Popular NPM library hijacked to install password-stealers, miners
www.bleepingcomputer.com/news/security/popular-npm-library-hijacked-to-install-password-stealers-miners/ Hackers hijacked the popular UA-Parser-JS NPM library, with millions of downloads a week, to infect Linux and Windows devices with cryptominers and password-stealing trojans in a supply-chain attack. The UA-Parser-JS library is used to parse a browser’s user agent to identify a visitor’s browser, engine, OS, CPU, and Device type/model.
Hacker sells the data for millions of Moscow drivers for $800
www.bleepingcomputer.com/news/security/hacker-sells-the-data-for-millions-of-moscow-drivers-for-800/ Hackers are selling a stolen database containing 50 million records of Moscow driver data on an underground forum for only $800. According to Russian media outlets that purchased the database, the data appears to be valid and contains records collected between 2006 and 2019.
Ransom DDoS attacks hit multiple email providers
therecord.media/ddos-attacks-hit-multiple-email-providers/ At least three email service providers have been hit by large distributed denial of service (DDoS) attacks on Friday, resulting in prolonged outages, The Record has learned. The attacks have hit Runbox (a privacy email provider based in Norway), Posteo (a secure email provider based in Germany), and Fastmail (a privacy-first email provider based in Australia).
How to analyze a suspicious e-mail
www.kaspersky.com/blog/analyzing-mail-header/42665/ If you receive an e-mail of dubious authenticity, analyze it yourself. Here’s how. The technique is fairly uncommon in cases of mass phishing, but we see it quite a bit more in targeted messaging. If a message looks real, but you doubt the sender’s authenticity, try digging a little deeper and checking the Received header. This post describes how.