Microsoft has discovered a supply chain attack carried out by North Korean hackers. The attack involved attaching a malicious file to a legitimate software installer. The attack was attributed to the hacking group known as Diamond Sleet.
Due to the incident, users may experience difficulties accessing Blender’s services and sites, and should be cautious of downloading from third-party sources to avoid malware infections.
A new Mirai-based botnet called InfectedSlurs has been discovered by Akamai, using two zero-day vulnerabilities to infect routers and video recorder devices. First observed in October 2023, the botnet is believed to be active since at least 2022.
The company has not provided any specific details about the nature of the incident, but customers are advised to monitor their accounts for suspicious activity. It is unclear whether all or a few selected New Relic customers are at risk.
Researchers from Blackwing Intelligence and Microsoft’s MORSE have discovered a way to bypass fingerprint authentication on three popular laptops with Windows Hello, namely the Dell Inspiron 15, Lenovo ThinkPad T14s, and Microsoft Surface Pro X.
The US Secret Service and various reporting portals tied the criminals’ laundering efforts to multiple wallet addresses. The seized proceeds were returned in the stablecoin Tether.
A proof-of-concept exploit has been released for a critical zero-day vulnerability in Windows SmartScreen. The vulnerability, identified as CVE-2023-36025, allows attackers to bypass Windows Defender SmartScreen checks and execute malicious code.
Dream Security has raised $35 million in a financing round led by existing investors Aleph and Dovi France’s Group 11. It offers a range of products that assess and predict cyber threats, react in real-time, and create customized protective measures.
The UK’s National Cyber Security Centre (NCSC) has released its first RFC for the Internet Engineering Task Force (IETF), focusing on indicators of compromise (IoCs), which are observable artifacts associated with attackers.
While the effectiveness of this feature is yet to be verified by security researchers or Google, the existence of similar claims by another malware suggests that there may be an exploitable vulnerability in session cookies.