Security researchers with ReversingLabs warn of a new supply chain attack using a malicious PyPI module that poses as a software development kit (SDK) from the cybersecurity firm SentinelOne.
Malicious PyPI Module Poses as SentinelOne SDK
Glupteba Botnet Still Active Despite Google’s Disruption Efforts
An analysis conducted by OT and IoT cybersecurity firm Nozomi Networks shows that the Glupteba botnet is still active following Google’s efforts to disrupt the cybercrime operation.
CISA Warns Veeam Backup & Replication Vulnerabilities Exploited in Attacks
The US Cybersecurity and Infrastructure Security Agency (CISA) has added two flaws affecting Veeam’s Backup & Replication product to its Known Exploited Vulnerabilities Catalog.
Security Firms Warn Microsoft of Signed Drivers Used to Kill EDR, AV Processes
Several cybersecurity firms have warned Microsoft that cybercriminals have been using signed malicious drivers to kill processes associated with antivirus (AV) and endpoint detection and response (EDR) products.
New Python-Based Backdoor Targeting VMware ESXi Servers
Security researchers with Juniper Networks’ Threat Labs warn of a new Python-based backdoor targeting VMware ESXi virtualization servers.
Users Warned of New Aerst, ScareCrow, and Vohuk Ransomware Families
Fortinet’s security researchers have shared information on three new ransomware families named Aerst, ScareCrow, and Vohuk.
Healthcare Organizations Warned of Royal Ransomware Attacks
The US Department of Health and Human Services (HHS) is warning healthcare organizations of the threat posed by ongoing Royal ransomware attacks.
Initially spotted in September 2022, the ransomware family is employed by a financially-motivated threat actor that also uses known tools for persistence, credential exfiltration, and lateral movement.
LF Electromagnetic Radiation Used for Stealthy Data Theft From Air-Gapped Systems
Mordechai Guri, a cybersecurity researcher from the Ben-Gurion University of the Negev in Israel who specializes in air gap jumping, has released a paper detailing yet another method that can be used to stealthily exfiltrate data from systems isolated from the internet and local networks.
Vulnerabilities Allow Researcher to Turn Security Products Into Wipers
SafeBreach Labs security researcher Or Yair discovered several vulnerabilities that allowed him to turn endpoint detection and response (EDR) and antivirus (AV) products into wipers.
Iranian Hackers Deliver New ‘Fantasy’ Wiper to Diamond Industry via Supply Chain Attack
An Iran-linked advanced persistent threat (APT) actor named Agrius is using a new wiper in attacks targeting entities in South Africa, Israel and Hong Kong, cybersecurity firm ESET reports.