PyTorch discloses malicious dependency chain compromise over holidays
PyTorch has identified a malicious dependency with the same name as the framework's 'torchtriton' library. This has led to a successful compromise via the dependency...
News
Ransomware gang cloned victim’s website to leak stolen data
The ALPHV ransomware operators have gotten creative with their extortion tactic and, in at least one case, created a replica...
Ransomware gang apologizes, gives SickKids hospital free decryptor
The LockBit ransomware gang has released a free decryptor for the Hospital for Sick Children (SickKids), saying one of its...
LockBit ransomware claims attack on Port of Lisbon in Portugal
An cyberattack hitting the Port of Lisbon Administration (APL), the third-largest port in Portugal, on Christmas day has been claimed...
New Linux malware uses 30 plugin exploits to backdoor WordPress sites
A previously unknown Linux malware has been exploiting 30 vulnerabilities in multiple outdated WordPress plugins and themes to inject malicious JavaScript. According to...
Canadian mining firm shuts down mill after ransomware attack
The Canadian Copper Mountain Mining Corporation (CMMC) in British Columbia has announced that it was the target of a ransomware attack...
Ukraine shuts down fraudulent call center claiming 18,000 victims
A group of imposters operating out of a Ukrainian call center defrauded thousands of victims while pretending to be IT security...
Netgear warns users to patch recently fixed WiFi router bug
Netgear has fixed a high-severity vulnerability affecting multiple WiFi router models and advised customers to update their devices to the...
Google Home speakers allowed hackers to snoop on conversations
A bug in Google Home smart speaker allowed installing a backdoor account that could be used to control it remotely...
Crypto platform 3Commas admits hackers stole API keys
An anonymous Twitter user published yesterday a set of 10,000 API keys allegedly obtained from the 3Commas cryptocurrency trading platform....
Improving Software Supply Chain Security
Explore use cases and mitigation strategies to improve software supply chain security and reduce cyber risk. If you like the...
US-CERT Bulletin (SB22-361):Vulnerability Summary for the Week of December 19, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Royal ransomware claims attack on Intrado telecom provider
The Royal Ransomware gang claimed responsibility for a cyber attack against telecommunications company Intrado on Tuesday. While Intrado is yet...
Hackers abuse Google Ads to spread malware in legit software
Malware operators have been increasingly abusing the Google Ads platform to spread malware to unsuspecting users searching for popular software products....
Thousands of Citrix servers vulnerable to patched critical flaws
Thousands of Citrix ADC and Gateway deployments remain vulnerable to two critical-severity security issues that the vendor fixed in recent months....
Ransomware attack at Louisiana hospital impacts 270,000 patients
The Lake Charles Memorial Health System (LCMHS) is sending out notices of a data breach affecting thousands of people who...
BlueNoroff introduces new methods bypassing MoTW
BlueNoroff group is a financially motivated threat actor eager to profit from its cyberattack capabilities. We have published technical details...
Hackers steal $8 million from users running trojanized BitKeep apps
Multiple BitKeep crypto wallet users reported that their wallets were emptied during Christmas after hackers triggered transactions that didn't require...
EarSpy attack eavesdrops on Android phones via motion sensors
A team of researchers has developed an eavesdropping attack for Android devices that can, to various degrees, recognize the caller's...
BTC.com lost $3 million worth of cryptocurrency in cyberattack
BTC.com, one of the world's largest cryptocurrency mining pools, announced it was the victim of a cyberattack that resulted in...
Hacker claims to be selling Twitter data of 400 million users
A threat actor claims to be selling public and private data of 400 million Twitter users scraped in 2021 using...
CISO’s Challenges Involved with Business Leader & SOC
Yohei Ishihara, IoT security evangelist at Trend Micro, discussed the challenges CISOs facing within organizations driving industrial IoT. If you...
The Week in Ransomware – December 23rd 2022 – Targeting Microsoft Exchange
Reports this week illustrate how threat actors consider Microsoft Exchange as a prime target for gaining initial access to corporate...
New info-stealer malware infects software pirates via fake cracks sites
A new information-stealing malware named ‘RisePro’ is being distributed through fake cracks sites operated by the PrivateLoader pay-per-install (PPI) malware...
