npm packages caught serving TurkoRAT binaries that mimic NodeJS
Researchers have discovered multiple npm packages named after NodeJS libraries that even pack a Windows executable that resembles NodeJS but instead drops a sinister trojan. These…
Category: Bleeping Computer
HP rushes to fix bricked printers after faulty firmware update
HP is working to address a bad firmware update that has been bricking HP Office Jet printers worldwide since it was released earlier this month. While…
Cloned CapCut websites push information stealing malware
A new malware distribution campaign is underway impersonating the CapCut video editing tool to push various malware strains to unsuspecting victims. CapCut is ByteDance’s official…
npm packages hide TurkoRAT malware in what looks like a NodeJS EXE
Researchers have discovered multiple npm packages named after NodeJS libraries that even pack a Windows executable that resembles NodeJS but instead drops a sinister trojan. These…
The Week in Ransomware – May 19th 2023
In the ever-shifting ransomware landscape, we saw new ransomware gangs emerge, threat actors return from a long absence, operations shifting extortion tactics, and a flurry…
CISA warns of Samsung ASLR bypass flaw exploited in attacks
CISA warned today of a security vulnerability affecting Samsung devices used in attacks to bypass Android address space layout randomization (ASLR) protection. ASLR is an…
Notorious FIN7 hackers return in Clop ransomware attacks
A financially motivated cybercriminal group known as FIN7 resurfaced last month, with Microsoft threat analysts linking it to attacks where the end goal was the…
ASUS routers knocked offline worldwide by bad security update
ASUS has apologized to its customers for a server-side security maintenance error that has caused a wide range of impacted router models to lose network…
Dish Network likely paid ransom after recent ransomware attack
Dish Network, an American television provider, most likely paid a ransom after being hit by a ransomware attack in February based on the wording used…
Luxottica confirms 2021 data breach after info of 70M leaks online
Luxottica has confirmed one of its partners suffered a data breach in 2021 that exposed the personal information of 70 million customers after a database…
Cybercrime gang pre-infects millions of Android devices with malware
A large cybercrime enterprise tracked as the “Lemon Group” has reportedly pre-installed malware known as ‘Guerilla’ on almost 9 million Android-based smartphones, watches, TVs, and…
KeePass exploit helps retrieve cleartext master password, fix coming soon
The popular KeePass password manager is vulnerable to extracting the master password from the application’s memory, allowing attackers who compromise a device to retrieve the…