Researchers from Germany’s CISPA Helmholtz Center for Information Security have developed a tool to identify Chrome extensions that could be exploited by malicious webpages and other extensions.
CyberVetsUSA exists as a public-private partnership between non-profit and Veteran Service Organizations (VSOs), tech employers, institutions of higher education, and local government agencies.
BlackBerry discovered that actors behind MountLocker, Phobos, and the StrongPity APT are dependent on a common initial access broker, dubbed Zebra2104, for their malware campaigns. The broker has helped criminals break into the networks of multiple firms in Australia and Turkey. Such collaborations may become more common in the near future.
Recently, two popular npm libraries were caught up in a whirlwind of attacks. An unknown threat actor tampered with Coa and rc npm packages to include identical password-stealing malware.
Abcbot is slowly moving from infancy to maturity, according to researchers. The creators behind the botnet are testing various technologies with an aim to evolve the botnet with sophisticated features.
Lyceum is targeting ISPs and telecommunication operators in Israel, Tunisia, Morocco, and Saudi Arabia. It also attacked a ministry of foreign affairs in Africa. Lyceum uses credential stuffing and brute-force techniques as initial attack vectors. Since its launch, the group has tried and stayed ahead of defensive systems, making it a potential threat.
The TeamTNT group has upped its game in recent times. Recently, it was found targeting Docker servers exposing Docker REST APIs for cryptomining purposes, under the campaign that was set off in October. Experts surmise that the threat actor could launch a larger-scale attack in the near future.
HPE has disclosed that data repositories for their Aruba Central network monitoring platform were compromised, allowing attackers to access collected data about monitored devices and their locations.
The company said its planned shipments for Wednesday would be delayed about two to four days throughout the country due to the attack; reorders are expected to resume within the next 72 hours.
Researchers have identified a total of 97 vulnerabilities across 14 TCP/IP stacks, including ones that can be exploited for remote code execution, DoS attacks, or to obtain sensitive information.