Troublemaker Packages: Sowing Chaos in the npm Registry Sonatype cybersecurity researchers have detected a nefarious new batch of mischievous npm packages. These are no ordinary code depots, instead, they are double agents designed to steal Kubernetes configurations and SSH keys! They then ferry this crucial information from the compromised systems to a remote server, like
Read More
Signal Tightens Security with Quantum Resistance The encrypted messaging app Signal has announced an update that supports quantum resistance. This update improves the Signal Protocol by enhancing the Extended Triple Diffie-Hellman (X3DH) specification to Post-Quantum Extended Diffie-Hellman (PQXDH). This move provides an additional protection layer against potential quantum computers that might be powerful enough to
Read More
Main Points: GitLab shipped patches to fix a potent security flaw (CVE-2023-5009) The flaw impacts all GitLab EE versions from 13.12 up to 16.2.7 and 16.3 up to 16.3.4 Critical flaw allowed attackers to run pipelines as any user GitLab, in a move faster than a system reboot, has dispatched security patches to iron out
Read More
Important Fixes for Critical Security Flaw: Trend Micro Works to Patch Apex One and Worry-Free Business Security Solutions Summary of the Security Situation Cybersecurity company Trend Micro has released patches and hotfixes to address a critical security flaw that affects Apex One and Worry-Free Business Security solutions. This vulnerability, coded as CVE-2023-41179 (with a high
Read More
Middle East Telecom Companies Targeted by New Intrusion Set, ShroudedSnooper Main Points Newly discovered intrusion set, ShroudedSnooper, targets Middle Eastern Telecom Service Providers ShroudedSnooper employs an effective backdoor named HTTPSnoop HTTPSnoop uses unique techniques to interact with Windows HTTP kernel drivers and devices It listens to incoming requests for specific HTTP(S) URLs and executes that
Read More
Earth Lusca’s New Surprise: A Fresh Linux Backdoor Overview Earth Lusca, a China-linked threat actor, has been spotted targeting government entities with a new Linux backdoor named SprySOCKS. Earth Lusca was first observed by cybersecurity firm Trend Micro in January 2022. The threat group has targeted both public and private sector entities across Asia, Australia,
Read More
Overview of Operation Rusty Flag Targets in Azerbaijan are experiencing a new campaign, aiming to dispatch Rust-based malware on manipulated systems. Cybersecurity firm Deep Instinct has named and is monitoring this operation as Operation Rusty Flag. There’s no current connection to any recognized threat group or actor. According to the security researchers, Operation Rusty Flag
Read More
XWorm: The New Kid on the Trojan Block – A new addition to the remote access trojan (RAT) family, XWorm, is emerging as a major global threat. – XWorm has undergone significant upgrades since its first appearance in 2022, improving its functionality and resilience. – A team of analysts from ANY.RUN have recently encountered the
Read More
Generative AI Tools: Are Your Secrets Safe? Main Points: – Generative AI tools, like ChatGPT, are gaining in popularity rapidly. – According to Gartner’s report, these AI tools pose potential risks to data privacy and security. – A new webinar, featuring a top-level executive from Fortune 100 and the CEO of LayerX, offers insightful discussions
Read More
Thousands of Juniper Firewalls Vulnerable to Remote Exploit Overview Almost 12,000 Juniper firewall devices at risk due to a recently revealed remote code execution flaw. VulnCheck found that the exploit for CVE-2023-36845 can be used by an unauthenticated and remote attacker to carry out arbitrary code. The CVE-2023-36845 pertains to a security loophole that can
Read MoreNo products in the cart.