Author Archives: Ravie Lakshmanan

Researchers have identified functional similarities between a malicious component used in the Raspberry Robin infection chain and a Dridex malware loader, further strengthening the operators’ connections to the Russia-based Evil Corp group.
The findin… Continue reading New Evidence Links Raspberry Robin Malware to Dridex and Russian Evil Corp Hackers→

A “major” security issue in the Google Chrome web browser, as well as Chromium-based alternatives, could allow malicious web pages to automatically overwrite clipboard content without requiring any user consent or interaction by simply visiting them.
… Continue reading Google Chrome Bug Lets Sites Silently Overwrite System Clipboard Content→

The operators of the emerging cross-platform BianLian ransomware have increased their command-and-control (C2) infrastructure this month, a development that alludes to an increase in the group’s operational tempo.
BianLian, written in the Go programmi… Continue reading Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks→

Researchers have identified 1,859 apps across Android and iOS containing hard-coded Amazon Web Services (AWS) credentials, posing a major security risk.
“Over three-quarters (77%) of the apps contained valid AWS access tokens allowing access to privat… Continue reading Over 1,800 Android and iOS Apps Found Leaking Hard-Coded AWS Credentials→

The attack infrastructure used to target Cisco in the May 2022 incident was also employed against an attempted compromise of an unnamed workforce management solutions holding company a month earlier in April 2022.
Cybersecurity firm Sentire, which dis… Continue reading Infra Used in Cisco Hack Also Targeted Workforce Management Solution→

Microsoft on Wednesday disclosed details of a now-patched “high severity vulnerability” in the TikTok app for Android that could let attackers take over accounts when victims clicked on a malicious link.
“Attackers could have leveraged the vulnerabili… Continue reading Microsoft Discover Severe ‘One-Click’ Exploit for TikTok Android App→

Apple on Wednesday backported security updates to older iPhones, iPads, and iPod touch devices to address a critical security flaw that has been actively exploited in the wild.
The issue, tracked as CVE-2022-32893 (CVSS score: 8.8), is an out-of-bound… Continue reading Apple Releases iOS Update for Older iPhones to Fix Actively Exploited Vulnerability→

Five imposter extensions for the Google Chrome web browser masquerading as Netflix viewers and others have been found to track users’ browsing activity and profit of retail affiliate programs.
“The extensions offer various functions such as enabling u… Continue reading Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users→

A persistent Golang-based malware campaign dubbed GO#WEBBFUSCATOR has leveraged the deep field image taken from NASA’s James Webb Space Telescope (JWST) as a lure to deploy malicious payloads on infected systems.
The development, revealed by Securonix… Continue reading Hackers Hide Malware in Stunning Images Taken by James Webb Space Telescope→

Google on Monday introduced a new bug bounty program for its open source projects, offering payouts anywhere from $100 to $31,337 (a reference to eleet or leet) to secure the ecosystem from supply chain attacks.
Called the Open Source Software Vulnera… Continue reading Google Launches New Open Source Bug Bounty to Tackle Supply Chain Attacks→