OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

/in

Security researchers have uncovered a “credible” takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities to the recently uncovered incident aimed at the open-source XZ Utils project.
“The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails,” OpenJS

The Hacker News – ​Read More

Blackjack Group Used ICS Malware Fuxnet Against Russian Targets

/in

The attack chain sees hackers targeting a list of sensor gateways IPs. Threat actors distributed their malware to each target, likely either through remote-access protocols such as SSH or the sensor protocol (SBK) over port 4321.

Cyware News – Latest Cyber News – ​Read More

Speedify VPN Review: Features, Security & Performance

/in

Speedify VPN offers speed-centered features that may not make up for its lack of security and pricey plan. Find out how this VPN measured up in our review.

Security | TechRepublic – ​Read More

Report: Microsoft Most Impersonated Brand in Phishing Scams

/in

Microsoft was impersonated in 38% of all brand phishing attacks in Q1 2024, according to new data from Check Point. Google was the second most impersonated brand in Q1 2024, making up 11% of attempts.

Cyware News – Latest Cyber News – ​Read More

XZ Utils might not have been the only sabotage target, open-source foundations warn

/in

The XZ Utils backdoor that recently sent ripples of concern through the Linux community may have only been the beginning.

Latest stories for ZDNET in Security – ​Read More

AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs

/in

New cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organizations.
The vulnerability has been codenamed LeakyCLI by cloud security firm Orca.
“Some commands on Azure CLI, AWS CLI, and Google Cloud CLI can expose sensitive information in

The Hacker News – ​Read More

New SteganoAmor Attacks Use Steganography to Target 320 Organizations Globally

/in

The attacks begin with malicious emails containing seemingly innocuous document attachments (Excel and Word files) that exploit the CVE-2017-11882 flaw, a commonly targeted Microsoft Office Equation Editor vulnerability fixed in 2017.

Cyware News – Latest Cyber News – ​Read More

3 Steps Executives and Boards Should Take to Ensure Cyber Readiness

/in

Many teams think they’re ready for a cyberattack, but events have shown that many don’t have an adequate incident response plan.

darkreading – ​Read More

TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks

/in

The threat actor tracked as TA558 has been observed leveraging steganography as an obfuscation technique to deliver a wide range of malware such as Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm, among others.
“The group made extensive use of steganography by sending VBSs, PowerShell code, as well as RTF documents with an embedded exploit, inside

The Hacker News – ​Read More

Law Firm to Pay $8M to Settle Health Data Hack Lawsuit

/in

Orrick Herrington & Sutcliffe’s proposed agreement with plaintiffs, filed last week in a northern California federal court, settles four proposed consolidated class action lawsuits filed against it in the wake of the March 2023 hacking incident.

Cyware News – Latest Cyber News – ​Read More