Weekly our experts select relevant news in the cybersecurity industry. Over the last two weeks, we saw the “Researchers Uncover 700+ Malicious Open Source Packages”. Also, you will see the “CISA and FBI Release ESXiArgs Ransomware Recovery Guidance”.

For more articles, check out our #onpatrol4malware blog.

Phylum Discovers Revived Crypto Wallet Address Replacement Attack

Source: Phylum

Phylum’s automated risk detection platform began alerting us to a long series of suspicious publications which appear to be a revived attempt to deliver the same crypto wallet clipboard replacing malware. Read more.

Avoid Being a Downstream Victim of Service Provider Attacks

Source: Security Intelligence

Earlier this year, some customers of the cloud service provider DigitalOcean received emails instructing them to reset their passwords. These users hadn’t actually forgotten their passwords. Read more.

Bogus URL Shorteners Redirect Thousands of Hacked Sites in AdSense Fraud Campaign

Source: Securi

Late last year Securi reported on a malware campaign targeting thousands of WordPress websites to redirect visitors to bogus Q&A websites. Read more.

Researchers Uncover 700+ Malicious Open Source Packages

Source: Info Security

Security researchers have discovered another sizeable haul of malicious packages on the npm and PyPI open source registries, which could cause issues if unwittingly downloaded by developers. Read more.

Guide to Container Management on AWS

Source: Trend Micro

There are tools and services in the market that enable automation of the creation, deployment, maintenance, scaling, and monitoring of application or system containers. Read more.

CISA and FBI Release ESXiArgs Ransomware Recovery Guidance

Source: CISA

CISA and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory, ESXiArgs Ransomware Virtual Machine Recovery Guidance. This advisory describes the ongoing ransomware campaign known as ESXiArgs. Read more.

THREAT ALERT: GootLoader – SEO Poisoning and Large Payloads Leading to Compromise

Source: Cybereason Incident Response Team

The Cybereason Incident Response (IR) team investigated an incident which involved new deployment methods of the GootLoader malware loader through heavily-obfuscated JavaScript files. Read more.