Collaborate Disseminate
A supply chain compromise involving Lottie Player, a widely used web component for playing site and app animations, has made popular decentralized finance apps show pop-ups urging users to connect their wallets, TradingView has reported. The pop-up (So… Continue reading Lottie Player supply chain compromise: Sites, apps showing crypto scam pop-ups
Cyber-physical devices are increasingly getting compromised and leveraged by criminal groups and state-sponsored threat actors. Fyodor Yarochkin, Senior Threat Solution Architect with Trend Micro, believes that getting a better understanding of attacke… Continue reading The role of compromised cyber-physical devices in modern cyberattacks
Another encrypted communication platform used by criminals has been dismantled and its alleged mastermind arrested, the Australian Federal Police has announced on Tuesday. “AFP Operation Kraken charged a NSW man, aged 32, for creating and adminis… Continue reading Ghost: Criminal communication platform compromised, dismantled by international law enforcement
APT StormBamboo compromised a undisclosed internet service provider (ISP) to poison DNS queries and thus deliver malware to target organizations, Volexity researchers have shared. Malware delivery via automatic software updates StormBamboo (aka Evasive… Continue reading Chinese hackers compromised an ISP to deliver malicious software updates
An unknown threat actor has compromised five (and possibly more) WordPress plugins and injected them with code that creates a new admin account, effectively allowing them complete control over WordPress installations / websites. “In addition, it … Continue reading Compromised plugins found on WordPress.org
Legitimate recording software JAVS Viewer has been saddled with loader malware and has been served from the developer’s site since at least April 2, a threat researcher has warned last month. After analyzing a flagged installer detected in a cust… Continue reading Compromised recording software was served from vendor’s official site, threat researchers say
As the analysis of the backdoor in XZ Utils continues, several security companies have provided tools and advice on how to detect its presence on Linux systems. What happened? The open-source XZ Utils compression utility has been backdoored by a skille… Continue reading XZ Utils backdoor: Detection tools, scripts, rules
A vulnerability (CVE-2024-3094) in XZ Utils, the XZ format compression utilities included in most Linux distributions, may “enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely,” R… Continue reading Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094)
The number of cyber breaches targeting organizations’ supply chains continues to rise, with an average 4.16 breaches reported to be negatively impacting operations this year — a 26% increase from the mean number of 3.29 breaches in 2022, accordin… Continue reading Organizations prefer a combination of AI and human analysts to monitor their digital supply chain
State-sponsored North Korean hackers have significantly intensified their focus on the IT sector in recent years, by infiltrating firms developing software and companies lookind for IT workers. North Korean hackers targeting developers Microsoft has ou… Continue reading North Korean hackers are targeting software developers and impersonating IT workers