Uncategorized

Uncategorized post – later to be categorized.

Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware The Hacker [email protected] (The Hacker News)
December 20, 2024

The Lazarus Group, an infamous threat actor linked to the Democratic People's Republic of Korea (DPRK), has been observed leveraging a "complex infection chain" targeting at least two employees belonging …

Read More
No Comment

In The News  / Uncategorized


Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack The Hacker [email protected] (The Hacker News)
December 20, 2024

The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish …

Read More
No Comment

Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation The Hacker [email protected] (The Hacker News)
December 20, 2024

Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions. Of …

Read More
No Comment

Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools The Hacker [email protected] (The Hacker News)
December 19, 2024

A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as AnyDesk and …

Read More
No Comment

CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List The Hacker [email protected] (The Hacker News)
December 19, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited …

Read More
No Comment

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm Krebs on SecurityBrianKrebs
December 19, 2024

Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix, a powerful commercial web app vulnerability scanner, new research finds. The …

Read More
No Comment

Thousands Download Malicious npm Libraries Impersonating Legitimate Tools The Hacker [email protected] (The Hacker News)
December 19, 2024

Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry. The counterfeit versions, …

Read More
No Comment

Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords The Hacker [email protected] (The Hacker News)
December 19, 2024

Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malicious campaign that deploys the Mirai botnet malware. The company said …

Read More
No Comment

Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits The Hacker [email protected] (The Hacker News)
December 19, 2024

Fortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive information. The vulnerability, tracked as CVE-2023-34990, carries a …

Read More
No Comment

CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01 The Hacker [email protected] (The Hacker News)
December 19, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01, ordering federal civilian agencies to secure their cloud environments and abide by Secure Cloud Business …

Read More
No Comment