Supply chain attack compromises LottieFiles npm package with crypto drainer

Such an intrusion has prompted automated delivery of the malicious lottie-player NPM package versions among users who obtained the library through third-party content delivery networks. Source link
Active exploitation of PTZOptics zero-days underway

China, the U.S., Canada, and Germany were most targeted by attacks with the Mirai source code-based Gorilla botnet, which involved the exploitation of UDP flood, Valve Source Engine flood, ACK BYPASS flood, ACK flood, and SYN flood techniques, as well as an old Apache Hadoop YARN RPC vulnerability, an analysis from NSFOCUS revealed. Source link
CISO Top 10 Priorities for Q3 2024: Navigating Cybersecurity’s Evolving Challenges

As the cybersecurity landscape grows more complex and interconnected, the role of the Chief Information Security Officer (CISO) continues to expand, evolving from a primarily technical position into one that demands a strategic approach to risk, compliance, and technology. The CISO Top 10 reports for Q3 2024 provide critical insights into the key areas where […]
Serious WordPress compromise likely with LiteSpeed Cache plugin bug

Attacks exploiting the authentication weakness within the ‘lighthttpd’ server, tracked as CVE-2024-8957, and the insufficient input sanitization bug, tracked as CVE-2024-8957, could enable camera hijacking and bot compromise, as well as further infiltration of devices within the same network. Source link
Tougher export controls for US tech sought

CyberScoop reports that the U.S. Commerce Department has been urged by Sen. Ron Wyden, D-Ore., to bolster the already robust proposed U.S. tech rules that would prevent the utilization of the country’s surveillance tools in repressive countries amid concerns of potential gaps that could be exploited by such nations. Aside from expanding the number of countries subject to […]
About 87K compromised in Mystic Valley Elder Services breach

Massachusetts-based health and human services nonprofit Mystic Valley Elder Services had information from nearly 87,000 individuals compromised following a cyberattack in early April, SecurityWeek reports. Infiltration of systems belonging to Mystic Valley, which caters to older adults and people with disabilities, have enabled the exfiltration of names, birthdates, Social Security numbers, payment card and financial account numbers, passport numbers, […]
Microsoft Recall launch postponed anew

Such postponement comes after Recall was subjected to several delays since June due to security concerns associated with the feature, which has since been allayed by Microsoft with its assurances of an opt-in experience, a completely encrypted database, and Windows Hello-based authentication. Source link
Election 2024: Countdown to chaos?

COMMENTARY: Tactics rarely change, even though the tools do. The 2024 elections continue to test the ability of defenders to counter the evolving tactics of our adversaries. One thing is for sure during the final days of the campaign: we’ll see many more malicious attempts to influence the election. The real question: How hard will we […]
© Copyright 2024 CNB Tel. All rights reserved