Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times

Cybersecurity researchers have discovered a malicious package on the Python Package Index PyPI repository that masquerades as a seemingly harmless Discord-related utility but incorporates a remote access trojan. The package in question is discordpydebug, which was uploaded to PyPI on March 21,...

Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists

Meta-owned WhatsApp on Friday said it disrupted a campaign that involved the use of spyware to target journalists and civil society members. The campaign, which targeted around 90 members, involved the use of spyware from an Israeli company known as Paragon Solutions. The attackers were neutraliz...

Practice being punched in the face. The realities of incident response preparation

“Everyone has a plan until they get punched in the face.” This Mike Tyson boxing quote perfectly encapsulates the chaos of a cybersecurity breach. TL;DR Accept that your organisation may be breached Train hard. Regularly test incident response plans Build muscle memory Practice getting punched in...

IntelBroker Hacker Claims Breach of Top Cybersecurity Firm, Selling Access

By Waqas The norotious IntelBroker hackers claims to have breached a leading cybersecurity company revenue: $1.8 billion. The hacker is selling access to stolen data, including sensitive credentials and critical logs, for $20,000 in cryptocurrency. This is a post from HackRead.com Read the origin...

Russian Hackers Stole Microsoft Source Code—and the Attack Isn’t Over

Plus: An ex-Google engineer gets arrested for allegedly stealing trade secrets, hackers breach the top US cybersecurity agency, and X’s new feature exposes sensitive user data...

Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack

Microsoft on Friday revealed that it was the target of a nation-state attack on its corporate systems that resulted in the theft of emails and attachments from senior executives and other individuals in the company's cybersecurity and legal departments. The Windows maker attributed the attack to ...

Russian Hackers Had Covert Access to Ukraine's Telecom Giant for Months

Ukrainian cybersecurity authorities have disclosed that the Russian state-sponsored threat actor known as Sandworm was inside telecom operator Kyivstar's systems at least since May 2023. The development was first reported by Reuters. The incident, described as a "powerful hacker attack," first ca...

Cyberattack on UK IT Firm Swan Retail Affects up to 300 Retailers

By Deeba Ahmed Update: The article was updated on August 23rd, 2023, with new information, and the title was corrected from… This is a post from HackRead.com Read the original post: Cyberattack on UK IT Firm Swan Retail Affects up to 300 Retailers...

Trojanized Windows 10 Installer Used in Cyberattacks Against Ukrainian Government Entities

Government entities in Ukraine have been breached as part of a new campaign that leveraged trojanized versions of Windows 10 installer files to conduct post-exploitation activities. Mandiant, which discovered the "socially engineered supply chain" attack around mid-July 2022, said the malicious I...

What the Zola Hack Can Teach Us About Password Security

Password security is only as strong as the password itself. Unfortunately, we are often reminded of the danger of weak, reused, and compromised passwords with major cybersecurity breaches that start with stolen credentials. For example, in May 2022, the popular wedding planning site, Zola, was th...

No SOCKS, No Shoes, No Malware Proxy Services!

With the recent demise of several popular "proxy" services that let cybercriminals route their malicious traffic through hacked PCs, there is now something of a supply chain crisis gripping the underbelly of the Internet. Compounding the problem, several remaining malware-based proxy services hav...

Hackers Backdoored Systems at China's National Games Just Before Competition

Systems hosting content pertaining to the National Games of China were successfully breached last year by an unnamed Chinese-language-speaking hacking group. Cybersecurity firm Avast, which dissected the intrusion, said that the attackers gained access to a web server 12 days prior to the start o...

Incentivizing Developers is the Key to Better Security Practices

Professional developers want to embrace DevSecOps and write secure code, but their organizations need to support this seachange if they want that effort to grow. The cyber threat landscape is becoming more complex by the day. Attackers are constantly scanning networks for vulnerable applications,...

Hackers Accidentally Expose Passwords Stolen From Businesses On the Internet

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection ATP and steal credentials belonging to over a thousand corporate employees. The cyber offensive is said to have originated in August last year, with the...

Feds Pinpoint Russia as ‘Likely’ Culprit Behind SolarWinds Attack

The U.S. government has identified Russia as the “likely” culprit behind the widespread SolarWinds cyberattack that has so far affected multiple federal agencies and private-sector companies. Cyberespionage is cited as the motivation behind the attack, which the feds characterized as ongoing. In ...

Another Massive Russian Hack of US Government Networks

The press is reporting a massive hack of US government networks by sophisticated Russian hackers. Officials said a hunt was on to determine if other parts of the government had been affected by what looked to be one of the most sophisticated, and perhaps among the largest, attacks on federal...

Breached Data Indexer ‘Data Viper’ Hacked

Data Viper, a security startup that provides access to some 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches, has itself been hacked and its user database posted online. The hackers also claim they are selling on the dark web roughly 2 billion...

Seven Security Strategies, Summarized

This is the sort of story that starts as a comment on Twitter, then becomes a blog post when I realize I can't fit all the ideas into one or two Tweets. You know how much I hate Tweet threads, and how I encourage everyone to capture deep thoughts in blog posts! In the interest of capturing the...

How Not to Acknowledge a Data Breach

I'm not a huge fan of stories about stories, or those that explore the ins and outs of reporting a breach. But occasionally I feel obligated to publish such accounts when companies respond to a breach report in such a way that it's crystal clear they wouldn't know what to do with a data breach if...

Adapting “The Pilot’s Checklist” to the Cybersecurity Space

More and more often, we hear about another high-profile cybersecurity breach or ransomware attack at a large, well-known organization. Cybersecurity breaches seem to be inevitable at this juncture. While reading about these events, one thing is painfully clear: cybersecurity practitioners are...