Warning: Packagist Repository Hacked with Over a Dozen Packages Compromised!

The Hacker News Daily Updates [Newsletter]( [cover]( [You Can't Have True Zero Trust Without API Security]( Learn the New Paradigm of Zero Trust and How it Can Help Your Organization Become More Secure and Resilient [Download Now]( Sponsored LATEST NEWS May 5, 2023 [Hackers Targeting Italian Corporate Banking Clients with New Web-Inject Toolkit DrIBAN]( Italian corporate banking clients are the target of an ongoing financial fraud campaign that has been leveraging a new web-inject toolkit called drIBAN since at least 2019. "The main goal of drIBAN fraud operations is to infect Windows workstations inside corporate environments trying to alter legitimate banking transfers performed by the victims by changing the beneficiary and ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [N. Korean Kimsuky Hackers Using New Recon Tool ReconShark in Latest Cyberattacks]( The North Korean state-sponsored threat actor known as Kimsuky has been discovered using a new reconnaissance tool called ReconShark as part of an ongoing global campaign. "[ReconShark] is actively delivered to specifically targeted individuals through spear-phishing emails, OneDrive links leading to document downloads, and the execution of malicious macros," SentinelOne researchers Tom ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [It’s Never Too Late to Find Your Sensitive Data and Secure It. Everywhere]( It’s always the same data security issues. To fix them you need to understand them. Get the e-book. [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Lack of Visibility: The Challenge of Protecting Websites from Third-Party Scripts]( Third-party apps such as Google Analytics, Meta Pixel, HotJar, and JQuery have become critical tools for businesses to optimize their website performance and services for a global audience. However, as their importance has grown, so has the threat of cyber incidents involving unmanaged third-party apps and open-source tools. Online businesses increasingly struggle to maintain complete ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Packagist Repository Hacked: Over a Dozen PHP Packages with 500 Million Compromised]( PHP software package repository Packagist revealed that an "attacker" gained access to four inactive accounts on the platform to hijack over a dozen packages with over 500 million installs to date. "The attacker forked each of the packages and replaced the package description in composer.json with their own message but did not otherwise make any malicious changes," Packagist's Nils ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Fleckpe Android Malware Sneaks onto Google Play Store with Over 620,000 Downloads]( A new Android subscription malware named Fleckpe has been unearthed on the Google Play Store, amassing more than 620,000 downloads in total since 2022. Kaspersky, which identified 11 apps on the official app storefront, said the malware masqueraded as legitimate photo editing apps, camera, and smartphone wallpaper packs. The apps have since been taken down. The operation primarily targets ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Cisco Warns of Vulnerability in Popular Phone Adapter, Urges Migration to Newer Model]( Cisco has warned of a critical security flaw in SPA112 2-Port Phone Adapters that it said could be exploited by a remote attacker to execute arbitrary code on affected devices. The issue, tracked as CVE-2023-20126, is rated 9.8 out of a maximum of 10 on the CVSS scoring system. The company credited Catalpa of DBappSecurity for reporting the shortcoming. The product in question makes it ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Researchers Discover 3 Vulnerabilities in Microsoft Azure API Management Service]( Three new security flaws have been disclosed in Microsoft Azure API Management service that could be abused by malicious actors to gain access to sensitive information or backend services. This includes two server-side request forgery (SSRF) flaws and one instance of unrestricted file upload functionality in the API Management developer portal, according to Israeli cloud security firm Ermetic. ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [cover]( [You Can't Have True Zero Trust Without API Security]( Learn the New Paradigm of Zero Trust and How it Can Help Your Organization Become More Secure and Resilient [Download Now]( Sponsored This email was sent to {EMAIL}. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please [click here](. Contact The Hacker News: info@thehackernews.com [Unsubscribe]( The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India