Nov 05, 2024Ravie LakshmananData Breach / Cybercrime Canadian law enforcement authorities have arrested an individual who is suspected to have conducted a series of hacks stemming from the breach of cloud data warehousing platform Snowflake earlier this year. The individual in question, Alexander “Connor” Moucka (aka Judische and Waifu), was apprehended on October 30, 2024,…
Read More
Nov 05, 2024Ravie LakshmananMalware / Blockchain An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to trick them into running cross-platform malware. The attack is notable for utilizing Ethereum smart contracts for command-and-control (C2) server address distribution, according to independent findings from Checkmarx, Phylum, and…
Read More
Nov 05, 2024Ravie LakshmananMobile Security / Vulnerability Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to “Android/data,” “Android/obb,” and…
Read More
Nokia is investigating whether a third-party vendor was breached after a hacker claimed to be selling the company’s stolen source code. “Nokia is aware of reports that an unauthorized actor has alleged to have gained access to certain third-party contractor data and possibly data of Nokia,” the company told BleepingComputer. “Nokia takes this allegation seriously…
Read More
Threat actors are abusing DocuSign’s Envelopes API to create and mass-distribute fake invoices that appear genuine, impersonating well-known brands like Norton and PayPal. Using a legitimate service, the attackers bypass email security protections as they come from an actual DocuSign domain, docusign.net. The goal is to have their targets e-sign the documents, which they can…
Read More
AI is significantly enhancing social engineering attacks, making them more targeted, convincing, and harder to detect. Traditional phishing attempts often had clear red flags like poor grammar or unfamiliar writing styles, but with generative AI, attackers can now create highly personalized, grammatically perfect messages that mimic an individual’s writing or speaking style. This evolution poses…
Read More
Shannon Poulin, the COO of Intel programmable chip business Altera, says he has retired from the company as Intel seeks to sell a stake in the independent subsidiary ahead of a planned initial public offering. The COO of Intel programmable chip business Altera said he has retired from the company as the parent company seeks…
Read More
Schneider Electric has confirmed a developer platform was breached after a threat actor claimed to steal 40GB of data from the company’s JIRA server. “Schneider Electric is investigating a cybersecurity incident involving unauthorized access to one of our internal project execution tracking platforms which is hosted within an isolated environment,” Schneider Electric told BleepingComputer. “Our…
Read More
Microsoft has announced that Windows Server 2025, the latest version of its server operating system, is generally available starting Friday, November 1st. In January 2024, the company released the first Windows Server 2025 build for admins enrolled in the Windows Insider program. This new version introduced hotpatching, next-gen Active Directory, and SMB over QUIC alternative ports…
Read More
The third installation of Channel Women in Security podcast, Cass is joined by the “mother of hackers.” As the founder of Black Girls Hack, Tennisha Martin is on a mission to close the ethical hacker’s skills gap by building the next generation of cybersecurity leaders. In episode 3 of the Channel Women in Security podcast,…
Read More