Security News

Week in review: Log4Shell exploitation, DevSecOps myths, 56 vulnerabilities impacting OT devices
2022-06-26 08:30

Attackers still exploit Log4Shell on VMware Horizon servers, CISA warnsIf your organization is running VMware Horizon and Unified Access Gateway servers and you haven't implemented the patches or workarounds to fix/mitigate the Log4Shell vulnerability in December 2021, you should threat all those systems as compromised, the Cybersecurity and Infrastructure Security Agency has advised on Thursday. 7 DevSecOps myths and how to overcome themBy including security and compliance processes in end-to-end automation, businesses can secure software throughout the whole software supply chain, significantly improve the developer experience, and accelerate safer delivery.

PyPi python packages caught sending stolen AWS keys to unsecured sites
2022-06-25 15:32

Multiple malicious Python packages available on the PyPI repository were caught stealing sensitive information like AWS credentials and transmitting it to publicly exposed endpoints accessible by anyone. PyPI is a repository of open-source packages that software developers use to pick the building blocks of their Python-based projects or share their work with the community.

PyPi packages caught sending stolen AWS keys to unsecured sites
2022-06-25 15:32

Multiple malicious Python packages available on the PyPI repository were caught stealing sensitive information like AWS credentials and transmitting it to publicly exposed endpoints accessible by anyone. PyPI is a repository of open-source packages that software developers use to pick the building blocks of their Python-based projects or share their work with the community.

Microsoft: Exchange Server 2013 reaches end of support in 9 months
2022-06-25 14:06

Microsoft has reminded customers that the Exchange Server 2013 mail and calendaring platform will reach its extended end-of-support date roughly nine months from now, on April 11, 2021.Released in January 2013, Exchange Server 2013 entered its ninth year of service and has already reached the mainstream end date more than four years ago, on April 10, 2018.

Automotive fabric supplier TB Kawashima announces cyberattack
2022-06-25 13:12

TB Kawashima, part of the Japanese automotive component manufacturer Toyota Boshoku of the Toyota Group of companies, announced that one of its subsidiaries has been hit by a cyberattack. On Thursday, TB Kawashima announced that one of its subsidiaries, a Thai sales company, had been breached, prompting immediate action that consisted in turning off devices that the attacker accessed.

We're now truly in the era of ransomware as pure extortion without the encryption
2022-06-25 10:41

Increasingly cybercrime rings still tracked as ransomware operators are turning toward primarily data theft and extortion - and skipping the encryption step altogether. The Conti internal communications leaked earlier in the year highlighted how these ransomware gangs operate akin to software-as-a-service startups.

Learn NIST Inside Out With 21 Hours of Training @ 86% OFF
2022-06-25 03:30

Cybersecurity firms are particularly interested in people who understand the RMF, or Risk Management Framework - a U.S. government guideline for taking care of data. The NIST Cybersecurity & Risk Management Frameworks Course helps you understand this topic, with over 21 hours of video instruction.

The Week in Ransomware - June 24th 2022 - Splinter Cells
2022-06-24 22:20

Other news this week is a surge in eCh0raix ransomware attacks on QNAP devices, a report on a Mitel zero-day used in a ransomware attack, Chinese hackers are deploying ransomware as decoys, and a report on a Conti hacking spree that took place at the end of last year. This week, ech0raix ransomware has started targeting vulnerable QNAP Network Attached Storage devices again, according to user reports and sample submissions on the ID Ransomware platform.

More than $100m in cryptocurrency stolen from blockchain biz
2022-06-24 21:46

Blockchain venture Harmony offers bridge services for transferring crypto coins across different blockchains, but something has gone badly wrong. The Horizon Ethereum Bridge, one of the firm's ostensibly secure bridges, was compromised on Thursday, resulting in the loss of 85,867 ETH tokens optimistically worth more than $100 million, the organization said via Twitter.

New 'Quantum' Builder Lets Attackers Easily Create Malicious Windows Shortcuts
2022-06-24 21:05

A new malware tool that enables cybercriminal actors to build malicious Windows shortcut files has been spotted for sale on cybercrime forums. Dubbed Quantum Lnk Builder, the software makes it possible to spoof any extension and choose from over 300 icons, not to mention support UAC and Windows SmartScreen bypass as well as "Multiple payloads per.LNK" file.