Security researchers have discovered a total of 3938 unique secrets on PyPI, the official third-party package management system for the Python community, across all projects, with 768 of them validated as authentic.
A credit card skimming campaign called Kritec has recently picked up in activity, compromising numerous online stores and stealing credit card information from unsuspecting shoppers.
Although the nature of the attack was not specified, the county’s IT staff discovered irregularities in their system and called in external cybersecurity experts to investigate and secure their servers.
Compliance requirements drive the use of these services, making them attractive targets for ransomware groups looking to exploit the systems used for sending sensitive data.
AlphaLock’s business model represents a new and sophisticated approach to cybercrime, creating a pipeline of trained hackers and monetizing their services through an affiliate program.
The round, which brought the total amount to $30.2M, was led by Summit Peak Ventures (US) and King River Capital (US), with participation from Care Super (Australia) and BlackBird Ventures (Australasia), along with other investors.
The attackers upload a malicious DLL as a User-Defined Function library, allowing them to execute commands and deploy the Ddostf malware. The malware collects system information and waits for commands to launch DDoS attacks.
Users are advised to avoid exposing Azure CLI output in logs, regularly rotate keys and secrets, and review best practices for securing Azure Pipelines and GitHub Actions to prevent accidental exposure of sensitive information.
The SQL injection vulnerability, tracked as CVE-2023-6063 and with a high-severity score of 8.6, can be exploited by manipulating a cookie value to execute unauthorized SQL queries. Over 600,000 websites are still running the vulnerable plugin.
A targeted campaign against the gaming community exploits Discord channels and fake download sites to distribute types of information-stealing malware. Multiple information stealer families, including BBy Stealer, Nova Sentinel, Doenerium, and Epsilon Stealer, were identified. To counter similar threats, online gamers are urged to download software exclusively from official and trustworthy websites.