Skip to content
cyber updates Page 14

cyber updates

PyPI Python Library “aiocpa” Found Exfiltrating Crypto Keys via Telegram Bot

PyPI Python Library “aiocpa” Found Exfiltrating Crypto Keys via Telegram Bot

Nov 25, 2024Ravie LakshmananSoftware Supply Chain / Malware The administrators of the Python Package Index (PyPI) repository have quarantined the package “aiocpa” following a new update that included malicious code to exfiltrate private keys via… 

Cybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New Attacks

Cybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New Attacks

Nov 25, 2024Ravie LakshmananCloud Security / Supply Chain Attack Cybersecurity researchers have disclosed two new attack techniques against infrastructure-as-code (IaC) and policy-as-code (PaC) tools like HashiCorp’s Terraform and Open Policy Agent (OPA) that leverage dedicated,… 

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 18

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 18

Nov 25, 2024Ravie LakshmananCybersecurity / Critical Updates We hear terms like “state-sponsored attacks” and “critical vulnerabilities” all the time, but what’s really going on behind those words? This week’s cybersecurity news isn’t just about hackers… 

Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections

Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections

Nov 25, 2024Ravie LakshmananMalware / Windows Security Cybersecurity researchers have uncovered a new malicious campaign that leverages a technique called Bring Your Own Vulnerable Driver (BYOVD) to disarm security protections and ultimately gain access to… 

North Korean Hackers Steal M with AI-Driven Scams and Malware on LinkedIn

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

Nov 23, 2024Ravie LakshmananArtificial Intelligence / Cryptocurrency The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns orchestrated… 

China-Linked TAG-112 Targets Tibetan Media with Cobalt Strike Espionage Campaign

China-Linked TAG-112 Targets Tibetan Media with Cobalt Strike Espionage Campaign

Nov 22, 2024Ravie LakshmananCyber Espionage / Malware A China-linked nation-state group called TAG-112 compromised Tibetan media and university websites in a new cyber espionage campaign designed to facilitate the delivery of the Cobalt Strike post-exploitation… 

Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia

Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia

Nov 22, 2024Ravie LakshmananCyber Espionage / Malware Threat actors with ties to Russia have been linked to a cyber espionage campaign aimed at organizations in Central Asia, East Asia, and Europe. Recorded Future’s Insikt Group,…