TheHackerNews

February 27, 2024 A set of fake npm packages discovered on the Node.js repository has been found to share ties with North Korean state-sponsored actors, new findings from Phylum show. The packages are named execution-time-async, data-time-utils, login-time-utils, mongodb-connection-utils, and mongodb-execution-utils. One of the packages in question, execution-time-async, masquerades as its legitimate Article posted by: https://thehackernews.com/2024/02/north-korean-hackers-targeting.html ——————————————————————————————————————– …

North Korean Hackers Targeting Developers with Malicious npm Packages Read More »

February 27, 2024 More than 8,000 domains and 13,000 subdomains belonging to legitimate brands and institutions have been hijacked as part of a sophisticated distribution architecture for spam proliferation and click monetization. Guardio Labs is tracking the coordinated malicious activity, which has been ongoing since at least September 2022, under the name SubdoMailing. The emails …

8,000+ Domains of Trusted Brands Hijacked for Massive Spam Operation Read More »

February 27, 2024 LockBitSupp, the individual(s) behind the persona representing the LockBit ransomware service on cybercrime forums such as Exploit and XSS, “has engaged with law enforcement,” authorities said. The development comes following the takedown of the prolific ransomware-as-a-service (RaaS) operation as part of a coordinated international operation codenamed Cronos. Over 14,000 rogue Article posted by: https://thehackernews.com/2024/02/authorities-claim-lockbit-admin.html …

Authorities Claim LockBit Admin “LockBitSupp” Has Engaged with Law Enforcement Read More »

February 27, 2024 The threat actors behind the LockBit ransomware operation have resurfaced on the dark web using new infrastructure, days after an international law enforcement exercise seized control of its servers. To that end, the notorious group has moved its data leak portal to a new .onion address on the TOR network, listing 12 new victims …

LockBit Ransomware Group Resurfaces After Law Enforcement Takedown Read More »

February 27, 2024 Cybersecurity researchers are warning about a spike in email phishing campaigns that are weaponizing the Google Cloud Run service to deliver various banking trojans such as Astaroth (aka Guildma), Mekotio, and Ousaban (aka Javali) to targets across Latin America (LATAM) and Europe. “The infection chains associated with these malware families feature the use of malicious Article posted …

Banking Trojans Target Latin America and Europe Through Google Cloud Run Read More »

February 25, 2024 Microsoft has expanded free logging capabilities to all U.S. federal agencies using Microsoft Purview Audit irrespective of the license tier, more than six months after a China-linked cyber espionage campaign targeting two dozen organizations came to light. “Microsoft will automatically enable the logs in customer accounts and increase the default log retention …

Microsoft Expands Free Logging Capabilities for all U.S. Federal Agencies Read More »

February 24, 2024 A dormant package available on the Python Package Index (PyPI) repository was updated nearly after two years to propagate an information stealer malware called Nova Sentinel. The package, named django-log-tracker, was first published to PyPI in April 2022, according to software supply chain security firm Phylum, which detected an anomalous update to the library on …

Dormant PyPI Package Compromised to Spread Nova Sentinel Malware Read More »

February 24, 2024 Details have emerged about a now-patched high-severity security flaw in Apple’s Shortcuts app that could permit a shortcut to access sensitive information on the device without users’ consent. The vulnerability, tracked as CVE-2024-23204 (CVSS score: 7.5), was addressed by Apple on January 22, 2024, with the release of iOS 17.3, iPadOS 17.3, macOS Sonoma 14.3, and  …

Researchers Detail Apple’s Recent Zero-Click Shortcuts Vulnerability Read More »

February 24, 2024 Created by John Tuckner and the team at workflow and automation platform Tines, the SOC Automation Capability Matrix (SOC ACM) is a set of techniques designed to help security operations teams understand their automation capabilities and respond more effectively to incidents.  A customizable, vendor-agnostic tool featuring lists of automation opportunities, it’s been shared Article posted …

How to Use Tines’s SOC Automation Capability Matrix Read More »

February 24, 2024 Microsoft has released an open access automation framework called PyRIT (short for Python Risk Identification Tool) to proactively identify risks in generative artificial intelligence (AI) systems. The red teaming tool is designed to “enable every organization across the globe to innovate responsibly with the latest artificial intelligence advances,” Ram Shankar Siva Kumar, AI red …

Microsoft Releases PyRIT – A Red Teaming Tool for Generative AI Read More »