Author Archives: Ravie Lakshmanan

A widespread software supply chain attack has targeted the NPM package manager at least since December 2021 with rogue modules designed to steal data entered in forms by users on websites that include them.
The coordinated attack, dubbed IconBurst by … Continue reading Researchers Uncover Malicious NPM Packages Stealing Data from Apps and Web Forms→

A pro-China influence campaign singled out rare earth mining companies in Australia, Canada, and the U.S. with negative messaging in an unsuccessful attempt to manipulate public discourse to China’s benefit.
Targeted firms included Australia’s Lynas R… Continue reading Pro-China Group Uses Dragonbridge Campaign to Target Rare Earth Mining Companies→

Cybersecurity researchers have detailed the various measures ransomware actors have taken to obscure their true identity online as well as the hosting location of their web server infrastructure.
“Most ransomware operators use hosting providers outsid… Continue reading Researchers Share Techniques to Uncover Anonymized Ransomware Sites on Dark Web→

Google on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild.
The shortcoming, tracked as CVE-2022-2294, relates to a heap overflow flaw in the WebRTC… Continue reading Update Google Chrome Browser to Patch New Zero-Day Exploit Detected in the Wild→

The Cyber Police of Ukraine last week disclosed that it apprehended nine members of a criminal gang that embezzled 100 million hryvnias via hundreds of phishing sites that claimed to offer financial assistance to Ukrainian citizens as part of a campai… Continue reading Ukrainian Authorities Arrested Phishing Gang That Stole 100 Million UAH→

Vulnerability coordination and bug bounty platform HackerOne on Friday disclosed that a former employee at the firm improperly accessed security reports submitted to it for personal gain.
“The person anonymously disclosed this vulnerability informatio… Continue reading HackerOne Employee Caught Stealing Vulnerability Reports for Personal Gains→

Following heightened worries that U.S. users’ data had been accessed by TikTok engineers in China between September 2021 and January 2022, the company sought to assuage U.S. lawmakers that it’s taking steps to “strengthen data security.”
The admission… Continue reading TikTok Assures U.S. Lawmakers it’s Working to Safeguard User Data From Chinese Staff→

Microsoft has detailed the evolving capabilities of toll fraud malware apps on Android, pointing out its “complex multi-step attack flow” and an improved mechanism to evade security analysis.
Toll fraud belongs to a category of billing fraud wherein m… Continue reading Microsoft Warns About Evolving Capabilities of Toll Fraud Android Malware Apps→

Google on Thursday announced a slew of improvements to its password manager service aimed at creating a more consistent look and feel across different platforms.
Central to the changes is a “simplified and unified management experience that’s the same… Continue reading Google Improves Its Password Manager to Boost Security Across All Platforms→

A newly discovered malware has been put to use in the wild at least since March 2021 to backdoor Microsoft Exchange servers belonging to a wide range of entities worldwide, with infections lingering in 20 organizations as of June 2022.
Dubbed SessionM… Continue reading New ‘SessionManager’ Backdoor Targeting Microsoft IIS Servers in the Wild→