CloudFlare CDNJS Bug Could Have Led to Widespread Supply-Chain Attacks – Tempemail

Web infrastructure and website security company Cloudflare last month fixed a critical vulnerability in its CDNJS library that’s used by 12.7% of all websites on the internet. CDNJS is a free and open-source content delivery network (CDN) that serves about 4,041 JavaScript and CSS libraries, making it the second most Continue Reading

Ransomware Attacks Targeting Unpatched EOL SonicWall SMA 100 VPN Appliances – Tempemail

Networking equipment maker SonicWall is alerting customers of an “imminent” ransomware campaign targeting its Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life 8.x firmware. The warning comes more than a month after reports emerged that remote access vulnerabilities in SonicWall SRA 4600 Continue Reading

REvil Ransomware Gang Mysteriously Disappears After High-Profile Attacks – Tempemail

REvil, the infamous ransomware cartel behind some of the biggest cyberattacks targeting JBS and Kaseya, has mysteriously disappeared from the dark web, leading to speculations that the criminal enterprise may have been taken down. Multiple darknet and clearnet sites maintained by the Russia-linked cybercrime syndicate, including the data leak, extortion, Continue Reading

LuminousMoth APT: Sweeping attacks for the chosen few- Tempemail

APT actors are known for the frequently targeted nature of their attacks. Typically, they will handpick a set of targets that in turn are handled with almost surgical precision, with infection vectors, malicious implants and payloads being tailored to the victims’ identities or environment. It’s not often we observe a Continue Reading

Experts Uncover Malware Attacks Targeting Corporate Networks in Latin America – Tempemail

Cybersecurity researchers on Thursday took the wraps off a new, ongoing espionage campaign targeting corporate networks in Spanish-speaking countries, specifically Venezuela, to spy on its victims. Dubbed “Bandidos” by ESET owing to the use of an upgraded variant of Bandook malware, the primary targets of the threat actor are corporate Continue Reading

New Mirai-Inspired Botnet Could Be Using Your KGUARD DVRs in Cyber Attacks – Tempemail

Cybersecurity researchers on Thursday revealed details about a new Mirai-inspired botnet called “mirai_ptea” that leverages an undisclosed vulnerability in digital video recorders (DVR) provided by KGUARD to propagate and carry out distributed denial-of-service (DDoS) attacks. Chinese security firm Netlab 360 pinned the first probe against the flaw on March 23, Continue Reading

‘I had threats to my life’: how mob attacks on social media are silencing UK teachers | Teaching- Tempemail

When Gemma Parker, a secondary school teacher, tweeted about teaching students about racism earlier this year, she wasn’t prepared for the flood of abuse she unleashed. A rightwing activist group flagged her as a dangerous teacher, and within hours she had been labelled a “Nazi sympathiser” and a “child abuser”, Continue Reading

How to confuse antimalware neural networks. Adversarial attacks and protection- Tempemail

Introduction Nowadays, cybersecurity companies implement a variety of methods to discover new, previously unknown malware files. Machine learning (ML) is a powerful and widely used approach for this task. At Kaspersky we have a number of complex ML models based on different file features, including models for static and dynamic Continue Reading

SonicWall Left a VPN Flaw Partially Unpatched Amidst 0-Day Attacks – Tempemail

A critical vulnerability in SonicWall VPN appliances that was believed to have been patched last year has been now found to be “botched,” with the company leaving a memory leak flaw unaddressed, until now, that could permit a remote attacker to gain access to sensitive information. The shortcoming was rectified Continue Reading

Google Releases New Framework to Prevent Software Supply Chain Attacks – Tempemail

As software supply chain attacks emerge as a point of concern in the wake of SolarWinds and Codecov security incidents, Google is proposing a solution to ensure the integrity of software packages and prevent unauthorized modifications. Called “Supply chain Levels for Software Artifacts” (SLSA, and pronounced “salsa”), the end-to-end framework Continue Reading