Author Archives: Ravie Lakshmanan

Atlassian has rolled out fixes for a critical security flaw in Bitbucket Server and Data Center that could lead to the execution of malicious code on vulnerable installations.
Tracked as CVE-2022-36804 (CVSS score: 9.9), the issue has been characteriz… Continue reading Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center→

Password management service LastPass confirmed a security incident that resulted in the theft of certain source code and technical information.
The security breach is said to have occurred two weeks ago, targeting its development environment. No custo… Continue reading Hackers Breach LastPass Developer System to Steal Source Code→

Nation-state threat actors are increasingly adopting and integrating the Sliver command-and-control (C2) framework in their intrusion campaigns as a replacement for Cobalt Strike.
“Given Cobalt Strike’s popularity as an attack tool, defenses against i… Continue reading Cybercrime Groups Increasingly Adopting Sliver Command-and-Control Framework→

The threat actor behind the attacks on Twilio and Cloudflare earlier this month has been linked to a broader phishing campaign aimed at 136 organizations that resulted in a cumulative compromise of 9,931 accounts.
The activity has been condemned 0ktap… Continue reading Okta Hackers Behind Twilio and Cloudflare Breach Hit Over 130 Organizations→

The threat actor behind the SolarWinds supply chain attack has been linked to yet another “highly targeted” post-exploitation malware that could be used to maintain persistent access to compromised environments.
Dubbed MagicWeb by Microsoft’s threat i… Continue reading Microsoft Uncovers New Post-Compromise Malware Used by Nobelium Hackers→

The North Korean nation-state group Kimusky has been linked to a new set of malicious activities directed against political and diplomatic entities located in its southern counterpart in early 2022.
Russian cybersecurity firm Kaspersky codenamed the c… Continue reading Researchers Uncover Kimusky Infra Targeting South Korean Politicians and Diplomats→

The Python Package Index, PyPI, on Wednesday sounded the alarm about an ongoing phishing campaign that aims to steal developer credentials and inject malicious updates to legitimate packages.
“This is the first known phishing attack against PyPI,” the… Continue reading PyPI Repository Warns Python Project Maintainers About Ongoing Phishing Attacks→

Threat actors have begun to use the Tox peer-to-peer instant messaging service as a command-and-control method, marking a shift from its earlier role as a contact method for ransomware negotiations.
The findings from Uptycs, which analyzed an Executab… Continue reading Crypto Miners Using Tox P2P Messenger as Command and Control Server→

A security researcher who has a long line of work demonstrating novel data exfiltration methods from air-gapped systems has come up with yet another technique that involves sending Morse code signals via LEDs on network interface cards (NICs).
The app… Continue reading Air-Gapped Devices Can Send Covert Morse Signals via Network Card LEDs→

WordPress sites are being hacked to display fraudulent Cloudflare DDoS protection pages that lead to the delivery of malware such as NetSupport RAT and Raccoon Stealer.
“A recent surge in JavaScript injections targeting WordPress sites has resulted in… Continue reading Hackers Using Fake DDoS Protection Pages to Distribute Malware→