Sat.Apr 13, 2024

article thumbnail

Crooks manipulate GitHub’s search results to distribute malware

Security Affairs

Researchers warn threat actors are manipulating GitHub search results to target developers with persistent malware. Checkmarx researchers reported that t hreat actors are manipulating GitHub search results to deliver persistent malware to developers systems. Attackers behind this campaign create malicious repositories with popular names and topics, they were observed using techniques like automated updates and fake stars to boost search rankings. “By leveraging GitHub Actions, the attacker

Malware 142
article thumbnail

Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack

The Hacker News

Threat actors have been exploiting the newly disclosed zero-day flaw in Palo Alto Networks PAN-OS software dating back to March 26, 2024, nearly three weeks before it came to light yesterday.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

BatBadBut flaw allowed an attacker to perform command injection on Windows

Security Affairs

A critical vulnerability, named ‘ BatBadBut ’, impacts multiple programming languages, its exploitation can lead to command injection in Windows applications. The cybersecurity researcher RyotaK ( @ryotkak ) discovered a critical vulnerability, dubbed BatBadBut , which impacts multiple programming languages. When specific conditions are satisfied, an attacker can exploit the flaw to perform command injection on Windows. “ The BatBadBut is a vulnerability that allows an attacker to perfo

article thumbnail

Palo Alto Networks zero-day exploited since March to backdoor firewalls

Bleeping Computer

Suspected state-sponsored hackers have been exploiting a zero-day vulnerability in Palo Alto Networks firewalls tracked as CVE-2024-3400 since March 26, using the compromised devices to breach internal networks, steal data and credentials. [.

Firewall 122
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Ex-Security Engineer Jailed 3 Years for $12.3 Million Crypto Exchange Thefts

The Hacker News

A former security engineer has been sentenced to three years in prison in the U.S. for charges relating to hacking two decentralized cryptocurrency exchanges in July 2022 and stealing over $12.3 million. Shakeeb Ahmed, the defendant in question, pled guilty to one count of computer fraud in December 2023 following his arrest in July.

article thumbnail

Roku Breach Hits 567,000 Users

WIRED Threat Level

Plus: Apple warns iPhone users about spyware attacks, CISA issues an emergency directive about a Microsoft breach, and a ransomware hacker tangles with an unimpressed HR manager named Beth.

Spyware 112

More Trending

article thumbnail

Space Force Is Planning a Military Exercise in Orbit

WIRED Threat Level

Two satellites will engage in a “realistic threat response scenario” when Victus Haze gets underway.

99
article thumbnail

Firebird RAT creator and seller arrested in the U.S. and Australia

Bleeping Computer

A joint police operation between the Australian Federal Police (AFP) and the FBI has led to the arrest and charging of two individuals who are believed to be behind the development and distribution of the "Firebird" remote access trojan (RAT), later rebranded as "Hive." [.

97
article thumbnail

How Israel Defended Against Iran's Drone and Missile Attack

WIRED Threat Level

The Iron Dome, US allies, and long-range interceptor missiles all came into play.

89
article thumbnail

UK flooded with forged stamps despite using barcodes — to prevent just that

Bleeping Computer

Royal Mail, the British postal and courier service began switching all snail mail stamps to barcoded stamps last year. The purpose of the barcode was to enhance security, deter stamp reuse, and possibly prevent forgeries—which it has failed to do. [.

86
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

What Does a Business Manager Such as David Bolno do in a Day?

SecureBlitz

What Does a Business Manager Such as David Bolno do in a Day? Read on to find out… In the quick-moving and cutthroat universe of amusement, achievement is often the consequence of cautious preparation, vital navigation, and mastering the board. Behind numerous fruitful performers, you'll find a committed business director like David Bolno, whose job […] The post What Does a Business Manager Such as David Bolno do in a Day?

article thumbnail

How to track and stop CVE-2024-3400: Palo Alto Devices API Exploit Causing Critical Infrastructure and Enterprise Epidemics

Security Boulevard

On Friday April 12, Palo Alto disclosed that some versions of PAN-OS are not only vulnerable to remote code execution, but that the vulnerability has been actively exploited to install backdoors on Palo Alto firewalls. A patch is expected to be available on April 14th. The advisory from Palo Alto is here. The CISA advisory [.] The post How to track and stop CVE-2024-3400: Palo Alto Devices API Exploit Causing Critical Infrastructure and Enterprise Epidemics appeared first on Wallarm.

article thumbnail

U.S. Treasury Hamas Spokesperson for Cyber Influence Operations

The Hacker News

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Friday announced sanctions against an official associated with Hamas for his involvement in cyber influence operations. Hudhayfa Samir ‘Abdallah al-Kahlut, 39, also known as Abu Ubaida, has served as the public spokesperson of Izz al-Din al-Qassam Brigades, the military wing of Hamas, since at least 2007.

105
105
article thumbnail

What is Web Application Security Testing?

Security Boulevard

Web application security testing aims to detect, prevent, and address security vulnerabilities within web applications. Flaws in web application coding accounted for 72% of the identified vulnerabilities. This evaluation involves scrutinizing the code, architecture, and deployment environment to assess the security posture of the applications. Security testing for web application can be executed manually or […] The post What is Web Application Security Testing?

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!