Welcome to another Afternoon Dessert breakout:
LofyGang Distributed ~200 Malicious NPM Packages to Steal Credit Card Data
Multiple campaigns that distributed trojanized and typosquatted packages on the NPM open source repository have been identified as the work of a single threat actor dubbed LofyGang. Checkmarx said it discovered 199 rogue packages totaling thousands of installations, with the group operating for over a year with the goal of stealing credit card data as well as user accounts associated with
Read more....
The essentials of GRC and cybersecurity — How they empower each other
Understanding the connection between GRC and cybersecurity When talking about cybersecurity, Governance, Risk, and Compliance (GRC) is often considered the least exciting part of business protection. However, its importance can't be ignored, and this is why. While cybersecurity focuses on the technical side of protecting systems, networks, devices, and data, GRC is the tool that will help the
Read more....
LofyGang hackers built a credential-stealing enterprise on Discord, NPM
A threat group using the name 'LofyGang', operating since 2020, is considered responsible for creating and distributing over 200 malicious packages on multiple code hosting platforms, including GitHub and NPM. [...]
Read more....
Fortinet warns admins to patch critical auth bypass bug immediately
Fortinet has warned administrators to update FortiGate firewalls and FortiProxy web proxies to the latest versions, which address a critical severity vulnerability. [...]
Read more....
Facebook Detects 400 Android and iOS Apps Stealing Users Log-in Credentials
Meta Platforms on Friday disclosed that it had identified over 400 malicious apps on Android and iOS that it said targeted online users with the goal of stealing their Facebook login information. "These apps were listed on the Google Play Store and Apple's App Store and disguised as photo editors, games, VPN services, business apps, and other utilities to trick people into downloading them," the
Read more....
Hackers exploiting unpatched RCE bug in Zimbra Collaboration Suite
Hackers are actively exploiting an unpatched remote code execution (RCE) vulnerability in Zimbra Collaboration Suite (ZCS), a widely deployed web client and email server. [...]
Read more....
WhatsApp goes after Chinese password scammers via US court
If you can't beat 'em, sue 'em!
Read more....
2K Games warns users their stolen data is now up for sale online
Video game publisher 2K emailed users on Thursday to warn them that some of their personal data was stolen and put up for sale online following a September 19 security breach. [...]
Read more....
Microsoft is rolling out a fix for Outlook crashing after launch
Microsoft is finally rolling out a fix for an issue known since August and causing Outlook for Microsoft 365 to freeze and crash right after it's opened. [...]
Read more....
LofyGang Distributed ~200 Malicious NPM Packages to Steal Credit Card Data
Multiple campaigns that distributed trojanized and typosquatted packages on the NPM open source repository have been identified as the work of a single threat actor dubbed LofyGang. Checkmarx said it discovered 199 rogue packages totaling thousands of installations, with the group operating for over a year with the goal of stealing credit card data as well as user accounts associated with
Read more....
The essentials of GRC and cybersecurity — How they empower each other
Understanding the connection between GRC and cybersecurity When talking about cybersecurity, Governance, Risk, and Compliance (GRC) is often considered the least exciting part of business protection. However, its importance can't be ignored, and this is why. While cybersecurity focuses on the technical side of protecting systems, networks, devices, and data, GRC is the tool that will help the
Read more....
LofyGang hackers built a credential-stealing enterprise on Discord, NPM
A threat group using the name 'LofyGang', operating since 2020, is considered responsible for creating and distributing over 200 malicious packages on multiple code hosting platforms, including GitHub and NPM. [...]
Read more....
Fortinet warns admins to patch critical auth bypass bug immediately
Fortinet has warned administrators to update FortiGate firewalls and FortiProxy web proxies to the latest versions, which address a critical severity vulnerability. [...]
Read more....
Facebook Detects 400 Android and iOS Apps Stealing Users Log-in Credentials
Meta Platforms on Friday disclosed that it had identified over 400 malicious apps on Android and iOS that it said targeted online users with the goal of stealing their Facebook login information. "These apps were listed on the Google Play Store and Apple's App Store and disguised as photo editors, games, VPN services, business apps, and other utilities to trick people into downloading them," the
Read more....
Hackers exploiting unpatched RCE bug in Zimbra Collaboration Suite
Hackers are actively exploiting an unpatched remote code execution (RCE) vulnerability in Zimbra Collaboration Suite (ZCS), a widely deployed web client and email server. [...]
Read more....
WhatsApp goes after Chinese password scammers via US court
If you can't beat 'em, sue 'em!
Read more....
2K Games warns users their stolen data is now up for sale online
Video game publisher 2K emailed users on Thursday to warn them that some of their personal data was stolen and put up for sale online following a September 19 security breach. [...]
Read more....
Microsoft is rolling out a fix for Outlook crashing after launch
Microsoft is finally rolling out a fix for an issue known since August and causing Outlook for Microsoft 365 to freeze and crash right after it's opened. [...]
Read more....