Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT

Cybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities in Ethereum smart contracts but, in reality, drops an open-source remote access trojan called Quasar RAT onto developer systems.
The heavily obfuscated package, named ethereumvulncontracthandler, was published to npm on December 18, 2024, by a user

The Hacker News – ​Read More

What Is Patch Tuesday? Microsoft’s Monthly Update Explained

Patch Tuesday is Microsoft’s monthly update day for fixing vulnerabilities. Learn its purpose, benefits, and how it enhances system security.

Security | TechRepublic – ​Read More

New “DoubleClickjacking” Exploit Bypasses Clickjacking Protections on Major Websites

Threat hunters have disclosed a new “widespread timing-based vulnerability class” that leverages a double-click sequence to facilitate clickjacking attacks and account takeovers in almost all major websites.
The technique has been codenamed DoubleClickjacking by security researcher Paulos Yibelo.
“Instead of relying on a single click, it takes advantage of a double-click sequence,” Yibelo said.

The Hacker News – ​Read More

Iranian and Russian Entities Sanctioned for Election Interference Using AI and Cyber Tactics

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) on Tuesday leveled sanctions against two entities in Iran and Russia for their attempts to interfere with the November 2024 presidential election.
The federal agency said the entities – a subordinate organization of Iran’s Islamic Revolutionary Guard Corps and a Moscow-based affiliate of Russia’s Main Intelligence

The Hacker News – ​Read More

Hey, Maybe It’s Time to Delete Some Old Chat Histories

Your messages going back years are likely still lurking online, potentially exposing sensitive information you forgot existed. But there’s no time like the present to do some digital decluttering.

Security Latest – ​Read More

FortiGuard Labs Links New EC2 Grouper Hackers to AWS Credential Exploits

Researchers at FortiGuard Labs have identified a prolific attacker group known as “EC2 Grouper” who frequently exploits compromised credentials using AWS tools.

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

Cybersecurity Lags in Middle East Business Development

The fast growing region has its own unique cyber issues — and it needs its own talent to fight them.

darkreading – ​Read More

Buying a new VPN? 3 things to consider when shopping around – and why ‘free’ isn’t always best

VPNs are handy internet privacy tools, but with so many options available, it’s hard to find the best one. To help, I’ll tell you what you should look for in a good VPN.

Latest stories for ZDNET in Security – ​Read More

Rhode Islanders’ Data Was Leaked From a Cyberattack on State Health Benefits Website

Cybercriminals who hacked Rhode Island’s system for health and benefits programs have released files to a site on the dark web,

The post Rhode Islanders’ Data Was Leaked From a Cyberattack on State Health Benefits Website appeared first on SecurityWeek.

SecurityWeek – ​Read More

How to easily use Cloudflare’s secure DNS on your Mac and why it even matters

If you want to get a security bump on your Mac, you should switch to secure DNS to encrypt your web traffic.

Latest stories for ZDNET in Security – ​Read More