Category: security
More malicious Python packages are on the loose, experts warn
Security researchers found two packages on PyPI, showing malicious intent The packages grant the attackers access to systems and sensitive data The researchers warn developers to exercise caution when using third-party packages Experts have warned PyPI continues to be abused after researchers discovered more malicious packages hiding on the platform.…
Read More
US Government officials urged to lock down devices amid telecoms breach
CISA has released an advisory for US government communications Government officials are encouraged to lock down their devices This follows the discovery foreign actors have breached US telecoms networks CISA has urged ‘highly targeted’ individuals in the US Government or in senior political positions to immediately review and implement strict…
Read More
Sophos flags concerning firewall security flaws, users told to patch now
Sophos says it found, and patched, three flaws in its firewall product The flaws allowed for RCE and privilege escalation Those unable to apply the patch can use a workaround Sophos has recently discovered, and patched, three bugs in its Firewall product, and given the severity, has urged users to…
Read More
Sophos hotfixes remote code execution vulnerabilities in Firewall
Sophos says it found, and patched, three flaws in its firewall product The flaws allowed for RCE and privilege escalation Those unable to apply the patch can use a workaround Sophos has recently discovered, and patched, three bugs in its Firewall product, and given the severity, has urged users to…
Read More
A new Microsoft 365 phishing service has emerged, so be on your guard
Researchers said that Rockstar2FA went quiet in November 2024 But a new PaaS emerged soon afterwards, with partly overlapping infrastructure The new PaaS is called FlowerStorm, and it targets Microsoft365 accounts Cybersecurity researchers from Sophos have warned a new Phishing-as-a-Service (PaaS) tool has emerged, allowing threat actors to easily hunt…
Read More
US healthcare giant Ascension says ransomware attack affected nearly six million customers
Ascension was struck by ransomware attack in May 2024 It has now concluded its investigation into the attack Sensitive data on almost 5.6 million people was stolen Hackers that struck Ascension with ransomware managed to steal a whole treasure trove of sensitive customer information, with medical information, personally identifiable information,…
Read More