CISA warns of trojanized versions of JavaScript library’s NPM package

The warning comes days after three rogue packages, okhsa, klow, and klown discovered by DevSecOps firm Sonatype, were removed from the NPM repository. On Friday, the US Cybersecurity and Infrastructure…

FIN7 Lures Unwitting Security Pros to Carry Out Ransomware Attacks

The infamous Carbanak operator is moving is looking to juice its ransomware game by recruiting IT staff to its fake Bastion Secure ‘pen-testing’ company. The financially motivated cybercrime gang behind…

US warns that Chinese government is using 'wide variety' of methods, some illegal, to steal trade secrets

Written by AJ Vicens Oct 22, 2021 | CYBERSCOOP The Chinese government’s aggressive push to dominate emerging technology such as artificial intelligence, quantum computing, and biotechnology make Beijing the “primary…

REvil Servers Shoved Offline by Governments – But They’ll Be Back, Researchers Say

A multi-country effort has given ransomware gang REvil a taste of its own medicine by pwning its backups and pushing its leak site and Tor payment site offline. The REvil…

Cisco SD-WAN Security Bug Allows Root Code Execution

The high-severity bug, tracked as CVE-2021-1529, is an OS command-injection flaw. Cisco SD-WAN implementations are vulnerable to a high-severity privilege-escalation vulnerability in the IOS IE operating system that could allow…

Pentesters Wanted for Ransomware Attacks!

The Russian Advanced Persistent Threat (APT) group FIN7 is trying to break into the lucrative ransomware market by creating bogus cybersecurity organizations that perform network attacks under the pretense of…

Hackers somehow got their rootkit a Microsoft-issued digital signature

Cybersecurity researchers at Bitdefender have detailed how cyber criminals have been using FiveSys, a rootkit that somehow made its way through the driver certification process to be digitally signed by Microsoft.  …

This monster of a phishing campaign is after your passwords

Microsoft has detailed an unusual phishing campaign aimed at stealing passwords that uses a phishing kit built using pieces of code copied from other hackers’ work. A “phishing kit” is…

Macaw Locker, Evil Corp’s Latest Version Makes New Victims

In order to avoid US sanctions that avert victims from paying ransom demands, Evil Corp threat actor has released a new ransomware dubbed Macaw Locker. About Evil Corp Also known as the…

Threat Actors Abuse Discord to Push Malware

The platform’s Content Delivery Network and core features are being used to send malicious files—including RATs–across its network of 150 million users, putting corporate workplaces at risk. Threat actors are…