- Malicious Packages Hidden in PyPI
July 31, 2024
The FortiGuard Labs team has identified a malicious PyPI package affecting all platforms where PyPI packages can be installed. This discovery poses a significant risk to individuals and institutions that have installed these packages, potentially leading to the leakage of credentials and sensitive information. Given the high severity of this threat, it is crucial to focus ...
- Bloody Wolf strikes organizations in Kazakhstan with STRRAT commercial malware
July 31, 2024
Since late 2023, BI.ZONE Threat Intelligence experts have been tracking the activity of Bloody Wolf. The cluster attacks organizations in Kazakhstan with STRRAT, a commercial malware also known as Strigoi Master. The attackers send out phishing emails on behalf of the Ministry of Finance of the Republic of Kazakhstan and other agencies. The emails have PDF ...
- At least 60 people ill after mass food poisoning case at Singapore ByteDance office
July 30, 2024
At least 60 people fell ill after a major food poisoning incident at the office of TikTok’s parent company, ByteDance on July 30. In response to queries by The Straits Times, the Singapore Food Agency (SFA) and Ministry of Health (MOH) said they are investigating the suspected gastroenteritis cases reported at ByteDance’s office at One ...
- Microsoft says cyber-attack triggered latest outage
July 30, 2024
A global outage affecting Microsoft products including email service Outlook and video game Minecraft has been resolved, the technology giant said in an update, external. The firm said preliminary investigations show the outage was caused by a cyber-attack and a failure to properly defend against it. Earlier, the company issued an apology for the incident, which ...
- Threat actor impersonates Google via fake ad for Authenticator
July 30, 2024
Malwarebytes Labs researchers have previously reported on the brand impersonation issue with Google ads: users who search for popular keywords are shown malicious ads that purport to be from an official vendor. Not only does this trick innocent victims into downloading malware or losing their data to phishing sites, it also erodes trust in brands and ...
- The Proliferation of Cellular in IoT
July 30, 2024
Analysis of Cellular Based Internet of Things (IoT) Technology is a new whitepaper co-authored by Rapid7 principal security researcher Deral Heiland and Thermo Fisher Scientific lead product security researcher Carlota Bindner. In this new research, the authors dive deep into the fairly recent uptick in the use of cellular communications in IoT-based devices like GPS trackers ...
- UK: Basic IT security failings left electoral register vulnerable
July 30, 2024
Basic IT security failings allowed Chinese state-linked hackers to access the election watchdog’s register containing the details of 40 million voters. The Information Commissioner’s Office (ICO) said the Electoral Commission had failed to keep its servers updated, allowing hackers to exploit the vulnerability. The National Cyber Security Centre (NCSC), part of GCHQ, has previously said it ...
- VMware ESXi CVE-2024-37085 Targeted in Ransomware Campaigns
July 30, 2024
On Monday, July 29, Microsoft published an extensive threat intelligence blog on observed exploitation of CVE-2024-37085, an Active Directory integration authentication bypass vulnerability affecting Broadcom VMware ESXi hypervisors. The vulnerability, according to Redmond, was identified in zero-day attacks and has evidently been used by at least half a dozen ransomware operations to obtain full administrative permissions ...
- Pakistan to launch home-grown messaging app amid internet disruptions
July 30, 2024
The Pakistani government is set to roll out “Beep Pakistan”, a communication application designed for federal officials and employees. Shaza Fatima Khwaja, the state minister for information technology and telecommunication, said that the application was currently undergoing trial runs within her ministry and would be launched “soon” among other government departments. “We have developed an application ...
- US senators ask FTC to investigate car makers’ privacy practices
July 29, 2024
An ongoing US Senate investigation indicated that connected car makers violate consumer privacy by sharing and selling drivers’ data, including their location, on a vast scale, and that the same car makers often obtain consumer consent through deception. Based on this investigation, senators have urged the Federal Trade Commission (FTC) to investigate automakers’ disclosure of millions ...
- Mandrake spyware sneaks onto Google Play again, flying under the radar for two years
July 29, 2024
In April 2024, Kaspersky researchers discovered a suspicious sample that appeared to be a new version of Mandrake. Ensuing analysis revealed as many as five Mandrake applications, which had been available on Google Play from 2022 to 2024 with more than 32,000 installs in total, while staying undetected by any other vendor. The new samples included ...