Even open-source ecosystems aren’t safe when Lazarus is on the prowl. The North Korean APT infiltrated the npm ecosystem with multiple newly discovered malicious packages containing BeaverTail malware, which were downloaded hundreds of times. Blind Eagle is making Colombia a prime target, and the numbers tell a grim story. The APT group has ramped up its attacks against government entities and organizations. In other news, the FTC reported that fraud losses in 2024 shattered previous records, with investment scams leading the charge. Read on for the top 10 highlights from the past 24 hours.
01
North Korea's Lazarus Group has been found to have infiltrated the npm ecosystem with six new malicious packages that contain BeaverTail malware and have been downloaded over 330 times.
02
The Blind Eagle APT group has been targeting Colombian institutions and government entities in a series of cyberattacks, with over 1,600 victims affected in one campaign in December 2024.
03
A new ransomware variant called EByte is actively targeting Windows systems, using advanced cryptographic methods for encryption and secure key transmission.
04
A new malware strain, dubbed Phantom Goblin, is being distributed through RAR attachments using social engineering techniques. It also establishes unauthorized remote access by leveraging VSCode tunnels.
05
An analysis of malicious software packages revealed that 1,082 packages employed minimal code within a low file count; around 1,052 packages utilized suspicious installation scripts; and 1,043 instances lacked repository URLs.
06
The CISA has added five actively exploited security flaws to its KEV catalog. These vulnerabilities affect Advantive VeraCore and Ivanti Endpoint Manager.
07
The FTC stated that Americans lost a record $12.5 billion to fraud in 2024, with investment scams resulting in the highest losses at $5.7 billion, and younger people aged 20-29 filing 44% of all fraud reports.
08
A set of SCADA software systems made by ICONICS, widely used in critical infrastructure worldwide, was found to have at least five vulnerabilities that could cause DLL hijacking, file tampering, DoS, and dead code.
09
Google has released a critical security update for its Chrome browser, addressing five vulnerabilities, including three high-severity flaws that could potentially allow attackers to execute arbitrary code.
10
Forcepoint announced the acquisition of data security posture management startup Getvisibility. Terms of the deal were not disclosed.
