Here’s a New Tool That Scans Open-Source Repositories for Malicious Packages

Here’s a New Tool That Scans Open-Source Repositories for Malicious Packages

,

The Open Source Security Foundation (OpenSSF) has announced the initial prototype release of a new tool that’s capable of carrying out dynamic analysis of all packages uploaded to popular open source repositories.
Called the Package Analysis project, the initiative aims to secure open-source packages by detecting and alerting users to any malicious behavior with the goal of bolstering the

,

The Open Source Security Foundation (OpenSSF) has announced the initial prototype release of a new tool that’s capable of carrying out dynamic analysis of all packages uploaded to popular open source repositories.
Called the Package Analysis project, the initiative aims to secure open-source packages by detecting and alerting users to any malicious behavior with the goal of bolstering the

, ,
https://thehackernews.com/2022/05/heres-new-tool-that-scans-for-malicious.html

Microsoft Documents Over 200 Cyberattacks by Russia Against Ukraine

Microsoft Documents Over 200 Cyberattacks by Russia Against Ukraine,

At least six different Russia-aligned actors launched no less than 237 cyberattacks against Ukraine from February 23 to April 8, including 38 discrete destructive attacks that irrevocably destroyed files in hundreds of systems across dozens of organizations in the country.
« Collectively, the cyber and kinetic actions work to disrupt or degrade Ukrainian government and military functions and

,

At least six different Russia-aligned actors launched no less than 237 cyberattacks against Ukraine from February 23 to April 8, including 38 discrete destructive attacks that irrevocably destroyed files in hundreds of systems across dozens of organizations in the country.
« Collectively, the cyber and kinetic actions work to disrupt or degrade Ukrainian government and military functions and

, ,
https://thehackernews.com/2022/04/microsoft-documents-over-200.html

Sabotage de câbles de fibre optique : le parquet de Paris lance une enquête

Sabotage de câbles de fibre optique : le parquet de Paris lance une enquête,

Les services réseau sont désormais rétablis. Les investigations seront menées par la DGSI et la DCPJ. Free figure parmi les opérateurs dont les réseaux ont été les plus perturbés.

,

Les services réseau sont désormais rétablis. Les investigations seront menées par la DGSI et la DCPJ. Free figure parmi les opérateurs dont les réseaux ont été les plus perturbés.

, ,
https://www.01net.com/actualites/sabotage-de-cables-de-fibre-optique-le-parquet-de-paris-lance-une-enquete-2056053.html

Microsoft Azure Vulnerability Exposes PostgreSQL Databases to Other Customers

Microsoft Azure Vulnerability Exposes PostgreSQL Databases to Other Customers,

Microsoft on Thursday disclosed that it addressed a pair of issues with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region.
« By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user could leverage an improperly anchored regular expression to bypass

,

Microsoft on Thursday disclosed that it addressed a pair of issues with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region.
« By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user could leverage an improperly anchored regular expression to bypass

, ,
https://thehackernews.com/2022/04/microsoft-azure-vulnerability-exposes.html

Indian Govt Orders Organizations to Report Security Breaches Within 6 Hours to CERT-In

Indian Govt Orders Organizations to Report Security Breaches Within 6 Hours to CERT-In,

India’s computer and emergency response team, CERT-In, on Thursday published new guidelines that require service providers, intermediaries, data centers, and government entities to compulsorily report cybersecurity incidents, including data breaches, within six hours.
« Any service provider, intermediary, data center, body corporate and Government organization shall mandatorily report cyber

,

India’s computer and emergency response team, CERT-In, on Thursday published new guidelines that require service providers, intermediaries, data centers, and government entities to compulsorily report cybersecurity incidents, including data breaches, within six hours.
« Any service provider, intermediary, data center, body corporate and Government organization shall mandatorily report cyber

, ,
https://thehackernews.com/2022/04/indian-govt-orders-organisations-to.html

Experts Detail 3 Hacking Teams Working Under the Umbrella of TA410 Group

Experts Detail 3 Hacking Teams Working Under the Umbrella of TA410 Group,

A cyberespionage threat actor known for targeting a variety of critical infrastructure sectors in Africa, the Middle East, and the U.S. has been observed using an upgraded version of a remote access trojan with information stealing capabilities.
Calling TA410 an umbrella group comprised of three teams dubbed FlowingFrog, LookingFrog and JollyFrog, Slovak cybersecurity firm ESET assessed that « 

