Discord tokens are being targeted by malicious npm packages
Packages were removed before being extensively downloaded to target Discord users......»»
Threat actors can exfiltrate data from Google Drive without leaving a trace
Google Workspace (formerly G Suite) has a weak spot that can prevent the discovery of data exfiltration from Google Drive by a malicious outsider or insider, Mitiga researchers say. A problem for digital forensic analysts and incident responders R.....»»
Millions of PC motherboards were sold with a firmware backdoor
Hidden code in many Gigabyte motherboards invisibly and insecurely downloads programs. Enlarge (credit: BeeBright/Getty Images) Hiding malicious programs in a computer’s UEFI firmware, the deep-seated code that tells.....»»
How APTs target SMBs
Small and medium businesses (SMBs) are not exempt from being targeted by advanced persistent threat (APT) actors, according to Proofpoint researchers. By analyzing a year’s worth of APT campaign data they collected from the 200,000+ SMBs that have.....»»
Phishers use encrypted file attachments to steal Microsoft 365 account credentials
Phishers are using encrypted restricted-permission messages (.rpmsg) attached in phishing emails to steal Microsoft 365 account credentials. “[The campaigns] are low volume, targeted, and use trusted cloud services to send emails and host conte.....»»
Cybercriminals masquerading as MFA vendors
Cybercriminals are increasingly posing as multi-factor authentication vendors and small businesses are becoming more popular targets, according to VIPRE. Attachment-based malspam is on the rise Financial institutions (48%) are still the most targeted.....»»
Pegasus iPhone spyware is now a tool of war
Researchers claim that at least a dozen victims in Armenia were targeted with Pegasus in the first recorded use of the iPhone spyware in a military conflict.NSO Group, makers of spying tool PegasusThe NSO Group's spyware tool has previously been used.....»»
How smart bots are infecting and exploiting the internet
According to Imperva, bad bot traffic grew to 30.2%, a 2.5% increase over 2021. In this Help Net Security video, Lynn Marks, Senior Product Manager at Imperva, discusses malicious bot activity. This is a substantial threat for businesses, leading to.....»»
Legit app in Google Play turns malicious and sends mic recordings every 15 minutes
The malicious iRecorder app has come to light, but its purpose remains shrouded. Enlarge (credit: Getty Images) An app that had more than 50,000 downloads from Google Play surreptitiously recorded nearby audio every 15 m.....»»
App with 50,000 Google Play installs sent attackers mic recordings every 15 minutes
The malicious iRecorder app has come to light, but its purpose remains shrouded. Enlarge (credit: Getty Images) An app that had more than 50,000 downloads from Google Play surreptitiously recorded nearby audio every 15 m.....»»
Legitimate Android app transforms into data-snooping malware
ESET researchers have discovered a trojanized Android app named iRecorder – Screen Recorder. It was available on Google Play as a legitimate app in September 2021, with malicious functionality most likely added in August 2022. During its existe.....»»
China buying of chipmaking gear from Singapore hits 8-month high
Singapore is benefiting from the US-China discord in at least one respect: semiconductor sales......»»
Malicious links and misaddressed emails slip past security controls
The majority of organizations use six or more communication tools, across channels, with email remaining the channel seen as the most vulnerable to attacks (38%), according to Armorblox. Respondents mentioned multi-channel attacks are gaining momentu.....»»
Examining puppeteer fungus" targeted takeover of zombie flies
In a new study published in eLife, lead author Carolyn Elya, postdoctoral researcher in the Department of Organismic and Evolutionary Biology at Harvard, reveals the molecular and cellular underpinnings behind the parasitic fungus, Entomophthora musc.....»»
Chemists discover intriguing property of new bismuth complexes
To be able to exploit the advantages of elements and their molecular compounds in a targeted manner, chemists have to develop a fundamental understanding of their properties. In the case of the element bismuth, a team from the Max Planck Institut fü.....»»
Google pushes .zip and .mov domains onto the Internet, and the Internet pushes back
Will new TLDs undo decades of work to stop malicious links? Enlarge (credit: Aurich Lawson | Getty Images) A recent move by Google to populate the Internet with eight new top-level domains is prompting concerns that two.....»»
Concentric AI unveils deep-learning driven detection capabilities
Concentric AI announced a deep-learning driven detection capabilities to find any type of hardcoded secrets and key credentials (e.g. API keys, encryption keys, tokens, passwords, etc.) in today’s most popular enterprise on-premise and cloud data r.....»»
Hackers are using malicious Microsoft VSCode extensions to steal passwords
Researchers found multiple malicious Microsoft VSCode add-ons on a popular repository......»»
Tesla reportedly proposed to make EVs in India
After years of discord regarding the import duties of EVs between Tesla and India, which stopped the automaker from selling its cars in the world's most populous country, Tesla reportedly proposed to set up a factory there to meet domestic and overse.....»»
Hackers are using a devious new trick to infect your devices
Two new website domain name extensions have just been launched, and hackers are already abusing them to trick people into downloading malicious files......»»
Malicious open-source components threatening digital infrastructure
A new risk emerges in the digital era, where open-source software has become a fundamental pillar in developing innovative applications. The threat? Malicious open-source components. In this Help Net Security video, Henrik Plate, Lead Security Resear.....»»