Iran’s Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao Malware https://firewall.firm.in/wp-content/uploads/2024/12/malware.png Dec 25, 2024Ravie LakshmananCyber Attack / Malware The Iranian nation-state hacking group known as Charming Kitten has been observed deploying a C++ variant of a known malware called BellaCiao. Russian cybersecurity company Kaspersky, which dubbed the new version BellaCPP, said it discovered the artifact as part of ...

CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation https://firewall.firm.in/wp-content/uploads/2024/12/software.png Dec 24, 2024Ravie LakshmananVulnerability / Software Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched high-severity security flaw impacting Acclaim Systems USAHERDS to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The vulnerability in question is ...

Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts https://firewall.firm.in/wp-content/uploads/2024/12/python.png Dec 24, 2024Ravie LakshmananMalware / Data Exfiltration Cybersecurity researchers have flagged two malicious packages that were uploaded to the Python Package Index (PyPI) repository and came fitted with capabilities to exfiltrate sensitive information from compromised hosts, according to new findings from Fortinet FortiGuard Labs. The packages, named zebo and ...

North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin https://firewall.firm.in/wp-content/uploads/2024/12/bitcoin.png Dec 24, 2024Ravie LakshmananCybercrime / Malware Japanese and U.S. authorities have formerly attributed the theft of cryptocurrency worth $308 million from cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors. “The theft is affiliated with TraderTraitor threat activity, which is also tracked as ...

AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case https://firewall.firm.in/wp-content/uploads/2024/12/malware-ai.png Dec 23, 2024Ravie LakshmananMachine Learning / Threat Analysis Cybersecurity researchers have found that it’s possible to use large language models (LLMs) to generate new variants of malicious JavaScript code at scale in a manner that can better evade detection. “Although LLMs struggle to create malware from scratch, ...

CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List https://firewall.firm.in/wp-content/uploads/2024/12/cisa.jpg Dec 20, 2024Ravie LakshmananCISA / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The ...

Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation https://firewall.firm.in/wp-content/uploads/2024/12/firewall.png Dec 20, 2024Ravie LakshmananFirewall Security / Vulnerability Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions. Of the three, two are rated Critical in severity. There is ...

LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages https://firewall.firm.in/wp-content/uploads/2024/12/ransomware.png A dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation since its inception in or around 2019 through at least February 2024. Rostislav Panev, 51, was arrested in Israel earlier this August and ...

Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack https://firewall.firm.in/wp-content/uploads/2024/12/code.png Dec 20, 2024Ravie LakshmananMalware / Supply Chain Attack The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency ...

Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware https://firewall.firm.in/wp-content/uploads/2024/12/chrome.png The Lazarus Group, an infamous threat actor linked to the Democratic People’s Republic of Korea (DPRK), has been observed leveraging a “complex infection chain” targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024. The attacks, which culminated in the ...