Lottie Player supply chain compromise: Sites, apps showing crypto scam pop-ups

A supply chain compromise involving Lottie Player, a widely used web component for playing site and app animations, has made popular decentralized finance apps show pop-ups urging users to connect their wallets, TradingView has reported. The pop-up (So… Continue reading Lottie Player supply chain compromise: Sites, apps showing crypto scam pop-ups

The role of compromised cyber-physical devices in modern cyberattacks

Cyber-physical devices are increasingly getting compromised and leveraged by criminal groups and state-sponsored threat actors. Fyodor Yarochkin, Senior Threat Solution Architect with Trend Micro, believes that getting a better understanding of attacke… Continue reading The role of compromised cyber-physical devices in modern cyberattacks

Ghost: Criminal communication platform compromised, dismantled by international law enforcement

Another encrypted communication platform used by criminals has been dismantled and its alleged mastermind arrested, the Australian Federal Police has announced on Tuesday. “AFP Operation Kraken charged a NSW man, aged 32, for creating and adminis… Continue reading Ghost: Criminal communication platform compromised, dismantled by international law enforcement

Chinese hackers compromised an ISP to deliver malicious software updates

APT StormBamboo compromised a undisclosed internet service provider (ISP) to poison DNS queries and thus deliver malware to target organizations, Volexity researchers have shared. Malware delivery via automatic software updates StormBamboo (aka Evasive… Continue reading Chinese hackers compromised an ISP to deliver malicious software updates

Compromised plugins found on WordPress.org

An unknown threat actor has compromised five (and possibly more) WordPress plugins and injected them with code that creates a new admin account, effectively allowing them complete control over WordPress installations / websites. “In addition, it … Continue reading Compromised plugins found on WordPress.org

Compromised recording software was served from vendor’s official site, threat researchers say

Legitimate recording software JAVS Viewer has been saddled with loader malware and has been served from the developer’s site since at least April 2, a threat researcher has warned last month. After analyzing a flagged installer detected in a cust… Continue reading Compromised recording software was served from vendor’s official site, threat researchers say

XZ Utils backdoor: Detection tools, scripts, rules

As the analysis of the backdoor in XZ Utils continues, several security companies have provided tools and advice on how to detect its presence on Linux systems. What happened? The open-source XZ Utils compression utility has been backdoored by a skille… Continue reading XZ Utils backdoor: Detection tools, scripts, rules

Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094)

A vulnerability (CVE-2024-3094) in XZ Utils, the XZ format compression utilities included in most Linux distributions, may “enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely,” R… Continue reading Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094)

Organizations prefer a combination of AI and human analysts to monitor their digital supply chain

The number of cyber breaches targeting organizations’ supply chains continues to rise, with an average 4.16 breaches reported to be negatively impacting operations this year — a 26% increase from the mean number of 3.29 breaches in 2022, accordin… Continue reading Organizations prefer a combination of AI and human analysts to monitor their digital supply chain