U.S. Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The list of shortcomings is as follows -

CVE-2022-47986 (CVSS score: 9.8) - IBM Aspera Faspex Code Execution Vulnerability
CVE-2022-41223 (CVSS score: 6.8) - Mitel MiVoice Connect Code Injection

https://thehackernews.com/2023/02/us-cyb...three.html

Gcore Thwarts Massive 650 Gbps DDoS Attack on Free Plan Client

At the beginning of January, Gcore faced an incident involving several L3/L4 DDoS attacks with a peak volume of 650 Gbps. Attackers exploited over 2000 servers belonging to one of the top three cloud providers worldwide and targeted a client who was using a free CDN plan. However, due to Gcore’s distribution of infrastructure and a large number of peering partners, the attacks were mitigated,

https://thehackernews.com/2023/02/gcore-...-ddos.html

Threat Actors Adopt Havoc Framework for Post-Exploitation in Targeted Attacks

An open source command-and-control (C2) framework known as Havoc is being adopted by threat actors as an alternative to other well-known legitimate toolkits like Cobalt Strike, Sliver, and Brute Ratel.
Cybersecurity firm Zscaler said it observed a new campaign in the beginning of January 2023 targeting an unnamed government organization that utilized Havoc.
"While C2 frameworks are prolific, the

https://thehackernews.com/2023/02/threat...k-for.html

Hydrochasma: New Threat Actor Targets Shipping Companies and Medical Labs in Asia

Shipping companies and medical laboratories in Asia have been the subject of a suspected espionage campaign carried out by a never-before-seen threat actor dubbed Hydrochasma.
The activity, which has been ongoing since October 2022, "relies exclusively on publicly available and living-off-the-land tools," Symantec, by Broadcom Software, said in a report shared with The Hacker News.
There is no

https://thehackernews.com/2023/02/hydroc...rgets.html

3 Steps to Automate Your Third-Party Risk Management Program

If you Google "third-party data breaches" you will find many recent reports of data breaches that were either caused by an attack at a third party or sensitive information stored at a third-party location was exposed. Third-party data breaches don't discriminate by industry because almost every company is operating with some sort of vendor relationship – whether it be a business partner,

https://thehackernews.com/2023/02/3-step...party.html

Attackers Flood NPM Repository with Over 15,000 Spam Packages Containing Phishing Li

In what's a continuing assault on the open source ecosystem, over 15,000 spam packages have flooded the npm repository in an attempt to distribute phishing links.
"The packages were created using automated processes, with project descriptions and auto-generated names that closely resembled one another," Checkmarx researcher Yehuda Gelb said in a Tuesday report.
"The attackers referred to retail

https://thehackernews.com/2023/02/attack...-with.html

Apple Warns of 3 New Vulnerabilities Affecting iPhone, iPad, and Mac Devices

Apple has revised the security advisories it released last month to include three new vulnerabilities impacting iOS, iPadOS, and macOS.
The first flaw is a race condition in the Crash Reporter component (CVE-2023-23520) that could enable a malicious actor to read arbitrary files as root. The iPhone maker said it addressed the issue with additional validation.
The two other vulnerabilities,

https://thehackernews.com/2023/02/apple-...ities.html

Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries

Cybersecurity researchers are warning of "imposter packages" mimicking popular libraries available on the Python Package Index (PyPI) repository.
The 41 malicious PyPI packages have been found to pose as typosquatted variants of legitimate modules such as HTTP, AIOHTTP, requests, urllib, and urllib3. The names of the packages are as follows:
aio5, aio6, htps1, httiop, httops, httplat, httpscolor

https://thehackernews.com/2023/02/python...nized.html

New S1deload Malware Hijacking Users' Social Media Accounts and Mining Cryptocurrency

An active malware campaign has set its sights on Facebook and YouTube users by leveraging a new information stealer to hijack the accounts and abuse the systems' resources to mine cryptocurrency.
Bitdefender is calling the malware S1deload Stealer for its use of DLL side-loading techniques to get past security defenses and execute its malicious components.
"Once infected, S1deload Stealer steals

https://thehackernews.com/2023/02/new-s1...users.html

Lazarus Group Likely Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data

A new backdoor associated with a malware downloader named Wslink has been discovered, with the tool likely used by the notorious North Korea-aligned Lazarus Group, new findings reveal.
The payload, dubbed WinorDLL64 by ESET, is a fully-featured implant that can exfiltrate, overwrite, and delete files; execute PowerShell commands; and obtain comprehensive information about the underlying machine.

https://thehackernews.com/2023/02/lazaru...dll64.html