Skip to content
computer security

computer security

LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages

LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages

A dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation since its inception in or around 2019 through at least… 

Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware

Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware

The Lazarus Group, an infamous threat actor linked to the Democratic People’s Republic of Korea (DPRK), has been observed leveraging a “complex infection chain” targeting at least two employees belonging to an unnamed nuclear-related organization… 

Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack

Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack

Dec 20, 2024Ravie LakshmananMalware / Supply Chain Attack The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious… 

Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation

Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation

Dec 20, 2024Ravie LakshmananFirewall Security / Vulnerability Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under… 

Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools

Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools

Dec 20, 2024Ravie LakshmananVulnerability / Cyber Attack A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as… 

CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List

CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List

Dec 20, 2024Ravie LakshmananCISA / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known… 

Thousands Download Malicious npm Libraries Impersonating Legitimate Tools

Thousands Download Malicious npm Libraries Impersonating Legitimate Tools

Dec 19, 2024Ravie LakshmananSupply Chain / Software Security Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package… 

Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords

Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords

Dec 19, 2024Ravie LakshmananMalware / Botnet Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malicious campaign that deploys the Mirai botnet malware. The… 

Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits

Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits

Dec 19, 2024Ravie LakshmananVulnerability / Network Security Fortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive information. The vulnerability, tracked as… 

CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01

CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01

Dec 19, 2024Ravie LakshmananCloud Security / Encryption The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01, ordering federal civilian agencies to secure their cloud environments and abide by Secure…