Category: Uncategorized
-
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware [email protected] (The Hacker News)
The Lazarus Group, an infamous threat actor linked to the Democratic People’s Republic of Korea (DPRK), has been observed leveraging a “complex infection chain” targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024. The attacks, which culminated in the deployment of a new modular…
-
Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack [email protected] (The Hacker News)
The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the discovery, versions 1.1.7 of both libraries have been unpublished from the npm…
-
Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation [email protected] (The Hacker News)
Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions. Of the three, two are rated Critical in severity. There is currently no evidence that the shortcomings have been exploited in the wild. The list…
-
Apache Struts 2 RCE Attack
FortiGuard Labs has detected on-going exploit attempts targeting a recently patched Apache Struts 2 vulnerability. Attackers can manipulate file upload parameters to enable path traversal, potentially leading to malicious file upload. This may result in Remote Code Execution, allowing attackers to run arbitrary code, steal data, or compromise entire systems.Read More
-
Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools [email protected] (The Hacker News)
A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as AnyDesk and ScreenConnect. The vulnerability in question is CVE-2023-48788 (CVSS score: 9.3), an SQL injection bug that allows attackers to execute unauthorized code or commands by sending…
-
CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List [email protected] (The Hacker News)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2024-12356 (CVSS score: 9.8), is a command injection flaw thatRead…
-
BeyondTrust SaaS instances breached in cyberattack
Post ContentRead More
-
Thousands Download Malicious npm Libraries Impersonating Legitimate Tools [email protected] (The Hacker News)
Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry. The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and retrieve second-stage payloads, respectively. “While typosquatting attacks areRead More
-
Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords [email protected] (The Hacker News)
Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malicious campaign that deploys the Mirai botnet malware. The company said it’s issuing the advisory after “several customers” reported anomalous behavior on their Session Smart Network (SSN) platforms on December 11, 2024. “These systems have…
-
10 cybersecurity predictions for 2025
Post ContentRead More