Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through Firewalls

Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through Firewalls,

In yet another campaign targeting the Python Package Index (PyPI) repository, six malicious packages have been found deploying information stealers on developer systems.
The now-removed packages, which were discovered by Phylum between December 22 and December 31, 2022, include pyrologin, easytimestamp, discorder, discord-dev, style.py, and pythonstyles.
The malicious code, as is increasingly

,

In yet another campaign targeting the Python Package Index (PyPI) repository, six malicious packages have been found deploying information stealers on developer systems.
The now-removed packages, which were discovered by Phylum between December 22 and December 31, 2022, include pyrologin, easytimestamp, discorder, discord-dev, style.py, and pythonstyles.
The malicious code, as is increasingly

, ,
https://thehackernews.com/2023/01/malicious-pypi-packages-using.html

Top SaaS Cybersecurity Threats in 2023: Are You Ready?

Top SaaS Cybersecurity Threats in 2023: Are You Ready?,

Cybercriminals will be as busy as ever this year. Stay safe and protect your systems and data by focusing on these 4 key areas to secure your environment and ensure success in 2023, and make sure your business is only in the headlines when you WANT it to be. 1 — Web application weaknesses

Web applications are at the core of what SaaS companies do and how they operate, and they can store some of

,

Cybercriminals will be as busy as ever this year. Stay safe and protect your systems and data by focusing on these 4 key areas to secure your environment and ensure success in 2023, and make sure your business is only in the headlines when you WANT it to be. 1 — Web application weaknesses

Web applications are at the core of what SaaS companies do and how they operate, and they can store some of

, ,
https://thehackernews.com/2023/01/top-saas-cybersecurity-threats-in-2023.html

Hackers Can Abuse Visual Studio Marketplace to Target Developers with Malicious Extensions

Hackers Can Abuse Visual Studio Marketplace to Target Developers with Malicious Extensions,

A new attack vector targeting the Visual Studio Code extensions marketplace could be leveraged to upload rogue extensions masquerading as their legitimate counterparts with the goal of mounting supply chain attacks.
The technique « could act as an entry point for an attack on many organizations, » Aqua security researcher Ilay Goldman said in a report published last week.
VS Code extensions,

,

A new attack vector targeting the Visual Studio Code extensions marketplace could be leveraged to upload rogue extensions masquerading as their legitimate counterparts with the goal of mounting supply chain attacks.
The technique « could act as an entry point for an attack on many organizations, » Aqua security researcher Ilay Goldman said in a report published last week.
VS Code extensions,

, ,
https://thehackernews.com/2023/01/hackers-distributing-malicious-visual.html

Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors

Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors,

The Russian cyberespionage group known as Turla has been observed piggybacking on attack infrastructure used by a decade-old malware to deliver its own reconnaissance and backdoor tools to targets in Ukraine.
Google-owned Mandiant, which is tracking the operation under the uncategorized cluster moniker UNC4210, said the hijacked servers correspond to a variant of a commodity malware called 

,

The Russian cyberespionage group known as Turla has been observed piggybacking on attack infrastructure used by a decade-old malware to deliver its own reconnaissance and backdoor tools to targets in Ukraine.
Google-owned Mandiant, which is tracking the operation under the uncategorized cluster moniker UNC4210, said the hijacked servers correspond to a variant of a commodity malware called 

, ,
https://thehackernews.com/2023/01/russian-turla-hackers-hijack-decade-old.html

Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub

Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub,

A South Africa-based threat actor known as Automated Libra has been observed employing CAPTCHA bypass techniques to create GitHub accounts in a programmatic fashion as part of a freejacking campaign dubbed PURPLEURCHIN.
The group « primarily targets cloud platforms offering limited-time trials of cloud resources in order to perform their crypto mining operations, » Palo Alto Networks Unit 42

,

A South Africa-based threat actor known as Automated Libra has been observed employing CAPTCHA bypass techniques to create GitHub accounts in a programmatic fashion as part of a freejacking campaign dubbed PURPLEURCHIN.
The group « primarily targets cloud platforms offering limited-time trials of cloud resources in order to perform their crypto mining operations, » Palo Alto Networks Unit 42

, ,
https://thehackernews.com/2023/01/hackers-using-captcha-bypass-tactics-in.html

Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS

Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS,

Microsoft has shed light on four different ransomware families – KeRanger, FileCoder, MacRansom, and EvilQuest – that are known to impact Apple macOS systems.
« While these malware families are old, they exemplify the range of capabilities and malicious behavior possible on the platform, » the tech giant’s Security Threat Intelligence team said in a Thursday report.
The initial vector for these

,

Microsoft has shed light on four different ransomware families – KeRanger, FileCoder, MacRansom, and EvilQuest – that are known to impact Apple macOS systems.
« While these malware families are old, they exemplify the range of capabilities and malicious behavior possible on the platform, » the tech giant’s Security Threat Intelligence team said in a Thursday report.
The initial vector for these

, ,
https://thehackernews.com/2023/01/microsoft-reveals-tactics-used-by-4.html

Dridex Malware Now Attacking macOS Systems with Novel Infection Method

Dridex Malware Now Attacking macOS Systems with Novel Infection Method,

A variant of the infamous Dridex banking malware has set its sights on Apple’s macOS operating system using a previously undocumented infection method, according to latest research.
It has « adopted a new technique to deliver documents embedded with malicious macros to users without having to pretend to be invoices or other business-related files, » Trend Micro researcher Armando Nathaniel

,

A variant of the infamous Dridex banking malware has set its sights on Apple’s macOS operating system using a previously undocumented infection method, according to latest research.
It has « adopted a new technique to deliver documents embedded with malicious macros to users without having to pretend to be invoices or other business-related files, » Trend Micro researcher Armando Nathaniel

, ,
https://thehackernews.com/2023/01/dridex-malware-now-attacking-macos.html

Rackspace Confirms Play Ransomware Gang Responsible for Recent Breach

Rackspace Confirms Play Ransomware Gang Responsible for Recent Breach,

Cloud services provider Rackspace on Thursday confirmed that the ransomware gang known as Play was responsible for last month’s breach.
The security incident, which took place on December 2, 2022, leveraged a previously unknown security exploit to gain initial access to the Rackspace Hosted Exchange email environment.
« This zero-day exploit is associated with CVE-2022-41080, » the Texas-based

,

Cloud services provider Rackspace on Thursday confirmed that the ransomware gang known as Play was responsible for last month’s breach.
The security incident, which took place on December 2, 2022, leveraged a previously unknown security exploit to gain initial access to the Rackspace Hosted Exchange email environment.
« This zero-day exploit is associated with CVE-2022-41080, » the Texas-based

, ,
https://thehackernews.com/2023/01/rackspace-confirms-play-ransomware-gang.html

WhatsApp Introduces Proxy Support to Help Users Bypass Internet Censorship

WhatsApp Introduces Proxy Support to Help Users Bypass Internet Censorship,

Popular instant messaging service WhatsApp has launched support for proxy servers in the latest version of its Android and iOS apps, letting users circumvent government-imposed censorship and internet shutdowns.
« Choosing a proxy enables you to connect to WhatsApp through servers set up by volunteers and organizations around the world dedicated to helping people communicate freely, » the

,

Popular instant messaging service WhatsApp has launched support for proxy servers in the latest version of its Android and iOS apps, letting users circumvent government-imposed censorship and internet shutdowns.
« Choosing a proxy enables you to connect to WhatsApp through servers set up by volunteers and organizations around the world dedicated to helping people communicate freely, » the

, ,
https://thehackernews.com/2023/01/whatsapp-introduces-proxy-support-to.html

Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain

Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain,

A financially motivated threat actor tracked as Blind Eagle has resurfaced with a refined toolset and an elaborate infection chain as part of its attacks targeting organizations in Colombia and Ecuador.
Check Point’s latest research offers new insights into the Spanish-speaking group’s tactics and techniques, including the use of sophisticated tools and government-themed lures to activate the

,

A financially motivated threat actor tracked as Blind Eagle has resurfaced with a refined toolset and an elaborate infection chain as part of its attacks targeting organizations in Colombia and Ecuador.
Check Point’s latest research offers new insights into the Spanish-speaking group’s tactics and techniques, including the use of sophisticated tools and government-themed lures to activate the

, ,
https://thehackernews.com/2023/01/blind-eagle-hackers-return-with-refined.html