Malicious packages sneaked into NPM repository stole Discord tokens
People's trust in repositories make them the perfect vectors for malware. Enlarge (credit: Getty Images) Researchers have found another 17 malicious packages in an open source repository, as the use of such repositories to spr.....»»
Novel technique allows malicious apps to escape iOS and Android guardrails
Web-based apps escape iOS "Walled Garden" and Android side-loading protections. Enlarge (credit: Getty Images) Phishers are using a novel technique to trick iOS and Android users into installing malicious apps that bypas.....»»
“Something has gone seriously wrong,” dual-boot systems warn after Microsoft update
Microsoft said its update wouldn't install on Linux devices. It did anyway. Enlarge (credit: Getty Images) Last Tuesday, loads of Linux users—many running packages released as early as this year—started reporting the.....»»
Crime blotter: Two arrested after iPhone theft, tracked across New England
In Apple-related crime, an iPhone lock screen photo leads to an arrest, a man stole phones to finance a vacation, and a tossed iPhone leads to domestic violence charges.Man in handcuffs (Source: Pixabay)A pair of thieves were arrested in Connecticut.....»»
Week in review: MS Office flaw may leak NTLM hashes, malicious Chrome, Edge browser extensions
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200) A new MS Office zero-day vulnerability (CVE-2024-38200) can be exploited.....»»
Tech support scammers impersonate Google via malicious search ads
Google Search ads that target users looking for Google’s own services lead them to spoofed sites and Microsoft and Apple tech support scams. The fake Google Search ads (Source: Malwarebytes) “In this particular scheme, all web resources u.....»»
Chromatin structure found to play a key role in canine social behavior evolution
A study on dogs found that chromatin's spatial structure has a significant role in the evolution of social behavior. Chromatin, the compact form of DNA, not only packages genetic material but also plays a crucial role in gene regulation......»»
Feature Request: Let us manually add any ticket or pass to Apple Wallet
I’m a huge fan of Apple Wallet, not just for Apple Pay, but also as a single repository for all my tickets, boarding passes, and the like. I love the proactive way they pop up when close to boarding time, making it a single tap to scan at a barr.....»»
Chrome, Edge users beset by malicious extensions that can’t be easily removed
A widespread campaign featuring a malicious installer that saddles users with difficult-to-remove malicious Chrome and Edge browser extensions has been spotted by researchers. “The trojan malware contains different deliverables ranging from sim.....»»
Malware-as-a-Service and Ransomware-as-a-Service lower barriers for cybercriminals
The sophistication of cyber threats has escalated dramatically, with malicious actors’ deploying advanced tactics, techniques, and procedures (TTPs) to exploit vulnerabilities and evade detection, according to Darktrace. Subscription-based tools su.....»»
“So tired”: Disney+, Hulu, ESPN+ prices increase by up to 25 percent in October
Not even ad tiers are safe as Disney looks to coax people into bundle packages. Enlarge / A scene from the new season of Doctor Who, which is streaming on Disney+. (credit: Disney+) Disney+, Hulu, and ESPN+ will get mor.....»»
Researchers unearth MotW bypass technique used by threat actors for years
Threat actors have been abusing a bug in how Windows handles LNK files with non-standard target paths and internal structures to prevent in-built protections from stopping malicious payloads and trick users into running them. “We identified mul.....»»
Nissan offers buyouts to salaried workers as U.S. business slides
Buyout packages were offered to salaried employees at least 52 years old in certain nonmanufacturing business units and to those age 55 and up in the manufacturing organization......»»
Hurricane Debby blows $1 mn in cocaine onto Florida beach
Hurricane Debby landed in Florida Monday bringing high winds, pouring rain—and 25 tightly wrapped packages of cocaine worth more than $1 million......»»
Chinese hackers compromised an ISP to deliver malicious software updates
APT StormBamboo compromised a undisclosed internet service provider (ISP) to poison DNS queries and thus deliver malware to target organizations, Volexity researchers have shared. Malware delivery via automatic software updates StormBamboo (aka Evasi.....»»
A deep dive into how developers trick App Store review into approving malicious apps
We recently reported on how multiple pirate streaming apps for iOS managed to get approved on the App Store by tricking the review process. Although we briefly mentioned some of the techniques used by these developers, 9to5Mac has now taken a deep di.....»»
SMS Stealer malware targeting Android users: Over 105,000 samples identified
Zimperium’s zLabs team has uncovered a new and widespread threat dubbed SMS Stealer. Detected during routine malware analysis, this malicious software has been found in over 105,000 samples, affecting more than 600 global brands. SMS Stealer.....»»
Stellantis offers broad voluntary buyout packages to U.S. salaried employees
Stellantis says involuntary job cuts may be necessary if it doesn't meet its objectives through voluntary means......»»
Adaptive Shield unveils ITDR platform for SaaS
Adaptive Shield has unveiled its Identity Threat Detection & Response (ITDR) platform for SaaS environments. The recent Snowflake breach served as a wake-up call for the SaaS industry. On May 27, a threat group announced the sale of 560 million stole.....»»
Microsoft 365 users targeted by phishers abusing Microsoft Forms
There has been an uptick in phishing campaigns leveraging Microsoft Forms this month, aiming to trick targets into sharing their Microsoft 365 login credentials. A malicious Microsoft form (Source: Perception Point) Malicious forms leading to phishin.....»»
Employee charged with stealing more than $50,000 from New York CDJR dealership
A Victory Chrysler-Dodge-Jeep-Ram employee in Rome, NY., allegedly stole more than $50,000 from the dealership and was charged with second-degree grand larceny and first-degree falsifying business records......»»