Fri.Aug 02, 2024

article thumbnail

Leaked GitHub Python Token

Schneier on Security

Here’s a disaster that didn’t happen : Cybersecurity researchers from JFrog recently discovered a GitHub Personal Access Token in a public Docker container hosted on Docker Hub, which granted elevated access to the GitHub repositories of the Python language, Python Package Index (PyPI), and the Python Software Foundation (PSF). JFrog discussed what could have happened : The implications of someone finding this leaked token could be extremely severe.

Software 278
article thumbnail

Optus and Medibank Data Breach Cases Allege Cyber Security Failures

Tech Republic Security

Australian regulators allege that cyber security failures at Optus and Medibank contributed to data breaches in 2022, leading to theft of sensitive customer data.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

News alert: Security Risk Advisors launchs VECTR Enterprise Edition for ‘purple team’ benchmarking

The Last Watchdog

Philadelphia, PA, Aug. 1, 2024, CyberNewsWire — Security Risk Advisors (SRA) announces the launch of VECTR Enterprise Edition , a premium version of its widely-used VECTR platform for purple teams and adversary management program reporting and benchmarking. VECTR Enterprise is designed to support organizations that want to mature and communicate the success of their purple team exercises with benchmarking and executive reporting features.

Risk 147
article thumbnail

New Windows Backdoor BITSLOTH Exploits BITS for Stealthy Communication

The Hacker News

Cybersecurity researchers have discovered a previously undocumented Windows backdoor that leverages a built-in feature called Background Intelligent Transfer Service (BITS) as a command-and-control (C2) mechanism.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Google Chrome warns uBlock Origin may soon be disabled

Bleeping Computer

Google Chrome is now encouraging uBlock Origin users who have updated to the latest version to switch to other ad blockers before Manifest v2 extensions are disabled [.

143
143
article thumbnail

Cybercriminals Abusing Cloudflare Tunnels to Evade Detection and Spread Malware

The Hacker News

Cybersecurity companies are warning about an uptick in the abuse of Clouflare's TryCloudflare free service for malware delivery. The activity, documented by both eSentire and Proofpoint, entails the use of TryCloudflare to create a one-time tunnel that acts as a conduit to relay traffic from an attacker-controlled server to a local machine through Cloudflare's infrastructure.

Malware 142

More Trending

article thumbnail

U.S. Releases High-Profile Russian Hackers in Diplomatic Prisoner Exchange

The Hacker News

In a historic prisoner exchange between Belarus, Germany, Norway, Russia, Slovenia, and the U.S., two Russian nationals serving time for cybercrime activities have been freed and repatriated to their country.

article thumbnail

Scammers are impersonating cryptocurrency exchanges, FBI warns

Malwarebytes

The Federal Bureau of Investigation (FBI) issued a public service announcement warning the public about scammers impersonating cryptocurrency exchange employees to steal funds. There are many types of crypto related scams, but in this case, the FBI provided an advisory about scammers that contact the target and pretend to be employees of a cryptocurrency exchange.

article thumbnail

Hackers Exploit Misconfigured Jupyter Notebooks with Repurposed Minecraft DDoS Tool

The Hacker News

Cybersecurity researchers have disclosed details of a new distributed denial-of-service (DDoS) attack campaign targeting misconfigured Jupyter Notebooks. The activity, codenamed Panamorfi by cloud security firm Aqua, utilizes a Java-based tool called mineping to launch a TCP flood DDoS attack. Mineping is a DDoS package designed for Minecraft game servers.

DDOS 139
article thumbnail

Avtech camera vulnerability actively exploited in the wild, CISA warns

Security Affairs

CISA warned that an Avtech camera vulnerability, which is still unpatched, is being actively exploited in the wild. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to warn of a vulnerability, tracked as CVE-2024-7029 (CVSS base score of 8.8), in Avtech camera that has been exploited in the wild. An attacker can exploit this flaw to inject and execute commands as the owner of the running process. “Successful exploitation of this vulnerability could a

Firmware 136
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

APT41 Hackers Use ShadowPad, Cobalt Strike in Taiwanese Institute Cyber Attack

The Hacker News

A Taiwanese government-affiliated research institute that specializes in computing and associated technologies was breached by nation-state threat actors with ties to China, according to new findings from Cisco Talos. The unnamed organization was targeted as early as mid-July 2023 to deliver a variety of backdoors and post-compromise tools like ShadowPad and Cobalt Strike.

article thumbnail

Investors sued CrowdStrike over false claims about its Falcon platform

Security Affairs

Investors have sued CrowdStrike because the cybersecurity firm made false claims about its Falcon platform. Investors have sued CrowdStrike because the company made false and misleading claims on the testing of its Falcon platform. In July, a faulty update released by CrowdStrike Falcon caused Windows systems to display a BSoD screen. The incident caused widespread global disruptions, impacting critical infrastructure such as airports, hospitals, and TV stations.

Software 131
article thumbnail

APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure

The Hacker News

A Russia-linked threat actor has been linked to a new campaign that employed a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace.

Phishing 133
article thumbnail

CrowdStrike sued by investors over massive global IT outage

Bleeping Computer

Cybersecurity company CrowdStrike has been sued by investors who say it provided false claims about its Falcon platform after a bad security update led to a massive global IT outage causing the stock price to tumble almost 38%. [.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Mirai Botnet targeting OFBiz Servers Vulnerable to Directory Traversal

The Hacker News

Enterprise Resource Planning (ERP) Software is at the heart of many enterprising supporting human resources, accounting, shipping, and manufacturing. These systems can become very complex and difficult to maintain. They are often highly customized, which can make patching difficult. However, critical vulnerabilities keep affecting these systems and put critical business data at risk.

article thumbnail

Opal Security Extends Scope and Reach of Platform for Managing Privileges

Security Boulevard

Opal Security this week updated its privilege posture management platform to provide the ability to detect irregular access to an IT environment and manage privileges by groups. The post Opal Security Extends Scope and Reach of Platform for Managing Privileges appeared first on Security Boulevard.

article thumbnail

Webinar: Discover the All-in-One Cybersecurity Solution for SMBs

The Hacker News

In today's digital battlefield, small and medium businesses (SMBs) face the same cyber threats as large corporations, but with fewer resources. Managed service providers (MSPs) are struggling to keep up with the demand for protection. If your current cybersecurity strategy feels like a house of cards – a complex, costly mess of different vendors and tools – it's time for a change.

article thumbnail

Prisoner Swap: Huge Russian Hackers Freed — Seleznev and Klyushin

Security Boulevard

Pragmatic politics: Anger as Putin gets back two notorious cybercriminals The post Prisoner Swap: Huge Russian Hackers Freed — Seleznev and Klyushin appeared first on Security Boulevard.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

MSSP vs. SOC – Key Considerations When Deciding Your Strategy

Heimadal Security

For many cybersecurity professionals, there comes a time when you need to weigh up outsourcing security to a Managed Security Service Provider (MSSP), versus keeping those tasks in-house by building your own Security Operations Center (SOC). So, we will be discussing MSSP vs. SOC. There are several reasons you might be comparing using an MSSP […] The post MSSP vs.

article thumbnail

Pay attention to your bank’s messages. It might save you from a credit card fraud

Quick Heal Antivirus

This post is based on a true incident faced by a friend last week. The story is developing. The post Pay attention to your bank’s messages. It might save you from a credit card fraud appeared first on Quick Heal Blog.

Banking 98
article thumbnail

3 Ways Online IDEs Are Revolutionizing the Technology Landscape

SecureBlitz

In this post, I will show you 3 ways online IDEs are revolutionizing the technology landscape. Online Integrated Development Environments (IDEs) are a key component of the fast expansion of the technological environment. Without the need to install software locally, online IDEs are web-based systems that give developers a full suite of tools for authoring, […] The post 3 Ways Online IDEs Are Revolutionizing the Technology Landscape appeared first on SecureBlitz Cybersecurity.

article thumbnail

UAE Strengthens Cybersecurity Landscape with New Policies

SecureWorld News

The United Arab Emirates (UAE) is taking significant strides to enhance its cybersecurity framework with the introduction of three new policies focused on cloud computing, data security, IoT security, and cybersecurity operations centers. Mohammed Hamad Al-Kuwaiti, the chair of the UAE Cybersecurity Council, announced these initiatives in a statement to the Emirates News Agency (WAM), underscoring the nation's commitment to securing its digital infrastructure.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

How To View Your Saved Passwords on Any Device [Mac, Windows, Android & iOS]

SecureBlitz

This post will show you how to view your saved passwords on any device. Managing passwords has become a crucial aspect of our online lives in our increasingly digital world. With the multitude of accounts we create for various services, it's no wonder many of us opt to save our passwords for convenience. However, there […] The post How To View Your Saved Passwords on Any Device [Mac, Windows, Android & iOS] appeared first on SecureBlitz Cybersecurity.

article thumbnail

OpenCTI: Empowering Cyber Threat Intelligence Management

Penetration Testing

In the ever-evolving landscape of cybersecurity, staying ahead of threats requires more than just antivirus software and firewalls. It demands a comprehensive understanding of the tactics, techniques, and procedures (TTPs) employed by malicious actors.... The post OpenCTI: Empowering Cyber Threat Intelligence Management appeared first on Cybersecurity News.

article thumbnail

Google Chrome bug breaks drag and drop from Downloads bubble

Bleeping Computer

A recent Google Chrome update has broken the drag-and-drop feature in the Downloads bubble that previously allowed you to drag and drop downloaded files onto any website or tab in the browser. [.

article thumbnail

Sitting Ducks DNS Attacks Used to Hijack Over 35,000 Domains

Heimadal Security

More than 35,000 registered domains have been hijacked by threat actors in so-called Sitting Ducks attacks that allow claiming a domain without having access to the owner’s account at the DNS provider or registrar. Cybercriminals utilize inadequate ownership verification at DNS providers and configuration flaws at the registrant level in Sitting Ducks attacks.

DNS 85
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

10 Things You May Have Missed at ChannelCon 2024

CompTIA on Cybersecurity

There’s a lot to digest from three days of making connections and gaining insights at ChannelCon 2024 in Atlanta. In case you couldn’t make it—or even if you did—here are 10 things you should know.

84
article thumbnail

What’s in a Secret? Best Practices for Static, Rotated and Dynamic Secrets

Security Boulevard

Secrets are ranked as the leading cause of data breaches. Combat this by learning how to best use static, rotated, and dynamic secrets. The post What’s in a Secret? Best Practices for Static, Rotated and Dynamic Secrets appeared first on Akeyless. The post What’s in a Secret? Best Practices for Static, Rotated and Dynamic Secrets appeared first on Security Boulevard.

article thumbnail

Cryptonator seized for laundering ransom payments, stolen crypto

Bleeping Computer

U.S. and German law enforcement seized the domain of the crypto wallet platform Cryptonator, used by ransomware gangs, darknet marketplaces, and other illicit services, and indicted its operator. [.

article thumbnail

Apple Watch Series 9 vs. Series 8: Which model should you buy?

Zero Day

You can pick up an Apple Watch Series 9 for just $329 at Walmart, but is it worth the upgrade? We break down the features of the Apple Watch 9 and the Watch Series 8 to help you decide which is the best fit.

76
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.