Rogue PyPI Library Solana Users, Steals Blockchain Wallet Keys https://firewall.firm.in/wp-content/uploads/2024/08/python.jpg Aug 11, 2024Ravie LakshmananSupply Chain / Software Security Cybersecurity researchers have discovered a new malicious package on the Python Package Index (PyPI) repository that masquerades as a library from the Solana blockchain platform but is actually designed to steal victims’ secrets. “The legitimate Solana Python API project is known as ...

New Malware Hits 300,000 Users with Rogue Chrome and Edge Extensions https://firewall.firm.in/wp-content/uploads/2024/08/chrome.png Aug 10, 2024Ravie LakshmananBrowser Security / Online Fraud An ongoing, widespread malware campaign has been observed installing rogue Google Chrome and Microsoft Edge extensions via a trojan distributed via fake websites masquerading as popular software. “The trojan malware contains different deliverables ranging from simple adware extensions that hijack ...

Researchers Uncover 10 Flaws in Google’s File Transfer Tool Quick Share https://firewall.firm.in/wp-content/uploads/2024/08/hack.png Aug 10, 2024Ravie LakshmananVulnerability / Mobile Security As many as 10 security flaws have been uncovered in Google’s Quick Share data transfer utility for Android and Windows that could be assembled to trigger remote code execution (RCE) chain on systems that have the software installed. “The Quick Share ...

DOJ Charges Nashville Man for Helping North Koreans Get U.S. Tech Jobs https://firewall.firm.in/wp-content/uploads/2024/08/hacker.png Aug 09, 2024Ravie LakshmananNational Security / Identity Theft The U.S. Department of Justice (DoJ) on Thursday charged a 38-year-old individual from Nashville, Tennessee, for allegedly running a “laptop farm” to help get North Koreans remote jobs with American and British companies. Matthew Isaac Knoot is charged with ...

INTERPOL Recovers $41 Million in Largest Ever BEC Scam in Singapore https://firewall.firm.in/wp-content/uploads/2024/08/bec-scam.png Aug 06, 2024Ravie LakshmananEmail Security / Financial Fraud INTERPOL said it devised a “global stop-payment mechanism” that helped facilitate the largest-ever recovery of funds defrauded in a business email compromise (BEC) scam. The development comes after an unnamed commodity firm based in Singapore fell victim to a BEC ...

Kazakh Organizations Targeted by ‘Bloody Wolf’ Cyber Attacks https://firewall.firm.in/wp-content/uploads/2024/08/cyberattack.png Aug 05, 2024Ravie LakshmananNetwork Security / Threat Intelligence Organizations in Kazakhstan are the target of a threat activity cluster dubbed Bloody Wolf that delivers a commodity malware called STRRAT (aka Strigoi Master). “The program selling for as little as $80 on underground resources allows the adversaries to take control of corporate ...

Researchers Uncover Flaws in Windows Smart App Control and SmartScreen https://firewall.firm.in/wp-content/uploads/2024/08/main.gif Aug 05, 2024Ravie LakshmananThreat Intelligence / Vulnerability Cybersecurity researchers have uncovered design weaknesses in Microsoft’s Windows Smart App Control and SmartScreen that could enable threat actors to gain initial access to target environments without raising any warnings. Smart App Control (SAC) is a cloud-powered security feature introduced by Microsoft ...

New Windows Backdoor BITSLOTH Exploits BITS for Stealthy Communication https://firewall.firm.in/wp-content/uploads/2024/08/hacking.png Aug 02, 2024Ravie LakshmananCyber Attack / Windows Security Cybersecurity researchers have discovered a previously undocumented Windows backdoor that leverages a built-in feature called Background Intelligent Transfer Service (BITS) as a command-and-control (C2) mechanism. The newly identified malware strain has been codenamed BITSLOTH by Elastic Security Labs, which made the discovery ...

Mirai Botnet targeting OFBiz Servers Vulnerable to Directory Traversal https://firewall.firm.in/wp-content/uploads/2024/08/sans.jpg Aug 02, 2024The Hacker NewsVulnerability / Network Security Enterprise Resource Planning (ERP) Software is at the heart of many enterprising supporting human resources, accounting, shipping, and manufacturing. These systems can become very complex and difficult to maintain. They are often highly customized, which can make patching difficult. However, critical vulnerabilities ...

DOJ and FTC Sue TikTok for Violating Children’s Privacy Laws https://firewall.firm.in/wp-content/uploads/2024/08/tiktok.jpg Aug 03, 2024Ravie LakshmananPrivacy / Data Protection The U.S. Department of Justice (DoJ), along with the Federal Trade Commission (FTC), filed a lawsuit against popular video-sharing platform TikTok for “flagrantly violating” children’s privacy laws in the country. The agencies claimed the company knowingly permitted children to create TikTok accounts ...