Microsoft Azure Developers Awash in PII-Stealing npm Packages

Researchers have found hundreds of malicious packages in the npm repository of open-source JavaScript code, designed to steal personally identifiable information PII in a large-scale typosquatting attack against Microsoft Azure cloud users. That’s according to the JFrog Security Research team,...

Russia Lays Groundwork for Cyberattacks on U.S. Infrastructure

The Russian government is exploring “options for potential cyberattacks” on critical infrastructure in the U.S., the White House warned on Monday, in retaliation for sanctions and other punishments as the war in Ukraine grinds on. Officials said that its latest intelligence shows cyber-related...

Serpent Backdoor Slithers into Orgs Using Chocolatey Installer

Researchers have discovered a cyberattack that uses unusual evasion tactics to backdoor French organizations with a novel malware dubbed Serpent, they said. A team from Proofpoint observed what they call an “advanced, targeted threat” that uses email-based lures and malicious files typical of man...

A week in security (March 14 – 20)

Last week on Malwarebytes Labs: Beware of this bogus and phishy “Instagram Support” email Meet Exotic Lily, access broker for ransomware and other malware peddlers Double header: IsaacWiper and CaddyWiper How to protect RDP Online Safety Bill’s provisions for “legal but harmful” content described...

This Week in Security News - March 18, 2022

Global Cyberattacks: Navigating New Frontiers: Trend Micro 2021 Annual Cybersecurity Report, and US Has 'Significant' Cyber Vulnerabilities, But A Sweeping Russian Cyberattack Is Unlikely...

DDoS barrage against Israel described as the “largest ever” cyberattack its faced

Several government websites in Israel—those using the .gov.il domain—were inaccessible after a distributed denial of service DDoS attack hit Israels telecommunication provider, Cellcom. NetBlocks, a network disruption watchdog, initially detected "a significant disruption" aimed at the provider,...

Pandora Ransomware Hits Giant Automotive Supplier Denso

A multibillion supplier to key automotive companies like Toyota, Mercedes-Benz and Ford confirmed Monday that it was the target of a cyberattack over the weekend – confirmation that came after the Pandora ransomware group began leaking data that attackers claimed was stolen in the incident. The...

Microsoft Paint 3D 代码注入漏洞

Microsoft Paint 3D is a remote code execution vulnerability that can be exploited by attackers to execute arbitrary code on the system...

A week in security (February 28 – March 6)

Last week on Malwarebytes Labs: Beware of malware offering “Warm greetings from Saudi Aramco” Update now! Cisco fixes several vulnerabilities HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine Tips to protect your data, security, and privacy from a hands-on expert...

Nvidia, the ransomware breach with some plot twists

On February 25, news broke about a cyberattack on Nvidia, America’s biggest microchip company, which saw parts of its business taken offline for two days. Soon after, the ransomware group LAPSUS$ claimed responsibility and threatened to leak 1 TB in exfiltrated data. You would think that while th...

Toyota’s just in time manufacturing faced with disruptive cyberattack

Toyota suspended the operation of 28 lines at 14 plants in Japan on Tuesday, March 1, after a cyberattack on supplier Kojima Industries Corp. Some plants operated by Toyotas affiliates Hino Motors and Daihatsu are included in the shutdown. Hino suspended all operations at its Koga facility, which...

Threat Advisory: HermeticWiper

Update: March 1, 2022 Cisco Talos is aware of reporting related to additional components discovered to be associated with ongoing HermeticWiper attacks. These additional components include:HermeticWizard, which allows HermeticWiper to be propagated to and deployed on additional systems within...

Ukrainian Targets Hit by HermeticWiper, New Datawiper Malware

The Ukrainian Government has been targeted by HermeticWiper, a new ransomware-like data wiper. Its aim is not simply to encrypt the victim’s data, but rather to render a system essentially unusable. In this blog, our Research Team details our analysis of how this aggressive new malware works. The...

Elections GoRansom – a smoke screen for the HermeticWiper attack

Executive summary On February 24, 2022, Avast Threat Research published a tweet announcing the discovery of new Golang ransomware, which they called HermeticRansom. This malware was found around the same time the HermeticWiper was found, and based on publicly available information from security...

Toyota to Close Japan Plants After Suspected Cyberattack

What was potentially a cyberattack hit one of Toyota’s parts suppliers, causing the company to move to shut down about a third of the company’s global production tomorrow, the company announced on Monday. Toyota doesn’t know how long the 14 plants will be unplugged. The closure will mean that the...

How Insider Threats Drive Better Data Protection Strategies

Fifty-eight percent of sensitive data security incidents are caused by insider threats, according to a recent study by Forrester Research. Insider threats originate from inappropriate use of legitimate authorized user accounts. These accounts - assigned to internal employees and business associat...

Insurance Coverage for NotPetya Losses

Tarah Wheeler and Josephine Wolff analyze a recent court decision that the NotPetya attacks are not considered an act of war under the wording of Mercks insurance policy, and that the insurers must pay the $1B+ claim. Wheeler and Wolff argue that the judge "did the right thing for the wrong...

New Wiper Malware Targeting Ukraine Amid Russia's Military Operation

Cybersecurity firms ESET and Broadcom's Symantec said they discovered a new data wiper malware used in fresh attacks against hundreds of machines in Ukraine, as Russian forces formally launched a full-scale military operation against the country. The Slovak company dubbed the wiper "HermeticWiper...

Ukraine Cyberattack 2022: Geopolitical Cybersecurity

As geopolitical tensions rise, so does pressure to enhance corporate cyber-resilience...

Iranian State Broadcaster IRIB Hit by Destructive Wiper Malware

An investigation into the cyberattack targeting Iranian national media corporation, Islamic Republic of Iran Broadcasting IRIB, in late January 2022 revealed the deployment of a wiper malware and other custom implants, as the country's national infrastructure continues to face a wave of attacks...