Sat.May 20, 2023

article thumbnail

Open-Source Infostealer RAT Hidden in Malicious NPM Packages

Data Breach Today

TurkoRat Capable of Credential Harvesting, Possesses Features Like Wallet Grabber Researchers have identified two legitimate-looking malicious npm packages that concealed an open-source infostealer for two months before being detected and removed. Developers downloaded the TurkoRat malware about 1,200 times from open-source repositories.

267
267
article thumbnail

RSAC Fireside Chat: Counteracting Putin’s weaponizing of ransomware — with containment

The Last Watchdog

The ransomware plague endures — and has arisen as a potent weapon in geopolitical conflicts. Related: The Golden Age of cyber espionage Cyber extortion remains a material threat to organizations of all sizes across all industries. Ransomware purveyors have demonstrated their capability to endlessly take advantage of a vastly expanded network attack surface – one that will only continue to expand as the shift to massively interconnected digital services accelerates.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Underground History of Turla, Russia's Most Ingenious Hacker Group

WIRED Threat Level

From USB worms to satellite-based hacking, Russia’s FSB hackers, known as Turla, have spent 25 years distinguishing themselves as “adversary number one.

Security 138
article thumbnail

US CISA warns of a Samsung vulnerability under active exploitation

Security Affairs

US CISA added the vulnerability CVE-2023-21492 flaw affecting Samsung devices to its Known Exploited Vulnerabilities Catalog. US CISA added the vulnerability CVE-2023-21492 vulnerability (CVSS score: 4.4) affecting Samsung devices to its Known Exploited Vulnerabilities Catalog. The issue affects Samsung mobile devices running Android 11, 12, and 13, it is described as an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address

article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, CTO of Betterworks, will explore a practical framework to transform Generative AI prototypes into

article thumbnail

A TikTok ‘Car Theft’ Challenge Is Costing Hyundai $200 Million

WIRED Threat Level

Plus: The FBI gets busted abusing a spy tool, an ex-Apple engineer is charged with corporate espionage, and collection of airborne DNA raises new privacy risks.

Privacy 76
article thumbnail

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

Security Affairs

Cybercriminal gang FIN7 returned with a new wave of attacks aimed at deploying the Clop ransomware on victims’ networks. Researchers at Microsoft Security Intelligence team published a series of tweets to warn of a new wave of attacks aimed at distributing the Clop ransomware and linked it to the financially motivated cybercriminal group Sangria Tempest (ELBRUS, FIN7 ).