Vulnerabilities
-
North Korean Hackers Expand Malicious Software Distribution via npm
North Korean hackers have expanded their distribution of malicious software through the npm ecosystem, targeting developers with newly identified packages that deploy the BeaverTail malware and a remote access trojan. Security experts warn of the persistent threat posed by this group as they adopt sophisticated methods to evade detection.
-
Emerging Cybercriminal Coquettte Exposed for Leveraging Russian Bulletproof Hosting Service
An investigation reveals Coquettte, a novice cybercriminal, who exploited a Russian bulletproof hosting service to distribute malware under the guise of an antivirus tool. This has raised significant cybersecurity concerns regarding emerging threats in the digital landscape.
-
Massive Data Breach at Royal Mail Group Raises Concerns Over Supplier Security
Royal Mail Group has suffered a data breach revealing 144GB of sensitive data, raising alarms over the security of third-party supplier Spectos and highlighting ongoing vulnerabilities within the postal service’s cybersecurity posture.
-
Australian Retirement Funds Targeted in Cyberattack, Thousands Affected
The Australian retirement fund sector is in turmoil following a series of cyberattacks that have led to unauthorized access of customer accounts. Approximately 8,000 members of Rest super fund have been identified as potentially affected, with broader implications for other funds as investigations continue into the security breaches.
-
Former ASML Employee Faces Court Over Alleged Industrial Espionage Ties to Russia
A former ASML employee, German A., faces allegations of industrial espionage in a Rotterdam court, accused of leaking sensitive chip-making secrets to Russian intelligence. The case raises concerns about security practices in the semiconductor industry amid geopolitical tensions.
-
Data Breach at Europcar Exposes Personal Information of Up to 200,000 Customers
Europcar Mobility Group suffered a data breach resulting in the exposure of personal information belonging to up to 200,000 customers. The breach involved unauthorized access to GitLab repositories, with demands for extortion made by the threat actor.
-
New Phishing-as-a-Service Operation Utilizes Advanced Evasion Techniques
The Morphing Meerkat phishing operation employs advanced techniques including DNS over HTTPS to evade detection and deliver dynamic spoofed login pages for over 114 brands.
-
Russian Authorities Arrest Suspects Behind Mamont Banking Trojan
Russian authorities have made significant strides in combating cybercrime with the arrest of three suspects involved in the development of the Mamont malware, a banking trojan targeting Android devices. The arrests, part of a broader crackdown on cyber threats, highlight ongoing efforts to address the rising challenges posed by financial fraud.
-
Security Bypasses Detected in Ubuntu Linux’s User Namespace Restrictions
A new report from Qualys reveals that three security bypasses have been found in Ubuntu Linux’s user namespace restrictions, potentially allowing local attackers to exploit kernel vulnerabilities. Canonical is working on enhancing AppArmor protections in response.
-
Sam’s Club Investigates Potential Clop Ransomware Breach
Sam’s Club is investigating claims of a potential Clop ransomware breach, amidst heightened scrutiny on security measures. The supermarket chain operates hundreds of locations across multiple countries and prioritizes customer data security.
