Last week, a researcher demonstrated a new supply-chain attack that executed counterfeit code on networks belonging to some of the biggest companies on the planet, Apple, Microsoft, and Tesla included. Now, fellow researchers are peppering the Internet with copycat packages, with more than 150 of them detected so far.
This morning, South Korean intelligence officials warned the country's lawmakers of North Korean attempts to hack into a "local drug manufacturer" to illicitly obtain COVID-19 vaccine and treatment data.
As reported by The Washington Post, South Korean intelligence services committee member Ha Tae-Keung told reporters that the data sought included COVID-19 vaccine and treatment technology. Tae-Keung went on to say that South Korea detected a 32 percent year-on-year increase in North Korean cyber-attack attempts.
Hackers have spent up to three years breaking into organizations by targeting monitoring software made by the French company Centreon, France’s cybersecurity watchdog said on Monday.
The watchdog, known by its French acronym ANSSI, stopped short of identifying the hackers but said they had a similar modus operandi as the Russian cyberespionage group often nicknamed “Sandworm.”
ANSSI, Centreon, and the Russian embassy in Paris did not immediately return messages seeking comment.
Microsoft has patched 56 flaws in its latest Patch Tuesday round of fixes including a critical vulnerability in the win32k component of Windows 10 that could allow hackers to escalate privileges on a targeted device.
The critical zero-day flaw, tracked as CVE-2021-1732, is under active exploitation and is rated 7.8 on the CVSS threat severity scale. It’s been exploited to allow hackers to run malicious code on a targeted system with elevated privileges, according to researchers with DBAPPSecurity, who first discovered the flaw.
Security researchers have discovered vulnerabilities in multiple TCP/IP stacks that affect millions of internet-connected devices and could enable hackers to hijack them.
Ten people have been arrested in connection with a series of SIM-swapping attacks that reaped more than $100 million by taking over the mobile phone accounts of high-profile individuals, authorities said on Wednesday.
The Florida water treatment facility whose computer system experienced a potentially hazardous computer breach last week used an unsupported version of Windows with no firewall and shared the same TeamViewer password among its employees, government officials have reported.
If your choice of encrypted messaging app is a toss-up between Signal, Telegram and WhatsApp, do not waste your time with anything but Signal. This isn't about which has cuter features, more bells and whistles or is most convenient to use -- this is about pure privacy. If that's what you're after, nothing beats Signal.
Users of Google’s Chrome browser have faced three security concerns over the past 24 hours in the form of a malicious extension with more than 2 million users, a just-fixed zero-day, and new information about how malware can abuse Chrome's sync feature to bypass firewalls. Let’s discuss them one by one.
Researchers have discovered never-before-seen malware, dubbed Hildegard, that is being used by the TeamTNT threat group to target Kubernetes clusters.
While Hildegard, initially detected in January 2021, is initially being used to launch cryptojacking operations, researchers believe that the campaign may still be in the reconnaissance and weaponization stage. Eventually, they warn, TeamTNT may launch a more large-scale cryptojacking attack via Kubernetes environments or steal data from applications running in Kubernetes clusters.
