Hackaday

This Week In Security: The Github Supply Chain Attack, Ransomware Decryption, And Paragon

Last Friday Github saw a supply chain attack hidden in a popular Github Action. To understand this, we have to quickly cover Continuous Integration (CI) and Github Actions. CI essentially means ...
Hackaday

This Week In Security: Echospoofing, Ransomware Records, And Github Attestations

It’s a bit of bitter irony, when a security product gets used maliciously, to pull off the exact attack it was designed to prevent. Enter Proofpoint, and the EchoSpoofing attack. Proofpoint offers an ...

Self-destructing Mistic backdoor linked to access broker selling corporate footholds to ransomware gangs

A new self-destructing backdoor called Mistic used in intrusions since April appears to be linked to a criminal gang that ...

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

It has been a bad six weeks for security firm Checkmarx. Over the past 40 days, it has been the victim of at least one supply-chain attack that delivered malware to customers on two separate occasions ...
Dark Reading

Hook Android Trojan Now Delivers Ransomware-Style Attacks

Attackers are spreading a dangerous new variant of the Hook Android banking Trojan that locks devices similarly to ransomware and is propagating via a new distribution channel on GitHub. The Hook ...
Bleeping Computer

Ransomware gang deploys new malware to kill security software

RansomHub ransomware operators are now deploying new malware to disable Endpoint Detection and Response (EDR) security software in Bring Your Own Vulnerable Driver (BYOVD) attacks. Named ...
Wired

Ransomware Payments Hit a Record $1.1 Billion in 2023

A year ago, there seemed to be a glimmer of hope in the cybersecurity industry's long-running war of attrition against ransomware gangs. Fewer corporate victims of those hackers, it seemed, had paid ...