The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI) and international partners, have released a Guide which provides best practices to protect against a PRC-affiliated threat actor.
Python Package Index (PyPI) has recently observed several malicious packages hidden in its repository. PyPI hosts almost 600,000 projects written in the Python programming language. The original aiocpa package, self-described as a “synchronous & asynchronous Crypto Pay API Client”...
A recently observed phishing campaign impersonates Amazon and states that the recipient’s Prime membership is set to renew; however, their payment method needs updating. The email includes a link that leads to a webpage with a Google Docs URL, claiming to be from Amazon.
The holiday season presents an attractive target for financially motivated cybercriminals who seek to exploit online retailers and shoppers. Despite the challenges posed by high inflation rates, the National Retail Federation (NRF) predicts a three to four percent increase in retail sales...
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser to be deployed in large organizations.
In November 2024, a Joint Cybersecurity Advisory published by CISA, the FBI, and other partners detailed the most exploited vulnerabilities of 2023. These vulnerabilities garner urgency for remediation as these vulnerable systems are actively targeted.
Threat actors continue to employ the “Sitting Ducks” technique to hijack legitimate domains for phishing and investment fraud. Analysts reported nearly 800,000 vulnerable domains in three months, with about 9 percent subsequently hijacked. This method exploits misconfigured DNS settings.
Analysts recently identified the resurgence of the KV botnet, an operational relay box (ORB) network associated with the Chinese APT group Volt Typhoon. Their modus operandi involves compromising outdated and end-of-life SOHO devices.
Threat actors actively seek methods to conceal their identities in information-stealing campaigns, aiming to lure individuals into downloading malicious software or revealing sensitive information. One recent campaign infects Windows devices with Lumma Stealer...
This Joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These advisories include recently and historically observed activity.
