A New PHP Composer Bug Could Enable Widespread Supply-Chain Attacks

The Hacker News Daily Updates The Essentials of IT Security - 2021 Kit Download this kit to learn everything you need to know about IT Security. Download Now Sponsored LATEST NEWS Apr 30, 2021 Hackers Exploit SonicWall Zero-Day Bug in FiveHands Ransomware Attacks An "aggressive" financially motivated threat group tapped into a zero-day flaw in SonicWall VPN appliances prior to it being patched by the company to deploy a new strain of ransomware called FIVEHANDS. The group, tracked by cybersecurity firm Mandiant as UNC2447, took advantage of an "improper SQL ... Read More Microsoft Finds 'BadAlloc' Flaws Affecting Wide-Range of IoT and OT Devices Microsoft researchers on Thursday disclosed two dozen vulnerabilities affecting a wide range of Internet of Things (IoT) and Operational Technology (OT) devices used in industrial, medical, and enterprise networks that could be abused by adversaries to execute arbitrary code and even cause critical ... Read More A New Slack channel for Cybersecurity Leaders Outside of the Fortune 2000 Perhaps due to the nature of the position, the InfoSec leadership roles tend to be solitary ones. CISOs, or their equivalent decision-makers in organizations without the role, have so many constant drains on their attention – keeping their knowledge fresh, building plans to secure their ... Read More Passwordstate Warns of Ongoing Phishing Attacks Following Data Breach Click Studios, the Australian software firm which confirmed a supply chain attack affecting its Passwordstate password management application, has warned customers of an ongoing phishing attack by an unknown threat actor. "We have been advised a bad actor has commenced a phishing attack with a ... Read More A New PHP Composer Bug Could Enable Widespread Supply-Chain Attacks The maintainers of Composer, a package manager for PHP, have shipped an update to address a critical vulnerability that could have allowed an attacker to execute arbitrary commands and "backdoor every PHP package," resulting in a supply-chain attack. Tracked as CVE-2021-29472, the security issue ... Read More The Essentials of IT Security - 2021 Kit Download this kit to learn everything you need to know about IT Security. Download Now Sponsored This email was sent to myemailku.ghdbrevo2018@blogger.com. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please click here. Contact The Hacker News: info@thehackernews.com Unsubscribe The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India

Cybercriminals Widely Abusing Excel 4.0 Macro to Distribute Malware

The Hacker News Daily Updates Learn Linux Quickly ($27.99 Value) FREE for a Limited Time Learn over 116 Linux commands to develop the skills you need to become a professional Linux system administrator. Download Now Sponsored LATEST NEWS Apr 29, 2021 How to Conduct Vulnerability Assessments: An Essential Guide for 2021 Hackers are scanning the internet for weaknesses all the time, and if you don't want your organization to fall victim, you need to be the first to find these weak spots. In other words, you have to adopt a proactive approach to managing your vulnerabilities, and a crucial first step in achieving ... Read More Chinese Hackers Attacking Military Organizations With New Backdoor Cybersecurity researchers on Wednesday exposed a new cyberespionage campaign targeting military organizations in Southeast Asia. Attributing the attacks to a threat actor dubbed "Naikon APT," cybersecurity firm Bitdefender laid out the ever-changing tactics, techniques, and procedures adopted by ... Read More Researchers Uncover Stealthy Linux Malware That Went Undetected for 3 Years A previously undocumented Linux malware with backdoor capabilities has managed to stay under the radar for about three years, allowing the threat actor behind to harvest and exfiltrate sensitive information from infected systems. Dubbed "RotaJakiro" by researchers from Qihoo 360 NETLAB, the ... Read More Cybercriminals Widely Abusing Excel 4.0 Macro to Distribute Malware Threat actors are increasingly adopting Excel 4.0 documents as an initial stage vector to distribute malware such as ZLoader and Quakbot, according to new research. The findings come from an analysis of 160,000 Excel 4.0 documents between November 2020 and March 2021, out of which more than 90% ... Read More F5 BIG-IP Found Vulnerable to Kerberos KDC Spoofing Vulnerability Cybersecurity researchers on Wednesday disclosed a new bypass vulnerability (CVE-2021-23008) in the Kerberos Key Distribution Center (KDC) security feature impacting F5 Big-IP application delivery services. "The KDC Spoofing vulnerability allows an attacker to bypass the Kerberos authentication to ... Read More Learn Linux Quickly ($27.99 Value) FREE for a Limited Time Learn over 116 Linux commands to develop the skills you need to become a professional Linux system administrator. Download Now Sponsored This email was sent to myemailku.ghdbrevo2018@blogger.com. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please click here. Contact The Hacker News: info@thehackernews.com Unsubscribe The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India