Bug in NPM Empowers Hackers to Transmit Malware

Flagstar Bank is in the news for the wrong reason. The bank recently publicized the fact that it discovered a digital breach.

We are nearly halfway through 2022. News stories detailing hacks and other digital breaches continue to roll in on a daily basis.

There has been a significant spike in tourism following the gradual decline of the coronavirus pandemic.  The increase in travel has caught the attention of digital miscreants looking to scam tourists as well as travel services providers.

The cybercriminals responsible for BRATA malware have enhanced their digital Frankenstein with a slew of additional features.

Digital security specialists have identified an APT linked to China that was unknown for nearly a decade. Though the APT is diminutive, it is quite potent.

A messenger scam on Facebook has fooled millions of the social media platform's users.  Around 10 million Facebook users were duped by the phishing message.

Researchers with Google have identified a vulnerability in Apple Safari that has been exploited in the wild. The 5-year-old vulnerability resurfaced yet went unnoticed for quite a lengthy period of time, even after repair and reintroduction.

With nearly $160 billion in total payment volume for 2020, Venmo is quickly growing into one of the most popular peer-to-peer, or P2P, payment systems on the market.

While we need the internet for everything from entertainment to employment, it undoubtedly exposes us to a number of harmful scams.

If you're an Apple user, you've likely heard something about the mysterious process known as "jailbreaking. " It's a common way to work around the many restrictions manufacturers place on smartphones and other digital devices, but its safety and legal status have always been a bit murky. 

Most people are surprised to learn hundreds of thousands of new forms of malware are made on a daily basis. Programming has advanced to the point that hackers can lean on artificial intelligence to help craft new and even more creative internet-based attacks.  

Digital security specialists insist a new form of Linux malware is discrete to the point that it is almost impossible to identify.

The medical records of nearly 70,000 individuals have been exposed in a massive data breach. The breach occurred at Kaiser Permanente. 

Chinese hackers are zeroing in on Android and iOS users with the distribution of Web3 wallets that are backdoored. The hackers are attempting to steal money using the backdoored apps in a creative way.

An internet marketplace that made the private information of more than 20 million individuals available for purchase has been removed from the web, hopefully for good.

Qbot, a powerful form of malware, is now being used by Black Basta ransomware attackers to create a whole that is greater than the sum of its parts.

When we ask the question "What is an APT," there is no simple or succinct answer. The world of cybersecurity is complex, with many layers interacting to create the safety nets we all enjoy online.

Speculation proliferates on the internet. Everyone wants to be on the ground floor of money-making, buzz-building events. That means many people will buy something they don't understand for a price that is likely to spike – and collapse--quickly.

In 2021, the U.S. Border Patrol seized nearly 23,000 fake CDC vaccination cards, a number that represents only a fraction of the total fake card market.

Shields Health Care Group, a medical imaging provider, has been hacked. A total of two million people were affected by the attack.

Take a look back through the previous week's digital security news headlines and you'll find no shortage of stories.  Online aggression has reached an all-time high, yet it isn't only multinational corporations that are in hackers' crosshairs.

The online attacks simply do not stop. In the latest wave of online crime, ransomware hackers have obtained 1,200 Elasticsearch databases that lacked the necessary digital security protections.  

Apple is programming its computers with a new feature that adds security updates without requiring a manual prompt. Nor is there any need for a full operating system update for the improvements to be seamlessly implemented.

An especially harmful strain of malware known as "FluBot" has finally been taken down. It took several federal agencies and more than a year's time to eliminate FluBot.

Atlassian, one of the world's leading digital work specialists, is in the news for issuing a new security patch. The patch pertains to a zero-day vulnerability that is considered to be critical.

Identity theft is increasingly common in the United States and worldwide. The practice of obtaining identifying information, such as social security numbers, dates of birth, and addresses, happens every day.

In today's high-tech world, identity theft and fraud are all too common. Scams are changing and evolving, often becoming savvier and harder to spot.

Maintaining digital safety is quickly becoming a priority for companies in every industry and sector. Utilizing cybersecurity best practices can keep your clients, employees, and management team safe from data leaks and malware attacks.

The pace of online attacks hasn't slowed nearly halfway into the year. Fire up a digital security website in your browser, and you are sure to find a nearly endless list of digital break-ins and other crimes in the virtual realm.

A PyPi package referred to as "CTX," and another referred to as "phpass" PHP Library are being used to steal AWS keys. The PHP and Python packages function as trojans.

A zero-day bug referred to as "Follina" sets the stage for outdated versions of Microsoft Office to be attacked. The malware is a significant threat as it loads itself on remote servers, bypassing the system's scanner dubbed "Defender AV" and permitting the running of harmful code on computers.

Flaws described as "critical" within the widely used ICS platform have the potential to catalyze RCE into action. RCE is an acronym commonly used by those in the tech world to refer to remote code execution.

REvil, one of the most feared cyber gangs in the history of the internet, appears to have returned.  The hacking collective is back on the scene with new DDoS attacks.

A link between several different types of the most threatening ransomware has been identified.  The link connects Yashma, Onyx, and Chaos ransomware together.

