Wednesday, August 10, 2022
Infosecurity Magazine

New Malicious Python Libraries Found on PyPI Repository

Some of these packages were capable of stealing user credentials and environment variables
Infosecurity Magazine

US Treasury Sanctions Virtual Currency Mixer For Connections With Lazarus Group

Tornado Cash would have been used to launder more than $7b in virtual currency since its foundation
Infosecurity Magazine

Report Provides Updates on July's Maui Ransomware Incident

The report extends CISA's “first seen” date and the geolocation of the target to other countries
Infosecurity Magazine

Health Adviser Fined After Illegally Accessing Medical Records

Former NHS employee ordered to pay victims compensation
Infosecurity Magazine

Smishing Attack Led to Major Twilio Breach

Firm tight-lipped on how many customers are affected
Infosecurity Magazine

Number of Firms Unable to Access Cyber-Insurance Set to Double

Even those with policies may see coverage greatly reduced
Infosecurity Magazine

Meta Takes Action Against Cyber Espionage Operations Targeting Facebook in South Asia

The groups' attacks were reportedly relatively low in sophistication but persistent and well-resourced
Infosecurity Magazine

Chinese Hackers May Be Behind Attacks Targeting Eastern Europe and Afghanistan

The phishing emails contained Microsoft Word documents that exploited the CVE-2017-11882 flaw
Infosecurity Magazine

Hackers Exploit Open Redirect Vulnerabilities to Conduct LogoKit Phishing Campaigns

LogoKit is based on JavaScript and can change logos and text on landing pages in real-time
Infosecurity Magazine

North Korean Hackers Target Crypto Job Seekers

New social engineering campaign leverages Coinbase
Infosecurity Magazine

Zero-Day Bug Responsible for Massive Twitter Breach

Over five million accounts were exposed
Infosecurity Magazine

NHS Cyber-Attack Delays Ambulances

Digital supplier hit by suspected ransomware
Infosecurity Magazine

GwisinLocker Ransomware Targets Linux Systems in South Korea

The malware was detected in campaigns targeting firms in the industrial and pharmaceutical space
Infosecurity Magazine

Hackers Exploit Hostinger's Preview Domain Feature to Launch Phishing Campaigns

The new feature enables access to a site before it is accessible globally
Infosecurity Magazine

Cybercrime a Key Revenue Stream For North Korea's Weapons Program

North Korea stole millions of dollars in crypto assets in at least one major hack

Phishers who breached Twilio and fooled Cloudflare could easily get you, too

Enlarge (credit: Getty Images) At least two security-sensitive companies—Twilio and Cloudflare—were targeted in a phishing attack by an advanced threat actor who had possession of home phone numbers of not...
Brian Krebs

Microsoft Patch Tuesday, August 2022 Edition

Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows....

One of 5G's Biggest Features Is a Security Minefield

New research found troubling vulnerabilities in the 5G platforms carriers offer to wrangle embedded device data.
The Register

Patch Tuesday: Yet another Microsoft RCE bug under active exploit

Oh, and that critical VMware auth bypass vuln? Miscreants found it, too August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it's basically a code cracker's holiday too. …