The Hacker News Daily Updates

"Malware attack on CircleCI Engineer's laptop leads to recent security incident."

Views expressed in this cybersecurity, cybercrime update are those of the reporters and correspondents.  Accessed on 14 January 2023, 1423 UTC.  Content provided by email subscription to "The Hacker News Daily Updates."

Source: https://mail.google.com/mail/u/0/#inbox/FMfcgzGrcFbgDmwQfxDWSNBrqhKJQgSD

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net and https://paper.li/RussellRoberts).

The Hacker News Daily Updates

Data Classification for Cloud Security How to Classify and Protect Cloud Data at Scale Download Now Sponsored

LATEST NEWS Jan 14, 2023

Malware Attack on CircleCI Engineer's Laptop Leads to Recent Security Incident DevOps platform CircleCI on Friday disclosed that unidentified threat actors compromised an employee's laptop and leveraged malware to steal their two-factor authentication-backed credentials to breach the company's systems and data last month. The CI/CD service CircleCI said the "sophisticated attack" took place on December 16, 2022, and that the malware went undetected by its ... Read More

Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability A majority of internet-exposed Cacti servers have not been patched against a recently patched critical security vulnerability that has come under active exploitation in the wild. That's according to attack surface management platform Censys, which found only 26 out of a total of 6,427 servers to be running a patched version of Cacti (1.2.23 and 1.3.0). The issue in question relates ... Read More

TikTok Fined $5.4 Million by French Regulator for Violating Cookie Laws Popular short-form video hosting service TikTok has been fined €5 million (about $5.4 million) by the French data protection watchdog for breaking cookie consent rules, making it the latest platform to face similar penalties after Amazon, Google, Meta, and Microsoft since 2020. "Users of 'tiktok[.]com' could not refuse cookies as easily as accepting them and they were not informed in ... Read More

Cisco Issues Warning for Unpatched Vulnerabilities in EoL Business Routers Cisco has warned of two security vulnerabilities affecting end-of-life (EoL) Small Business RV016, RV042, RV042G, and RV082 routers that it said will not be fixed, even as it acknowledged the public availability of proof-of-concept (PoC) exploit. The issues are rooted in the router's web-based management interface, enabling a remote adversary to sidestep authentication or execute ... Read More

Beware: Tainted VPNs Being Used to Spread EyeSpy Surveillanceware Tainted VPN installers are being used to deliver a piece of surveillanceware dubbed EyeSpy as part of a malware campaign that started in May 2022. It uses "components of SecondEye – a legitimate monitoring application – to spy on users of 20Speed VPN, an Iranian-based VPN service, via trojanized installers," Bitdefender said in an analysis. A majority of the infections are said to originate ... Read More

Cybercriminals Using Polyglot Files in Malware Distribution to Fly Under the Radar Remote access trojans such as StrRAT and Ratty are being distributed as a combination of polyglot and malicious Java archive (JAR) files, once again highlighting how threat actors are continuously finding new ways to fly under the radar. "Attackers now use the polyglot technique to confuse security solutions that don't properly validate the JAR file format," Deep Instinct security ... Read More

Get Unified Cloud and Endpoint Security: Only $1 for 1,000 Assets for all of 2023! As the new year begins, it's more important than ever to protect your business from the constantly evolving cyber threats that could compromise your valuable assets.  But who wants to pay an arm and a leg for top-tier security? With this Uptycs introductory offer, you do not have to. Kickstart the new year by securing your business with Uptycs. Starting now, for just $1, you can ... Read More

FortiOS Flaw Exploited as Zero-Day in Attacks on Government and Organizations A zero-day vulnerability in FortiOS SSL-VPN that Fortinet addressed last month was exploited by unknown actors in attacks targeting governments and other large organizations. "The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or government-related targets," Fortinet researchers said in a post-mortem analysis published this week. The ... Read More

Data Classification for Cloud Security How to Classify and Protect Cloud Data at Scale Download Now Sponsored