Sat.May 20, 2023

article thumbnail

RSAC Fireside Chat: Counteracting Putin’s weaponizing of ransomware — with containment

The Last Watchdog

The ransomware plague endures — and has arisen as a potent weapon in geopolitical conflicts. Related: The Golden Age of cyber espionage Cyber extortion remains a material threat to organizations of all sizes across all industries. Ransomware purveyors have demonstrated their capability to endlessly take advantage of a vastly expanded network attack surface – one that will only continue to expand as the shift to massively interconnected digital services accelerates.

article thumbnail

PyPI temporarily pauses new users, projects amid high volume of malware

Bleeping Computer

PyPI, the official third-party registry of open source Python packages has temporarily suspended new users from signing up, and new projects from being uploaded to the platform until further notice. The groundbreaking move comes amid the registry's struggle to upkeep with a large influx of malicious users and packages [.

Malware 143
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Underground History of Turla, Russia's Most Ingenious Hacker Group

WIRED Threat Level

From USB worms to satellite-based hacking, Russia’s FSB hackers, known as Turla, have spent 25 years distinguishing themselves as “adversary number one.

Hacking 133
article thumbnail

npm packages caught serving TurkoRAT binaries that mimic NodeJS

Bleeping Computer

Researchers have discovered multiple npm packages named after NodeJS libraries that even pack a Windows executable that resembles NodeJS but instead drops a sinister trojan. [.

138
138
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Meet 'Jack' from Romania! Mastermind Behind Golden Chickens Malware

The Hacker News

The identity of the second threat actor behind the Golden Chickens malware has been uncovered courtesy of a fatal operational security blunder, cybersecurity firm eSentire said. The individual in question, who lives in Bucharest, Romania, has been given the codename Jack. He is one of the two criminals operating an account on the Russian-language Exploit.

Malware 101
article thumbnail

HP rushes to fix bricked printers after faulty firmware update

Bleeping Computer

HP is working to address a bad firmware update that has been bricking HP Office Jet printers worldwide since it was released earlier this month. [.

Firmware 131

More Trending

article thumbnail

RSAC Fireside Chat: Counteracting Putin’s weaponizing of ransomware — with containment

Security Boulevard

The ransomware plague endures — and has arisen as a potent weapon in geopolitical conflicts. Related: The Golden Age of cyber espionage Cyber extortion remains a material threat to organizations of all sizes across all industries. Ransomware purveyors have demonstrated … (more…) The post RSAC Fireside Chat: Counteracting Putin’s weaponizing of ransomware — with containment appeared first on Security Boulevard.

article thumbnail

2021 data breach exposed data of 70 Million Luxottica customers

Security Affairs

Luxottica has finally confirmed the 2021 data breach that exposed the personal information of 70 million customers. Luxottica Group S.p.A. is an Italian eyewear conglomerate and the world’s largest company in the eyewear industry. As a vertically integrated company, Luxottica designs, manufactures, distributes and retails its eyewear brands, including LensCrafters, Sunglass Hut, Apex by Sunglass Hut, Pearle Vision, Target Optical, Eyemed vision care plan, and Glasses.com.

article thumbnail

Cloned CapCut websites push information stealing malware

Bleeping Computer

A new malware distribution campaign is underway impersonating the CapCut video editing tool to push various malware strains to unsuspecting victims. [.

Malware 102
article thumbnail

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

Security Affairs

Cybercriminal gang FIN7 returned with a new wave of attacks aimed at deploying the Clop ransomware on victims’ networks. Researchers at Microsoft Security Intelligence team published a series of tweets to warn of a new wave of attacks aimed at distributing the Clop ransomware and linked it to the financially motivated cybercriminal group Sangria Tempest (ELBRUS, FIN7 ).

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Live panel discussion on insider threats and abuse of privilege

Security Boulevard

The post Live panel discussion on insider threats and abuse of privilege appeared first on Click Armor. The post Live panel discussion on insider threats and abuse of privilege appeared first on Security Boulevard.

CISO 67
article thumbnail

A TikTok ‘Car Theft’ Challenge Is Costing Hyundai $200 Million

WIRED Threat Level

Plus: The FBI gets busted abusing a spy tool, an ex-Apple engineer is charged with corporate espionage, and collection of airborne DNA raises new privacy risks.

article thumbnail

Top Methods Use By Hackers to Bypass Two-Factor Authentication

Hacker's King

Two-factor authentication (2FA) has become an essential security measure in the digital age. By combining something you know(like a password) with something you have(such as a verification code), 2FA adds an extra layer of protection to your online accounts. However, like any security system, 2FA is not foolproof. In this article, we’ll explore some lesser-known methods that hackers may use to bypass 2FA.

article thumbnail

Recovery Point Actual: a Critical Indicator for SMB Disaster Recovery

Spinone

Many small and even medium businesses do not have a well-articulated disaster recovery strategy for their IT systems. This approach can cost them a substantial amount of money and even can cause business termination. In this article, we discuss the Recovery Point Actual, one of the critical indicators of disaster recovery. What is Recovery Point […] The post Recovery Point Actual: a Critical Indicator for SMB Disaster Recovery first appeared on SpinOne.

Backups 52
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

BSidesSF 2023 – Rami McCarthy, Lea Snyder, Hasnain Lakhani, Kurt Boberg – Level Up Your Career: A Panel on Staff+ Engineering

Security Boulevard

Our thanks to BSidesSF for publishing their presenter’s superlative BSidesSF 2023 content on the organizations’ YouTube channel. Permalink The post BSidesSF 2023 – Rami McCarthy, Lea Snyder, Hasnain Lakhani, Kurt Boberg – Level Up Your Career: A Panel on Staff+ Engineering appeared first on Security Boulevard.

article thumbnail

Exposing The "Denis Gennadievich Kulkov" a.k.a Kreenjo/Nordex/Nordexin/Try2Check Cybercriminal Enterprise – An Analysis

Security Boulevard

Who would have thought? The U.S Secret Service is currently offering $10M reward for Denis Gennadievich Kulkov also known as Kreenjo/Nordex/Nordexin who's particularly famous for running the infamous Try2Check credit card checking cybercriminal enterprise. What's so special about this individual is the fact that he's also been running a well known money mule recruitment operation since 2016 using the World Issuer LLC money mule recruitment franchise based on my research using public sources whe

DNS 52