Author Archives: Ravie Lakshmanan

The Open Source Security Foundation (OpenSSF) has announced the initial prototype release of a new tool that’s capable of carrying out dynamic analysis of all packages uploaded to popular open source repositories.
Called the Package Analysis project, … Continue reading Here’s a New Tool That Scans Open-Source Repositories for Malicious Packages→

At least six different Russia-aligned actors launched no less than 237 cyberattacks against Ukraine from February 23 to April 8, including 38 discrete destructive attacks that irrevocably destroyed files in hundreds of systems across dozens of organiz… Continue reading Microsoft Documents Over 200 Cyberattacks by Russia Against Ukraine→

Microsoft on Thursday disclosed that it addressed a pair of issues with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region.
“By exploiting an elevated permissions bug in the Fl… Continue reading Microsoft Azure Vulnerability Exposes PostgreSQL Databases to Other Customers→

India’s computer and emergency response team, CERT-In, on Thursday published new guidelines that require service providers, intermediaries, data centers, and government entities to compulsorily report cybersecurity incidents, including data breaches, … Continue reading Indian Govt Orders Organizations to Report Security Breaches Within 6 Hours to CERT-In→

Cybercriminal actors previously observed delivering BazaLoader and IcedID as part of their malware campaigns are said to have transitioned to a new loader called Bumblebee that’s under active development.
“Based on the timing of its appearance in the … Continue reading Cybercriminals Using New Malware Loader ‘Bumblebee’ in the Wild→

A cyberespionage threat actor known for targeting a variety of critical infrastructure sectors in Africa, the Middle East, and the U.S. has been observed using an upgraded version of a remote access trojan with information stealing capabilities.
Calli… Continue reading Experts Detail 3 Hacking Teams Working Under the Umbrella of TA410 Group→

Elon Musk, CEO of SpaceX and Tesla and Twitter’s new owner, on Thursday called on adding support for end-to-end encryption (E2EE) to the platform’s direct messages (DM) feature.
“Twitter DMs should have end to end encryption like Signal, so no one can… Continue reading Twitter’s New Owner Elon Musk Wants DMs to be End-to-End Encrypted like Signal→

A new campaign leveraging an exploit kit has been observed abusing an Internet Explorer flaw patched by Microsoft last year to deliver the RedLine Stealer trojan.
“When executed, RedLine Stealer performs recon against the target system (including user… Continue reading New RIG Exploit Kit Campaign Infecting Victims’ PCs with RedLine Stealer→

Log4Shell, ProxyShell, ProxyLogon, ZeroLogon, and flaws in Zoho ManageEngine AD SelfService Plus, Atlassian Confluence, and VMware vSphere Client emerged as some of the top exploited security vulnerabilities in 2021.
<!–adsense–>
That’s accord… Continue reading U.S Cybersecurity Agency Lists 2021’s Top 15 Most Exploited Software Vulnerabilities→

Cloudflare on Wednesday disclosed that it acted to mitigate a 15.3 million request-per-second (RPS) distributed denial-of-service (DDoS) attack. The web infrastructure and website security company called it one of the “largest HTTPS DDoS attacks on re… Continue reading Cloudflare Thwarts Record DDoS Attack Peaking at 15 Million Requests Per Second→