Lazarus Group Likely Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data
Feb 23, 2023Ravie LakshmananCyber Threat / Data Security A new backdoor associated with a malware downloader named Wslink has been discovered, with the tool likely…
Category: TheHackerNews
The Secret Vulnerability Finance Execs are Missing
The (Other) Risk in Finance A few years ago, a Washington-based real estate developer received a document link from First American – a financial services…
New Hacking Cluster ‘Clasiopa’ Targeting Materials Research Organizations in Asia
Feb 23, 2023Ravie LakshmananMalware / Threat Intel Materials research organizations in Asia have been targeted by a previously unknown threat actor using a distinct set…
Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries
Feb 23, 2023Ravie LakshmananSoftware Security / Supply Chain Attack Cybersecurity researchers are warning of “imposter packages” mimicking popular libraries available on the Python Package Index…
New Threat Actor Targets Shipping Companies and Medical Labs in Asia
Feb 22, 2023Ravie LakshmananCyber Espionage / Cyber Attack Shipping companies and medical laboratories in Asia have been the subject of a suspected espionage campaign carried…
Apple Warns of 3 New Vulnerabilities Affecting iPhone, iPad, and Mac Devices
Feb 22, 2023Ravie LakshmananEndpoint Security / Software Update Apple has revised the security advisories it released last month to include three new vulnerabilities impacting iOS,…
3 Steps to Automate Your Third-Party Risk Management Program
Feb 22, 2023The Hacker NewsCyber Risk Management If you Google “third-party data breaches” you will find many recent reports of data breaches that were either…
Attackers Flood NPM Repository with Over 15,000 Spam Packages Containing Phishing Links
Feb 22, 2023Ravie LakshmananOpen Source / Supply Chain Attack In what’s a continuing assault on the open source ecosystem, over 15,000 spam packages have flooded…
Gcore Thwarts Massive 650 Gbps DDoS Attack on Free Plan Client
Feb 22, 2023The Hacker NewsServer Security / DDoS Attack At the beginning of January, Gcore faced an incident involving several L3/L4 DDoS attacks with a…
Threat Actors Adopt Havoc Framework for Post-Exploitation in Targeted Attacks
Feb 22, 2023Ravie LakshmananExploitation Framework / Cyber Threat An open source command-and-control (C2) framework known as Havoc is being adopted by threat actors as an…
U.S. Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog
Feb 22, 2023Ravie LakshmananCyber Risk / Patch Management The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three security flaws to its Known…
VMware Patches Critical Vulnerability in Carbon Black App Control Product
Feb 22, 2023Ravie LakshmananVulnerability / Enterprise Security VMware on Tuesday released patches to address a critical security vulnerability affecting its Carbon Black App Control product.…