Security News

Forever 21 clothing and accessories retailer is sending data breach notifications to more than half a million individuals who had their personal information exposed to network intruders.The investigation revealed that hackers had intermittent access to Forever 21 systems between January and March this year and leveraged this access to steal data.

North Korean state-sponsored hackers have uploaded malicious packages to the PyPI repository, camouflaging one of them as a VMware vSphere connector module named vConnector. The packages were uploaded at the beginning of August, with one named VMConnect targeting IT professionals seeking virtualization tools.

North Korean state-sponsored hackers are behind the VMConnect campaign that uploaded to the PyPI repository malicious packages, one of them mimicking the VMware vSphere connector module vConnector. A report today from ReversingLabs, a software supply chain security company, attributes the campaign to Labyrinth Chollima, a subgroup of North Korean Lazarus hackers.

Hackers working for the Main Directorate of the General Staff of the Armed Forces of the Russian Federation, more commonly known as the GRU, have been targeting Android devices in Ukraine with a new malicious framework named 'Infamous Chisel. The malware was first highlighted in a warning from the Ukrainian Security Service earlier this month about efforts from the Sandworm hacking group to penetrate military command systems.

Three additional rogue Python packages have been discovered in the Package Index repository as part of an ongoing malicious software supply chain campaign called VMConnect, with signs pointing to the involvement of North Korean state-sponsored threat actors. First disclosed at the start of the month by the company and Sonatype, VMConnect refers to a collection of Python packages that mimic popular open-source Python tools to download an unknown second-stage malware.

New findings show that malicious actors could leverage a sneaky malware detection evasion technique and bypass endpoint security solutions by manipulating the Windows Container Isolation Framework. Microsoft's container architecture uses what's called a dynamically generated image to separate the file system from each container to the host and at the same time avoid duplication of system files.

Hackers are using a critical exploit chain to target Juniper EX switches and SRX firewalls via their Internet-exposed J-Web configuration interface. One week after Juniper disclosed and released security updates to patch the four flaws that can be chained to achieve remote code execution, watchTowr Labs security researchers released a proof-of-concept exploit targeting the SRX firewall bugs.

Unpatched Citrix NetScaler systems exposed to the internet are being targeted by unknown threat actors in what's suspected to be a ransomware attack. Attack chains involve the exploitation of CVE-2023-3519, a critical code injection vulnerability impacting NetScaler ADC and Gateway servers that could facilitate unauthenticated remote code execution.

Any clues as to what makes up the structure of a password is very helpful to hackers. We'll walk through how hackers take advantage of four of the most common password mistakes users make, as well as ways to strengthen your Active Directory against these risks.

Microsoft has identified a new hacking group it now tracks as Flax Typhoon that argets government agencies and education, critical manufacturing, and information technology organizations likely for espionage purposes. Operating since at least mid-2021, Flax Typhoon mainly targeted organizations in Taiwan, although Microsoft discovered some victims in Southeast Asia, North America, and Africa.