DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign

July 12, 2024 at 11:21AM Palo Alto Networks Unit 42 has uncovered a brief DarkGate malware campaign utilizing Samba file shares to spread infections in North America, Europe, and parts of Asia. DarkGate, an evolved malware-as-a-service offering, can perform remote control, code execution, cryptocurrency mining, and more. The campaign highlights the importance of strong cybersecurity … Read more

Trojanized JQuery Packages Spread via ‘Complex’ Supply Chain Attack

July 9, 2024 at 12:13PM Cyberattackers are targeting JavaScript developers with a supply chain attack distributing Trojanized jQuery packages across GitHub, npm, and jsDelivr repositories. The attackers exhibit an unusual lack of nomenclature and attribution, with a manual assembly and publication of each package. The attack, requiring specific user actions to trigger, emphasizes the need … Read more

Polyfill.io owner punches back at ‘malicious defamation’ amid domain shutdown

June 27, 2024 at 11:56PM After its website shutdown, Polyfill.io’s owner battles accusations of distributing suspicious code on various websites. Anger-fueled social media posts target CDN titan Cloudflare and media for “malicious defamation.” Experts and a domain registrar warn of supply chain risks. The site has relocated to polyfill[.]com. Cloudflare also launches a JavaScript URL … Read more

If you’re using Polyfill.io code on your site – like 100,000+ are – remove it immediately

June 25, 2024 at 07:58PM The polyfill.io domain, previously used to add JavaScript polyfills to websites, has been found serving malicious code, infecting over 100,000 sites. Security firms warn website owners to remove any embedded code from the domain. Google is blocking affected websites’ ads, and affected site owners are being notified. The domain’s sale … Read more

New BadSpace Backdoor Deployed in Drive-By Attacks

June 18, 2024 at 12:36PM A new backdoor named BadSpace uses a multi-stage attack that involves infected WordPress sites. It is distributed similarly to the SocGholish malware and is associated with the cybercrime group Evil Corp. BadSpace’s delivery chain starts with an infected website, deploying the backdoor through a fake browser update notification and JavaScript … Read more

The End of an Era: Microsoft Phases Out VBScript for JavaScript and PowerShell

May 23, 2024 at 01:42AM Microsoft announced the deprecation of Visual Basic Script (VBScript) in favor of advanced alternatives like JavaScript and PowerShell. The plan will be implemented in three phases, ultimately eliminating VBScript from Windows. Additionally, Microsoft’s Recall feature has raised privacy concerns, with the U.K. Information Commissioner’s Office seeking transparency and safeguards for … Read more

Something nasty injected login-stealing JavaScript into 50K online banking sessions

December 20, 2023 at 06:56PM IBM Security discovered a JavaScript code injected into online banking pages, compromising 50,000 user sessions with 40+ banks globally. The DanaBot Windows malware infects PCs, waits for users to access bank sites, then steals login credentials. It targets financial organizations across continents. The malware communicates with a server and adapts … Read more

48 Malicious npm Packages Found Deploying Reverse Shells on Developer Systems

November 3, 2023 at 09:42AM 48 malicious npm packages containing obfuscated JavaScript have been discovered in the npm repository. These packages, uploaded by an npm user named hktalent, can deploy a reverse shell on compromised systems. The attack is triggered post-installation, establishing a reverse shell to rsh.51pwn[.]com. This highlights the increasing interest of threat actors … Read more

October 10, 2023 at 02:18AM – Citrix Devices Under Attack: NetScaler Flaw Exploited to Capture User Credentials

October 10, 2023 at 02:18AM Threat actors are exploiting a critical flaw in Citrix NetScaler ADC and Gateway devices to conduct a credential harvesting campaign. The flaw, CVE-2023-3519, allows for remote code execution. Attackers are inserting a malicious script into the authentication web page and capturing user credentials. IBM X-Force has identified at least 600 … Read more