Security News

Comm100 Chat Provider Hijacked to Spread Malware in Supply Chain Attack
2022-10-03 14:35

A threat actor likely with associations to China has been attributed to a new supply chain attack that involves the use of a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor. Cybersecurity firm CrowdStrike said the attack made use of a signed Comm100 desktop agent app for Windows that was downloadable from the company's website.

Uber reels from 'security incident’ in which cloud systems seemingly hijacked
2022-09-16 03:13

Update: A Threat Actor claims to have completely compromised Uber - they have posted screenshots of their AWS instance, HackerOne administration panel, and more. Bug hunter Sam Curry claims to have heard from an Uber employee.

PyPI packages hijacked after developers fall for phishing emails
2022-08-25 11:18

A phishing campaign caught yesterday was seen targeting maintainers of Python packages published to the PyPI registry. Python packages 'exotel' and 'spam' are among hundreds seen laced with malware after attackers successfully compromised accounts of maintainers who fell for the phishing email.

SEC says brokerage accounts hijacked for $1.3m pump-and-dump scam
2022-08-16 21:25

America's financial watchdog has accused 18 individuals and shell companies of using compromised brokerage accounts to manipulate stock prices to rake in $1.3 million in illicit profits. According to the SEC complaint, fraudsters in the US, Canada, and the Dominican Republican broke into at least 31 American-owned retail brokerage accounts in late 2017 and early 2018.

Movie torrents hijacked to send tips on bypassing Russian censorship
2022-08-01 23:12

Named "Torrents of Truth," the initiative is similar to "Call Russia," a project to help break through Russian propaganda and open people's eyes to what's happening in Ukraine. The initiative creates torrents that contain a text file with a list of credible news sources that Russians can trust and instructions on downloading and installing a VPN to secure anonymity from ISPs.

This Cloud Botnet Has Hijacked 30,000 Systems to Mine Cryptocurrencies
2022-07-25 03:41

The 8220 cryptomining group has expanded in size to encompass as many as 30,000 infected hosts, up from 2,000 hosts globally in mid-2021. "8220 Gang is one of the many low-skill crimeware gangs we continually observe infecting cloud hosts and operating a botnet and cryptocurrency miners through known vulnerabilities and remote access brute forcing infection vectors," Tom Hegel of SentinelOne said in a Monday report.

British Army Twitter and YouTube feeds hijacked by crypto-promos
2022-07-04 01:07

The YouTube takeover replaced the legit account with regalia that faked that used by an investment management firm and filled with more crypto boosterism, namely a video that cut an old chat between Elon Musk and Twitter founder Jack Dorsey into a new and misleading narrative. We are aware of a breach of the Army's Twitter and YouTube accounts and an investigation is underway.

Popular PyPI Package 'ctx' and PHP Library 'phpass' Hijacked to Steal AWS Keys
2022-05-25 19:35

Two trojanized Python and PHP packages have been uncovered in what's yet another instance of a software supply chain attack targeting the open source ecosystem. One of the packages in question is "Ctx," a Python module available in the PyPi repository.

Popular Python and PHP libraries hijacked to steal AWS keys
2022-05-24 11:42

The threat actor even replaced the older, safe versions of 'ctx' with code that exfiltrates the developer's environment variables, to collect secrets like Amazon AWS keys and credentials. Versions of a 'phpass' fork published to the PHP/Composer package repository Packagist had been altered to steal secrets in a similar fashion.

Popular PyPI and PHP libraries hijacked to steal AWS keys
2022-05-24 11:42

PyPI module 'ctx' that gets downloaded over 20,000 times a week has been compromised in a software supply chain attack with malicious versions stealing the developer's environment variables. The threat actor even replaced the older, safe versions of 'ctx' with code that exfiltrates the developer's environment variables, to collect secrets like Amazon AWS keys and credentials.