News & Updates

Researchers Warn of Critical Security Bugs in Schneider Electric Modicon PLCs

/
Security researchers have disclosed two new vulnerabilities affecting Schneider Electric Modicon programmable logic controllers (PLCs) that could allow for authentication bypass and remote code execution.
The flaws, tracked as CVE-2022-45788 (CVSS score: 7.5) and CVE-2022-45789 (CVSS score: 8.1), are part of a broader collection of security defects tracked by Forescout as OT:ICEFALL.
Successful
News & Updates

Hackers Using Google Ads to Spread FatalRAT Malware Disguised as Popular Apps

/
Chinese-speaking individuals in Southeast and East Asia are the targets of a new rogue Google Ads campaign that delivers remote access trojans such as FatalRAT to compromised machines.
The attacks involve purchasing ad slots to appear in Google search results that direct users searching for popular applications to rogue websites hosting trojanized installers, ESET said in a report published
News & Updates

Researchers Link SideWinder Group to Dozens of Targeted Attacks in Multiple Countries

/
The prolific SideWinder group has been attributed as the nation-state actor behind attempted attacks against 61 entities in Afghanistan, Bhutan, Myanmar, Nepal, and Sri Lanka between June and November 2021.
Targets included government, military, law enforcement, banks, and other organizations, according to an exhaustive report published by Group-IB, which also found links between the adversary
News & Updates

Researchers Hijack Popular NPM Package with Millions of Downloads

/
A popular npm package with more than 3.5 million weekly downloads has been found vulnerable to an account takeover attack.
“The package can be taken over by recovering an expired domain name for one of its maintainers and resetting the password,” software supply chain security company Illustria said in a report.
While npm’s security protections limit users to have only one active email address
Exit mobile version