Corrupted open-source software enters the Russian battlefield https://ift.tt/FwnBsK3 It started as an innocent protest. Npm, JavaScript’s package manager maintainer RIAEvangelist, Brandon Nozaki Miller, wrote and published an open-code npm source-code package called peacenotwar. It did little except add a protest message against Russia’s invasion of Ukraine. But then, it took a darker turn: It began […]
CISA Adds 15 Known Exploited Vulnerability to Catalog https://ift.tt/BsKupCq Original release date: March 15, 2022 | Last revised: March 16, 2022 CISA has added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent […]
Updated: Kubernetes Hardening Guide https://ift.tt/2KrcxLg Original release date: March 15, 2022 The National Security Agency (NSA) and CISA have updated their joint Cybersecurity Technical Report (CTR): Kubernetes Hardening Guide, originally released in August 2021, based on valuable feedback and inputs from the cybersecurity community. Kubernetes is an open-source system that automates deployment, scaling, and management […]
Stolen Nvidia certificates used to sign malware—here’s what to do https://ift.tt/rifB6Ny As we wrote on March 3, 2022 Nvidia, was recently attacked by the LAPSUS$ ransomware group. The ensuing data leak included two of NVIDIA’s code signing certificates. Those certificates are now being used to sign malware. Leaked signing certificates from major vendors like Nvidia […]
CaddyWiper: New wiper malware discovered in Ukraine https://ift.tt/zFySCr4 This is the third time in as many weeks that ESET researchers have spotted previously unknown data wiping malware taking aim at Ukrainian organizations ESET researchers have uncovered yet another destructive data wiper that was used in attacks against organizations in Ukraine. Dubbed CaddyWiper by ESET analysts, […]
‘Dirty Pipe’ Linux Flaw Affects a Wide Range of QNAP NAS Devices https://ift.tt/FalWtG9 Network-attached storage (NAS) appliance maker QNAP on Monday warned of a recently disclosed Linux vulnerability affecting its devices that could be abused to elevate privileges and gain control of affected systems. “A local privilege escalation vulnerability, also known as ‘Dirty Pipe,’ has […]
Blunting RDP brute-force attacks with rate limiting https://ift.tt/Xk8Rvsn Thanks to the Malwarebytes Threat Intelligence Team for the information they provided for this article. Not long ago, guessing a Windows Remote Desktop Protocol (RDP) password successfully was widely regarded as ransomware operators’ number one choice for breaching a target. It attracted a lot of press coverage […]
350+ IP blacklists, IP blocklists and IP Reputation feeds, about Cybercrime, Fraud, Botnets, Μalware, Virus, Abuse, Attacks, Open Proxies, Anonymizers. See their changes and updates, size over time, retention policy, geographic coverage, comparisons and overlaps. https://ift.tt/7pzW1cC
Microsoft March 2022 Patch Tuesday: 71 vulnerabilities fixed https://ift.tt/EQZ8DpP Microsoft has released 71 security fixes for software, including 41 patches for Microsoft Windows vulnerabilities, five vulnerabilities in Microsoft Office and two in Microsoft Exchange. Three of the vulnerabilities are rated critical — CVE-2022-22006, CVE-2022-24501 and CVE-2022-23277 — while the rest are rated important. In the […]
March 2022 Patch Tuesday: Microsoft Releases 92 Vulnerabilities with 3 Critical; Adobe Releases 3 Advisories, 6 Vulnerabilities with 5 Critical. https://ift.tt/6zT1Y8C Microsoft Patch Tuesday Summary Microsoft has fixed 92 vulnerabilities, including 21 Microsoft Edge vulnerabilities, in the March 2022 update, with three (3) classified as Critical as they allow Remote Code Execution (RCE). This month’s Patch […]
Stack IT News 