Tech news from MIST
Latest news from CyberManipal, that matters.
Page 1
VULNERABILITIES
XD - not so funny
1 year ago
Reports have been coming up related to the activity of the Hello XD ransomware, where an updated sample with more robust encryption has been deployed. From the first appearance of Hello XD in November 2021, it was based on the leaked source code of Babuk and used for double-extortion... Read more
Reports have been coming up related to the activity of the Hello XD ransomware, where... Read more
BREACHES
GitHub reveals that 100K npm user accounts compromised
1 year ago
Github discloses login details of roughly 100,000 npm accounts by mid-April, data was breached with stolen OAuth apps token issued to Heroku and Travis-CI. Threats were escalated with a compromised AWS access key, after downloading multiple private npm repositories using the stolen OAuth user tokens. GitHub, Travis CI, and Heroku... Read more
Github discloses login details of roughly 100,000 npm accounts by mid-April, data was breached with... Read more
VULNERABILITIES
MALVERTISER- advertising malware
1 year ago
After a relatively stable presence since the start of this year, the ChromeLoader malware is seeing a rise in detection, posing a widespread threat. The malware can alter a user's web browser history and promote unwanted content from which the attacker stands to receive financial gain by redirecting user traffic... Read more
After a relatively stable presence since the start of this year, the ChromeLoader malware is... Read more
POLICIES AND REGULATIONS
Anonymous announces cyber-war against Russian Killnet
1 year ago
Anonymous, an activist group has announced a cyber-war against the pro-Russian group Killnet which attacked European institutions. Anonymous declared a “cyberwar” against Putin’s government after its Ukrainian invasion. It includes leaking over 360,000 Russian federal agency files in the process. On Twitter, the @YourAnonOne account announced the cyber war against... Read more
Anonymous, an activist group has announced a cyber-war against the pro-Russian group Killnet which attacked... Read more
RESEARCH AND DEVELOPMENT
Google WAF bypassed by oversized POST requests
1 year ago
WAF is a web application firewall that provides web application security from malicious attacks such as SQL injection, DDOS, etc. But recently, Google’s WAF was bypassed using POST requests. This has been reported by the researchers at Kloudle (a security consultancy firm) woho were able to bypass Google Cloud Platform... Read more
WAF is a web application firewall that provides web application security from malicious attacks such... Read more
VULNERABILITIES
25 Malicious JavaScript Libraries Distributed via NPM Package Repository
1 year ago
DevOps security firm JFrog informed that it found and helped remove 25 malicious JavaScript libraries from the official npm package repository. This is the second time in three months that JFrog found malicious npm packages designed to steal Discord tokens and environment variables after reporting 17 similar packages in December... Read more
DevOps security firm JFrog informed that it found and helped remove 25 malicious JavaScript libraries... Read more
VULNERABILITIES
US Banks prepare for potential attack as Russian cybercriminals become emboldened
1 year ago
The Russia-Ukraine standoff in the physical world has also spilled into the cyber realm. Politicians and cybersecurity experts warn of potential attacks against the U.S. financial industry. Many conventional security rules are changing, according to Victor Wieczorek, a nation-state red teamer and director of threat and attack simulation at cybersecurity... Read more
The Russia-Ukraine standoff in the physical world has also spilled into the cyber realm. Politicians... Read more
BREACHES
Microsoft Exchange Server vulnerabilities exploited for financial fraud
1 year ago
The combination of Squirrelwaffle, ProxyLogon, and ProxyShell against Microsoft Exchange Servers is being used to conduct financial fraud through email hijacking. On Tuesday, researchers from Sophos revealed a recent incident in which a Microsoft Exchange Server, which had not been patched to protect it against a set of critical vulnerabilities... Read more
The combination of Squirrelwaffle, ProxyLogon, and ProxyShell against Microsoft Exchange Servers is being used to... Read more
BREACHES
Cyberattacks Knock Out Sites of Ukrainian Army, Major Banks
1 year ago
Several websites of Ukraine's government and military were offline on Tuesday following a series of attacks that targeted the country's banks and military.A Ukrainian cyber defense official said there was no sign of other disruptive actions that the attackers could have carried out. And emergency teams are working to recover... Read more
Several websites of Ukraine's government and military were offline on Tuesday following a series of... Read more
FRAUDS AND SCAMS
Hackers Planted Fake Digital Evidence on Devices of Indian Activists and Lawyers
1 year ago
Recently human rights activists, human rights defenders, academics, and lawyers across India have fallen prey to targeted attacks by a previously unknown hacking group. 'SentinelOne,' a cybersecurity firm, has attributed the intrusions to a group it tracks as "ModifiedElephant," which has been acting as a threat since 2012. ModifiedElephant's primary... Read more
Recently human rights activists, human rights defenders, academics, and lawyers across India have fallen prey... Read more