Eight libraries contained malicious code and were removed by the officials. While two of the eight enabled an attacker to remotely run commands on the target’s device, the other six were stealers.
A recent report has revealed that cybercriminals are taking advantage of misconfigured Apache Hadoop YARN. The report includes details about payload delivery, attack tactics, and basic security advice. Experts highlight that disabling the targeted system’s protection offered by cloud services has become one of the attackers’ primary goals.
RiskIQ laid bare more than 30 active C&C servers delivering WellMess and WellMail malware, allegedly owned by Russian-speaking attack group APT29. It is infamous for targeted attacks aimed at U.S. organizations. Federal agencies and organizations are suggested to stay vigilant, focus on proactive defense strategy, and leverage the IOCs provided in the RiskIQ report.
A security vulnerability in popular dating site OkCupid meant an attacker could dupe users into unknowingly ‘liking’ or sending messages to other profiles. The flaw has now been patched.
The threat actor sends an email, which does not raise any suspicions, with the subject line stating to initiate a live chat regarding a service notice related to the target’s PayPal account.
Now that criminals see how powerful MSP attacks can be, “they are already busy, they have already moved on and we don’t know where,” said Victor Gevers, head of the Dutch institute that warned Kaseya.
As the use of AWS S3 increases, so have the content types that are stored and shared on it. AWS S3 buckets are now exposed via additional channels and APIs, which create new security blind spots that
The body of the email explains that Microsoft service has expired; in this case, it’s their “Business Basic package.” The threat actor ensured their campaign looked similar to Microsoft-themed emails.
A use-after-free vulnerability exists in the LoadObj() functionality of tinyobjloader v0.9.25 and v1.0.6. A specially crafted file can cause a use-after-free, leading to code execution.
The proposal put forward by Russia to the UN calls for member states to develop domestic laws to punish a far broader set of offenses than current international rules recognize.