Private browsing is an option that's available on every web browser without the need to upgrade to a premium product. This feature allows users to use search terms without concerns that other users on the same device or account might discover them.

Over the last decade or two, we have seen a noticeable shift in general childhood activities. Society is silently pulling away from more active games and tasks and leaning towards more passive ones.

The final days of May have been quite tumultuous in the context of internet security. Online attacks continue to occur at an alarmingly high frequency here in the United States and abroad.

Those who pay attention to malware attacks have noted a considerable uptick in the number of XorDdos Linux attacks. XorDdos has developed a reputation for using attacks characterized as secure with shell brute force.  

A new ransomware variant dubbed Yashma has been pinpointed in the wild. The Chaos builder represents the latest version of the ransomware line.

A botnet referred to as Fronton tracks activity on the internet and conducts illegal operations. The IoT botnet aims to steal information, disinform, and wreak general havoc on the web.

A keylogger is infecting computers through harmful PDF files. The snake keylogger centers on an email campaign that sends PDF files and other files from Microsoft Word programs.

The failure to quickly patch a bug might empower online criminals to steal money directly out of the accounts of PayPal users.

Maintaining cybersecurity is a priority for organizations and individuals alike. Statistically, cyberattacks are rising, with cybercrime strategies evolving and adapting to mitigation strategies.

Cybersecurity is a significant area of focus in technology, regardless of use and industry. Achieving security in applications and across networks is essential for individuals and businesses alike.

Devices like smartphones have moved from a luxury to a necessity in our lives; many of us rely on our phones to store important information like passwords, bank account logins, and other personal data.

The digital landscape is becoming more treacherous as the new year takes shape. Check out the news headlines, and you will find mention of ransomware, phishing, malware, and more.

A botnet referred to as "Sysrv-K" is targeting computers that run on both Windows and Linux operating systems. According to researchers with Microsoft, the botnet uses bugs within a Spring Framework and WordPress plugins.

The ransomware as a service specialist AvosLocker insists it is responsible for yet another healthcare facility attack. If the allegation is true, AvosLocker has successfully stolen data from CHRISTUS Health in Texas.

Attention iPhone users: your phone might be susceptible to hacking attacks even when in the off mode. Powering down the device still allows the NFC, Bluetooth, and UWB to remain functional.

If your computer is experiencing authentication errors or problems with its Windows operating system, there is a chance it is the result of a Microsoft patch.

Some of the world's top information technology managed services providers, or MSPs for short, have been warned of potential upcoming web-based attacks.

A credit score is an important measure of an individual's creditworthiness and is relied upon by many parties. Banks, lenders, car dealers, landlords, and even potential employers may require pulling your credit before proceeding with key steps.

Americans can be very generous people: we donate more than $470 billion to charities annually. In this way, we are doing what we can to alleviate the suffering of others who are victims of natural disasters, famine, poor opportunities, joblessness, and lack of nutrition.

A credit score is a number associated with your personal money management history. Each adult who has had a credit card, a loan, or a bank account usually has a credit score.

As we transition to the second half of the year, it is becoming increasingly clear that digital attacks are not slowing down in the slightest.

More than 1,000 phishing emails have been sent from the inboxes of National Health Service employees.  The National Health Service, or NHS for short, is based in the United Kingdom.

Microsoft is in the news for implementing a patch to combat the exploitation of an active zero-day bug.  The patch in question also contains important fixes for several weaknesses within the cloud environment infrastructure.

The use of malware designed to steal computer users' information, including login credentials and system information, is rising.

A new form of malware that functions with USBs is targeting Windows installers. The wormable threat is sometimes referred to as Raspberry Robbin. 

In an experiment to test the security of obsolete electronic devices, "Which? Computing Magazine" purchased 8 used computers off of eBay to see what residual data they could find.

A massive digital security breach at Illuminate Education has put students' sensitive information between the ages of 5 and 18 at risk.

A lot goes on behind the scenes when you're browsing the internet on your computer or mobile device. Much of the activity comes from cookies, which are devices that collect data on your browsing history.

Despite the healthcare industry's continuous efforts to minimize cybercriminal activity, cyber-attacks continue to plague it.

We are only four months into the new year, and cyber-attacks are soaring to record levels. As detailed below, businesses in all sectors are enduring digital offensives ranging from hackers transmitting ransomware to those embedding malware, conducting phishing scams, launching DDoS attacks, and more.

Kellogg Community College has suspended classes at its five campuses after being targeted by a nasty ransomware attack.  The ransomware offensive affected nearly 9,000 students at the college's campuses in Hastings, Albion, Battle Creek, Fort Custer Industrial Park, and Coldwater, Michigan.

The Emotet botnet is back and more powerful than ever before. The botnet is employing a different method for delivery when compromising computers that operate with Windows.

Cloudflare, a digital security specialist, is in the news for stopping a record-setting DDoS attack.  The DDoS attack in question transmitted an incredible 15 million requests each second.

Constella Intelligence's latest report on digital security highlights the ever-growing threat of ransomware, malware, phishing, and a slew of additional cyber threats.

