Sophisticated malware from PyPI was downloaded more than 41,000 times
PyPI, the open-source repository used by both large and small organizations to download code libraries, was hosting 11 malicious packages that were downloaded more than 41k times in one of the latest reports of an incident of this nature.
JFrog found the software supply chain risk. This security... Read more
‘Trojan Source’ can inject malware into source code undetected
A new research paper has been published with details about a new technique that can be exploited to inject malware into source code without being detected. Named ‘Trojan Source' by Cambridge University researchers, the method involves the manipulation of source file encoding so that human viewers... Read more
Microsoft: Russia behind 58% of all state-sponsored hacks
The attacks mostly targeted government agencies and think tanks in the United States, Ukraine and U.K.
Russia was behind 58 percent of all state-backed cyber attacks carried out over the past year on Western targets, according to new research conducted by Microsoft. The report also found that Ch... Read more
Four new vulnerabilities in Microsoft Azure agent
The flaws stem from with an open-source software agent embedded in Microsoft Azure tools.
According to a report in CRN, a research team at Wiz has reported four new vulnerabilities related to the Microsoft Azure cloud platform.
The four vulnerabilities arise from an open-source software agent... Read more
Microsoft warns Azure customers of another security risk
The company says a flaw could have allowed hackers access to their customers' data. Microsoft fixed a critical vulnerability in its Azure Container Instances.
Microsoft warned some of its Azure cloud computing customers that a flaw discovered by security researchers could have allowed hackers a... Read more
T-Mobile begins investigation after hacker posts stolen data on forum
T-Mobile USA has launched an investigation into a hacker on Raids Forum, who is advertising stolen customer records. The hacker, who goes by the moniker ‘Subvirt,' posted on the Raids Forum asking for six bitcoin (about €243,000) from other hackers who may need access to some of the extracted d... Read more
700 million LinkedIn user records are being offered for sale on a hackers’ forum
A database containing 700 million LinkedIn users’ records has been found put up for sale online on a hacking forum. The database has been on offer for sale since June 22 and is under the possession of a user named TomLiner, found on Raid Forums.
There is a sample of 1 million records that can ... Read more
SolarWinds hackers attack Microsoft, shocking security analysts
The nation-state hacker collective that breached SolarWinds in what has been lauded as one of the biggest cyberattacks ever, is now embroiled in another hack, targeting Microsoft. The group managed to compromise a Microsoft worker's computer and used the access to launch precision attacks against t... Read more
Hackers use unknown user accounts to attack Zyxel firewalls and VPNs
Network device manufacturer Zyxel, is warning customers of active and ongoing attacks targetted at a range of the company’s firewalls and other types of security devices. In an email, the company said that the targeted devices include appliances fitted with remote management or are SSL VPN enable... Read more
VMware under attack from 9.8 rated active exploitation
A VMware vulnerability rated 9.8 out of 10 is under active exploitation. At least one exploit has been made public but there have been more successful attempts in the wild to compromise servers that run the compromised software.
The vulnerability is being tracked as CVE-2021-21985 and is found i... Read more