Experts found 11 malicious Python packages in the PyPI repository
Researchers discovered 11 malicious Python packages in the PyPI repository that can steal Discord access tokens, passwords, and conduct attacks....
News
Researchers were able to access the payment portal of the Conti gang
The Conti ransomware group has suffered a data breach that exposed its attack infrastructure and allowed researcher to access it....
Attackers compromise Microsoft Exchange servers to hijack internal email chains
A malware campaign aimed at Microsoft Exchange servers exploits ProxyShell and ProxyLogon issues and uses stolen internal reply-chain emails. A...
Security Affairs newsletter Round 341
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
U.S. banking regulators order banks to notify cybersecurity incidents in 36 hours
U.S. banking regulators have approved a new rule that orders banks to notify federal regulators of significant cybersecurity incidents within 36...
Study reveals top 200 most common passwords
The annual study on top-used passwords published by Nordpass revealed that we are still using weak credentials that expose us...
The newer cybercrime triad: TrickBot-Emotet-Conti
Advanced Intelligence researchers argue that the restarting of the Emotet botnet was driven by Conti ransomware gang. Early this year,...
Tor Project calls to bring more than 200 obfs4 bridges online by December
The Tor Project offers rewards to users who will set up a Tor server after observing a significant drop in...
Canadian teenager stole $36 Million in cryptocurrency via SIM Swapping
A Canadian teen has been arrested for his alleged role in the theft of roughly $36.5 million worth of cryptocurrency....
California Pizza Kitchen discloses a data breach
American pizza chain California Pizza Kitchen (CPK) suffered a data breach that might have exposed personal information of its employees....
Malwarebytes CrackMe – contest summary
On October 29 we published our third CrackMe Challenge and announced two parallel tracks for the contest: “The fastest solve”...
North Korea-linked TA406 cyberespionage group activity in 2021
North Korea-linked TA406 APT group has intensified its attacks in 2021, particularly credential harvesting campaigns. A report published by Proofpoint...
Conti ransomware operations made at least $25.5 million since July 2021
Researchers revealed that Conti ransomware operators earned at least $25.5 million from ransom payments since July 2021. A study conducted...
Android banking Trojan BrazKing is back with significant evasion improvements
The BrazKing Android banking trojan is back with significant improvements and dynamic banking overlays to avoid detection. Researchers from IBM...
Patch now! FatPipe VPN zero-day actively exploited
According to its marketing team, a FatPipe MPVPN can make your VPN “900% more secure.” Well, I don’t know about...
Microsoft addresses a high-severity vulnerability in Azure AD
Microsoft recently addressed an information disclosure vulnerability, tracked as CVE-2021-42306, affecting Azure AD. Microsoft has recently addressed an information disclosure...
Phishers target TikTok influencers with verification promises and copyright threats
Influencers on TikTok are feeling the pinch of scams and phishing thanks to targeted campaigns hungry for fresh logins. The...
Attackers deploy Linux backdoor on e-stores compromised with software skimmer
Researchers discovered threat actors installing a Linux backdoor on compromised e-commerce servers after deploying a credit card skimmer into e-stores....
Zero-Day flaw in FatPipe products actively exploited, FBI warns
The FBI is warning of a zero-day vulnerability in FatPipe products that has been under active exploitation since at least...
Update now! Netgear vulnerability patched
Netgear has released a fix for a vulnerability on several of their product models. The affected product models include extenders,...
Phishing campaign targets Tiktok influencer accounts
Threat actors have launched a phishing campaign targeting more than 125 TikTok ‘Influencer’ accounts in an attempt to hijack them....
US, UK and Australia warn of Iran-linked APTs exploiting Fortinet, Microsoft Exchange flaws
U.S., U.K. and Australia warn that Iran-linked APT groups exploiting Fortinet and Microsoft Exchange flaws to target critical infrastructure. A...
Advanced threat predictions for 2022
Over the past 12 months, the style and severity of APT threats has continued to evolve. Despite their constantly changing...
Netgear fixes code execution flaw in many SOHO devices
Netgear addressed a code execution vulnerability, tracked as CVE-2021-34991, in its small office/home office (SOHO) devices. Netgear addressed a pre-authentication...
