MAL-2023-3848 Malicious code in lgtbpep (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx e2eb1b15323c431c044d51ffef01745174eaef211541a12ba6c778b68e32c8b4 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

CVE-2022-33172

de.fac2 1.34 allows bypassing the User Presence protection mechanism when there is malware on the victim's PC...

Cloudflare mitigated one of the largest DDoS attack involving 17.2 million rps

Web infrastructure and website security company Cloudflare on Thursday disclosed that it mitigated the largest ever volumetric distributed denial of service DDoS attack recorded to date. The attack, launched via a Mirai botnet, is said to have targeted an unnamed customer in the financial industr...

Attacks Aimed at Disrupting the Trickbot Botnet

Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot, an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying...

FBI Sinkholes $38M Global Ad Fraud Operation

The FBI has taken control of 31 web domains in a widespread takedown of a multi-year, global ad fraud campaign, believed to have stolen at least $38 million, partly via a botnet strategy. In addition, eight defendants face a 13-count indictment from a federal court in Brooklyn in the case. The...

Hundreds of Android apps on Play Store infected with Windows malware

By Uzair Amir Yes, malware in Android apps aimed at Windows devices. Palo Alto Networks’ researchers have made a startling new discovery that nearly 145 applications available on the Google Play Store contain malicious Microsoft Windows executable files. Some of the malware-infected apps have bee...

Be like a Moomin: How to establish trust between competitors so we can fight cybercrime

Do you know the Moomins? They're a tight-knit, happy, collaborative cartoon family. I'd never heard of them until I was lucky enough to spend a few days at the Microsoft offices in Helsinki, Finland. The Moomin keychain in the photo was a gift from the Finnish CISO. As I did a little research int...

Why Care About Data-Centric Security?

It’s no surprise that data breaches are evolving and becoming increasingly more complex. According to the Verizon 2017 Data Breach Investigation Report, data breaches are “complex affairs often involving some combination of human factors, hardware devices, exploited configurations or malicious...

Yeeditor, abandonware

Yeeditor from Yeedeen development apparently abandoned, developer's site is infected with malware All versions prior to 1.0.7 contain file upload vulnerability...

Latest iOS 9.0.1 Update Failed to Patch Lockscreen Bypass Hack

iOS 9.0.1 – Apple's first update to its new iOS 9 mobile operating system, came out on Wednesday, addressed several bugs in its software. However, unfortunately, it seems that the latest update iOS 9.0.1 doesn't fix the lock screen bypass vulnerability reported by iPhone user Jose Rodriguez. Yes,...

Illegal Online Marketplaces Booming

A complete bundle of personal information hackers require to steal identities is available on the underground for as little as $25. The data, known as Fullz in underground parlance, includes name, address, phone number, date of birth, Social Security or EIN numbers, email address with password an...

HP ProCurve 5400 zl Switches Compact Flash Card Security Issue

The remote HP ProCurve 5400 zl switch is missing a software update that corrects an issue with a compact flash card that may contain malware-infected content. Note that The J8726A Management Module in 5400 zl switches are only affected if they possess the following serial numbers : - ID116AS04P...

Report Details Coca-Cola Cyber Attack That Never was Disclosed

In an exclusive report, Bloomberg News outlines a month-long, systematic attack on Cola-Cola’s computer systems that may have influenced the failed $2.4 billion acquisition of a Chinese juice company. The FBI knew about it. Coca-Cola knew about it. But shareholders were kept in the dark. The Coke...

Like Those Wikipedia Ads? They Mean You're Infected With Malware!

The Wikimedia Foundation is warning its millions of visitors that if they’re seeing ads appearing on any of the Foundation’s Web sites, then their computer is probably infected with malware. The Foundation issued a statement on Monday clarifying that it never runs ads on the Web site for Wikipedi...

How the Google-Motorola Deal May Affect Android Security

By B.K. DeLong With this morning’s acquisition of Motorola Mobility, Google has made the move to bring in a solid hardware component for their Android mobility platform and fired another shot across the bow of Apple. But one big questions remains: What does this acquisition mean for those trying ...

DroidDream Again Appears in Android Market Apps

For Android users, the refrain must be getting a little tiresome: Researchers have found another batch of apps in the Android Market that were infected with malware. Once again, it was the DroidDream malware family causing the trouble, but this time, it was just a handful of apps and they were on...

RSA 2010: Microsoft Floats Idea to Quarantine Infected Computers

A top Microsoft executive is floating the idea of creating mandatory quarantines for computers with malware infections that pose a risk to internet users. The informal proposal, made Tuesday by Microsoft Vice President of Trustworthy Computing Scott Charney, was short on specifics, such as who...

MicroSolved Explains Credit Union Pen Test

Officials at MicroSolved, the security services company that was involved in the penetration test that set off concerns about malware-infected CDs being sent to credit unions, have posted a detailed explanation of the technique and how it turned into a national news story. In short, the technique...

Malware-Infected CD Mailing was Part of Pen Test

The malware-infected CDs that were mailed to some credit unions may have been part of a penetration test designed to gauge whether an employee would run the software. The SANS Internet Storm Center says it was notified by a representative from Microsolved that the mailing was part of an authorize...