Category: News

From thehackernews.com

The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized changes to the repository.

“We no longer believe the git.php.net server has been compromised. However, it is possible that the master.php.net user database leaked,” Nikita Popov said in a message posted on its mailing list on April 6.

Read more…

From helpnetsecurity.com

The construction industry may not appear to be an obvious target for cybercrime, but it garners unwanted online attention just like other sectors. According to a report by IBM, the average cost of a data breach in the industrial sector was $4.99 million.

Read more…

From bleepingcomputer.com

Security researchers note an increase in alternative methods to steal data from phishing attacks, as scammers obtain the stolen info through Google Forms or private Telegram bots.

Email remains the preferred method to exfiltrate stolen info but these channels foreshadow a new trend in the evolution of phishing kits.

Read more…

From 2-spyware.com

Rx-news.online is a treacherous site that users visit unintentionally. Such push notification virus sites try to trick their visitors into accepting their notifications by showing various misleading messages, such as “press the Allow button to continue watching”, “click the Allow button to prove that you’re not a robot”, and so on.

Neither Rx-news.online notifications nor from similar sites that push to accept their notifications to confirm or prove something should ever be accepted. Notifications from these untrustworthy portals are actually advertisements that will start popping up directly on your desktop or screen.

Read more…

From heimdalsecurity.com

According to a Cyber Threat Report released by the Bangladesh Government’s e-Government Computer Incident Response Team (BGD e-GOV CIRT) on April 1^st, hacker group Hafnium has launched attacks on more than 200 organizations in Bangladesh.

Bangladesh Telecommunication Regulatory Commission (BTRC), Bangladesh Bank, commercial banks, and Internet service providers were among the targets.

The report claims the hacker group initiated the attacks last month.

Read more…

From securityboulevard.com

Applications are no longer standalone monoliths, they now rely on thousands of independent building blocks: cloud infrastructure, databases, SaaS components such as Stripe, Slack and HubSpot, just to name a few. This is a significant shift in software development. Secrets are the glue that connects these different application building blocks by making a secure connection between them, allowing them to pass information and data.

Using a distributed architecture like this comes with many advantages, including the ability to independently update services, scale services rapidly and offload development work to dedicated services such as SaaS vendors. This does come with a tradeoff, however; now we need to manage all the hundreds – or even thousands – of secrets that connect these different building blocks.

Read more…

From 2-spyware.com

Victims get tricked into installing trojans, other malware that spreads via fake codecs.^[1] Ransomware^[2] is one of the types that can also be distributed using such a method. Researchers always find various malware that spreads using fake codecs and can disable antivirus products to make users believe that the tool is still running and keeping the system safe while the malware runs its processes.

Such malware that spreads around with the help of fake codecs can also find its way on macOS devices.^[3] Reports have surfaced a few times in the last decade or so that malware versions posing as false ActiveX objects were found on various sites. Social engineering^[4] is also the method used in such campaigns.

Read more…