Uncategorized

Alert: Million of GitHub Repositories Likely Vulnerable to RepoJacking Attack 22/06/2023 at 17:14 By Millions of software repositories on GitHub are likely vulnerable to an attack called RepoJacking, a new study has revealed. This includes repositories from organizations such as Google, Lyft, and several others, Massachusetts-based cloud-native security firm Aqua said in a Wednesday report. The supply […]

React to this headline:

Generative-AI apps & ChatGPT: Potential risks and mitigation strategies 22/06/2023 at 17:14 By Losing sleep over Generative-AI apps? You’re not alone or wrong. According to the Astrix Security Research Group, mid size organizations already have, on average, 54 Generative-AI integrations to core systems like Slack, GitHub and Google Workspace and this number is only expected

React to this headline:

Camaro Dragon Hackers Strike with USB-Driven Self-Propagating Malware 22/06/2023 at 17:14 By The Chinese cyber espionage actor known as Camaro Dragon has been observed leveraging a new strain of self-propagating malware that spreads through compromised USB drives. “While their primary focus has traditionally been Southeast Asian countries, this latest discovery reveals their global reach and highlights the

React to this headline:

DOJ announces new cyber unit to prosecute nation-state threat actors 22/06/2023 at 15:19 By The Justice Department recently announced the creation of the new National Security Cyber Section — known as NatSec Cyber — within its National Security Division.  This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source React

React to this headline:

Unveiling the Unseen: Identifying Data Exfiltration with Machine Learning 22/06/2023 at 15:01 By Why Data Exfiltration Detection is Paramount? The world is witnessing an exponential rise in ransomware and data theft employed to extort companies. At the same time, the industry faces numerous critical vulnerabilities in database software and company websites. This evolution paints a

React to this headline:

Critical Flaw Found in WordPress Plugin for WooCommerce Used by 30,000 Websites 22/06/2023 at 13:51 By A critical security flaw has been disclosed in the WordPress “Abandoned Cart Lite for WooCommerce” plugin that’s installed on more than 30,000 websites. “This vulnerability makes it possible for an attacker to gain access to the accounts of users who have

React to this headline:

Zero-Day Alert: Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari 22/06/2023 at 10:39 By Apple on Wednesday released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set of flaws it said were actively exploited in the wild. This includes a pair of zero-days that have been

React to this headline:

63% of IT leaders measure IT success by reduced risk 21/06/2023 at 22:52 By A recent survey looks at the biggest challenges facing IT leaders of large organizations and their approach to modernizing their IT department.  This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source React to this headline:

React to this headline:

92% of survey respondents are concerned about compromised credentials 21/06/2023 at 20:15 By IT and cybersecurity professionals were surveyed on passwordless authentication and how it would impact their organizations’ credential security. This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source React to this headline:

React to this headline:

ScarCruft Hackers Exploit Ably Service for Stealthy Wiretapping Attacks 21/06/2023 at 19:26 By The North Korean threat actor known as ScarCruft has been observed using an information-stealing malware with previous undocumented wiretapping features as well as a backdoor developed using Golang that exploits the Ably real-time messaging service. “The threat actor sent their commands through

React to this headline:

36% of government IT does not have a documented disaster recovery plan 21/06/2023 at 17:27 By The experience and habits of IT departments when it comes to ransomware and data recovery were analyzed in a recent report by Arcserve.  This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source React

React to this headline:

New Report Exposes Operation Triangulation’s Spyware Implant Targeting iOS Devices 21/06/2023 at 16:56 By More details have emerged about the spyware implant that’s delivered to iOS devices as part of a campaign called Operation Triangulation. Kaspersky, which discovered the operation after becoming one of the targets at the start of the year, said the malware has a

React to this headline:

3 in 4 people at risk of being hacked due to poor password practices 21/06/2023 at 16:20 By A new report shows that 75% of people globally don’t adhere to widely-accepted password best practices with 64% either using weak passwords or repeat variations of passwords to protect their online accounts. This article is an excerpt

React to this headline:

Digital-first economy introduces unforeseen risks for 89% of CISOs 21/06/2023 at 16:20 By A new survey shows CISOs struggle to cost justify security investments despite known security gaps, face increasing personal risks, and worry about the rapid adoption of AI. This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source

React to this headline:

Startup Security Tactics: Friction Surveys 21/06/2023 at 16:20 By When we do quarterly planning, my team categorizes our goals within four evergreen outcomes: Reduce the risk of information security incidents Increase trust in Vanta’s information security program Reduce the friction caused by information security controls Use security expertise to support the business In this article, I’m

React to this headline:

Critical ‘nOAuth’ Flaw in Microsoft Azure AD Enabled Complete Account Takeover 21/06/2023 at 16:20 By A security shortcoming in Microsoft Azure Active Directory (AD) Open Authorization (OAuth) process could have been exploited to achieve full account takeover, researchers said. California-based identity and access management service Descope, which discovered and reported the issue in April 2023,

React to this headline:

Chinese Hacker Group ‘Flea’ Targets American Ministries with Graphican Backdoor 21/06/2023 at 14:38 By Foreign affairs ministries in the Americas have been targeted by a Chinese state-sponsored actor named Flea as part of a recent campaign that spanned from late 2022 to early 2023. The cyber attacks, per Broadcom’s Symantec, involved a new backdoor codenamed Graphican. Some

React to this headline:

Alert! Hackers Exploiting Critical Vulnerability in VMware’s Aria Operations Networks 21/06/2023 at 11:49 By VMware has flagged that a recently patched critical command injection vulnerability in Aria Operations for Networks (formerly vRealize Network Insight) has come under active exploitation in the wild. The flaw, tracked as CVE-2023-20887, could allow a malicious actor with network access to the product

React to this headline:

New Condi Malware Hijacking TP-Link Wi-Fi Routers for DDoS Botnet Attacks 21/06/2023 at 11:49 By A new malware called Condi has been observed exploiting a security vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers to rope the devices into a distributed denial-of-service (DDoS) botnet. Fortinet FortiGuard Labs said the campaign has ramped up since the end of May 2023.

React to this headline:

Security Awareness 101: Creating a Compelling Security Awareness Program 20/06/2023 at 22:34 By There is no downside for an organization to have a security awareness program in place. It may not be 100% effective in stopping workers from making an error and causing a cyber incident, but like any preventative endeavor such a program can

React to this headline: