The Python Package Index Repository is under attack: Registrations and uploads have been halted temporarily

Python Package Index (PyPI), the official repository for third-party software in the Python programming language, has temporarily disabled user sign-ups and the ability to upload new packages until further notice. The PyPI administrators made this decision due to a recent surge in malicious users and projects on the platform, which has overwhelmed their response capacity,

Tagged under: ,

There are 85% of ransom payments going to affiliates from Qilin Ransomware

New findings from Group-IB shed light on the payment structure within the Qilin ransomware-as-a-service (RaaS) scheme, revealing that ransomware affiliates receive a significant share of each ransom payment, ranging from 80% to 85%. Group-IB managed to infiltrate the group in March 2023, leading to insights into the payment structure and inner workings of the RaaS

Tagged under:

Cybercriminals can now generate convincing phishing pages using a new Phishing-as-a-Service platform

A new phishing-as-a-service (PhaaS or PaaS) platform called Greatness has been utilized by cybercriminals to target business users of Microsoft 365 cloud service since mid-2022. This Phishing kit provides affiliates with a link and attachment builder to create convincing decoy and login pages that have features like pre-filled victim email addresses and company logos and

Tagged under:

A zero-day bug has been fixed in Microsoft’s May Patch Tuesday

Microsoft has released its Patch Tuesday updates for May 2023, which include fixes for 38 security vulnerabilities, including one zero-day flaw currently being actively exploited. The Zero Day Initiative (ZDI) from Trend Micro reports that this is the lowest number of security fixes released since August 2021, but warns that this number is likely to

Tagged under:

New Web-Inject Toolkit DrIBAN Targets Italian Corporate Banking Clients

Italian corporate banking clients are under attack from an ongoing financial fraud campaign that uses a web-inject toolkit called drIBAN since at least 2019. According to Cleafy researchers Federico Valentini and Alessandro Strino, the main goal of drIBAN fraud operations is to infect Windows workstations in corporate environments and alter legitimate banking transfers performed by

Tagged under:

North Korea’s ScarCruft uses LNK file infection chains to spread RokRAT malware

North Korea’s ScarCruft, also known as APT37, InkySquid, Nickel Foxcroft, Reaper, RedEyes, and Ricochet Chollima, is a threat group that targets South Korean individuals and entities through spear-phishing attacks. The group’s malware of choice, RokRAT, is capable of credential theft, data exfiltration, system information gathering, command and shellcode execution, and file and directory management. ScarCruft’s

Tagged under: ,

Critical Flaws in Illumina’s DNA Sequencing Instruments Warned by CISA

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an Industrial Control Systems (ICS) medical advisory warning of a critical flaw that affects Illumina medical devices. The Universal Copy Service (UCS) software in several DNA sequencing instruments, including the iSeq 100, MiSeq, NextSeq 550, and NovaSeq 6000, is impacted by the issues. CVE-2023-1968, a severe bug with a CVSS score of 10.0, can enable remote

Tagged under: ,

PingPull Linux Variant Used in Targeted Cyberattacks by Chinese Hackers

Alloy Taurus, a Chinese nation-state group notorious for attacking telecom companies since 2012, has been spotted using a Linux variation of the backdoor PingPull and a new unnamed tool called Sword2033. Palo Alto Networks Unit 42 discovered these malicious activities recently, targeting South Africa and Nepal. These attacks also include financial institutions and government entities. PingPull is

Iranian Government-Sponsored Hackers Target US Energy and Transit Infrastructure

A group backed by the Iranian government, dubbed Mint Sandstorm, has been connected to cyber-attacks targeting critical US infrastructure from late 2021 to mid-2022. Microsoft’s Threat Intelligence team stated that this subgroup is skilled and operationally mature, capable of swiftly developing custom tools and exploiting N-day vulnerabilities. The group’s focus appears to align with Iran’s

Tagged under: ,

Urgent Chrome update fixes actively exploited zero-day vulnerability

Google has released an urgent update to fix a zero-day vulnerability in Chrome that is being actively exploited, making it the first such bug to be addressed this year. The vulnerability, tracked as CVE-2023-2033, is a high-severity type confusion issue in the V8 JavaScript engine. Google acknowledged that an exploit for the vulnerability exists in

Tagged under: