PyPI Repository Under Attack: User Sign-Ups and Package Uploads Temporarily Halted
The maintainers of Python Package Index (PyPI), the official third-party software repository for the Python programming language, have temporarily disabled the ability for users to sign up and upload new packages until further notice. “The volume of malicious users and malicious projects being created on the index in the past week has outpaced our ability […]
Meet ‘Jack’ from Romania! Mastermind Behind Golden Chickens Malware
The identity of the second threat actor behind the Golden Chickens malware has been uncovered courtesy of a fatal operational security blunder, cybersecurity firm eSentire said. The individual in question, who lives in Bucharest, Romania, has been given the codename Jack. He is one of the two criminals operating an account on the Russian-language Exploit.in […]
Notorious Cyber Gang FIN7 Returns Cl0p Ransomware in New Wave of Attacks
The notorious cybercrime group known as FIN7 has been observed deploying Cl0p (aka Clop) ransomware, marking the threat actor’s first ransomware campaign since late 2021. Microsoft, which detected the activity in April 2023, is tracking the financially motivated actor under its new taxonomy Sangria Tempest. “In these recent attacks, Sangria Tempest uses the PowerShell script POWERTRASH to load
Samsung Devices Under Active Exploitation! CISA Warns of Critical Flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a medium-severity flaw affecting Samsung devices. The issue, tracked as CVE-2023-21492 (CVSS score: 4.4), impacts select Samsung devices running Android versions 11, 12, and 13. The South Korean electronics giant described the issue as an information disclosure flaw that could be exploited by a
OpenAI Launches ChatGPT App for iOS, Bolstering Accessibility and Safety
By Habiba Rashid While the ChatGPT app is currently available exclusively for iOS users, OpenAI assures Android users that they are next in line to experience the benefits of the app. This is a post from HackRead.com Read the original post: OpenAI Launches ChatGPT App for iOS, Bolstering Accessibility and Safety
Phishing-resistant MFA 101: What you need to know
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The spread of the remote workforce and the growth of digital transformation has exponentiated the number of login-based attack vectors. While multi-factor authentication […]
Privacy Sandbox Initiative: Google to Phase Out Third-Party Cookies Starting 2024
Google has announced plans to officially flip the switch on its twice-delayed Privacy Sandbox initiatives as it slowly works its way to deprecate support for third-party cookies in Chrome browser. To that end, the search and advertising giant said it intends to phase out third-party cookies for 1% of Chrome users globally in the first quarter of […]
Teen Charged in DraftKings Data Breach
By Waqas If convicted, the alleged culprit Joseph Garrison could face a maximum sentence of 57 years. This is a post from HackRead.com Read the original post: Teen Charged in DraftKings Data Breach
Dr. Active Directory vs. Mr. Exposed Attack Surface: Who’ll Win This Fight?
Active Directory (AD) is among the oldest pieces of software still used in the production environment and can be found in most organizations today. This is despite the fact that its historical security gaps have never been amended. For example, because of its inability to apply any security measures beyond checking for a password and […]
Developer Alert: NPM Packages for Node.js Hiding Dangerous TurkoRat Malware
Two malicious packages discovered in the npm package repository have been found to conceal an open source information stealer malware called TurkoRat. The packages – named nodejs-encrypt-agent and nodejs-cookie-proxy-agent – were collectively downloaded approximately 1,200 times and were available for more than two months before they were identified and taken down. ReversingLabs, which broke