A Large-Scale Supply Chain Attack Distributed Over 800 Malicious NPM Packages

A Large-Scale Supply Chain Attack Distributed Over 800 Malicious NPM Packages,

A threat actor dubbed « RED-LILI » has been linked to an ongoing large-scale supply chain attack campaign targeting the NPM package repository by publishing nearly 800 malicious modules.
« Customarily, attackers use an anonymous disposable NPM account from which they launch their attacks, » Israeli security company Checkmarx said. « As it seems this time, the attacker has fully-automated the process

,

A threat actor dubbed « RED-LILI » has been linked to an ongoing large-scale supply chain attack campaign targeting the NPM package repository by publishing nearly 800 malicious modules.
« Customarily, attackers use an anonymous disposable NPM account from which they launch their attacks, » Israeli security company Checkmarx said. « As it seems this time, the attacker has fully-automated the process

, ,
https://thehackernews.com/2022/03/a-threat-actor-dubbed-red-lili-has-been.html

Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread Malware

Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread Malware,

A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IcedID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers.
« The emails use a social engineering technique of conversation hijacking (also known as thread hijacking), » Israeli company Intezer said in a report shared with

,

A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IcedID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers.
« The emails use a social engineering technique of conversation hijacking (also known as thread hijacking), » Israeli company Intezer said in a report shared with

, ,
https://thehackernews.com/2022/03/hackers-hijack-email-reply-chains-on.html

Of Cybercriminals and IP Addresses

Of Cybercriminals and IP Addresses,

You don’t like having the FBI knocking on your door at 6 am in the morning. Surprisingly, nor does your usual cybercriminal. That is why they hide (at least the good ones), for example, behind layers of proxies, VPNs, or TOR nodes.
Their IP address will never be exposed directly to the target’s machine. Cybercriminals will always use third-party IP addresses to deliver their attacks.
There are

,

You don’t like having the FBI knocking on your door at 6 am in the morning. Surprisingly, nor does your usual cybercriminal. That is why they hide (at least the good ones), for example, behind layers of proxies, VPNs, or TOR nodes.
Their IP address will never be exposed directly to the target’s machine. Cybercriminals will always use third-party IP addresses to deliver their attacks.
There are

, ,
https://thehackernews.com/2022/03/of-cybercriminals-and-ip-addresses.html

Google corrige en urgence une faille zero-day dans Chrome

Google corrige en urgence une faille zero-day dans Chrome,

Un bug dans le moteur JavaScript est exploité de manière active par des hackers. Il est recommandé de mettre immédiatement à jour le navigateur.

,

Un bug dans le moteur JavaScript est exploité de manière active par des hackers. Il est recommandé de mettre immédiatement à jour le navigateur.

, ,
https://www.01net.com/actualites/google-corrige-en-urgence-une-faille-zero-day-dans-chrome-2055675.html

‘Purple Fox’ Hackers Spotted Using New Variant of FatalRAT in Recent Malware Attacks

‘Purple Fox’ Hackers Spotted Using New Variant of FatalRAT in Recent Malware Attacks

,

The operators of the Purple Fox malware have retooled their malware arsenal with a new variant of a remote access trojan called FatalRAT, while also simultaneously upgrading their evasion mechanisms to bypass security software.
« Users’ machines are targeted via trojanized software packages masquerading as legitimate application installers, » Trend Micro researchers said in a report published on

,

The operators of the Purple Fox malware have retooled their malware arsenal with a new variant of a remote access trojan called FatalRAT, while also simultaneously upgrading their evasion mechanisms to bypass security software.
« Users’ machines are targeted via trojanized software packages masquerading as legitimate application installers, » Trend Micro researchers said in a report published on

, ,
https://thehackernews.com/2022/03/purple-fox-hackers-spotted-using-new.html

Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability

Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability,

Muhstik, a botnet infamous for propagating via web application exploits, has been observed targeting Redis servers using a recently disclosed vulnerability in the database system.
The vulnerability relates to CVE-2022-0543, a Lua sandbox escape flaw in the open-source, in-memory, key-value data store that could be abused to achieve remote code execution on the underlying machine. The