The statistics and trends highlighted in the latest Constella Intelligence report indicate the number of digital breaches is increasing as time progresses.

Your credit report is a reflection of your financial health. It's essential to understand your credit report to manage your financial health.

Two types of credit scores exist that determine whether someone is creditworthy. FICO Score and VantageScore both use a credit range of 300 to 850.

Spear phishing is unlike other forms of phishing. These cybercriminals collect personal information to create elaborate scams.

Digital attacks are on the rise as we transition to the first week of May.  Though the weather is warming, cybercriminals are remaining within the comfy confines of home, infiltrating one network after another.

Digital criminals have breached dozens of repositories used on GitHub. The attack was performed with stolen tokens. The tokens in question are "OAuth" tokens.

Hackers are exploiting an NPM bug to send malware that appears to be harmless packages. The bug in question is referred to as a "logical flaw" by those in the digital security community.

Check Point, cyber security specialists based in Israel, reports flawed chipset bugs in Android smartphones have created an opportunity for digital criminals to perform comprehensive spying.

Atlassian is providing users of Jira with a digital security patch.  The patch is in response to the identification of a flawed authentication bypass process.

T-Mobile has been hacked again. This time, Lapsus$ hackers are responsible for the attack. Here is a quick look at T-Mobile's latest digital security breach details.

There are more and more cybersecurity risks arising every day. Companies and institutions need to be aware of them and develop policies to prevent cybercrime.

Hackers have a bad name, and for good reason. Hacking is unauthorized entry into computer systems and software, often by breaking in through system vulnerabilities.

A whaling cyber-attack is a phishing attack designed to steal data and access a company's computer system. The FBI reports that these types of targeted attacks cost businesses almost $2.

From ransomware attacks to phishing scams, spyware, malware, and beyond, businesses in the United States and elsewhere were slammed by digital offenses of every type in the third week of April.

Beanstalk Farms, one of the DeFi industry's most promising businesses, was recently hacked. DeFi is short for decentralized finance.

The NSO Group has placed spyware on computers, servers, and networks used by the United Kingdom's federal government. To be more specific, the spyware compromised the computing equipment used by the UK Prime Minister's office.  

Vulnerabilities in Unified Extensible Firmware Interface (UEFI) firmware have put Lenovo laptop computers at risk. A total of three UEFI security flaws have been identified in Lenovo laptops sold to consumers.

The popular Italian menswear brand Zegna was recently hit by a ransomware attack. RansomExx hackers illegally accessed and leaked the company's accounting data to the web.

A stolen social security card could be devastating. Not only could someone use your social security number (SSN) to impersonate you, but it could also result in identity theft and financial fraud.

The Lazarus hacking collective has been identified as the digital miscreants responsible for the $500+ million hack of Axie Infinity.

Just about everyone is online these days, which means you have an online presence and a reputation. Whether or not you know it, your name and information are out there, and people will form an opinion when they see it.

The week has gone by and had its fair share of digital attacks. Search Google's News section for "digital attacks" or "cyber-attacks" in the previous week, and you will find at least one story of a digital attack published nearly every single hour of the day going back several months.  

A ZLoader botnet has been wreaking havoc across the world. Microsoft recently highlighted the botnet's global operation to halt its progress.

Most of us spend our lives online for work and play. However, spending so much time online puts us at risk of internet privacy issues.

What is Cyberstalking? Cyberstalking is a crime where someone stalks a person using digital platforms such as text messages, email, social media, phone calls, forums, and other online technologies.

Most people who use the internet have some of their data "in the cloud. " But what is cloud storage? It sounds like a space-age concept, but it simply means the data is off-site, on servers elsewhere.

The internet has proven to be both a friend and a foe. One peculiar thing about it is that often users need to reveal personal information before accessing most of its features. 

Becoming a victim of Identity theft by a stranger is bad enough, but it can be devastating when you find out someone you know, and trust has betrayed you for their own financial gain.

Microsoft's digital security team is shining the spotlight on Tarrask malware. The new malware from China targets computers that run Windows operating systems.

Darkfeed, a platform that monitors the darknet, recently revealed that BlackCat ransomware hackers stole in excess of one terabyte of information from Florida International University.

Breach of your e-mail account may not sound all that critical, but it can devastate your digital life. If someone gains control of your e-mail account, they could gather other sensitive information for fraud or identity theft.

Losing your ID or having it stolen can be a stressful situation. Thankfully, you can take steps to protect your private information, and if your identification is stolen or lost, you can quickly replace them and minimize the damage.

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

The dark web, also known as "darknet" is a portion of the internet that lies outside the boundaries of traditional search engines.

Your Wi-Fi network is another handy access point that hackers use to infiltrate your computers, steal your identity, and grab your personal details.

Six databases that were owned by Friend Finder Networks, Inc. suffered a massive data breach in 2016, which cost 412 million users their accounts.

In this highly digital age, it is near impossible to erase all information online about yourself, but you can do a lot to remove online information and minimize your risk of identity theft or worse. 

The main difference between a credit freeze and credit lock is that while freezing your credit you restrict access to your credit report.