,

A cyberespionage threat actor known for targeting a variety of critical infrastructure sectors in Africa, the Middle East, and the U.S. has been observed using an upgraded version of a remote access trojan with information stealing capabilities.
Calling TA410 an umbrella group comprised of three teams dubbed FlowingFrog, LookingFrog and JollyFrog, Slovak cybersecurity firm ESET assessed that « 

, ,
https://thehackernews.com/2022/04/experts-detail-3-hacking-teams-working.html

Everything you need to know to create a Vulnerability Assessment Report

Everything you need to know to create a Vulnerability Assessment Report,

You’ve been asked for a Vulnerability Assessment Report for your organisation and for some of you reading this article, your first thought is likely to be « What is that? »
Worry not. This article will answer that very question as well as why you need a Vulnerability Assessment Report and where you can get one from. 
As it’s likely the request for such a report came from an important source such

,

You’ve been asked for a Vulnerability Assessment Report for your organisation and for some of you reading this article, your first thought is likely to be « What is that? »
Worry not. This article will answer that very question as well as why you need a Vulnerability Assessment Report and where you can get one from. 
As it’s likely the request for such a report came from an important source such

, ,
https://thehackernews.com/2022/04/everything-you-need-to-know-to-create.html

Cybercriminals Using New Malware Loader ‘Bumblebee’ in the Wild

Cybercriminals Using New Malware Loader ‘Bumblebee’ in the Wild

,

Cybercriminal actors previously observed delivering BazaLoader and IcedID as part of their malware campaigns are said to have transitioned to a new loader called Bumblebee that’s under active development.
« Based on the timing of its appearance in the threat landscape and use by multiple cybercriminal groups, it is likely Bumblebee is, if not a direct replacement for BazaLoader, then a new,

,

Cybercriminal actors previously observed delivering BazaLoader and IcedID as part of their malware campaigns are said to have transitioned to a new loader called Bumblebee that’s under active development.
« Based on the timing of its appearance in the threat landscape and use by multiple cybercriminal groups, it is likely Bumblebee is, if not a direct replacement for BazaLoader, then a new,

, ,
https://thehackernews.com/2022/04/cybercriminals-using-new-malware-loader.html

Twitter’s New Owner Elon Musk Wants DMs to be End-to-End Encrypted like Signal

Twitter’s New Owner Elon Musk Wants DMs to be End-to-End Encrypted like Signal

,

Elon Musk, CEO of SpaceX and Tesla and Twitter’s new owner, on Thursday called on adding support for end-to-end encryption (E2EE) to the platform’s direct messages (DM) feature.
« Twitter DMs should have end to end encryption like Signal, so no one can spy on or hack your messages, » Musk said in a tweet.
The statement comes days after the microblogging service announced it officially entered into

,

Elon Musk, CEO of SpaceX and Tesla and Twitter’s new owner, on Thursday called on adding support for end-to-end encryption (E2EE) to the platform’s direct messages (DM) feature.
« Twitter DMs should have end to end encryption like Signal, so no one can spy on or hack your messages, » Musk said in a tweet.
The statement comes days after the microblogging service announced it officially entered into

, ,
https://thehackernews.com/2022/04/twitters-new-owner-elon-musk-wants-dms.html

New RIG Exploit Kit Campaign Infecting Victims’ PCs with RedLine Stealer

New RIG Exploit Kit Campaign Infecting Victims’ PCs with RedLine Stealer

,

A new campaign leveraging an exploit kit has been observed abusing an Internet Explorer flaw patched by Microsoft last year to deliver the RedLine Stealer trojan.
« When executed, RedLine Stealer performs recon against the target system (including username, hardware, browsers installed, anti-virus software) and then exfiltrates data (including passwords, saved credit cards, crypto wallets, VPN

,

A new campaign leveraging an exploit kit has been observed abusing an Internet Explorer flaw patched by Microsoft last year to deliver the RedLine Stealer trojan.
« When executed, RedLine Stealer performs recon against the target system (including username, hardware, browsers installed, anti-virus software) and then exfiltrates data (including passwords, saved credit cards, crypto wallets, VPN

, ,
https://thehackernews.com/2022/04/new-rig-exploit-kit-campaign-infecting.html