,

Muhstik, a botnet infamous for propagating via web application exploits, has been observed targeting Redis servers using a recently disclosed vulnerability in the database system.
The vulnerability relates to CVE-2022-0543, a Lua sandbox escape flaw in the open-source, in-memory, key-value data store that could be abused to achieve remote code execution on the underlying machine. The

, ,
https://thehackernews.com/2022/03/muhstik-botnet-targeting-redis-servers.html

Lapsus$ : sept membres présumés arrêtés en Grande-Bretagne

Lapsus$ : sept membres présumés arrêtés en Grande-Bretagne,

Les personnes arrêtées ont été remises en liberté, mais restent sous contrôle judiciaire. Sur Telegram, les utilisateurs sonnent déjà le glas de ce groupe qui a réussi à pirater plusieurs géants high tech.

,

Les personnes arrêtées ont été remises en liberté, mais restent sous contrôle judiciaire. Sur Telegram, les utilisateurs sonnent déjà le glas de ce groupe qui a réussi à pirater plusieurs géants high tech.

, ,
https://www.01net.com/actualites/lapsusdollar-sept-membres-presumes-arretes-en-grande-bretagne-2055654.html

FCC Adds Kaspersky and Chinese Telecom Firms to National Security Threat List

FCC Adds Kaspersky and Chinese Telecom Firms to National Security Threat List,

The U.S. Federal Communications Commission (FCC) on Friday moved to add Russian cybersecurity company Kaspersky Lab to the « Covered List » of companies that pose an « unacceptable risk to the national security » of the country.
The development marks the first time a Russian entity has been added to the list that’s been otherwise dominated by Chinese telecommunications firms. Also added alongside

,

The U.S. Federal Communications Commission (FCC) on Friday moved to add Russian cybersecurity company Kaspersky Lab to the « Covered List » of companies that pose an « unacceptable risk to the national security » of the country.
The development marks the first time a Russian entity has been added to the list that’s been otherwise dominated by Chinese telecommunications firms. Also added alongside

, ,
https://thehackernews.com/2022/03/fcc-adds-kaspersky-and-chinese-telecom.html

Another Chinese Hacking Group Spotted Targeting Ukraine Amid Russia Invasion

Another Chinese Hacking Group Spotted Targeting Ukraine Amid Russia Invasion,

A Chinese-speaking threat actor called Scarab has been linked to a custom backdoor dubbed HeaderTip as part of a campaign targeting Ukraine since Russia embarked on an invasion last month, making it the second China-based hacking group after Mustang Panda to capitalize on the conflict.
« The malicious activity represents one of the first public examples of a Chinese threat actor targeting Ukraine

,

A Chinese-speaking threat actor called Scarab has been linked to a custom backdoor dubbed HeaderTip as part of a campaign targeting Ukraine since Russia embarked on an invasion last month, making it the second China-based hacking group after Mustang Panda to capitalize on the conflict.
« The malicious activity represents one of the first public examples of a Chinese threat actor targeting Ukraine

, ,
https://thehackernews.com/2022/03/another-chinese-hacking-group-spotted.html

Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability

Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability,

Google on Friday shipped an out-of-band security update to address a high severity vulnerability in its Chrome browser that it said is being actively exploited in the wild.
Tracked as CVE-2022-1096, the zero-day flaw relates to a type confusion vulnerability in the V8 JavaScript engine. An anonymous researcher has been credited with reporting the bug on March 23, 2022.
Type confusion errors,

,

Google on Friday shipped an out-of-band security update to address a high severity vulnerability in its Chrome browser that it said is being actively exploited in the wild.
Tracked as CVE-2022-1096, the zero-day flaw relates to a type confusion vulnerability in the V8 JavaScript engine. An anonymous researcher has been credited with reporting the bug on March 23, 2022.
Type confusion errors,

, ,
https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html