Malware deployed via job interview-spoofing NPM packages
Attacks deploying a malicious Python backdoor via fraudulent NPM packages spoofing as job interviews have been targeted at software developers by suspected North Korea-linked threat actors as part of the ongoing DEV#POPPER social engineering campaign...
Belarus security agency allegedly subjected to hacktivist attack
Belarus had its primary KGB security agency's network claimed to have been compromised by the Belarusian Cyber-Partisans hacktivist operation, resulting in the theft of data belonging to more than 8,600 KGB employees, The Associated Press reports.
Old Microsoft Office bug leveraged to compromise Ukraine
Ukraine had its systems subjected to attacks involving the exploitation of an almost seven-year-old Microsoft Office remote code execution vulnerability, tracked as CVE-2017-8570, to facilitate Cobalt Strike deployment late last year, reports The...
A look back at the Heartbleed bug and measuring its’ legacy, impact and how some view one of cybersecurity’s biggest headaches as an important learning moment.
Thousands of Qlik Sense Servers Open to Cactus Ransomware
The business intelligence servers contain vulnerabilities that Qlik patched last year, but which Cactus actors have been exploiting since November. Swathes of organizations have not yet been patched.
Intel Harnesses Hackathons to Tackle Hardware Vulnerabilities
The semiconductor manufacturing giant's security team describes how hardware hackathons, such as Hack@DAC, have helped chip security by finding and sharing hardware vulnerabilities.