-
NPM package steals Chrome passwords on Windows via recovery tool
New npm malware has been caught stealing credentials from the Google Chrome web browser by using legitimate password recovery tools on Windows systems. Additionally, this malware listens for incoming connections from the attacker's C2 server and provides advanced capabilities, including screen and camera access.
- July 21, 2021
- 09:00 AM
0
-
Critical Cloudflare CDN flaw allowed compromise of 12% of all sites
Cloudflare has fixed a critical vulnerability in its free and open-source CDNJS potentially impacting 12.7% of all websites on the internet. CDNJS serves millions of websites with over 4,000 JavaScript and CSS libraries stored publicly on GitHub, making it the second-largest JavaScript CDN.
- July 16, 2021
- 06:29 AM
0
-
Kaseya: Roughly 1,500 businesses hit by REvil ransomware attack
Kaseya says the REvil supply-chain ransomware attack breached the systems of roughly 60 of its direct customers using the company's VSA on-premises product.
- July 06, 2021
- 07:59 AM
- 0
-
REvil ransomware hits 1,000+ companies in MSP supply-chain attack
A massive REvil ransomware attack affects multiple managed service providers and their clients through a reported Kaseya supply-chain attack.
- July 02, 2021
- 03:56 PM
- 0
-
Microsoft admits to signing rootkit malware in supply-chain fiasco
Microsoft has now confirmed signing a malicious driver being distributed within gaming environments. This driver, called "Netfilter," is in fact a rootkit that was observed communicating with Chinese command-and-control IPs.
- June 26, 2021
- 05:16 AM
- 11
-
Codecov ditches Bash Uploader for a NodeJS executable
Codecov has now introduced a new cross-platform uploader meant to replace its former Bash Uploader. The new uploader is available as a static binary executable currently supporting the Windows, Linux, and macOS operating systems. However, some have raised concerns with the new uploader and the many dependencies it contains.
- June 12, 2021
- 08:44 AM
- 0
-
Windows 10's package manager flooded with duplicate, malformed apps
Microsoft's Windows 10 package manager Winget's GitHub has been flooded with duplicate apps and malformed manifest files raising concerns among developers with regards to the integrity of apps.
- June 01, 2021
- 11:15 AM
- 4
-
Japanese government agencies suffer data breaches after Fujitsu hack
Offices of multiple Japanese agencies were breached via Fujitsu's "ProjectWEB" information sharing tool. Fujitsu states that attackers gained unauthorized access to projects that used ProjectWEB, and stole some customer data.
- May 27, 2021
- 03:21 AM
- 0
-
Codecov hackers gained access to Monday.com source code
Monday.com has recently disclosed the impact of the Codecov supply-chain attack that affected multiple companies. As reported by BleepingComputer last month, popular code coverage tool Codecov had been a victim of a supply-chain attack that lasted for two months.
- May 18, 2021
- 02:33 AM
- 0
-
UK govt seeks advice on defending against supply-chain cyberattacks
Today, the UK government has announced a call for advice on defending against software supply-chain attacks and ways to strengthen IT Managed Service Providers (MSPs) across the country. The move comes after last week when President Biden had issued an executive order to increase cybersecurity defenses across the U.S.
- May 17, 2021
- 12:48 PM
- 0
-
Rapid7 source code, credentials accessed in Codecov supply-chain attack
US cybersecurity firm Rapid7 has disclosed that some source code repositories were accessed in a security incident linked to the supply-chain attack that recently impacted customers of the popular Codecov code coverage tool.
- May 13, 2021
- 03:56 PM
- 0
-
Biden issues executive order to increase U.S. cybersecurity defenses
President Biden signed an executive order Wednesday to modernize the country's defenses against cyberattacks and give more timely access to information necessary for law enforcement to conduct investigations.
- May 12, 2021
- 08:02 PM
- 0
-
Twilio discloses impact from Codecov supply-chain attack
Cloud communications company Twilio has now disclosed that the recent Codecov supply-chain attack exposed a small number of Twilio's customer email addresses.
- May 04, 2021
- 12:39 PM
- 0
-
Codecov starts notifying customers affected by supply-chain attack
Codecov has now started notifying the maintainers of software repositories affected by the recent supply-chain attack. These notifications, delivered via both email and the Codecov application interface, state that the company believes the affected repositories were downloaded by threat actors.
- April 30, 2021
- 02:43 AM
- 0
-
HashiCorp is the latest victim of Codecov supply-chain attack
Open-source software tools and Vault maker HashiCorp has disclosed a security incident that occurred due to the recent Codecov attack. HashiCorp, a Codecov customer, has stated that the recent Codecov supply-chain attack aimed at collecting developer credentials led to the exposure of HashiCorp's GPG signing key.
- April 24, 2021
- 02:16 AM
- 0
-
Passwordstate password manager hacked in supply chain attack
Click Studios, the company behind the Passwordstate password manager, notified customers that attackers compromised the app's update mechanism to deliver malware in a supply-chain attack after breaching its networks.
- April 23, 2021
- 04:18 PM
- 0
-
Hundreds of networks reportedly hacked in Codecov supply-chain attack
More details have emerged on the recent Codecov system breach which is being likened to the SolarWinds hack. In new reporting, investigators have stated that hundreds of customer networks have been breached in the incident, expanding the scope of this system breach beyond just Codecov's systems.
- April 20, 2021
- 03:49 AM
- 0
-
Popular Codecov code coverage tool hacked to steal dev credentials
Codecov online platform for hosted code testing reports and statistics announced on Thursday that a threat actor had modified its Bash Uploader script, exposing sensitive information in customers' continuous integration (CI) environment.
- April 16, 2021
- 10:44 AM
- 0
-
Gigaset Android phones infected by malware via hacked update server
Owners of Gigaset Android phones have been repeatedly infected with malware since the end of March after threat actors compromised the vendor's update server in a supply-chain attack.
- April 07, 2021
- 11:36 AM
- 0
-
PHP's Git server hacked to add backdoors to PHP source code
In the latest software supply chain attack, the official PHP Git repository was hacked and tampered with. Yesterday, two malicious commits were pushed to the php-src Git repository maintained by the PHP team on their git.php.net server. The threat actors had signed off on these commits as if they were made by known PHP developers.
- March 29, 2021
- 03:32 AM
- 1
0
-
Remove the Theonlinesearch.com Search Redirect
Filed Under: Adware -
Remove the Smartwebfinder.com Search Redirect
Filed Under: Adware -
How to remove the PBlock+ adware browser extension
Filed Under: Adware -
Remove the Toksearches.xyz Search Redirect
Filed Under: Adware -
Remove the Smashapps.net Search Redirect
Filed Under: Adware
-
Version: 5.1.5.1165M+ Downloads
-
Version: 1.33.07554,224 Downloads
-
Version: 0.8141,953 Downloads
-
Version: NA103,249 Downloads
-
Version: NA150,238 Downloads
