ποΈ When Identity is the Attack Path ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Consider a cached access key on a single Windows machine. It got there the way most cached credentials do a user logged in, and the key stored itself automatically. Standard AWS behavior. No one misconfigured anything or violated a policy. Yet that single key, which was easily accessible to a minorleague attacker, could have opened a path to some 98 of entities in the company's cloud.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ 9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE202646333 CVSS score 5.5, is a case of improper privilege management that could permit an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of several major.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Fake Gemini and Claude Code Sites Spread Infostealers Through SEO Poisoning π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The infostealer payload in this campaign collect a vast amount of data, from collaboration authentication keys to cryptocurrency wallets.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Fake Gemini and Claude Code Sites Spread Infostealers
The infostealer payload in this campaign collect a vast amount of data, from collaboration authentication keys to cryptocurrency wallets
π Apple Blocked $2.2bn in App Store Fraud in the Last Year π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Total figure for fraudulent transactions Apple has blocked since 2020 now stands at over 11bn.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Apple Blocked $2.2bn in App Store Fraud in the Last Year
Total figure for fraudulent transactions Apple has blocked since 2020 now stands at over $11bn
π Cybercriminal VPN Dismantled in Europol Crackdown π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
First VPN, a service used by ransomware actors and fraudsters, was dismantled by Europol.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Cybercriminal VPN Dismantled in Europol Crackdown
First VPN, a service used by ransomware actors and fraudsters, was dismantled by Europol
π GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A threat actor compromised an Nx developer and posed as a legitimate maintainer to publish a malicious extension on Visual Studio Marketplace.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
GitHub Breach Traced to Malicious βNx Consoleβ VS Code Extension
A threat actor compromised an Nx developer and posed as a legitimate maintainer to publish a malicious extension on Visual Studio Marketplace
β€1
π Three-Quarters of Firms Knowingly Ship Vulnerable Code π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
AI risks threaten to permeate supply chains through unvetted code and unaudited suppliers.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Three-Quarters of Firms Knowingly Ship Vulnerable Code, Says Checkmarx
AI risks threaten to permeate supply chains through unvetted code and unaudited suppliers
π Nine-Year-Old Linux Kernel Flaw Leaks SSH Keys and Password Hashes π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Qualys finds nineyearold Linux ptrace flaw exposing SSH keys and password hashes locally.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
π Grafana Labs Says Code Breach Stemmed from TanStack Attack π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Grafana Labs has confirmed a recent data breach was caused by the TanStack supply chain attack.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Grafana Labs Says Code Breach Stemmed from TanStack Attack
Grafana Labs has confirmed a recent data breach was caused by the TanStack supply chain attack
βοΈ Lawmakers Demand Answers as CISA Tries to Contain Data Leak βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity Infrastructure Security Agency CISA after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry comes as CISA is still struggling to contain the breach and invalidate the leaked credentials.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
Lawmakers Demand Answers as CISA Tries to Contain Data Leak
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of otherβ¦
β€1
ποΈ Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The Belarusaligned threat actor known as Ghostwriter aka UAC0057 and UNC1151Ukraine's National Security and Defense Council has been observed using lures related to Prometheus, a Ukrainian online learning platform, to target government organizations in the country. The activity, per the Computer Emergency Response Team of Ukraine CERTUA, involves sending phishing emails to government.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity