Security News > 2021

Perhaps the most troubling aspect of this tale is that this was the seventh such malicious package found on npm within a month, a stark illustration of the effort that cybercriminals are making to insert themselves into the open source software supply chain. According to Weeks, anywhere from 10 per cent to 40 percent of open source software components developers are downloading have known vulnerabilities.

Digital ad company Confiant, which claims to "Improve the digital marketing experience" for online advertisers by knowing about and getting rid of malicious and unwanted ads, has just published an analysis of a malvertising group it calls ScamClub. According to Confiant, the ScamClub crew took things to an even more aggressive level by actively targeting a bug in Apple's WebKit browser engine, the compulsory software core that every browser on your iPhone, including Safari, is required to use.

Ninja Forms, a WordPress plugin used by more than 1 million sites, contains four critical security vulnerabilities that together make it possible for a remote attacker to take over a WordPress site and create various kinds of problems. Ninja Forms offers WordPress site designers the ability to create forms using a drag-and-drop capability, with no coding skills required.

The security company found that 85% of workers spend up to five hours a week watching YouTube, listening to podcasts, or exercising during work hours. Mixing work and play might be a good thing if it breaks up the monotony of security monitoring, according to Kaspersky.

Kia Motors America has suffered a ransomware attack by the DoppelPaymer gang, demanding $20 million for a decryptor and not to leak stolen data. Kia Motors America is headquartered in Irvine, California, and is a Kia Motors Corporation subsidiary.

Multiple spear-phishing campaigns targeting U.S. aerospace companies, defense contractors, energy companies, technology companies, the U.S. Department of Defense and the U.S. Department of State. Cryptocurrency Heists, 2017-2020: Targeting of hundreds of cryptocurrency companies, including stealing $75 million from a Slovenian cryptocurrency company in December 2017; $24.9 million from an Indonesian cryptocurrency company in September 2018; and $11.8 million from a financial services company in New York in August, in which the hackers used the malicious CryptoNeuro Trader application as a backdoor.

The U.S. Justice Department on Wednesday announced the indictment of three North Korean military intelligence officials linked to high-profile cyber-attacks that included the theft of $1.3 billion in money and crypto-currency from organizations around the world. The DOJ described the scope of the North Korean hacking operation as "Extensive and long-running".

The U.S. Department of Justice has charged three North Koreans for stealing $1.3 billion in money and cryptocurrency in attacks on banks, the entertainment industry, cryptocurrency companies, and more. The defendants are state-sponsored North Korean hackers and members of Reconnaissance General Bureau units, a North Korean military intelligence agency that has engaged in criminal hacking operations.

Cybercriminals are targeting Windows users with a new variant of the Masslogger trojan, which is spyware designed to swipe victims' credentials from Microsoft Outlook, Google Chrome and various instant-messenger accounts. When the Masslogger variant launched its infection chain, it disguised its malicious RAR files as Compiled HTML files.

Microsoft has unveiled a preview of Azure Firewall Premium, aimed at highly sensitive and regulated environments. Azure Firewall was Microsoft's attempt to sling a virtual arm over the shoulders of harassed administrators while whispering "There now, don't worry about all that pesky firewall configuration stuff, let us take care of it" in its most seductive tone.