Category: security
AWS keys stolen by malicious PyPI package with thousands of downloads
Researchers discover three-year old malicious package in PyPI The package is a typosquatted version of Fabric, with 37,000 downloads Its goal is to steal AWS login credentials from the developers A malicious Python package has been hiding in the Python Package Index (PyPI) for years, stealthily stealing people’s Amazon Web…
Read More
Palo Alto Networks warns users of dangerous security threat affecting firewalls
Palo Alto Networks says it’s aware of claims of flaws in the firewalls Company is advising users to be extra cautious and tighten up on security A patch will be deployed when more details about the bug are found Palo Alto Networks has revealed it was recently made aware of…
Read More
Google Chrome extensions remain a security risk as Manifest V3 fails to prevent data theft and malware exploitation
Research shows that Manifest V3 could suffer from security issues The upgraded Chromium manifest still allows malicious extensions Some security tools struggle to identify dangerous extensions Browser extensions have long been a convenient tool for users, enhancing productivity and streamlining tasks. However, they have also become a prime target for…
Read More
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
Phishing attacks are becoming more complex and harder to detect Attackers are using new techniques such as QR codes and deepfakes Some businesses are receiving 36 phishing emails per day Phishing attacks are consistently on the rise and becoming more sophisticated, as cybercriminals no longer rely solely on basic email…
Read More
This new phishing strategy utilizes GitHub comments to distribute malware
Github repositories are being infected with malware Trusted repositories can bypass secure web gateways Github comments are also being used to hide malicious files In a new phishing campaign detected by Cofense Intelligence, threat actors used a novel approach by leveraging trusted GitHub repositories to deliver malware. The campaign is…
Read More
This new malware utilizes a rare programming language to evade traditional detection methods
New custom malware loader written in JPHP is wreaking havoc The custom payload is difficult to detect using cybersecurity tools The malware-loader can deploy custom payloads as required Trustwave SpiderLabs says it has recently uncovered a new form of malware known as Pronsis Loader, which is already causing trouble due…
Read More