The Hacker News Daily Updates

"The secret vulnerability finance execs are missing."

Views expressed in this cybersecurity, cybercrime update are those of the reporters and correspondents.  Accessed on 23 February 2023, 2013 UTC.  Content provided by email subscription to "The Hacker News Daily Updates."

Source:  https://mail.google.com/mail/u/0/#inbox/FMfcgzGrcjSTdPSnGXkNpnzwmXkPcbSB ("The Hacker News Daily Updates").

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net and https://paper.li/RussellRoberts).

The Hacker News Daily Updates

Cybersecurity Webinar: How to Tackle the Top SaaS Security Challenges of 2023 Don't let your SaaS apps become the next target - Join our expert-led webinar to learn how to protect your ecosystem. Download Now Sponsored

LATEST NEWS Feb 23, 2023

The Secret Vulnerability Finance Execs are Missing The (Other) Risk in Finance A few years ago, a Washington-based real estate developer received a document link from First American – a financial services company in the real estate industry – relating to a deal he was working on. Everything about the document was perfectly fine and normal. The odd part, he told a reporter, was that if he changed a single digit in the URL, suddenly, he could ... Read More

New Hacking Cluster 'Clasiopa' Targeting Materials Research Organizations in Asia Materials research organizations in Asia have been targeted by a previously unknown threat actor using a distinct set of tools. Symantec, by Broadcom Software, is tracking the cluster under the moniker Clasiopa. The origins of the hacking group and its affiliations are currently unknown, but there are hints that suggest the adversary could have ties to India. This includes references to ... Read More

Time for an upgrade. Go from spreadsheets to seamless, automated compliance 14+ customizable frameworks. Risk management tool. Audit ready at all times. Book a demo. >> Read More

Lazarus Group Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data A new backdoor associated with a malware downloader named Wslink has been discovered, with the tool likely used by the notorious North Korea-aligned Lazarus Group, new findings reveal. The payload, dubbed WinorDLL64 by ESET, is a fully-featured implant that can exfiltrate, overwrite, and delete files; execute PowerShell commands; and obtain comprehensive information about the underlying ... Read More

New S1deload Malware Hijacking Users' Social Media Accounts and Mining Cryptocurrency An active malware campaign has set its sights on Facebook and YouTube users by leveraging a new information stealer to hijack the accounts and abuse the systems' resources to mine cryptocurrency. Bitdefender is calling the malware S1deload Stealer for its use of DLL side-loading techniques to get past security defenses and execute its malicious components. "Once infected, S1deload Stealer ... Read More

Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries Cybersecurity researchers are warning of "imposter packages" mimicking popular libraries available on the Python Package Index (PyPI) repository. The 41 malicious PyPI packages have been found to pose as typosquatted variants of legitimate modules such as HTTP, AIOHTTP, requests, urllib, and urllib3. The names of the packages are as follows: aio5, aio6, htps1, httiop, httops, httplat, ... Read More

Apple Warns of 3 New Vulnerabilities Affecting iPhone, iPad, and Mac Devices Apple has revised the security advisories it released last month to include three new vulnerabilities impacting iOS, iPadOS, and macOS. The first flaw is a race condition in the Crash Reporter component (CVE-2023-23520) that could enable a malicious actor to read arbitrary files as root. The iPhone maker said it addressed the issue with additional validation. The two other ... Read More

Attackers Flood NPM Repository with Over 15,000 Spam Packages Containing Phishing Links In what's a continuing assault on the open source ecosystem, over 15,000 spam packages have flooded the npm repository in an attempt to distribute phishing links. "The packages were created using automated processes, with project descriptions and auto-generated names that closely resembled one another," Checkmarx researcher Yehuda Gelb said in a Tuesday report. "The attackers referred to ... Read More

Cybersecurity Webinar: How to Tackle the Top SaaS Security Challenges of 2023 Don't let your SaaS apps become the next target - Join our expert-led webinar to learn how to protect your ecosystem. Download Now Sponsored