becomes quite simple – ET CISO
Enabled by AI, phishing becomes quite simple – ET CISO https://etimg.etb2bimg.com/thumb/msid-108933274,imgsize-49186,width-1200,height=765,overlay-etciso/cybercrime-fraud/enabled-by-ai-phishing-becomes-quite-simple.jpg Nitin’s attempts to schedule an appointment with a doctor he had found online had proved fruitless. He had almost given up on the phone numbers that had popped up in the online search, when he received a call. The person claimed to be from the doctor’s office and asked ...
Read More »OfflRouter Malware Evades Detection in Ukraine for Almost a Decade
OfflRouter Malware Evades Detection in Ukraine for Almost a Decade https://firewall.firm.in/wp-content/uploads/2024/04/malware.png Select Ukrainian government networks have remained infected with a malware called OfflRouter since 2015. Cisco Talos said its findings are based on an analysis of over 100 confidential documents that were infected with the VBA macro virus and uploaded to the VirusTotal malware scanning platform since 2018. More than ...
Read More »Hackers Target Middle East Governments with Evasive
Hackers Target Middle East Governments with Evasive Apr 19, 2024 NewsroomCyber Espionage / Threat Intelligence Government entities in the Middle East have been targeted as part of a previously undocumented campaign to deliver a new backdoor dubbed CR4T. Russian cybersecurity company Kaspersky said it discovered the activity in February 2024, with evidence suggesting that it may have been active since ...
Read More »Identity in the Shadows: Shedding Light on Cybersecurity’s Unseen Threats
Identity in the Shadows: Shedding Light on Cybersecurity’s Unseen Threats https://firewall.firm.in/wp-content/uploads/2024/04/silverfort.png Apr 16, 2024The Hacker NewsCloud Security / Threat Intelligence In today’s rapidly evolving digital landscape, organizations face an increasingly complex array of cybersecurity threats. The proliferation of cloud services and remote work arrangements has heightened the vulnerability of digital identities to exploitation, making it imperative for businesses to fortify ...
Read More »Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack
Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack https://firewall.firm.in/wp-content/uploads/2024/04/putty.png Apr 16, 2024NewsroomEncryption / Network Security The maintainers of the PuTTY Secure Shell (SSH) and Telnet client are alerting users of a critical vulnerability impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery of NIST P-521 (ecdsa-sha2-nistp521) private keys. The flaw has been assigned ...
Read More »Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files
Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files https://firewall.firm.in/wp-content/uploads/2024/04/hack.png “Test files” associated with the XZ Utils backdoor have made their way to a Rust crate known as liblzma-sys, new findings from Phylum reveal. liblzma-sys, which has been downloaded over 21,000 times to date, provides Rust developers with bindings to the liblzma implementation, an underlying library that is part ...
Read More »How DevOps-centric security helps offset data privacy risks?
How DevOps-centric security helps offset data privacy risks? By Kavita Viswanath, Every time we go online, we leave a digital footprint of our personal information, interests, choices, health and financial transactions, and more. Same is true for businesses – as the rapid shift of operations to the digital environment enhances their business and operational efficiencies, improves productivity and performance, and ...
Read More »